CN107070945B - Identity login method and equipment - Google Patents

Identity login method and equipment Download PDF

Info

Publication number
CN107070945B
CN107070945B CN201710349035.XA CN201710349035A CN107070945B CN 107070945 B CN107070945 B CN 107070945B CN 201710349035 A CN201710349035 A CN 201710349035A CN 107070945 B CN107070945 B CN 107070945B
Authority
CN
China
Prior art keywords
application
management terminal
account management
server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710349035.XA
Other languages
Chinese (zh)
Other versions
CN107070945A (en
Inventor
王占东
赖景愚
王向众
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710349035.XA priority Critical patent/CN107070945B/en
Publication of CN107070945A publication Critical patent/CN107070945A/en
Application granted granted Critical
Publication of CN107070945B publication Critical patent/CN107070945B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides an identity login method and equipment, wherein the identity login method comprises the following steps: the account management terminal acquires application description information of an application server to be logged in on application client equipment; the account management terminal sends the user identity information and the application description information to the identity verification server, so that the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server. The identity login method and the identity login equipment provided by the embodiment of the invention realize the unified management of the user account and improve the security of network application.

Description

Identity login method and equipment
Technical Field
The embodiment of the invention relates to the communication technology, in particular to an identity login method and equipment.
Background
With the coming of the internet era, the internet is more and more open, and more web applications are used in communities and circles where users join. In different communities, circles and applications, due to reasons such as that user names are registered, users need to register more and more different user names, which causes the user names and passwords to be memorized tediously, and a large number of user names and passwords of communities, circles and applications need to be memorized and matched.
The user often encounters the following situation in the process of using the internet, because the user does not log in for a long time or forgets a certain user name and a password by using the function of remembering the password for a long time; or memory confusion is generated for matching different user names and passwords, and multiple login failures occur. Obviously, the conventional identity login method cannot meet the requirements of users, and a solution is needed to reduce the complexity of the operation.
Disclosure of Invention
The embodiment of the invention provides an identity login method and identity login equipment, which are used for realizing the unified management of user accounts and improving the safety of network application.
In a first aspect, an embodiment of the present invention provides an identity login method, including:
the account management terminal acquires application description information of an application server to be logged in on application client equipment;
the account management terminal sends the user identity information and the application description information to an identity verification server, so that the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server.
In a first possible implementation manner, the acquiring, by the account management terminal, application description information of an application server to be logged in on an application client device includes:
the account management terminal acquires the address of the application server to be logged on the application client equipment from the application client equipment; the account management terminal acquires the application description information from the application server according to the address of the application server; or
And the account management terminal acquires the application description information of the application server to be logged on the application client equipment from the application client equipment.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the acquiring, by the account management terminal, an address of the application server to be logged in on the application client device from the application client device includes:
the account management terminal scans an identification code displayed by the application client equipment and acquires an address of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And the account management terminal acquires an NFC electronic tag from the application client equipment in a Near Field Communication (NFC) mode, and acquires the address of the application server to be logged in on the application client equipment from the NFC electronic tag.
With reference to the first possible implementation manner of the first aspect, in a third possible implementation manner, the acquiring, by the account management terminal, application description information of the application server to be logged in on the application client device from the application client device includes:
the account management terminal scans an identification code displayed by the application client equipment and acquires application description information of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And the account management terminal acquires an NFC electronic tag from the application client device in a near NFC mode, and acquires the application description information of the application server to be logged in on the application client device from the NFC electronic tag.
With reference to the first aspect or any one of the first to third possible implementation manners of the first aspect, in a fourth possible implementation manner, the method for logging in a user account corresponding to the account management terminal on an application server after the account management terminal sends user identity information and the application description information to the authentication server to enable the authentication server to obtain user authorization and authenticate the application server includes:
the account management terminal sends the user identity information and the application description information to the identity verification server to obtain an authorization code;
the account management terminal sends the authorization code to the application server, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
With reference to the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner, the sending, by the account management terminal, the user identity information and the application description information to the identity verification server to obtain an authorization code includes:
the account management terminal sends the user identity information and the application description information to the identity authentication server; the application description information comprises an application identifier and a user information authority list;
the account management terminal receives a user authorization request message sent by the identity authentication server;
the account management terminal receives an authorization indication message and sends an authorization confirmation message to the identity authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
and the account management terminal receives the authorization code sent by the authentication server according to the authorization confirmation message.
With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner, the sending, by the account management terminal, the authorization code to the application server includes:
the account management terminal sends the authorization code to the authentication server, so that the authentication server sends the authorization code to the application client device, and the application client device sends the authorization code to the application server; or
And the account management terminal sends the authorization code to the application client device in an NFC mode so that the application client device sends the authorization code to the application server.
In a second aspect, an embodiment of the present invention provides an identity login method, including:
the method comprises the steps that an identity authentication server receives user identity information sent by an account management terminal and application description information of an application server to be logged in on application client equipment;
and the identity authentication server acquires user authorization according to the user identity information and the application description information, authenticates the application server, and logs in a user account corresponding to the account management terminal on the application server after the authentication is successful.
In a first possible implementation manner, the obtaining, by the identity verification server, user authorization according to the user identity information and the application description information, authenticating the application server, and after the authentication is successful, logging in a user account corresponding to the account management terminal on the application server includes:
the identity authentication server sends an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
and the identity authentication server sends an access token to the application server according to the authorization code provided by the application server, and logs in a user account corresponding to the account management terminal on the application server.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the sending, by the authentication server, an authorization code to the account management terminal according to the user identity information and the application description information includes:
the identity authentication server authenticates the user account according to the user identity information, sends a user authorization request message to the account management terminal after the authentication is successful, and receives an authorization confirmation message sent by the account management terminal;
and the identity authentication server sends an authorization code to the account management terminal according to the authorization confirmation message.
With reference to the first possible implementation manner of the second aspect, in a third possible implementation manner, the sending, by the authentication server, an access token to the application server according to the authorization code provided by the application server, and logging in a user account corresponding to the account management terminal on the application server includes:
the identity authentication server receives an identity authentication request message sent by the application server, wherein the identity authentication request message carries the application identifier, the authorization code and the application key;
the identity verification server authenticates the application server according to the application identifier, the authorization code and the application key, and sends the access token to the application server after the authentication is successful;
the identity authentication server receives an account acquisition request message sent by the application server, wherein the account acquisition request message carries the access token;
and the identity authentication service authenticates the access token, and sends the user account corresponding to the account management terminal to the application server after the authentication is successful.
In a third aspect, an embodiment of the present invention provides an account management terminal, including:
an acquisition unit configured to acquire application description information of an application server to be logged in on an application client device;
and the processing unit is used for sending the user identity information and the application description information acquired by the acquisition unit to an identity verification server, so that the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server.
In a first possible implementation manner, the obtaining unit is specifically configured to: acquiring the address of the application server to be logged on the application client equipment from the application client equipment, and acquiring the application description information from the application server according to the address of the application server; or acquiring the application description information of the application server to be logged in on the application client device from the application client device.
With reference to the first possible implementation manner of the third aspect, in a second possible implementation manner, when the obtaining unit obtains, from the application client device, an address of the application server to be logged in on the application client device, the obtaining unit is specifically configured to:
