CN107317680B

CN107317680B - Method and system for marking safety account and computer readable storage medium

Info

Publication number: CN107317680B
Application number: CN201710511169.7A
Authority: CN
Inventors: 刘孟焱
Original assignee: Nubia Technology Co Ltd
Current assignee: Nubia Technology Co Ltd
Priority date: 2017-06-28
Filing date: 2017-06-28
Publication date: 2021-06-15
Anticipated expiration: 2037-06-28
Also published as: CN107317680A

Abstract

The invention discloses a method for marking a safety account number, which comprises the following steps: when an account number access request of an access terminal is detected, a developer identification of the access terminal is generated according to the account number access request; calculating the developer identification and a preset user identification according to a preset algorithm to generate a first identification account; and marking a safety account for the access end according to the first identification account. Through the embodiment, corresponding identification accounts are configured for different application manufacturers, mobile phone applications correspondingly issued by the application manufacturers are distinguished, so that the different application manufacturers have unique identification accounts, the identification accounts prevent the accounts from being illegally used by malicious infiltration, and the safety of the identification accounts corresponding to the different application manufacturers is improved.

Description

Method and system for marking safety account and computer readable storage medium

Technical Field

The present invention relates to the field of account security technologies, and in particular, to a method for marking a secured account, an account security system, and a computer-readable storage medium.

Background

With the development of mobile phone manufacturers, more and more applications are built in mobile phones. Mobile phone manufacturers need to build account platforms around their own systems, provide corresponding platform accounts for each application manufacturer, and manage and maintain users in a centralized manner. And the application manufacturer accesses the account platform constructed by the mobile phone manufacturer by using the account ID with identification provided by the platform so as to provide corresponding functional services.

However, most account platforms only provide a common account ID for many developers, so that each application manufacturer is not easy to distinguish, and different application manufacturers share an account ID, which has a certain security risk. Meanwhile, account IDs provided by a plurality of account platforms are simple and easy to crack and permeate, so that great potential safety hazards exist.

Disclosure of Invention

The invention mainly aims to provide a method for marking a safety account, an account safety system and a computer readable storage medium, aiming at solving the technical problem of low safety caused by the fact that different manufacturers of accounts share the same platform account.

In order to achieve the above object, an embodiment of the present invention provides a method for marking a secured account, where the method for marking a secured account includes:

when an account number access request of an access terminal is detected, a developer identification of the access terminal is generated according to the account number access request;

calculating the developer identification and a preset user identification according to a preset algorithm to generate a first identification account;

and marking a safety account for the access end according to the first identification account.

Optionally, the byte of the first identification account is provided with a preset length value, the step of calculating the developer identification and the preset user identification according to a preset algorithm to generate the first identification account includes:

performing logical operation on the developer identification and the user identification based on the splicing symbol to generate a splicing code, and obtaining the length of the splicing code;

when the length of the splicing code is smaller than a preset length value, calculating and acquiring a target splicing code with the length being the preset length value based on the splicing symbol and the complementary bit code;

and determining the target splicing code as the first identification account.

Optionally, the step of marking a secured account for the access terminal according to the first identified account includes:

carrying out algorithm encryption on the first identification account number to obtain a new first identification account number;

and marking a safety account number for the access end according to the new first identification account number.

Optionally, the step of performing algorithm encryption on the first identification account to obtain a new first identification account includes:

coding byte data of the first identification account in a first coding format to obtain a byte array;

carrying out symmetric algorithm encryption on the byte array to generate a ciphertext array;

and outputting the ciphertext array in a second encoding format to obtain a new first identification account.

Optionally, the second encoding format is an unreadable format, and the method for marking a secured account number further includes:

when an identification account number decryption instruction is received, encoding the encrypted new first identification account number in a second encoding format to obtain a ciphertext array;

carrying out symmetric algorithm decryption on the ciphertext array to obtain a byte array;

and outputting the byte array in a first coding format to obtain a first identification account number.