scanning an identification code displayed by the application client equipment, and acquiring an address of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client equipment in a Near Field Communication (NFC) mode, and acquiring the address of the application server to be logged in on the application client equipment from the NFC electronic tag.
With reference to the first possible implementation manner of the third aspect, in a third possible implementation manner, when the obtaining unit obtains, from the application client device, the application description information of the application server to be logged in on the application client device, the obtaining unit is specifically configured to:
scanning an identification code displayed by the application client equipment, and acquiring application description information of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client device in an NFC mode, and acquiring the application description information of the application server to be logged in on the application client device from the NFC electronic tag.
With reference to the third aspect or any one of the first to third possible implementation manners of the third aspect, in a fourth possible implementation manner, the processing unit is specifically configured to:
sending the user identity information and the application description information to the identity verification server to obtain an authorization code;
and sending the authorization code to the application server, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
With reference to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner, when the processing unit sends the user identity information and the application description information to the identity verification server and obtains an authorization code, the processing unit is specifically configured to:
sending the user identity information and the application description information to the identity authentication server; the application description information comprises an application identifier and a user information authority list;
receiving a user authorization request message sent by the identity authentication server;
receiving an authorization indication message, and sending an authorization confirmation message to the identity authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
and receiving an authorization code sent by the authentication server according to the authorization confirmation message.
With reference to the fifth possible implementation manner of the third aspect, in a sixth possible implementation manner, when the processing unit sends the authorization code to the application server, the processing unit is specifically configured to:
sending the authorization code to the authentication server such that the authentication server sends the authorization code to the application client device, the authorization code being sent by the application client device to the application server; or
And sending the authorization code to the application client device in an NFC mode so that the application client device sends the authorization code to the application server.
In a fourth aspect, an embodiment of the present invention provides an authentication server, including:
the system comprises a receiving unit, a login unit and a login processing unit, wherein the receiving unit is used for receiving user identity information sent by an account management terminal and application description information of an application server to be logged in on application client equipment;
and the processing unit is used for acquiring user authorization according to the user identity information and the application description information received by the receiving unit, authenticating the application server, and logging in a user account corresponding to the account management terminal on the application server after the authentication is successful.
In a first possible implementation manner, the processing unit is specifically configured to:
sending an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
and sending an access token to the application server according to the authorization code provided by the application server, and logging in a user account corresponding to the account management terminal on the application server.
With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner, when the processing unit sends an authorization code to the account management terminal according to the user identity information and the application description information, the processing unit is specifically configured to:
authenticating the user account according to the user identity information, sending a user authorization request message to the account management terminal after the authentication is successful, and receiving an authorization confirmation message sent by the account management terminal;
and sending an authorization code to the account management terminal according to the authorization confirmation message.
With reference to the first possible implementation manner of the fourth aspect, in a third possible implementation manner, when the processing unit sends an access token to the application server according to the authorization code provided by the application server, and logs in a user account corresponding to the account management terminal on the application server, the processing unit is specifically configured to:
receiving an identity authentication request message sent by the application server, wherein the identity authentication request message carries the application identifier, the authorization code and the application key;
authenticating the application server according to the application identifier, the authorization code and the application key, and sending the access token to the application server after the authentication is successful;
receiving an account acquisition request message sent by the application server, wherein the account acquisition request message carries the access token;
and verifying the access token, and sending a user account corresponding to the account management terminal to the application server after the verification is successful.
In a fifth aspect, an embodiment of the present invention provides an account management terminal, including: a processor, a communication interface, a memory and a bus;
wherein the processor, the communication interface, and the memory are interconnected by the bus;
the memory is used for storing instructions or data;
the processor calls the instruction stored in the memory to acquire application description information of an application server to be logged in on application client equipment, and sends user identity information and the application description information to an identity verification server through the communication interface, so that the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server.
In a first possible implementation manner, the processor is specifically configured to: acquiring the address of the application server to be logged on the application client equipment from the application client equipment, and acquiring the application description information from the application server through the communication interface according to the address of the application server; or acquiring the application description information of the application server to be logged in on the application client device from the application client device.
With reference to the first possible implementation manner of the fifth aspect, in a second possible implementation manner, the account management terminal further includes: the system comprises a scanner or a Near Field Communication (NFC) transmitter, wherein the scanner or the NFC transmitter is interconnected with a processor through a bus;
when the processor acquires, from the application client device, an address of the application server to be logged in on the application client device, the processor is specifically configured to:
scanning an identification code displayed by the application client equipment through the scanner, and acquiring an address of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client device through the NFC transmitter in an NFC mode, and acquiring the address of the application server to be logged in on the application client device from the NFC electronic tag.
With reference to the first possible implementation manner of the fifth aspect, in a third possible implementation manner, the account management terminal further includes: a scanner or NFC transmitter interconnected with the processor via the bus;
the processor, when acquiring, from the application client device, application description information of the application server to be logged in on the application client device, is specifically configured to:
scanning an identification code displayed by the application client equipment through the scanner, and acquiring application description information of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client device through the NFC transmitter in an NFC mode, and acquiring the application description information of the application server to be logged in on the application client device from the NFC electronic tag.
With reference to the fifth aspect or any one of the first to third possible implementations of the fifth aspect, in a fourth possible implementation, the processor is specifically configured to:
sending the user identity information and the application description information to the identity verification server through the communication interface to obtain an authorization code;
and sending the authorization code to the application server through the communication interface, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
With reference to the fourth possible implementation manner of the fifth aspect, in a fifth possible implementation manner, when the processor sends the user identity information and the application description information to the identity verification server and obtains an authorization code, the processor is specifically configured to:
sending the user identity information and the application description information to the identity verification server through the communication interface; the application description information comprises an application identifier and a user information authority list;
receiving a user authorization request message sent by the authentication server through the communication interface;
receiving an authorization indication message through the communication interface, and sending an authorization confirmation message to the identity authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
and receiving the authorization code sent by the authentication server according to the authorization confirmation message through the communication interface.
With reference to the fifth possible implementation manner of the fifth aspect, in a sixth possible implementation manner, the account management terminal further includes: an NFC transmitter interconnected with the processor via the bus;
when sending the authorization code to the application server, the processor is specifically configured to:
sending the authorization code to the authentication server through the communication interface such that the authentication server sends the authorization code to the application client device, the authorization code being sent by the application client device to the application server; or
Sending the authorization code to the application client device in an NFC manner through the NFC transmitter, so that the application client device sends the authorization code to the application server.
In a sixth aspect, an embodiment of the present invention provides an authentication server, including:
a processor, a communication interface, a memory and a bus;
wherein the processor, the communication interface, and the memory are interconnected by the bus;
the communication interface is used for receiving user identity information sent by the account management terminal and application description information of an application server to be logged in on application client equipment;
the memory is used for storing instructions or data;
the processor calls the instruction stored in the memory to acquire user authorization according to the user identity information and the application description information, authenticates the application server, and logs in a user account corresponding to the account management terminal on the application server after the authentication is successful.
In a first possible implementation manner, the processor is specifically configured to:
sending an authorization code to the account management terminal through the communication interface according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
and according to the authorization code provided by the application server, sending an access token to the application server through the communication interface, and logging in a user account corresponding to the account management terminal on the application server.
With reference to the first possible implementation manner of the sixth aspect, in a second possible implementation manner, when the processor sends an authorization code to the account management terminal according to the user identity information and the application description information, the processor is specifically configured to:
the user account is authenticated according to the user identity information, a user authorization request message is sent to the account management terminal after the authentication is successful, and an authorization confirmation message sent by the account management terminal is received through the communication interface;
and sending an authorization code to the account management terminal through the communication interface according to the authorization confirmation message.
With reference to the first possible implementation manner of the sixth aspect, in a third possible implementation manner, when the processor sends an access token to the application server according to the authorization code provided by the application server, and logs in a user account corresponding to the account management terminal on the application server, the processor is specifically configured to:
receiving an identity authentication request message sent by the application server through the communication interface, wherein the identity authentication request message carries the application identifier, the authorization code and the application key; authenticating the application server according to the application identifier, the authorization code and the application key, and sending the access token to the application server through the communication interface after the authentication is successful;
receiving an account acquisition request message sent by the application server through the communication interface, wherein the account acquisition request message carries the access token;
and verifying the access token, and sending the user account corresponding to the account management terminal to the application server through the communication interface after the access token is successfully verified.
According to the technical scheme, the identity login method and the identity login equipment provided by the embodiment of the invention realize the unified management of the user account, the user can complete the login process through the account management terminal without remembering the account password, the complexity of user identity verification is integrally reduced, the problems of operation complexity, information leakage risk and the like caused by the operations of inputting the password account, remembering the password account, registering a new account and the like for multiple times are avoided, and the safety of network application is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a flowchart of an identity login method according to an embodiment of the present invention;
fig. 2 is a flowchart of another identity registration method according to an embodiment of the present invention;
fig. 3 is a flowchart of another identity registration method according to an embodiment of the present invention;
fig. 4 is a flowchart of another identity registration method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an account management terminal according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of another authentication server according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of an identity login method according to an embodiment of the present invention. As shown in fig. 1, the identity login method provided in this embodiment may be specifically applied to an identity login process in an internet application, and the identity login method specifically includes:
step A10, the account management terminal acquires application description information of an application server to be logged in on the application client device;
step A20, the account management terminal sends the user identity information and the application description information to an identity verification server, so that the identity verification server logs in the user account corresponding to the account management terminal on the application server after obtaining the user authorization and authenticating the application server.
Specifically, the account management terminal may be, for example, a mobile terminal such as a mobile phone, a tablet computer, or a PDA (Personal Digital Assistant), the application client device may be, for example, a terminal device such as a mobile phone, a tablet computer, a PDA, a Personal computer, or a notebook computer, an application client may be provided on the application client device to implement a specific application, and an application server is provided corresponding to the application client. The application client device may also be provided with a browser to implement various applications in the form of web pages, in which case different applications may have corresponding application servers.
The account management terminal can cooperate with the authentication server to realize unified management of user accounts, initially, a user registers the user account in advance and logs in the user account on the account management terminal, the authentication in the login process can specifically refer to the authentication processing process in the prior art, for example, the account management terminal sends the user account and a password to the authentication server, the authentication server authenticates the user account and the password, after the authentication is successful, the account management terminal is informed that the login is successful, and user identity information is sent to the account management terminal, and the user identity information is, for example, a service token (ServiceToken). Applications to be used by the user are also registered with the authentication server. After the user account logs in successfully on the account management terminal, when the user holding the account management terminal uses the registered application through the application client device, the user can log in the identity through the identity login method provided by the embodiment.
In the process that the user general application client device uses the application, when the application server needs to be logged in, the account management terminal obtains application description information of the application server, and the application description information may specifically include an application identifier (AppID), and may also include information such as a user information authority list. The application identifier is used for identifying the application, and the content of the user information authority list is different for different applications. For example, in the microblog application, the user information permission list may include a user name, news stories, a microblog release right, and the like. The account management terminal may also obtain the application description information in a variety of ways: in one implementation, the application client device may provide an address of the application server to the account management terminal through an identification code or an NFC (Near Field Communication), and the account management terminal accesses the application server according to the address to obtain the application description information; in another implementation, the application client device may obtain the application description information from the application server, and provide the application description information to the account management terminal through an identification code or an NFC manner. The account management terminal may also obtain the application description information in other manners, which is not limited to this embodiment.
And the account management terminal sends the user identity information and the application description information to an identity verification server, and the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server. When a user uses all applications registered in the authentication server to log in, the method provided by the embodiment can be adopted to perform identity login, that is, the user can log in all applications through one user account.
In the identity login method provided by this embodiment, the account management terminal acquires application description information of an application server to be logged in on the application client device, and sends the user identity information and the application description information to the authentication server, so that the authentication server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server. The unified management of the user accounts is realized, the user can complete the login process through the account management terminal without remembering the account password, the complexity of user identity authentication is reduced on the whole, the problems of operation complexity, information leakage risk and the like caused by operations of inputting the password account, memorizing the password account, registering a new account and the like for multiple times are avoided, and the safety of network application is improved.
In this embodiment, in step a10, the acquiring, by the account management terminal, the application description information of the application server to be logged in on the application client device may specifically include:
the account management terminal acquires the address of the application server to be logged on the application client equipment from the application client equipment; the account management terminal acquires the application description information from the application server according to the address of the application server; or
And the account management terminal acquires the application description information of the application server to be logged on the application client equipment from the application client equipment.
In this embodiment, the acquiring, by the account management terminal, the address of the application server to be logged in on the application client device from the application client device may specifically include:
the account management terminal scans an identification code displayed by the application client equipment and acquires an address of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And the account management terminal acquires an NFC electronic tag from the application client device in an NFC mode, and acquires the address of the application server to be logged in on the application client device from the NFC electronic tag.
In this embodiment, the acquiring, by the account management terminal, the application description information of the application server to be logged in on the application client device from the application client device may specifically include:
the account management terminal scans an identification code displayed by the application client equipment and acquires application description information of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And the account management terminal acquires an NFC electronic tag from the application client device in an NFC mode, and acquires the application description information of the application server to be logged in on the application client device from the NFC electronic tag.
For convenience of description, the following describes, by taking an example that a user accesses a website or a Web application through a browser provided on an application client device, a process in which an account management terminal acquires application description information of an application server to be logged in on the application client device, but the present invention is not limited thereto.
In one implementation, a user accesses a website or a Web application through a browser, and when login is required, the user may actively click a login option to trigger a login process, or a specific event in the browsing process triggers the login process. The browser sends an identification code acquisition request message to the authentication server through interface call, the website address of the website accessed by the user is transmitted to the authentication server as a parameter, and the website address of the website is the address of an application server bearing the website, such as a URL (Uniform Resource Locator) or an IP (Internet Protocol ) address. The browser may also transmit a connection code (ConnectionCode) as a parameter to the authentication server, where the connection code is used to uniquely identify the primary identification code acquisition request and may be calculated by a session identifier (SessionID). And the identity authentication server generates an identification code according to the received address of the application server, wherein the identification code comprises the address of the application server. The identification code may be, but is not limited to, a two-dimensional code, a three-dimensional code, a color code, a bar code, a black and white code, or a bull's eye code. And when the received information also contains the connection code, the identity authentication server generates an identification code according to the address of the application server and the connection code, wherein the identification code comprises the address of the application server and the connection code. The authentication server sends the identification code to the browser of the application client device. And after receiving the identification code sent by the authentication server, the browser displays the identification code to the user. And the user scans the identification code through a scanner of the account management terminal, analyzes the scanned identification code to obtain the address of the application server, and analyzes the identification code to obtain the connection code when the identification code also comprises the connection code. Or when the login process is triggered, the application client device may also directly obtain an identification code or an electronic tag including the address according to the address of the application server, if the identification code or the electronic tag is obtained, an NFC transmitter may be set in the application client device, and the electronic tag is sent to the account management terminal through the NFC transmitter, and the account management terminal obtains the address of the application server from the received electronic tag.