Optionally, the method for marking a secured account number further includes:

when a third party verification request is received, acquiring a second identification account in the third party verification request;

and when the second identification account number is detected to be matched with the safety account number acquired based on the access terminal, the authentication authorization of the third party authentication request is passed.

Optionally, the method for marking a secured account number further includes:

and acquiring all running data associated with the first identification account so as to perform statistical analysis on the operating characteristics of the first identification account.

Optionally, the account access request includes an interface request, account information, verification information, and a device digital signature.

The invention also provides an account security system, comprising: a memory, a processor, a communication bus, and an account number security identification program stored on the memory,

the communication bus is used for realizing communication connection between the processor and the memory;

the processor is used for executing the account security identification program to realize the following steps:

and determining the target splicing code as the first identification account.

Optionally, the method for marking a secured account number further includes:

Further, to achieve the above object, the present invention also provides a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors for:

According to the technical scheme, firstly, when an account access request of an access terminal is detected, a developer identifier of the access terminal is generated according to the account access request; then, calculating the developer identification and a preset user identification according to a preset algorithm to generate a first identification account; and finally, marking a safety account number for the access end according to the first identification account number. According to the invention, the corresponding identification accounts are configured for different application manufacturers, and the mobile phone applications correspondingly issued by the application manufacturers are distinguished, so that the different application manufacturers have unique identification accounts, and the identification accounts prevent the accounts from being maliciously infiltrated and embezzled, and the safety of the identification accounts corresponding to the different application manufacturers is improved.

Drawings

Fig. 1 is a schematic diagram of a hardware structure of a mobile terminal according to various embodiments of the present invention;

fig. 2 is a diagram of a communication network system architecture according to an embodiment of the present invention;

fig. 3 is a schematic view of a first embodiment of a method for marking a secured account according to the present invention;

fig. 4 is a flowchart illustrating a method for tagging a secured account according to a first embodiment of the present invention;

fig. 5 is a scene schematic diagram of a second embodiment of a method for marking a secured account according to the present invention;

fig. 6 is a flowchart illustrating a method for tagging a secured account according to a first embodiment of the present invention;

fig. 7 is a flowchart illustrating a method for tagging a secured account according to a second embodiment of the present invention;

fig. 8 is a flowchart illustrating a method for tagging a secured account according to a third embodiment of the present invention;

fig. 9 is a flowchart illustrating a method for tagging a secured account according to a fourth embodiment of the present invention;

FIG. 10 is a flowchart illustrating a method for tagging a secured account number according to a fifth embodiment of the present invention;

fig. 11 is a flowchart illustrating a method for tagging a secured account according to a sixth embodiment of the present invention;

fig. 12 is a schematic device structure diagram of a hardware operating environment according to a method of an embodiment of the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.

The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and the like, and a fixed terminal such as a Digital TV, a desktop computer, and the like.

The following description will be given by way of example of a mobile terminal, and it will be understood by those skilled in the art that the construction according to the embodiment of the present invention can be applied to a fixed type terminal, in addition to elements particularly used for mobile purposes.

Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present invention, the mobile terminal 100 may include: RF (Radio Frequency) unit 101, WiFi module 102, audio output unit 103, a/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the mobile terminal in detail with reference to fig. 1:

the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).

WiFi belongs to short-distance wireless transmission technology, and the mobile terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 102, and provides wireless broadband internet access for the user. Although fig. 1 shows the WiFi module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the WiFi module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.

The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the WiFi module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.

The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.

Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.

The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.

The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or more processing units; preferably, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.

The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.

Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.

In order to facilitate understanding of the embodiments of the present invention, a communication network system on which the mobile terminal of the present invention is based is described below.

Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present invention, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.

Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.

The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Among them, the eNodeB2021 may be connected with other eNodeB2022 through backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.

The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. The MME2031 is a control node that handles signaling between the UE201 and the EPC203, and provides bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).

The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.

Although the LTE system is described as an example, it should be understood by those skilled in the art that the present invention is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.

Based on the above mobile terminal hardware structure and communication network system, the present invention provides various embodiments of the method.

The invention provides a method for marking a secured account, which comprises the following steps of, in a first embodiment of the method for marking a secured account, with reference to fig. 6:

step S10, when detecting the account number access request of the access terminal, generating the developer identification of the access terminal according to the account number access request;

in order to guarantee the safety of data such as product accounts of application manufacturers, the account safety system automatically generates a unique account which can be identified by the system for IDs of various application manufacturers accessing the system so as to distinguish respective data systems of the application manufacturers. And the account safety system detects the data instruction of the open interface in real time. The access terminal is an object which accesses the account security system through a specified open interface and realizes normal data exchange, such as a third-party website, authentication equipment, an unregistered legal terminal and the like.

It should be noted that the present invention focuses on the security login verification of the access terminal, so the account security system can detect the legal authorization of the access terminal in advance, and can detect the legal authorization through various security verification methods such as IP positioning, URL legal security authentication, authorization verification code, etc. The technical details of the detection method are not described herein. After the security of the access terminal is confirmed, the access terminal is allowed to call an open interface of the account security system so as to realize data communication.

When an account request of an access terminal is detected, the account security system firstly analyzes and acquires identification information of the access terminal. For example, company a accesses the account security system, and the account access request of a carries the identity of company a, such as the name of the company or the identity with company authentication information. According to the identification information of the access terminal and the preset conditions in the system, the account safety system generates the developer identification of the access terminal in a configuration mode.

The developer identification refers to identity authentication information capable of confirming the access terminal. The preset conditions refer to a developer identification generation rule formed in the system, account access requests of different access ends are different, so that the generated developer identifications are also different, and for two child access ends which belong to the same father access end, the account access requests are analyzed in the preset conditions of the system and can be associated with the father access end, so that unified and distinguishable account identification management is realized. Namely, the developer identification and the first identification account are mutually hooked, so that account numbers of other sub-access ends under the same access end can be ensured to be the same, account numbers of the access ends are unified and marked to be unified, account number intercommunication is realized, and account number information sharing is facilitated.

For example, company A owns subsidiary a1 and subsidiary a 2. Assuming that the developer identifier of the company a is 123, if the system detects an account access request of the access terminal a1, according to preset conditions of the system, the company a1 belongs to a subsidiary company of the company a, acquires identification information of the company a1, and generates a developer identifier 123_ a1 of the company a1, so that the developer identifier of the company a1 can be integrated under the company a, and the company a can be associated with development data and operation data of the subsidiary company a1 when performing various development operation operations based on the system, thereby realizing consistency of the integrated planning.

Alternatively, referring to fig. 3, different application software is developed from company B, and each uploaded application software is configured with an independent application account ID, namely app _ ID, by the system. Since the uploaded application software all belong to company B, while configuring the independent application account ID, it is also necessary to associate each app _ ID to a developer _ ID, where the developer _ ID is a developer identifier, that is, identifier information representing company B. According to app _ id (i.e. user identification) and developer _ id (i.e. developer identification), the account security system generates a first identification account by using a preset algorithm, and the first identification account is used as a verification source for verifying the validity of an access terminal and is a precondition for whether a company B can normally access various functional services of the account security system.

Step S20, calculating the developer identification and the preset user identification according to a preset algorithm to generate a first identification account;

and step S30, marking a safety account for the access terminal according to the first identification account.

The user identification refers to unique identity authentication information configured for the access end by the system, although the developer identification belongs to the identity authentication information of the access end, the developer identification is easy to be penetrated and stolen, and the user identification is a hidden identification which can be identified only in the system. The preset algorithm is a logic algorithm configured in the system according to the actual configuration, and may be an existing public algorithm or various customized private algorithms, which is not limited herein. The developer identification and the user identification can be subjected to logic operation through a preset algorithm, so that a first identification account is generated. The first identification account obtained based on the preset algorithm is not tampered by the access terminal, is authenticated by the inside of the system, and cannot be changed and deleted unless the access terminal cancels the file. The first identification account number can be classified into various categories, such as VIeID (general account and identity management), OpenID (cross-site identity management), and ClaimID (web service for creating user profile and reputation).