And the account management terminal accesses the corresponding application server according to the address and acquires the application description information from the application server. In a specific implementation process, the account management terminal may send an application description information acquisition request message to an application server indicated by the acquired address, and the application server returns application description information to the account management terminal according to the application description information acquisition request message.
In another implementation process, when a login process is triggered, the application client device may directly request the application server to acquire the application description information, generate an identification code or an electronic tag containing the application description information, and display the identification code to the user through a browser, so that the user scans the identification code through a scanner on the account management terminal to acquire the application description information, or send the electronic tag to the account management terminal through an NFC transmitter, and the account management terminal acquires the application description information from the electronic tag.
In the identity login process of the embodiment, the identity login can be realized by scanning the identification code or receiving the electronic tag through the account management terminal, and a user does not need to remember an account password, so that the operation flow is simplified.
Fig. 2 is a flowchart of another identity registration method according to an embodiment of the present invention. In this embodiment, based on the embodiment shown in fig. 1, as shown in fig. 2, in this embodiment, step a20 in the embodiment shown in fig. 1 may specifically include:
step A201, the account management terminal sends the user identity information and the application description information to the identity verification server to obtain an authorization code;
step a202, the account management terminal sends the authorization code to the application server, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
Specifically, the account management terminal sends the user identity information and the application information to the identity verification server, and the identity verification server can authenticate the corresponding user account according to the user identity information, obtain user authorization, generate an authorization code, and send the authorization code to the account management terminal. The account management terminal sends the authorization code to the application server, the application server obtains an access token (accesstken) between the application server and the authentication server through the authorization code, and the authentication server can authenticate the application server according to the access token. The security of the login process can be further improved by setting the access token, and the access token is only known by the authentication server and the application server.
In this embodiment, in step a201, the sending, by the account management terminal, the user identity information and the application description information to the identity verification server to obtain an authorization code may specifically include:
the account management terminal sends the user identity information and the application description information to the identity authentication server; the application description information comprises an application identifier and a user information authority list;
the account management terminal receives a user authorization request message sent by the identity authentication server;
the account management terminal receives an authorization indication message and sends an authorization confirmation message to the identity authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
and the account management terminal receives the authorization code sent by the authentication server according to the authorization confirmation message.
Specifically, the process of the authentication server obtaining the user authorization may be: the authentication server sends a user authorization request message to the account management terminal, where the user authorization request message may be implemented in the form of a user authorization confirmation interface, user information requiring user authorization may be displayed on the user authorization confirmation interface, the user information may specifically be information included in a user permission list (Scope), and a user may select part or all of the user information for authorization in a checking manner, that is, the user inputs authorization indication information. The user authorization can also be realized in a default mode, namely, during initial application configuration, a user can set an authorization range, and when the account management terminal receives the user authorization request message, an authorization confirmation message is automatically generated and sent to the identity authentication server.
In this embodiment, in step a202, the sending, by the account management terminal, the authorization code to the application server may include:
the account management terminal sends the authorization code to the authentication server, so that the authentication server sends the authorization code to the application client device, and the application client device sends the authorization code to the application server; or
And the account management terminal sends the authorization code to the application client device in an NFC mode so that the application client device sends the authorization code to the application server.
Specifically, in an implementation manner, when sending user identity information and application description information to the authentication server, the account management terminal may send a callback address (callbacurl) to the authentication server at the same time, so that when the authentication server returns an authorization code to the account management terminal, the authentication server returns the authorization code together with the callback address, and the account management terminal may perform local call according to the callback address to start a thread to execute a subsequent flow.
After receiving the identification code sent by the authentication server, the application client device may send an authorization code asynchronous request message to the authentication server to inform the authentication server to return the authorization code after generating the authorization code. After the authentication server generates the authorization code, the authorization code is not immediately returned to the application client device, but after receiving the authorization code sent by the account management terminal, the authentication server replies an authorization code asynchronous request initiated by the application client device. The account management terminal can simultaneously send the connection code when sending the authorization code to the authentication server, and the authentication server matches the unanswered asynchronous data request according to the connection code and correspondingly processes the asynchronous data request.
The authentication server sends the authorization code to the application client device, the application client device sends the authorization code to the application server, the application server sends the authorization code to the authentication server to obtain the access token, the application server sends the application token to the authentication server for authentication, and after the authentication is successful, the authentication server returns the user account to the application server to realize login. After successful login, the application server may notify the application client device that the login was successful.
In another implementation manner, the account management terminal may directly send the authorization code to the application client device in an NFC manner, the application client device sends the authorization code to the application server, the application server sends the authorization code to the authentication server to obtain the access token, the application server sends the application token to the authentication server for authentication, and after the authentication is successful, the authentication server returns the user account to the application server to implement login. After successful login, the application server may notify the application client device that the login was successful.
Fig. 3 is a flowchart of another identity registration method according to an embodiment of the present invention. As shown in fig. 3, the identity login method provided in this embodiment may be specifically implemented in cooperation with an identity login method applied to an account management terminal, and a specific implementation process is not described herein again. The identity login method provided by this embodiment specifically includes:
step B10, the authentication server receives the user identity information sent by the account management terminal and the application description information of the application server to be logged in on the application client device;
and step B20, the identity authentication server acquires user authorization according to the user identity information and the application description information, authenticates the application server, and logs in a user account corresponding to the account management terminal on the application server after the authentication is successful.
The identity login method provided by the embodiment realizes unified management of the user account, the user can complete the login process through the account management terminal without remembering the account password, the complexity of user identity verification is reduced on the whole, the problems of operation complexity and information leakage risk caused by operations of inputting the password account, memorizing the password account, registering a new account and the like for multiple times are avoided, and the safety of network application is improved.
Fig. 4 is a flowchart of another identity registration method according to an embodiment of the present invention. In this embodiment, based on the embodiment shown in fig. 3, as shown in fig. 4, in this embodiment, step B20 in the embodiment shown in fig. 3 may specifically include:
step B201, the identity authentication server sends an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
step B202, the authentication server sends an access token to the application server according to the authorization code provided by the application server, and logs in a user account corresponding to the account management terminal on the application server.
In this embodiment, in step B201, the sending, by the authentication server, an authorization code to the account management terminal according to the user identity information and the application description information may include:
the identity authentication server authenticates the user account according to the user identity information, sends a user authorization request message to the account management terminal after the authentication is successful, and receives an authorization confirmation message sent by the account management terminal;
and the identity authentication server sends an authorization code to the account management terminal according to the authorization confirmation message.
In this embodiment, step B202 may specifically include:
the identity authentication server receives an identity authentication request message sent by the application server, wherein the identity authentication request message carries the application identifier, the authorization code and the application key;