After the first identification account is generated, the account security system directly marks a security account for the access terminal according to the first identification account. Since the access terminal sends an account access request first when connecting the account security system each time, the first identification account in this embodiment is generated by a real-time account access request, that is, since the preset algorithm is fixed, the first identification account generated by the access terminal is a fixed account which is not recognized externally, and the mechanism generated in real time can avoid malicious theft of computer virus programs.

To assist understanding of the present embodiment, the following will be explained by way of an example:

referring to fig. 4, when the access terminal accesses the account security system with the account access request, the system first performs security detection on the access terminal. After the validity of the access terminal is confirmed, the access terminal is connected to the account security system. At the moment, the account security system acquires the identification information according to the account access request of the access terminal, and generates a developer identification of the access terminal according to the preset condition and the identification information. The developer identification can mark the identity information of the access end, and the system can also mark whether other associated access ends exist in the access end or not through the developer identification. The system takes a developer identifier and a preset user identifier as reference data, and obtains a first identifier account through a preset fixed algorithm operation.

The first identification account is generated according to the account access request of the access terminal, so that the first identification account can directly represent the identity authentication of the access terminal. That is, assuming that the access terminal obtains the first identification account and accesses the account security system with the first identification account, the access terminal may perform various development and operation operations within the authority in the account security system. And various operations are recorded in a database of the system as an operation log for subsequent statistical analysis.

Meanwhile, various operations of the access terminal in the account security system, such as uploading product data, modifying function settings or various operation activities, are recorded in the database of the account security system. According to the connection of the first identification account, the access end can call various operation records to realize the statistical analysis of various data. And the operation belonging to the access end does not need to be inquired out, and then the statistical analysis is carried out by oneself, so that the mixed and disorderly invalid statistical data of different access end data can not be generated, the business plan data can be prevented from being acquired by other access ends, and the data security is greatly ensured.

Further, on the basis of the first embodiment of the method for marking a secured account according to the present invention, a second embodiment of the method for marking a secured account is proposed, with reference to fig. 7, where a difference between the second embodiment and the first embodiment is that a byte of the first identified account is provided with a preset length value, and the step of generating the first identified account by calculating the developer identifier and the preset user identifier according to a preset algorithm includes:

step S21, carrying out logic operation on the developer identification and the user identification based on the splicing symbol to generate a splicing code, and obtaining the length of the splicing code;

step S22, when the length of the splicing code is smaller than the preset length value, calculating and acquiring a target splicing code with the length being the preset length value based on the splicing symbol and the complementary bit code;

step S23, determine the target splicing code as the first identification account.

The generation of the first identification account can be obtained by the algorithm operation of the developer identification and the user identification. And carrying out logic operation on the developer identification and the user identification through the splicing symbol according to a preset algorithm to obtain a splicing code. Referring to fig. 5, the developer identifier and the user identifier are spliced by a dot number, and the total length of the generation of the first identification account is specified to be 32 bits in this embodiment, that is, the operation result obtained after the developer identifier and the user identifier are operated must be 32 bits. When the length of the splicing code is less than 32 bits, bit complementing is needed on the basis of the splicing code, for example, a splicing symbol is added after the splicing code, and the byte length of 32 bits is complemented to obtain the target splicing code, wherein the splicing symbol also occupies one byte.

The target splicing code is an arithmetic operation result, that is, the target splicing code is the first identification account required in this embodiment, and is determined as the first identification account to be used.

It should be noted that fig. 5 is only an example of an algorithm in the present embodiment, and is only an explanation, which does not mean that only the algorithm is provided in the present embodiment, and a real preset algorithm may be formed by complex logic operations, which is not described herein again.

Further, on the basis of the first embodiment of the method for marking a secured account number, a third embodiment of the method for marking a secured account number is provided, and referring to fig. 8, a difference between the third embodiment and the first embodiment is that the step of marking a secured account number as an access terminal according to the first identified account number includes:

step S31, carrying out algorithm encryption on the first identification account number to obtain a new first identification account number;

and step S32, marking a safety account for the access terminal according to the new first identification account.

After the first identification account is acquired, in order to improve the security of the first identification account, confidentiality can be maintained by encrypting the first identification account.

Preferably, the present embodiment may encrypt the first identification account by using an AES algorithm. The AES algorithm is an encryption algorithm that may be used to protect electronic data. Specifically, AES is an iterative, symmetric key block cipher that can use 128, 192, and 256 bit keys and encrypt and decrypt data in 128 bit (16 byte) blocks. In the present embodiment, the AES encryption algorithm uses the same key encryption. The number of bits of the encrypted data returned by the block cipher is the same as the input data. Iterative encryption uses a loop structure in which input data is repeatedly replaced and replaced. AES encrypted data is in a sense indestructible because no known cryptanalysis attack can decrypt the AES ciphertext unless a forced traversal searches through all possible 256-bit keys. The reliability and the safety of the first identification account are greatly increased by adopting the AES algorithm.

By carrying out algorithm encryption on the first identification account number, the system obtains a new first identification account number, and the encrypted new first identification account number is confirmed as a security account number of the access terminal.

Further, on the basis of the third embodiment of the method for marking a secured account number, a fourth embodiment of the method for marking a secured account number is proposed, and referring to fig. 9, a difference between the fourth embodiment and the third embodiment is that the step of performing algorithm encryption on the first identified account number to obtain a new first identified account number includes:

step S311, encoding byte data of the first identification account in a first encoding format to obtain a byte array;

step S312, carrying out symmetric algorithm encryption on the byte array to generate a ciphertext array;

and step 313, outputting the ciphertext array in a second encoding format to obtain a new first identification account.

The algorithm encryption mode of the first identification account has diversified choices. In this embodiment, since the first identification account exists in the form of byte data, the system may encode the byte data of the first identification account in the first encoding format to obtain a corresponding byte array. The first encoding format is preferably a UTF-8 encoding format. After the data is coded into a byte array, the system carries out symmetric algorithm encryption on the byte array to generate ciphertext data.

In order to avoid potential safety hazards such as cracking of the first identification account in an exhaustive manner. The encryption rule of the embodiment adopts AES/CFB/NoPadding for encryption, and the AES/CFB has the following advantages:

1. the plain mode is hidden;

2. converting the block cipher into a stream mode;

3. data that is smaller than a packet may be transmitted encrypted in time.

After encryption, the encrypted account number is output in a second encoding format, in this embodiment, the second encoding format is preferably output in a Base64 encoding format, and the length of the first identified account number can be shortened by adopting the Base64 encoding format, so that compared with the traditional 16-system output, the length of the ciphertext of the first identified account number is significantly reduced. And the key and the IV required by the AES/CFB are generated and stored by the server side, so that the security of the key is ensured.

Further, on the basis of the fourth embodiment of the method for marking a secured account number, a fifth embodiment of the method for marking a secured account number is provided, and referring to fig. 10, a difference between the fifth embodiment and the fourth embodiment is that the second encoding format is an unreadable format, and the method for marking a secured account number further includes:

step S40, when receiving the identification account number decryption instruction, encoding the encrypted new first identification account number in a second encoding format to obtain a ciphertext array;

step S50, carrying out symmetric algorithm decryption on the ciphertext array to obtain a byte array;

and step S60, outputting the byte array in a first encoding format to obtain a first identification account.

The algorithm decryption process of the present embodiment is opposite to the encryption process, corresponding to the encryption process of the first identification account. When the access terminal uploads the application data, the account security system acquires the uploaded data and verifies the account data. When the identification account decryption instruction is received, the encrypted new first identification account is encoded in a second encoding format (such as a Base encoding format in a preferred scheme), and ciphertext data of the first identification account is obtained. And carrying out symmetric algorithm decryption on the ciphertext data, such as an AES/CFB/NoPadding algorithm, wherein the decryption algorithm and the encryption algorithm belong to the same algorithm. And after the ciphertext array is decrypted, a corresponding byte array is obtained, the byte array is subjected to coding and transcoding and is output in a first coding format (such as a UTF-8 coding format in a preferred scheme), and the account security system can obtain the required first identification account.