the identity verification server authenticates the application server according to the application identifier, the authorization code and the application key, and sends the access token to the application server after the authentication is successful;
the identity authentication server receives an account acquisition request message sent by the application server, wherein the account acquisition request message carries the access token;
and the identity authentication service authenticates the access token, and sends the user account corresponding to the account management terminal to the application server after the authentication is successful.
Specifically, the application server sends an identity authentication request message to the identity verification server, where the identity authentication request message carries information such as an authorization code, an application identifier, and an application key (AppSecret). And after receiving the identity authentication request message, the identity authentication server authenticates the application server, and if the authentication is successful, the access token is sent to the application server. After receiving the access token, the application server sends an account acquisition request message to the identity authentication server, and the account acquisition request message carries the access token to acquire the user account. And after receiving the account acquisition request message, the identity authentication server authenticates the access token, and if the authentication is successful, the user account is returned to the application server to realize login.
The following describes a specific implementation process of the identity login method provided by the embodiment of the present invention in detail through two specific application scenarios.
In a first application scenario, the application server is a forum server, and the application client device is provided with a browser through which a user can access the forum.
Step 1, after a user opens a forum login page through a browser, the browser sends an identification code acquisition request message to an identity verification server through interface calling, wherein the identification code acquisition request message carries a URL (uniform resource locator) of a forum server corresponding to the forum;
step 2, the identity authentication server returns an identification code to the browser;
step 3, the browser sends an authorization code asynchronous request message to the identity authentication server;
step 4, the account management terminal scans the identification code displayed in the browser;
step 6, the account management terminal analyzes the identification code to obtain information such as URL (uniform resource locator), a connection code (ConnectionCode) and the like;
step 7, the account management terminal sends an application description information acquisition request message to the forum server according to the obtained URL;
8, the forum server returns application description information to the account management terminal, wherein the application description information comprises information such as an application identifier (AppID) and a user permission list (Scope);
step 9, the account management terminal sends the AppID, the Scope, the service token (ServiceToken) and the callback address (CallbackURL) to the authentication server;
step 10, the authentication server performs validity check of AppID, Scope and ServiceToken, and returns a user authorization confirmation interface to the account management terminal after the check is successful;
step 11, the account management terminal submits user information (Option) authorized by the user and a device identifier (DeviceID) to the identity authentication server according to the user input so as to apply for an authorization code (AuthCode);
step 12, the authentication server checks the DeviceID, generates a unique Authcode, and returns the unique Authcode to the account management terminal according to the CallbackURL link;
step 13, the account management terminal submits Authcode and connection code (ConnectionCode) to the identity authentication server, and the identity authentication server is instructed to reply the authorization code request initiated by the browser;
step 14, the identity authentication server matches an unanswered asynchronous data request according to the ConnectionCode and sends AuthCode to the browser;
step 15, the browser initiates connection and submits the Authcode to the forum server;
step 16, the forum server extracts the relevant data of itself, and sends a token acquisition request message to the identity authentication server, wherein the token acquisition request message carries AuthCode, AppID and an application key (AppSecret);
step 17, the authentication server verifies the validity of Authcode, AppID and AppSecret, and if the verification is successful, an access token (Access token) is returned to the forum server;
step 18, the forum server sends an account number acquisition request message to the identity authentication server, wherein the account number acquisition request message carries the accesstken;
step 19, the identity authentication server verifies the validity of the AccessToken, and if the verification is successful, a user account (username) is returned to the forum server;
and step 20, the forum server submits a successful login result to the browser, and the browser refreshes corresponding application client equipment to finish a login session.
In a second application scenario, the application server is a group-buying website server, and the application client device is provided with a browser through which the user can access the group-buying website. Specifically, in the process of logging in the group purchase website, referring to step 1 to step 20 of the first application scenario, the forum server in the above steps may be replaced by the group purchase website server, and details are not repeated. After the login session is finished, the method may further include a step of obtaining a group purchase product ticket (Acode), that is, the following step.
Step 21, the user operates the group purchase product A through the browser, and the browser sends the operation information to the group purchase website server;
step 22, the group purchase website server pushes the username and Acode of the group purchase product A to an identity authentication server;
and step 23, the identity authentication server pushes the Acode to the account management terminal according to the username.
Fig. 5 is a schematic structural diagram of an account management terminal according to an embodiment of the present invention. As shown in fig. 5, the account management terminal provided in this embodiment may implement each step of the identity login method applied to the account management terminal provided in any embodiment of the present invention, and a specific implementation process is not described herein again. The account management terminal provided in this embodiment specifically includes:
an obtaining unit 11, configured to obtain application description information of an application server to be logged in on an application client device;
the processing unit 12 is configured to send the user identity information and the application description information acquired by the acquiring unit 11 to an identity verification server, so that the identity verification server logs in a user account corresponding to the account management terminal on the application server after acquiring user authorization and authenticating the application server.
The account management terminal provided by the embodiment realizes unified management of user accounts, a user can complete a login process through the account management terminal without remembering account passwords, complexity of user identity authentication is reduced on the whole, the problems of operation complexity and information leakage risk and the like caused by operations of inputting password accounts for many times, memorizing the password accounts, registering new accounts and the like are avoided, and safety of network application is improved.
In this embodiment, the obtaining unit 11 may specifically be configured to: acquiring the address of the application server to be logged on the application client equipment from the application client equipment, and acquiring the application description information from the application server according to the address of the application server; or acquiring the application description information of the application server to be logged in on the application client device from the application client device.
In this embodiment, when the obtaining unit 11 obtains, from the application client device, an address of the application server to be logged in on the application client device, specifically, the obtaining unit may be configured to:
scanning an identification code displayed by the application client equipment, and acquiring an address of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client equipment in a Near Field Communication (NFC) mode, and acquiring the address of the application server to be logged in on the application client equipment from the NFC electronic tag.
In this embodiment, when the obtaining unit 11 obtains, from the application client device, the application description information of the application server to be logged in on the application client device, specifically, the obtaining unit may be configured to:
scanning an identification code displayed by the application client equipment, and acquiring application description information of the application server to be logged in on the application client equipment from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
And acquiring an NFC electronic tag from the application client device in an NFC mode, and acquiring the application description information of the application server to be logged in on the application client device from the NFC electronic tag.
In this embodiment, the processing unit 12 may specifically be configured to:
sending the user identity information and the application description information to the identity verification server to obtain an authorization code;
and sending the authorization code to the application server, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
In this embodiment, when the processing unit 12 sends the user identity information and the application description information to the identity verification server and obtains an authorization code, it may specifically be configured to:
sending the user identity information and the application description information to the identity authentication server; the application description information comprises an application identifier and a user information authority list;
receiving a user authorization request message sent by the identity authentication server;
receiving an authorization indication message, and sending an authorization confirmation message to the identity authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
and receiving an authorization code sent by the authentication server according to the authorization confirmation message.
In this embodiment, when the processing unit 12 sends the authorization code to the application server, it may specifically be configured to:
sending the authorization code to the authentication server such that the authentication server sends the authorization code to the application client device, the authorization code being sent by the application client device to the application server; or
And sending the authorization code to the application client device in an NFC mode so that the application client device sends the authorization code to the application server.
Fig. 6 is a schematic structural diagram of an authentication server according to an embodiment of the present invention. As shown in fig. 6, the identity authentication server provided in this embodiment may implement each step of the identity login method applied to the identity authentication server provided in any embodiment of the present invention, and a specific implementation process is not described herein again. The authentication server provided in this embodiment specifically includes:
a receiving unit 21, configured to receive user identity information sent by an account management terminal and application description information of an application server to be logged in on an application client device;
and the processing unit 22 is configured to obtain user authorization according to the user identity information and the application description information received by the receiving unit 21, authenticate the application server, and log in a user account corresponding to the account management terminal on the application server after the authentication is successful.
The authentication server provided by the embodiment realizes unified management of the user account, the user can complete the login process through the account management terminal without remembering the account password, the complexity of user authentication is reduced on the whole, the problems of operation complexity and information leakage risk caused by operations of inputting the password account, memorizing the password account, registering a new account and the like for multiple times are avoided, and the security of network application is improved.