Further, on the basis of the first embodiment of the method for marking a secured account number, a sixth embodiment of the method for marking a secured account number is provided, and referring to fig. 11, the difference between the sixth embodiment and the first embodiment is that the method for marking a secured account number further includes:

step S70, when a third party verification request is received, a second identification account in the third party verification request is obtained;

and step S80, when the second identification account number is matched with the safety account number acquired based on the access terminal, the authentication authorization of the third party authentication request is passed.

The account security system serves as a first authentication platform for identifying the account and also can serve as a third-party guarantee mechanism for credit verification. The access terminal completes registration of a first identification account in the account security system, and the first identification account is accurate identity authentication information of the access terminal, so that when the access terminal logs in or authorizes a third-party platform such as a third-party website or a third-party application, identity authentication registration login can be performed on the third-party platform without the need of performing identity authentication registration login, but the account security system is directly used as a security party, and the first identification account registered in the account security system is used as an authentication source to authenticate a third-party authentication request.

It should be noted that the third-party platform must be hooked with the account security system, that is, the account security system needs to authorize the third-party platform to support the functional application of the system, and only after being authenticated by the account security system, the third-party platform can send a third-party verification request to the account security system.

For the convenience of understanding the present embodiment, the following will be explained by way of an example:

if the access terminal registers the first identification account in the account security system and the third-party platform to which the access terminal currently logs in supports the login of the first identification account, the access terminal may select the first identification account in the third-party platform to log in, and the third-party platform or the access terminal sends a third-party verification request to the account security system. And when the account security system receives the third party verification request, the account security system acquires a second identification account built in the third party verification request. Because the third party verification request necessarily has corresponding account information, and the account information is set as a second identification account, the second identification account will be used as a verification source of the account security system. When the security account (i.e., the first identification account) input into the account security system by the access terminal can be matched with the second identification account, it is verified that the third party verification request belongs to a valid and valid verification request, and at this time, the account security system passes the third party verification request.

Further, on the basis of the first embodiment of the method for marking a secured account number, a seventh embodiment of the method for marking a secured account number is provided, and referring to fig. 12, the difference between the seventh embodiment and the first embodiment is that the method for marking a secured account number further includes:

A large amount of operation data, including various operation information, status data, and the like, is associated with the first identification account. And acquiring all the running data associated with the first identification account, filtering the running data, removing invalid data and abnormal data, and performing statistical analysis. The data model of the first identification account is extracted through data mining of the operation data, the operation characteristics of the first identification account are induced and established, and the account safety platform is favorable for providing more targeted function service for the first identification account.

For example, assuming that the first identification account is a game running account, based on the first identification account, the access terminal uploads a large number of game applications, and in all game applications, the download volumes of the application a and the application B are relatively high, and the number of active users is large, it is proved that the popularity frequency of the application a and the application B is higher. Through statistical analysis of the operation data, the account security system can improve the weight coefficients of the application A and the application B, so that the system or other game recommendation platforms can provide more home page recommendation bits for the application A and the application B conveniently, and the popularization strength of the application A and the application B is improved.

Further, on the basis of the first embodiment of the method for marking a secured account according to the present invention, an eighth embodiment of the method for marking a secured account is provided, where the difference between the eighth embodiment and the first embodiment is that the account access request includes an interface request, account information, verification information, and a device digital signature.

The account access request comprises various data information, such as an interface request, and is used for the access end to request a data interface from the account security system so as to exchange data; the account information is used for the account security system to generate a developer identifier; the verification information and the equipment data signature are used for detecting and verifying the legal security of the access terminal by the account security system.

Referring to fig. 12, fig. 12 is a schematic device structure diagram of a hardware operating environment related to a method according to an embodiment of the present invention.