In this embodiment, the processing unit 22 may specifically be configured to:
sending an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
and sending an access token to the application server according to the authorization code provided by the application server, and logging in a user account corresponding to the account management terminal on the application server.
In this embodiment, when the processing unit 22 sends the authorization code to the account management terminal according to the user identity information and the application description information, the authorization code may be specifically configured to:
authenticating the user account according to the user identity information, sending a user authorization request message to the account management terminal after the authentication is successful, and receiving an authorization confirmation message sent by the account management terminal;
and sending an authorization code to the account management terminal according to the authorization confirmation message.
In this embodiment, when the processing unit 22 sends an access token to the application server according to the authorization code provided by the application server, and logs in a user account corresponding to the account management terminal on the application server, the processing unit may specifically be configured to:
receiving an identity authentication request message sent by the application server, wherein the identity authentication request message carries the application identifier, the authorization code and the application key;
authenticating the application server according to the application identifier, the authorization code and the application key, and sending the access token to the application server after the authentication is successful;
receiving an account acquisition request message sent by the application server, wherein the account acquisition request message carries the access token;
and verifying the access token, and sending a user account corresponding to the account management terminal to the application server after the verification is successful.
Fig. 7 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention. As shown in fig. 7, the account management terminal 700 provided in this embodiment may implement each step of the identity login method applied to the account management terminal provided in any embodiment of the present invention, and a specific implementation process is not described herein again. The account management terminal 700 provided in this embodiment specifically includes: processor 710, communication interface 720, memory 730, and bus 740;
wherein said processor 710, said communication interface 720 and said memory 730 are interconnected by said bus 740;
the memory 730 is used for storing instructions or data;
the processor 710 calls the instruction stored in the memory 730 to obtain the application description information of the application server to be logged in on the application client device, and sends the user identity information and the application description information to the authentication server through the communication interface 720, so that the authentication server logs in the user account corresponding to the account management terminal on the application server after obtaining the user authorization and authenticating the application server.
In this embodiment, the processor 710 may be specifically configured to: acquiring the address of the application server to be logged on the application client device from the application client device, and acquiring the application description information from the application server through the communication interface 720 according to the address of the application server; or acquiring the application description information of the application server to be logged in on the application client device from the application client device.
Fig. 8 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention, and fig. 9 is a schematic structural diagram of a fourth account management terminal according to an embodiment of the present invention. As shown in fig. 8 and 9, in this embodiment, the account management terminal 700 may further include: a scanner 750 or a NFC transmitter 760, wherein the scanner 750 or the NFC transmitter 760 is interconnected with the processor 710 via the bus 740. Fig. 8 shows an implementation manner of setting the scanner 750 in the account management terminal, fig. 9 shows an implementation manner of setting the NFC transmitter 760 in the account management terminal, and a person skilled in the art may also set the scanner 750 and the NFC transmitter 760 in the account management terminal at the same time as needed.
When the processor 710 obtains, from the application client device, an address of the application server to be logged in on the application client device, the processor may specifically be configured to:
scanning the identification code displayed by the application client device through the scanner 750, and acquiring the address of the application server to be logged in on the application client device from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
Acquiring, by the NFC transmitter 760, an NFC electronic tag from the application client device in an NFC manner, and acquiring, from the NFC electronic tag, an address of the application server to be logged in on the application client device.
In this embodiment, the account management terminal 700 may further include: a scanner 750 or an NFC transmitter 760, said scanner 750 or said NFC transmitter 760 interconnected with said processor 710 by said bus 740;
when the processor 710 obtains the application description information of the application server to be logged in on the application client device from the application client device, the processor may specifically be configured to:
scanning the identification code displayed by the application client device through the scanner 750, and acquiring application description information of the application server to be logged in on the application client device from the identification code; the identification code includes: two-dimensional codes, three-dimensional codes, color codes, bar codes, black and white codes or bulls-eye codes; or
Acquiring, by the NFC transmitter 760, an NFC electronic tag from the application client device in an NFC manner, and acquiring, from the NFC electronic tag, the application description information of the application server to be logged in on the application client device.
In this embodiment, the processor 710 may be specifically configured to:
sending the user identity information and the application description information to the authentication server through the communication interface 720 to obtain an authorization code;
the authorization code is sent to the application server through the communication interface 720, so that the application server obtains an access token from the authentication server through the authorization code, and the authentication server logs in a user account corresponding to the account management terminal on the application server.
In this embodiment, when the processor 710 sends the user identity information and the application description information to the identity verification server and obtains an authorization code, it may specifically be configured to:
sending the user identity information and the application description information to the authentication server through the communication interface 720; the application description information comprises an application identifier and a user information authority list;
receiving a user authorization request message sent by the authentication server through the communication interface 720;
receiving an authorization indication message through the communication interface 720, and sending an authorization confirmation message to the authentication server according to the authorization indication message; the authorization confirmation message carries user information authorized by a user, wherein the user information authorized by the user is part or all of the user information authority list, and the user information authorized by the user comprises the user account;
the authorization code sent by the authentication server according to the authorization confirmation message is received through the communication interface 720.
In this embodiment, the account management terminal 700 may further include an NFC transmitter 760, where the NFC transmitter 760 is interconnected with the processor 710 through the bus 740;
when the processor 710 sends the authorization code to the application server, specifically, to:
sending the authorization code to the authentication server via the communication interface 720, such that the authentication server sends the authorization code to the application client device, which sends the authorization code to the application server; or
Sending the authorization code to the application client device in an NFC manner through the NFC transmitter 760, so that the application client device sends the authorization code to the application server.
Fig. 10 is a schematic structural diagram of another authentication server according to an embodiment of the present invention. As shown in fig. 6, the authentication server 800 provided in this embodiment may implement each step of the identity login method applied to the authentication server provided in any embodiment of the present invention, and a specific implementation process is not described herein again. The authentication server 800 provided in this embodiment specifically includes: a processor 810, a communication interface 820, a memory 830, and a bus 840;
wherein the processor 810, the communication interface 820, and the memory 830 are interconnected by the bus 840;
the communication interface 820 is configured to receive user identity information sent by an account management terminal and application description information of an application server to be logged in on an application client device;
the memory 830 is used for storing instructions or data;
the processor 810 calls the instruction stored in the memory 830 to obtain the user authorization according to the user identity information and the application description information, authenticates the application server, and logs in the user account corresponding to the account management terminal on the application server after the authentication is successful.
In this embodiment, the processor 810 may specifically be configured to:
sending an authorization code to the account management terminal through the communication interface 820 according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
according to the authorization code provided by the application server, an access token is sent to the application server through the communication interface 820, and a user account corresponding to the account management terminal is logged in the application server.
In this embodiment, when sending the authorization code to the account management terminal according to the user identity information and the application description information, the processor 810 is specifically configured to:
authenticating the user account according to the user identity information, sending a user authorization request message to the account management terminal after the authentication is successful, and receiving an authorization confirmation message sent by the account management terminal through the communication interface 820;
and sending an authorization code to the account management terminal through the communication interface 820 according to the authorization confirmation message.
In this embodiment, when the processor 810 sends an access token to the application server according to the authorization code provided by the application server and logs in a user account corresponding to the account management terminal on the application server, the processor is specifically configured to:
receiving an identity authentication request message sent by the application server through the communication interface 820, where the identity authentication request message carries the application identifier, the authorization code, and the application key;
authenticating the application server according to the application identifier, the authorization code and the application key, and after the authentication is successful, sending the access token to the application server through the communication interface 820;
receiving an account acquisition request message sent by the application server through the communication interface 820, where the account acquisition request message carries the access token;
and verifying the access token, and after the verification is successful, sending a user account corresponding to the account management terminal to the application server through the communication interface 820.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (40)