The terminal of the embodiment of the invention can be a PC, and can also be a terminal device such as a smart phone, a tablet computer, an electronic book reader, an MP3(Moving Picture Experts Group Audio Layer III, dynamic video Experts compression standard Audio Layer 3) player, an MP4(Moving Picture Experts Group Audio Layer IV, dynamic video Experts compression standard Audio Layer 4) player, a portable computer and the like.

As shown in fig. 12, the account security system may include: a processor 1001, such as a CPU, a memory 1005, and a communication bus 1002. The communication bus 1002 is used for realizing connection communication between the processor 1001 and the memory 1005. The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.

Optionally, the account security system may further include a user interface, a network interface, a camera, RF (Radio Frequency) circuitry, sensors, audio circuitry, a WiFi module, and so forth. The user interface may comprise a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface may also comprise a standard wired interface, a wireless interface. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface).

Those skilled in the art will appreciate that the account security system configuration shown in fig. 12 does not constitute a limitation of the account security system and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.

As shown in fig. 12, a memory 1005, which is a kind of computer storage medium, may include an operating system, a network communication module, and an account security identification program therein. The operating system is a program that manages and controls the account security system hardware and software resources, and supports the operation of the account security identification program, as well as other software and/or programs. The network communication module is used to enable communication between the various components within the memory 1005, as well as with other hardware and software in the account security system.

In the account security system shown in fig. 12, the processor 1001 is configured to execute an account security identification program stored in the memory 1005, and implement the following steps:

Further, the byte of the first identification account is provided with a preset length value, the developer identification and the preset user identification are calculated according to a preset algorithm, and the step of generating the first identification account includes:

and determining the target splicing code as the first identification account.

Further, the step of marking the secured account number for the access terminal according to the first identification account number comprises:

Further, the step of performing algorithm encryption on the first identification account to obtain a new first identification account includes:

Further, the second encoding format is an unreadable format, and the method for marking the secured account number further includes:

Further, the method for marking a secured account number further includes:

Further, the account access request comprises an interface request, account information, verification information and a device digital signature.

and determining the target splicing code as the first identification account.

Further, the method for marking a secured account number further includes:

The present invention also provides a computer readable storage medium storing one or more programs, the one or more programs being further executable by one or more processors for:

The specific implementation manner of the computer-readable storage medium of the present invention is substantially the same as that of the above-mentioned embodiments of the method for marking a secured account and the account security system, and is not described herein again.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims

1. A method for marking a secured account number is characterized by comprising the following steps:

when an account access request of an access terminal is detected, an account security system analyzes and acquires identification information of the access terminal, and configures and generates a developer identification of the access terminal according to the identification information and a developer identification generation rule in the system, wherein the access terminal is a company for developing application software;

calculating the developer identification and a preset user identification according to a preset algorithm to generate a first identification account, wherein the user identification is an application account ID configured by a system for application software of the company;

2. The method for marking a secured account according to claim 1, wherein bytes of the first identification account have a preset length value, and the step of generating the first identification account by calculating the developer identification and a preset user identification according to a preset algorithm comprises:

and determining the target splicing code as the first identification account.

3. The method for labeling secured account numbers according to claim 1, wherein the step of labeling secured account numbers for access terminals according to the first identified account number comprises:

4. The method for token of a secured account number according to claim 3, wherein the step of performing algorithmic encryption on the first identified account number to obtain a new first identified account number comprises:

5. The method for labeling a secured account number according to claim 4, wherein the second encoding format is an unreadable format, and the method for labeling a secured account number further comprises:

6. The method for labeling a secured account number according to claim 1 or 4, wherein the method for labeling a secured account number further comprises:

7. The method for labeling a secured account number according to claim 1, wherein the method for labeling a secured account number further comprises:

8. The method for labeling secured account numbers according to claim 1, wherein the account number access request includes an interface request, account number information, authentication information, and device digital signature.

9. An account security system, comprising: a memory, a processor, a communication bus, and an account number security identification program stored on the memory,

the processor is configured to execute the account number security identification program to implement the steps of the method for signing a secured account number according to any one of claims 1 to 8.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon an account security identification program, which when executed by a processor implements the steps of the method for labelling a secured account number according to any of claims 1 to 8.