1. An identity login method, comprising:
the account management terminal acquires application description information of an application server to be logged in from application client equipment;
the account management terminal receives user authorization request information sent by an identity authentication server and displays a user authorization confirmation interface;
the account management terminal acquires user input on the user authorization confirmation interface;
the account management terminal sends an authorization confirmation message to the identity authentication server according to the user input;
the identity authentication server responds to the received authorization confirmation message and sends an authorization code to the account management terminal;
the account management terminal sends the authorization code to the application client device;
the application client device sending the authorization code to the application server in response to receiving the authorization code;
the application server sends a token acquisition request message to the authentication server in response to receiving the authorization code;
the identity authentication server sends an access token to the application server in response to receiving the token acquisition request message;
the application server acquires a user account from the identity authentication server according to the access token;
and the application server returns a login success result to the application client equipment.
2. The identity login method of claim 1, wherein the application description information comprises an application identifier, or a user information permission list, or an application identifier and a user information permission list.
3. The identity login method of claim 1 or 2, wherein the user authorization confirmation interface comprises user information requiring user authorization.
4. The identity login method of claim 1, wherein the token acquisition request message comprises the authorization code, an application identifier and an application key.
5. The identity login method of claim 1, wherein the account management terminal obtains application description information of an application server to be logged in from an application client device, and the method comprises the following steps:
the account management terminal scans the two-dimensional code displayed by the application client device and obtains the application description information of the application server to be logged in from the two-dimensional code.
6. The identity login method of claim 1, wherein the account management terminal obtains application description information of an application server to be logged in from an application client device, and the method comprises the following steps:
the account management terminal acquires an NFC electronic tag from application client equipment and acquires application description information of an application server to be logged in from the NFC electronic tag.
7. An identity login method, comprising:
the account management terminal acquires application description information of an application server to be logged in from application client equipment;
the account management terminal receives user authorization request information sent by an identity authentication server and displays a user authorization confirmation interface;
the account management terminal acquires user input on the user authorization confirmation interface;
the account management terminal sends an authorization confirmation message to the identity authentication server according to the user input, wherein the authorization confirmation message is used for triggering the identity authentication server to send an authorization code to the account management terminal;
and the account management terminal sends the authorization code to the application client device.
8. The identity login method of claim 7, further comprising: the authorization code is communicated by the application client device to the application server.
9. The identity login method of claim 8, wherein the authorization code is used to trigger the application server to send a token acquisition request message to the authentication server.
10. The identity login method of claim 9, wherein the token acquisition request message is used to trigger the authentication server to send an access token to the application server.
11. The identity login method of claim 10, wherein the access token is used for the application server to obtain a user account from the authentication server.
12. The identity login method of any one of claims 7 to 11, wherein the application description information comprises an application identifier, or a user information permission list, or both an application identifier and a user information permission list.
13. The identity login method of claim 7, wherein the user authorization confirmation interface comprises user information requiring user authorization.
14. The identity login method of claim 9, wherein the token acquisition request message comprises the authorization code, an application identifier and an application key.
15. The identity login method of claim 7, wherein the account management terminal obtains application description information of the application server to be logged in from the application client device, and the method comprises the following steps:
the account management terminal scans the two-dimensional code displayed by the application client device and obtains the application description information of the application server to be logged in from the two-dimensional code.
16. The identity login method of claim 7, wherein the account management terminal obtains application description information of the application server to be logged in from the application client device, and the method comprises the following steps:
the account management terminal acquires an NFC electronic tag from application client equipment and acquires application description information of an application server to be logged in from the NFC electronic tag.
17. An identity login method, comprising:
the method comprises the steps that application client equipment displays a two-dimensional code, wherein the two-dimensional code comprises application description information of an application server to be logged in;
the application client device receives an authorization code sent by an account management terminal, wherein the authorization code is obtained by sending the authorization code to the account management terminal after an authentication server receives an authorization confirmation message sent by the account management terminal according to user input;
the application client device sends the authorization code to the application server, wherein the authorization code is used for triggering the application server to obtain an access token from the authentication server, and the access token is used for the application server to obtain a user account from the authentication server;
and the application client equipment receives a login success result returned by the application server.
18. The identity login method of claim 17, wherein the application description information comprises an application identifier, or a user information permission list, or an application identifier and a user information permission list.
19. An identity login method, comprising:
the identity authentication server sends a user authorization request message to the account management terminal;
the identity authentication server receives an authorization confirmation message sent by the account management terminal;
the identity authentication server sends an authorization code to the account management terminal;
the authentication server receives the authorization code sent by the account management terminal, the authentication server sends the authorization code to application client equipment, the authorization code is transmitted to the application server by the application client equipment, and the authorization code is used for triggering the application server to send a token acquisition request message to the authentication server;
and the authentication server responds to the received token acquisition request message and sends an access token to the application server, wherein the access token is used for the application server to acquire a user account from the authentication server.
20. The identity login method of claim 19, wherein the token acquisition request message comprises the authorization code, an application identifier and an application key.
21. An identity entry system, comprising: account management terminal, application client device, application server and authentication server, the system is configured to:
the account management terminal acquires application description information of an application server to be logged in from application client equipment;
the account management terminal receives user authorization request information sent by an identity authentication server and displays a user authorization confirmation interface;
the account management terminal acquires user input on the user authorization confirmation interface;
the account management terminal sends an authorization confirmation message to the identity authentication server according to the user input;
the identity authentication server responds to the received authorization confirmation message and sends an authorization code to the account management terminal;
the account management terminal sends the authorization code to the application client device;
the application client device sending the authorization code to the application server in response to receiving the authorization code;
the application server sends a token acquisition request message to the authentication server in response to receiving the authorization code;
the identity authentication server sends an access token to the application server in response to receiving the token acquisition request message;
the application server acquires a user account from the identity authentication server according to the access token;
and the application server returns a login success result to the application client equipment.
22. The system of claim 21, wherein the application description information comprises either a user information permission list or an application identifier and a user information permission list.
23. The system of claim 21 or 22, wherein the user authorization confirmation interface comprises user information requiring user authorization.
24. The system according to claim 21, wherein the token acquisition request message comprises the authorization code, an application identification and an application key.
25. The system of claim 21, wherein the account management terminal obtains application description information of the application server to be logged in from the application client device, and the method comprises:
the account management terminal scans the two-dimensional code displayed by the application client device and obtains the application description information of the application server to be logged in from the two-dimensional code.
26. The system of claim 21, wherein the account management terminal obtains application description information of the application server to be logged in from the application client device, and the method comprises:
the account management terminal acquires an NFC electronic tag from application client equipment and acquires application description information of an application server to be logged in from the NFC electronic tag.
27. An account management terminal, comprising: a processor, a communication interface, a memory and a bus;
wherein the processor, the communication interface, and the memory are interconnected by the bus;
the memory is used for storing instructions or data;
the processor invokes instructions stored in the memory to implement:
acquiring application description information of an application server to be logged in from application client equipment;
receiving user authorization request information sent by an identity authentication server, and displaying a user authorization confirmation interface;
obtaining user input at the user authorization confirmation interface;
sending an authorization confirmation message to the identity authentication server according to the user input, wherein the authorization confirmation message is used for triggering the identity authentication server to send an authorization code to the account management terminal;
sending the authorization code to the application client device.
28. The account management terminal of claim 27, wherein the authorization code is communicated by the application client device to the application server.
29. The account management terminal of claim 28, wherein the authorization code is configured to trigger the application server to send a token acquisition request message to the authentication server.
30. The account management terminal of claim 29, wherein the token acquisition request message is configured to trigger the authentication server to send an access token to the application server.
31. The account management terminal of claim 30, wherein the access token is used by the application server to obtain a user account from the authentication server.
32. The account management terminal according to any one of claims 27 to 31, wherein the application description information includes an application identifier, or a user information authority list, or both an application identifier and a user information authority list.
33. The account management terminal of claim 27, wherein the user authorization confirmation interface includes user information requiring user authorization.
34. The account management terminal according to claim 29, wherein the token acquisition request message includes the authorization code, an application identifier, and an application key.
35. The account management terminal of claim 27, wherein the obtaining of the application description information of the application server to be logged in from the application client device includes:
scanning a two-dimensional code displayed by application client equipment, and acquiring application description information of an application server to be logged in from the two-dimensional code.
36. The account management terminal of claim 27, wherein the obtaining of the application description information of the application server to be logged in from the application client device includes:
the method comprises the steps of obtaining an NFC electronic tag from application client equipment, and obtaining application description information of an application server to be logged in from the NFC electronic tag.
37. An application client device, comprising:
the display unit is used for displaying a two-dimensional code, and the two-dimensional code comprises application description information of an application server to be logged in;
the authentication server receives an authorization confirmation message sent by the account management terminal according to user input, and then sends the authorization code to the account management terminal;
a sending unit, configured to send the authorization code to the application server, where the authorization code is used to trigger the application server to obtain an access token from the authentication server, and the access token is used for the application server to obtain a user account from the authentication server;
the receiving unit is further configured to receive a login success result returned by the application server.
38. The application client device of claim 37, wherein the application description information comprises an application identifier, or a user information permission list, or an application identifier and a user information permission list.
39. An authentication server, comprising: a processor, a communication interface, a memory and a bus;
wherein the processor, the communication interface, and the memory are interconnected by the bus;
the memory is used for storing instructions or data;
the processor invokes instructions stored in the memory to implement:
sending a user authorization request message to an account management terminal;
receiving an authorization confirmation message sent by the account management terminal;
sending an authorization code to the account management terminal;
receiving the authorization code sent by the account management terminal, and sending the authorization code to application client equipment, wherein the authorization code is transmitted to an application server by the application client equipment, and the authorization code is used for triggering the application server to send a token acquisition request message to the identity verification server;
and responding to the received token obtaining request message, and sending an access token to the application server, wherein the access token is used for the application server to obtain a user account from the authentication server.
40. The authentication server according to claim 39, wherein the token acquisition request message comprises the authorization code, an application identification and an application key.
CN201710349035.XA 2013-06-19 2013-06-19 Identity login method and equipment Active CN107070945B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710349035.XA CN107070945B (en) 2013-06-19 2013-06-19 Identity login method and equipment

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
PCT/CN2013/077473 WO2014201636A1 (en) 2013-06-19 2013-06-19 Identity login method and device
CN201710349035.XA CN107070945B (en) 2013-06-19 2013-06-19 Identity login method and equipment
CN201380000876.XA CN103609090B (en) 2013-06-19 2013-06-19 Identity logs method and apparatus

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201380000876.XA Division CN103609090B (en) 2013-06-19 2013-06-19 Identity logs method and apparatus

Publications (2)

Publication Number Publication Date
CN107070945A CN107070945A (en) 2017-08-18
CN107070945B true CN107070945B (en) 2021-06-22

Family

ID=50126082

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201710349035.XA Active CN107070945B (en) 2013-06-19 2013-06-19 Identity login method and equipment
CN201380000876.XA Active CN103609090B (en) 2013-06-19 2013-06-19 Identity logs method and apparatus

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201380000876.XA Active CN103609090B (en) 2013-06-19 2013-06-19 Identity logs method and apparatus

Country Status (2)

Country Link
CN (2) CN107070945B (en)
WO (1) WO2014201636A1 (en)

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986720B (en) * 2014-05-26 2017-11-17 网之易信息技术(北京)有限公司 A kind of login method and device
CN105323291A (en) * 2014-08-04 2016-02-10 中兴通讯股份有限公司 Method and device for processing unified login of mobile applications
CN105049410B (en) * 2015-05-28 2018-08-07 北京奇艺世纪科技有限公司 A kind of account login method, apparatus and system
CN104869175B (en) 2015-06-16 2018-07-27 腾讯科技(北京)有限公司 Cross-platform account resource-sharing implementation method, apparatus and system
CN104902028B (en) * 2015-06-19 2019-02-15 广州密码科技有限公司 A kind of a key login authentication method, apparatus and system
CN106603469B (en) * 2015-10-16 2019-11-29 腾讯科技(深圳)有限公司 The method and apparatus for logging in application
CN105656922A (en) * 2016-02-04 2016-06-08 腾讯科技(深圳)有限公司 Login method and device of application program and intelligent equipment
CN106060032B (en) * 2016-05-26 2019-11-15 深圳市中润四方信息技术有限公司 User data integration and reassignment method and system
CN105978994B (en) * 2016-06-22 2019-01-18 武汉理工大学 A kind of login method of web oriented system
CN106791037B (en) * 2016-11-30 2021-01-15 腾讯科技(深圳)有限公司 Operation triggering method and system, mobile terminal and electromagnetic field generating equipment
CN106790240B (en) * 2017-01-22 2021-04-23 常卫华 Password-free login method, device and system based on third party authentication
CN106973041B (en) * 2017-03-02 2019-10-08 飞天诚信科技股份有限公司 A kind of method that issuing authentication authority, system and certificate server
US10637664B2 (en) * 2017-07-14 2020-04-28 NortonLifeLock Inc. User-directed identity verification over a network
CN107437010A (en) * 2017-07-25 2017-12-05 合肥红铭网络科技有限公司 A kind of server security activation system based on NFC
CN109753022A (en) * 2017-11-07 2019-05-14 智能云科信息科技有限公司 A kind of machine operation right management method, system, integrated system and lathe
CN108200089B (en) * 2018-02-07 2022-06-07 腾讯云计算(北京)有限责任公司 Method, device and system for realizing information security and storage medium
CN108768953B (en) * 2018-05-03 2020-12-18 深圳市简工智能科技有限公司 Control method, server and storage medium for scheduling process
CN108830099A (en) * 2018-05-04 2018-11-16 平安科技(深圳)有限公司 Call verification method, device, computer equipment and the storage medium of api interface
CN110505184B (en) * 2018-05-18 2022-02-22 深圳企业云科技股份有限公司 Enterprise network disk safe login authentication system and method
CN108959904A (en) * 2018-06-14 2018-12-07 平安科技(深圳)有限公司 Terminal device applies login method and terminal device
CN109325339A (en) * 2018-08-28 2019-02-12 北京点七二创意互动传媒文化有限公司 Exchange method and terminal for terminal
CN109274652B (en) * 2018-08-30 2021-06-11 腾讯科技(深圳)有限公司 Identity information verification system, method and device and computer storage medium
CN111107036B (en) * 2018-10-25 2023-08-25 博泰车联网科技(上海)股份有限公司 Login method, login system, vehicle-mounted terminal and computer readable storage medium
TWI725352B (en) 2018-11-05 2021-04-21 緯創資通股份有限公司 Method for authentication and authorization and authentication server using the same
CN110401767B (en) 2019-05-30 2021-08-31 华为技术有限公司 Information processing method and apparatus
CN110311786A (en) * 2019-06-19 2019-10-08 努比亚技术有限公司 A kind of data transmission method, terminal, server and computer storage medium
CN110572388B (en) * 2019-09-05 2022-01-04 北京宝兰德软件股份有限公司 Method for connecting unified authentication server and unified authentication adapter
CN110913275B (en) * 2019-11-19 2021-11-16 腾讯科技(深圳)有限公司 Method, system and storage medium for adding attribute information of target object
CN111491295B (en) * 2020-04-13 2024-02-27 佛山职业技术学院 NFC-based identity authorization and authentication method, device and system
CN111596843A (en) * 2020-04-29 2020-08-28 维沃移动通信有限公司 Application login method, first electronic device and second electronic device
CN111625810B (en) * 2020-05-28 2023-09-05 百度在线网络技术(北京)有限公司 Equipment login method, equipment and system
CN112929388B (en) * 2021-03-10 2022-11-01 广东工业大学 Network identity cross-device application rapid authentication method and system, and user agent device
CN113505353B (en) * 2021-07-09 2024-08-23 绿盟科技集团股份有限公司 Authentication method, authentication device, authentication equipment and storage medium
CN114978702B (en) * 2022-05-24 2024-03-19 上海哔哩哔哩科技有限公司 Account management method, platform and system, computing device and readable storage medium
CN115150154B (en) * 2022-06-30 2023-05-26 深圳希施玛数据科技有限公司 User login authentication method and related device
CN115604039B (en) * 2022-12-15 2023-03-10 江苏金智教育信息股份有限公司 Third-party assisted identity verification login method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685093A (en) * 2011-12-08 2012-09-19 陈易 Mobile-terminal-based identity authentication system and method
US8332238B1 (en) * 2012-05-30 2012-12-11 Stoneeagle Services, Inc. Integrated payment and explanation of benefits presentation method for healthcare providers
CN103067381A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Third-party service login method, login system and login device by means of platform-party account
JP2013114526A (en) * 2011-11-30 2013-06-10 Hitachi Ltd User authentication method and web system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212457A (en) * 2006-12-27 2008-07-02 鸿富锦精密工业(深圳)有限公司 Webpage privilege control system and method
US7845558B2 (en) * 2007-09-28 2010-12-07 First Data Corporation Accessing financial accounts with 3D bar code
CN101217368A (en) * 2007-12-29 2008-07-09 亿阳安全技术有限公司 A network logging on system and the corresponding configuration method and methods for logging on the application system
CN102238007A (en) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 Method, device and system for acquiring session token of user by third-party application
CN102625297B (en) * 2011-01-27 2016-01-13 腾讯科技(深圳)有限公司 For identity management method and the device of mobile terminal
CN102868670A (en) * 2011-07-08 2013-01-09 北京亿赞普网络技术有限公司 Unified registration and logon system as well as registration and logon method for mobile user
CN102497635B (en) * 2011-11-28 2015-07-08 宇龙计算机通信科技(深圳)有限公司 Server, terminal and account password acquisition method
CN102638473B (en) * 2012-05-04 2014-12-10 盛趣信息技术(上海)有限公司 User data authorization method, device and system
CN102801713A (en) * 2012-07-23 2012-11-28 中国联合网络通信集团有限公司 Website logging-in method and system as well as accessing management platform
CN102821104B (en) * 2012-08-09 2014-04-16 腾讯科技(深圳)有限公司 Authorization method, authorization device and authorization system
CN102769531A (en) * 2012-08-13 2012-11-07 鹤山世达光电科技有限公司 Identity authentication device and method thereof
CN103023919A (en) * 2012-12-26 2013-04-03 百度在线网络技术(北京)有限公司 Two-dimensional code based login control method and two-dimensional code based login control system
CN103023918B (en) * 2012-12-26 2016-08-31 百度在线网络技术(北京)有限公司 The mthods, systems and devices logged in are provided for multiple network services are unified

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013114526A (en) * 2011-11-30 2013-06-10 Hitachi Ltd User authentication method and web system
CN102685093A (en) * 2011-12-08 2012-09-19 陈易 Mobile-terminal-based identity authentication system and method
US8332238B1 (en) * 2012-05-30 2012-12-11 Stoneeagle Services, Inc. Integrated payment and explanation of benefits presentation method for healthcare providers
CN103067381A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Third-party service login method, login system and login device by means of platform-party account

Also Published As

Publication number Publication date
WO2014201636A1 (en) 2014-12-24
CN107070945A (en) 2017-08-18
CN103609090B (en) 2017-06-06
CN103609090A (en) 2014-02-26

Similar Documents

Publication Publication Date Title
CN107070945B (en) Identity login method and equipment
US10223520B2 (en) System and method for integrating two-factor authentication in a device
EP2878115B1 (en) Online user account login method and server system implementing the method
US9882885B2 (en) Systems and methods for login and authorization
CN104092542B (en) A kind of account login method, Apparatus and system
US9130929B2 (en) Systems and methods for using imaging to authenticate online users
CN106779716B (en) Authentication method, device and system based on block chain account address
US20150222435A1 (en) Identity generation mechanism
CN105991614B (en) It is a kind of it is open authorization, resource access method and device, server
CN103067378A (en) Log-in control method and system based on two-dimension code
CN104468531A (en) Authorization method, device and system for sensitive data
US11165768B2 (en) Technique for connecting to a service
CN103036902A (en) Login control method and login control system based on two-dimension code
CN103023919A (en) Two-dimensional code based login control method and two-dimensional code based login control system
CN104767617A (en) Message processing method, system and related device
CN115022047A (en) Account login method and device based on multi-cloud gateway, computer equipment and medium
CN103428698A (en) Identity strong authentication method of mobile interconnection participants
CN107590662B (en) Authentication method for calling online bank system, authentication server and system
EP3268890B1 (en) A method for authenticating a user when logging in at an online service
CN115017535A (en) Access method and device of cloud desktop operating system, electronic equipment and storage medium
KR20210047838A (en) Server and method for security communication using image code
CN114765780A (en) Identity verification method and device and related equipment
CN113360855A (en) Account login method and device, electronic equipment and computer readable storage medium
IT201600115265A1 (en) Process and computer system for the identification and authentication of the digital identity of a subject in possession of a personal telecommunication device.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant