CN108616499B - Authentication method of application program, terminal and computer readable storage medium - Google Patents

Authentication method of application program, terminal and computer readable storage medium Download PDF

Info

Publication number
CN108616499B
CN108616499B CN201810175285.0A CN201810175285A CN108616499B CN 108616499 B CN108616499 B CN 108616499B CN 201810175285 A CN201810175285 A CN 201810175285A CN 108616499 B CN108616499 B CN 108616499B
Authority
CN
China
Prior art keywords
authentication information
user identity
identity authentication
application program
temporary user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810175285.0A
Other languages
Chinese (zh)
Other versions
CN108616499A (en
Inventor
刘孟焱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nubia Technology Co Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201810175285.0A priority Critical patent/CN108616499B/en
Publication of CN108616499A publication Critical patent/CN108616499A/en
Application granted granted Critical
Publication of CN108616499B publication Critical patent/CN108616499B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses an authentication method of an application program, a terminal and a computer readable storage medium, which can monitor whether the operation of opening a webpage appears in the application program when the application program is in a foreground running state; if yes, acquiring temporary user identity authentication information within the validity period of the current authentication information of the application program; when the preset condition is met, the temporary user identity authentication information is sent to the server providing the webpage, and because the temporary user identity authentication information is only effective in the valid period of the current authentication information and the duration of the valid period of the authentication information does not exceed the preset threshold value, the effective duration of the temporary user identity authentication information can be effectively limited, the exposure risk and the grabbing risk of the temporary user identity authentication information are reduced, and the potential safety hazard possibly existing in the webpage embedded in the application program in the prior art is avoided.

Description

Authentication method of application program, terminal and computer readable storage medium
Technical Field
The present invention relates to the field of information technology, and more particularly, to an authentication method for an application program, a terminal, and a computer-readable storage medium.
Background
At present, the application range of various APPs in the mobile phone is more and more extensive, and people can quickly acquire information through the APPs. Because the update of APP is realized through downloading the installation package, certain flow and time can be consumed, if the APP is frequently updated, a large amount of flow and time of a user can be consumed, and the user experience is greatly reduced. Therefore, for the user experience, the APP provider may control the update speed of the APP, but such control may cause the APP to be difficult to update quickly, which may cause the operation to be difficult to operate quickly, and may cause difficulty in popularizing some APPs that need to be updated quickly, for example, APPs that need to update quickly the type of activity and the type of task.
The current idea is that an H5(HTML5) page is generally adopted for processing, the H5 page is embedded into an APP, and interfaces which need strong operation and frequent change, such as an active page, a check-in page, a task page and the like, can be opened by the APP through the use of the H5 page under the condition that the APP is not updated quickly.
However, the embedded H5 page brings an authentication problem, because the App page is not authenticated, the current practice of the user center is to use a token issued to the App by the server, and when an active page, a check-in page, and a task page in the App operate, the token is transmitted to the server as an identity check information as a parameter, so that the state synchronization of the App and the H5 user is realized.
However, because the H5 interface has a great difficulty in encrypting the transferred parameters, token information is easy to capture, and some users can use the token to perform automatic processing, that is, to automatically call the interface every day to check in, participate in activities, draw a lottery and other information, which is similar to a plug-in program and causes waste of operation cost. The Token used by the general App is effective from the time of logging in an account to the time of logging out the account, and at present, after applications on a mobile phone, such as WeChat, QQ, Taobao and the like, log in once, a user does not need to log in again for a long time (for example, one or two years), which increases the risk of Token exposure, and may cause potential safety hazards to H5.
Disclosure of Invention
The technical problem to be solved by the present invention is that in a conventional authentication scheme of a web interface in an APP in the prior art, identity authentication information sent to a server is exposed and easy to capture, and for this technical problem, an authentication method, a terminal and a computer-readable storage medium for an application program are provided.
In order to solve the above technical problem, the present invention provides an authentication method for an application program, which comprises:
monitoring whether the operation of opening a webpage appears in the application program when the application program is in a foreground running state;
if yes, acquiring temporary user identity authentication information within the validity period of the current authentication information of the application program; the temporary user identity authentication information is only valid within the validity period of the current authentication information; the duration of the validity period of the authentication information does not exceed a preset threshold;
and when the preset condition is met, sending temporary user identity authentication information to a server providing the webpage.
Optionally, after sending the temporary user identity authentication information to the server providing the web page, the method further includes:
and receiving feedback information sent by the server after the server passes the verification of the temporary user identity authentication information.
Optionally, the duration of the validity period of the authentication information is a default duration built in the application program; alternatively, the duration of the validity period of the authentication information is set or changed by the provider of the application program.
Optionally, when the preset condition is met, sending the temporary user identity authentication information to the server providing the web page includes:
and sending temporary user identity authentication information to a server providing the webpage.
Optionally, when the preset condition is met, sending the temporary user identity authentication information to the server providing the web page includes:
when a user initiates an operation needing authentication through the operation of the webpage, temporary user identity authentication information is sent to a server providing the webpage.
Optionally, before obtaining the temporary user identity authentication information within the validity period of the current authentication information of the application program, the method further includes:
requesting temporary user identity authentication information from a user center server when the application program is converted from a background running state to a foreground running state for the first time within the validity period of the current authentication information of the application program; receiving temporary user identity authentication information sent by a user center server;
or receiving the temporary user identity authentication information of the application program sent by the user center server side when the application program starts to enter the current validity period of the authentication information.
Optionally, the temporary user identity authentication information sent by the user center server is information encrypted according to the encryption key;
after receiving the temporary user identity authentication information sent by the user center server, the method further comprises the following steps:
acquiring a decryption key corresponding to the encryption key;
and decrypting the temporary user identity authentication information according to the decryption key.
Optionally, before obtaining the temporary user identity authentication information within the validity period of the current authentication information of the application program, the method further includes:
and receiving a decryption key returned by the user center server after the login information sent by the user center server is authenticated.
Furthermore, the invention also provides a terminal, which comprises a processor, a memory and a communication bus;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more programs stored in the memory to implement the steps of the method for authenticating an application program as described above.
Further, the present invention also provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the steps of the authentication method of an application program as described above.
Has the advantages that:
the invention provides an authentication method of an application program, a terminal and a computer readable storage medium, which can monitor whether the operation of opening a webpage appears in the application program when the application program is in a foreground running state; if so, acquiring temporary user identity authentication information within the validity period of the current authentication information of the application program; when the preset condition is met, the temporary user identity authentication information is sent to a server providing a webpage, and because the temporary user identity authentication information is only effective in the valid period of the current authentication information and the duration of the valid period of the authentication information does not exceed a preset threshold, the effective duration of the temporary user identity authentication information can be effectively limited.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
fig. 1 is an electrical schematic diagram of an alternative terminal for implementing various embodiments of the present invention.
FIG. 2 is a diagram of a wireless communication system for the mobile terminal shown in FIG. 1;
fig. 3 is a flowchart of an authentication method for an application according to a first embodiment of the present invention;
fig. 4 is a flowchart of another method for authenticating an application according to the first embodiment of the present invention;
fig. 5 is a structural diagram of a terminal according to a second embodiment of the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
The terminal of the present invention may be a terminal having a bendable screen, and the display screen of the terminal may be a flexible screen, and the terminal of the present invention may be implemented in various forms. For example, the terminal described in the present invention may be a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like.
The following description will be given by way of example of a mobile terminal, and it will be understood by those skilled in the art that the construction according to the embodiment of the present invention can be applied to a fixed type terminal, in addition to elements particularly used for mobile purposes.
Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present invention, the mobile terminal 100 may include: RF (Radio Frequency) unit 101, WiFi module 102, audio output unit 103, a/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the mobile terminal in detail with reference to fig. 1:
the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).
WiFi belongs to short-distance wireless transmission technology, and the mobile terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 102, and provides wireless broadband internet access for the user. Although fig. 1 shows the WiFi module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the WiFi module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.
The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the WiFi module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.
The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.
Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.
The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.
The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or more processing units; preferably, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.
The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.
Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.
In order to facilitate understanding of the embodiments of the present invention, a communication network system on which the mobile terminal of the present invention is based is described below.
Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present invention, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.
Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.
The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Among them, the eNodeB2021 may be connected with other eNodeB2022 through backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.
The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. The MME2031 is a control node that handles signaling between the UE201 and the EPC203, and provides bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).
The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.
Although the LTE system is described as an example, it should be understood by those skilled in the art that the present invention is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.
Based on the above mobile terminal hardware structure and communication network system, the present invention provides various embodiments of the method.
The first embodiment:
in the year of transverse migration of the APP (Application), for the whole product research and development team, high-speed iteration and explosive function addition become the time label of the internet industry, and the progress measurement in hours or even minutes becomes a normal state. In order to improve the function richness of APPs, most APPs are full of high-ratio webpage (such as H5 page) or elements, from the current mainstream APPs of non-tool and non-large games, the part with hardware function, which is not changed all the year round and has high utilization rate uses native APPs, and other functions are almost realized by the clear color H5. At present, a Token is generally sent to a corresponding server by an H5 page when authentication is needed, the encryption difficulty of parameters transmitted by an H5 page is high, the Token information is easy to grasp due to the method, part of users can use the Token to perform automatic processing, namely, the interface is automatically called every day to perform operations such as sign-in, activity participation, lottery drawing and the like, the operations are similar to plug-in, the operation cost of an APP operator is wasted, the validity period of the application of the Token by the App is usually long, and the users do not need to log in again after most application users log in for a long time, so that the risk of Token exposure is increased. In order to solve the above problem, the present embodiment provides an authentication method for an application program, where a flowchart of the authentication method for an application program is shown in fig. 3, and the method includes:
s301, when an application program is in a foreground running state, monitoring whether the operation of opening a webpage in the application program occurs or not; if yes, entering S302, otherwise, continuing monitoring;
s302, acquiring temporary user identity authentication information within the validity period of the current authentication information of the application program; the temporary user identity authentication information is only valid within the validity period of the current authentication information; the duration of the validity period of the authentication information does not exceed a preset threshold;
s303, when the preset condition is met, sending temporary user identity authentication information to a server providing the webpage so that the server can authenticate the identity of the user according to the temporary user identity authentication information.
In this embodiment, the terminal where the application program is located may be a mobile terminal such as a mobile phone and a tablet computer, or a fixed terminal such as a desktop computer and a smart television. The types of applications in this embodiment include, but are not limited to, games, social communications, shopping, and the like.
At present, many APPs require a user account to log in to use a complete function, so it can be understood that, in an example of this embodiment, the application program in S301 may be in a login state, and a user name and a password of a user of the application program have been authenticated by the user center server. In S301, the application program in the foreground running state provides a user interface for the user, where the user interface may have functions provided by the native APP or may have entries for entering a web page, and generally, the user may enter the web page in the application program by clicking the web page entries on the user interface, so the operation of monitoring whether the web page is opened in the application program in S301 includes: and monitoring whether a user clicks a webpage entrance on a user interface on the application program, and if so, determining that the operation of opening the webpage appears in the application program.
When a web page is opened in an application program, it may be necessary to send user identity authentication information, such as token, to a server providing the web page, and in order to reduce the possibility of capturing the user identity authentication information as much as possible, the user identity authentication information in this embodiment is effective temporary user identity authentication information only within the validity period of the current authentication information. The step S302 is a step of acquiring the temporary user identity authentication information, the sequence of the step in the above scheme is only an example, in practice, it is only required to acquire the temporary user identity authentication information before sending the temporary user identity authentication information to the server providing the web page, and after the step S303 satisfies the preset condition, the step S is also possible before sending the temporary user identity authentication information to the server providing the web page, and this embodiment is not limited thereto.
In this embodiment, one function of the temporary user identity authentication information is to inform the server of which user initiated the operation on the web page, so it can be understood that the temporary user identity authentication information is information that can be mapped to the user identity (including but not limited to the user account on the application program) and is known by both the terminal and the server. Generally, the temporary user identity authentication information is automatically generated by the server side according to a certain rule and is sent to the terminal, but in other examples, the temporary user identity authentication information may also be generated by the terminal and sent to the server.
It can be understood that, in this embodiment, no matter which end the temporary user identity authentication information is generated, since the temporary user identity authentication information is valid only within the validity period of the corresponding authentication information, a new temporary user identity authentication information is necessarily generated whenever a new validity period of the authentication information is entered. In this embodiment, if it is monitored that the operation of opening the web page appears in the application program, the temporary user identity authentication information of the application program within the current authentication information validity period is obtained, the duration of the authentication information validity period does not exceed a preset threshold, and the number of the clients of the preset threshold may be 12 hours, one day, two days, and the like, which is not limited in this embodiment.
The following describes the relationship between the temporary user identity authentication information and the validity period of the authentication information in this embodiment with reference to the following example.
Assuming that the application program is a WeChat, the validity period of the authentication information is one day, the validity period of the authentication information is one authentication information every day, a user clicks an entrance of a webpage at 11 o' clock in No. 2/12 in 2018, the user obtains temporary user identity authentication information A, when the user clicks the entrance of a webpage again in the WeChat in No. 2/13/10 in 2018, the previous information A is invalid, new temporary user identity authentication information B needs to be obtained, and the user obtains and finally uses the temporary user identity authentication information B when clicking any webpage entrance in the WeChat in the time period of No. 0:00-24:00 in No. 2/13 in 2018.
In this embodiment, when a preset condition is met, temporary user identity authentication information is sent to a server providing a web page, and the sending mode includes, but is not limited to, wired network sending and wireless network sending.
In an example of this embodiment, the step of obtaining the temporary user identity authentication information by the server providing the web page may be only to count which users click to view the web page, and at this time, it may be irrelevant whether the server feeds back the web page to the terminal of the user and whether the temporary user identity authentication information authentication passes, so after an operation of opening the web page in the application program, there may be no relation between the receiving of the web page by the terminal from the server and the sending of the temporary user identity authentication information, and the web page may have been fed back to the terminal when the terminal sends the temporary user identity authentication information; however, in another example, it is also possible that the server only feeds back the web page to the terminal after the temporary user identity authentication information is authenticated.
In one example, after sending the temporary user identity authentication information to the server providing the web page, the method further includes: and receiving feedback information sent by the server after the temporary user identity authentication information is verified, wherein the feedback information may be a webpage or information such as successful sign-in and the like.
In one example, the duration of the validity period of the authentication information may be a default duration built into the application, such as one day; in another example, the duration of the authentication information validity period may be set or changed by the provider of the application, considering that the validity period may vary according to the needs of the application provider or the service provider; in another example, the authority for setting the duration of the validity period of the authentication information may be opened to the user.
For most of the current webpages in the APP, when the user clicks the webpage entry in the APP to enter the webpage, the temporary user identity authentication information needs to be sent to the server of the webpage, so in one example, the preset condition may be considered as an unconditional condition, and when the preset condition is satisfied, sending the temporary user identity authentication information to the server providing the webpage includes: and sending temporary user identity authentication information to a server providing the webpage.
In some cases, when the APP enters the web page, the step of sending the temporary user identity authentication information to the server providing the web page may not be triggered, but the temporary user identity authentication information may need to be sent to the server providing the web page only when the user performs some operations in the web page, such as check-in, join a task, and join an activity, so in one example, when the preset condition is met, the sending the temporary user identity authentication information to the server providing the web page includes: when a user initiates an operation needing authentication in a webpage, temporary user identity authentication information is sent to a server providing the webpage. In this example, the preset condition is that the user initiates an operation in the web page that requires authentication. The operation requiring authentication may be triggered by the user clicking on a web page, such as a check-in.
In one example, the update speed of the web page embedded in the APP may be greatly different, and the update speed of some web pages is very low, while some web pages are very high, at this time, different user identity authentication information may be adopted for different web pages. Optionally, when the preset condition is met, sending the temporary user identity authentication information to the server providing the web page includes: when a user initiates an operation needing authentication in a webpage, judging whether the authentication security level corresponding to the operation is a first level, if so, sending temporary user identity authentication information to a server providing the webpage. The web page update speed can be taken as an element to be considered for establishing the authentication security level. The faster the update speed of the web page, the higher the authentication security level.
Optionally, after the operation of opening the web page appearing in the application program is monitored, the method further includes: acquiring access user identity authentication information of an application program; the access user identity authentication information is valid during the period from the login to the logout of the application program from the account; if the judgment result that whether the authentication security level corresponding to the operation is the first level is judged to be negative, after judging whether the authentication security level corresponding to the operation is the first level, the method further comprises the following steps: and sending the access user identity authentication information to a server providing the webpage.
In the solution of this embodiment, the temporary user identity authentication information is only valid within the validity period of the authentication information corresponding to the temporary user identity authentication information, and it is expected that there must be one acquisition process of the temporary user identity authentication information within each validity period of the authentication information, in an example, the temporary user identity authentication information is actively sent by the terminal to the user center server, and optionally, before acquiring the temporary user identity authentication information within the validity period of the current authentication information of the application program, the method further includes:
requesting temporary user identity authentication information from a user center server when the application program is converted from a background running state to a foreground running state for the first time within the validity period of the current authentication information of the application program; and receiving temporary user identity authentication information sent by the user center server.
For example, the duration of the validity period of the authentication information of the kyoto APP is set to 1 day, the time period is from 0:00 to 24:00 every day, in 2018, No. 2, No. 13, the user activates the kyoto APP for the first time in the morning at 9:10, and then the terminal detects the activation (that is, the kyoto APP is switched from background operation to foreground operation), requests the temporary user identity authentication information of No. 2018, No. 2, No. 13 from the user center server, and receives the temporary user identity authentication information returned by the user center server. By analogy, in 2018, 14/2, if the user activates the APP in kyoto at a certain time for the first time, the terminal also requests the temporary user identity authentication information of 14/2/2018 (different from the temporary user identity authentication information of 13) from the user center server, and receives the temporary user identity authentication information returned by the user center server.
In another example, the temporary user identity authentication information may be sent to the user identity authentication information actively by the user center server when the application starts to enter each validity period of the authentication information, in which case the user center server knows the duration and period of the validity period of the authentication information on the terminal. Optionally, before obtaining the temporary user identity authentication information within the validity period of the current authentication information of the application program, the method further includes:
and receiving the temporary user identity authentication information which is effective in the current authentication information validity period and is sent by the user center server side when the application program starts to enter the current authentication information validity period.
For example, the duration of the validity period of the authentication information of the Jingdong APP is set to 1 day, the time period is from 0:00 to 24:00 every day, in 2018, No. 2, No. 13 and No. 0:00, the user center server side actively issues the temporary user identity authentication information which is valid within No. 2, No. 13 to the Jingdong APP, and the terminal receives the temporary user identity authentication information. Optionally, if the sending of the temporary user identity authentication information fails (the mobile phone is powered off, the network is not good, and the like), the user center server sends the temporary user identity authentication information at regular intervals until the sending is successful.
In this embodiment, the user center server that issues the temporary user identity authentication information and the server that provides the web page may be the same device or different devices, and the user center server and the server may be distributed.
In an example, in order to further ensure the security of the temporary user identity authentication information, the user center server may encrypt the temporary user identity authentication information with an encryption key, and the terminal performs corresponding decryption after receiving the temporary user identity authentication information, so as to ensure the security of the temporary user identity authentication information during the transmission process.
Optionally, the temporary user identity authentication information sent by the user center server is information encrypted according to the encryption key; after receiving the temporary user identity authentication information sent by the user center server, the method further comprises the following steps: acquiring a decryption key corresponding to the encryption key; and decrypting the temporary user identity authentication information according to the decryption key.
In an example, the decryption key may be determined by a terminal, the terminal obtains a pair of encryption and decryption keys before requesting the temporary user identity authentication information, and sends the encryption keys to the user center server, and the user center server encrypts the temporary user identity authentication information by using the encryption keys; in another example, the above-mentioned decryption key may be determined by the user center server side, and the decryption key may be sent to the terminal by the user center server side at the beginning of each validity period of the authentication information, but considering that the user center server side serves more than one terminal, the resource required for sending the decryption key once in each validity period of the authentication information increases, so in order to avoid increasing the burden on the user center server side, the decryption key may be sent to the terminal when the terminal registers in the application program, and optionally, in this embodiment, before obtaining the temporary user identity authentication information in the current validity period of the authentication information of the application program, the method further includes: and receiving a decryption key returned by the user center server after the login information sent by the user center server is authenticated.
By adopting the authentication method of the application program of the embodiment, the temporary user identity authentication information is only valid in the valid period of the current authentication information, and the duration of the valid period of the authentication information does not exceed the preset threshold, so that the valid duration of the user identity authentication information can be effectively limited, after the valid period of one authentication information is over, the current temporary user identity authentication information is invalid, the valid period of the other authentication information is opened, and the terminal uses the other temporary user identity authentication information, thereby reducing the exposure risk and the grabbing risk of the temporary user identity authentication information, and avoiding the potential safety hazard possibly existing in the webpage embedded in the application program in the prior art.
Second embodiment:
in this embodiment, another method for authenticating a web page in an application program is provided, in which, assuming that the application program is a user center APP, a user center server and a server are the same terminal devices, an authentication information validity period is one day and a time period is 0:00-24:00 per day, and the web page embedded in the APP is an H5 page, the method includes the following steps:
step A: user centric App logon
The user inputs a user name and a password on a login interface of the APP, the client sends the user name and the password to the user center server, after authentication is passed, the user center server generates an Access token (namely, access user identity authentication information in the first embodiment) and a SecretKey (namely, a decryption key in the first embodiment) to issue and return to the client, and the user center server also stores the Access token and the SecretKey. The access token and the secretekey use UUID generation, the UUID is called universal Unique Identifier, and the UUID is a rule for Unique ID calculation issued by the Open Software Foundation (OSF). It is a 128bit number that can be represented as 32 16-ary characters separated by a symbol in the middle.
The common forms are: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxx.
Where the first 16 characters represent the timestamp and UUID version number, the next 4 characters represent the time sequence and reserved fields, and the last 12 characters are the node identification.
In the generation mode of the accesstken and secrekey, 16 random bytes can be generated by using the SecureRandom of Java, then the 6 th byte is set to Version4, and the 8 th byte is set to IETF identification. Finally, the "-" is removed to produce a string of characters such as 66d52e80b04e4d809dda5849e817aa 44.
And B: user center APP obtains WebToken (i.e. temporary user identity authentication information in the first embodiment) through ciphertext
When a user needs to enter a check-in page to check in, the App is necessarily activated first, so that the APP is switched from a background to a foreground to run, and a client initiates a request for acquiring the WebToken to a user center server while activating the App. The user center server side generates WebToken, the validity period is 24 points of the current day, the WebToken generation algorithm can also adopt UUID, furthermore, before the user center server side sends the WebToken, AES256 can be used for encrypting the WebToken, the secret key is SecretKey, then the encrypted WebToken is returned to the user center App, and the App uses the SecretKey to unlock the WebToken to obtain the WebToken. For example, after a user activates a knoop user center APP on a client, step 1 in fig. 4 is entered: and requesting the WebToken from the user center server, generating the WebToken by the user center server, returning the WebToken to the Nubian user center APP, and transmitting the WebToken parameter to the H5 page by the Nubian user center APP.
And C: engaging in user sign-in, engaging in activities, engaging in tasks, etc. using WebToken
When some pages of the user center APP are H5 pages, if the user wants to operate these pages, the WebToken generally needs to be sent to the user center server. For example, if the user enters a certain H5 page from the knoop user center APP in fig. 4, such as a check-in page, the check-in page sends WebToken to the user center server through the client (step 4 in fig. 4), and then the user center server feeds back information such as a check-in task and the like to the client through authentication (step 5 in fig. 4), and the WebToken is transmitted to the user center server as a parameter and used as identity authentication information of the user.
And (3) because the valid period of the WebToken is only one day, the current day is passed, the sign-in, the activity and the task are carried out on the next day, the user center App is reactivated when the user signs in the next day, and the operations of the steps B and C are repeated. In practice, in many APPs, points are accumulated for check-in, activity, and task, and the points can be exchanged for virtual, real, or financial. By adopting the scheme of the embodiment, the problem that an unconscious person utilizes an automatic script to join the APP in operation, which wastes operation cost, can be avoided.
By adopting the authentication method of the application program of the embodiment, the temporary user identity authentication information is only effective in the valid period of the current authentication information, so that the exposure risk and the grabbing risk of the temporary user identity authentication information are reduced, operations such as plug-in operation can be avoided, and the waste of operation cost is avoided.
Second embodiment:
as shown in fig. 5, the present embodiment provides a terminal, which includes a processor 51, a memory 52 and a communication bus 53;
the communication bus 53 is used for realizing connection communication between the processor 51 and the memory 52;
the processor 51 is configured to execute one or more programs stored in the memory 52 to implement the steps of the authentication method of the application program as set forth in the first embodiment.
The present embodiment also provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the steps of the authentication method for an application program as set forth in one embodiment.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (9)

1. An authentication method for an application program, comprising:
monitoring whether an operation of opening a webpage in an application program occurs when the application program is in a foreground running state;
if yes, acquiring temporary user identity authentication information within the validity period of the current authentication information of the application program; the temporary user identity authentication information is only valid within the validity period of the current authentication information; the duration of the validity period of the authentication information does not exceed a preset threshold;
the mode of generating the temporary user identity authentication information comprises that a server side automatically generates and issues the information to a terminal according to a certain rule, and the information is generated and sent to the server by the terminal;
when a preset condition is met, sending the temporary user identity authentication information to a server providing the webpage; when the preset condition is met, the sending the temporary user identity authentication information to the server providing the webpage comprises the following steps: when a user initiates an operation needing authentication through the operation on the webpage, and the authentication security level corresponding to the operation is judged to be first level, the temporary user identity authentication information is sent to a server providing the webpage; the authentication security level is related to the web page update speed.
2. The method for authenticating an application according to claim 1, further comprising, after transmitting the temporary user identity authentication information to a server providing the web page:
and receiving feedback information sent by the server after the server passes the verification of the temporary user identity authentication information.
3. The authentication method of an application program according to claim 1, wherein the duration of the validity period of the authentication information is a default duration built in the application program; or the duration of the validity period of the authentication information is set or changed by the provider of the application program.
4. The method for authenticating an application according to any one of claims 1 to 3, wherein the sending the temporary user identity authentication information to a server providing the web page when a preset condition is satisfied comprises:
and sending the temporary user identity authentication information to a server providing the webpage.
5. The method for authenticating an application according to any one of claims 1 to 3, further comprising, before the obtaining the temporary user identity authentication information within the validity period of the current authentication information of the application:
requesting temporary user identity authentication information from a user center server when the application program is converted from a background running state to a foreground running state for the first time within the validity period of the current authentication information of the application program; receiving temporary user identity authentication information sent by the user center server;
or receiving temporary user identity authentication information of the application program, which is sent by a user center server side when the application program starts to enter the current validity period of the authentication information.
6. The authentication method of the application program according to claim 5, wherein the temporary user identity authentication information sent by the user center server is encrypted according to an encryption key;
after receiving the temporary user identity authentication information sent by the user center server, the method further comprises:
acquiring a decryption key corresponding to the encryption key;
and decrypting the temporary user identity authentication information according to the decryption key.
7. The method for authenticating an application as claimed in claim 6, further comprising, before said obtaining the temporary user identity authentication information within the validity period of the current authentication information of the application:
and receiving a decryption key returned by the user center server after the login information sent by the user center server is authenticated.
8. A terminal, characterized in that the terminal comprises a processor, a memory and a communication bus;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more programs stored in the memory to implement the steps of the authentication method of an application program according to any one of claims 1 to 7.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores one or more programs which are executable by one or more processors to implement the steps of the authentication method of an application program according to any one of claims 1 to 7.
CN201810175285.0A 2018-03-02 2018-03-02 Authentication method of application program, terminal and computer readable storage medium Active CN108616499B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810175285.0A CN108616499B (en) 2018-03-02 2018-03-02 Authentication method of application program, terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810175285.0A CN108616499B (en) 2018-03-02 2018-03-02 Authentication method of application program, terminal and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN108616499A CN108616499A (en) 2018-10-02
CN108616499B true CN108616499B (en) 2021-01-26

Family

ID=63658406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810175285.0A Active CN108616499B (en) 2018-03-02 2018-03-02 Authentication method of application program, terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN108616499B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889342B (en) * 2018-12-15 2023-07-18 中国平安人寿保险股份有限公司 Interface test authentication method and device, electronic equipment and storage medium
CN109462604B (en) * 2018-12-17 2021-11-12 北京城市网邻信息技术有限公司 Data transmission method, device, equipment and storage medium
CN111193725B (en) * 2019-12-20 2022-04-05 北京淇瑀信息科技有限公司 Configuration-based combined login method and device and computer equipment
CN111581628B (en) * 2020-05-13 2023-04-28 广州市百果园信息技术有限公司 Token acquisition method, device, equipment and storage medium
CN113704714B (en) * 2020-05-20 2024-06-11 Oppo广东移动通信有限公司 Password verification method, device, terminal and storage medium
CN113032749A (en) * 2021-03-03 2021-06-25 北京读我网络技术有限公司 Synchronous authentication method and device
CN114257441B (en) * 2021-12-17 2023-12-15 北京字跳网络技术有限公司 Data processing method and device based on cloud document component

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088531A (en) * 2009-12-08 2011-06-08 夏普株式会社 Multifunction printer and multifunction printer control system
CN102647716A (en) * 2012-04-01 2012-08-22 华为技术有限公司 Wireless application method, device and system
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN105083214A (en) * 2014-04-28 2015-11-25 比亚迪股份有限公司 Authorization method, authorization system and authorization mobile terminal for vehicle and authorized mobile terminal
CN105119931A (en) * 2015-09-11 2015-12-02 深圳市亚略特生物识别科技有限公司 Application logging method and application logging system
CN107086979A (en) * 2016-02-15 2017-08-22 中国移动通信集团江苏有限公司 A kind of user terminal method for verifying login and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100524321C (en) * 2008-02-01 2009-08-05 中国建设银行股份有限公司 System and method for implementing page
KR100864280B1 (en) * 2008-04-03 2008-10-17 주식회사 스마트카드연구소 Mobile terminal including usim-card with function of chatting web-server, and chatting system and method using the same
CN101819587A (en) * 2010-03-31 2010-09-01 北京志腾新诺科技有限公司 Network information processing method and system
CN103067404B (en) * 2013-01-10 2018-09-28 上海斐讯数据通信技术有限公司 A kind of method that user accesses embedded web server
CN103796278A (en) * 2014-02-27 2014-05-14 成都悟空科技有限公司 Mobile terminal wireless network access control method
CN105451348B (en) * 2014-09-25 2020-11-06 中兴通讯股份有限公司 Network control method and device
CN106549907B (en) * 2015-09-17 2019-10-11 阿里巴巴集团控股有限公司 A kind of web app access method, device and system
CN105610822A (en) * 2015-12-28 2016-05-25 东软熙康健康科技有限公司 Credit verifying method and device
CN107276991B (en) * 2017-05-26 2020-06-23 北京天耀宏图科技有限公司 Method and device for loading Web page and computer readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088531A (en) * 2009-12-08 2011-06-08 夏普株式会社 Multifunction printer and multifunction printer control system
CN102647716A (en) * 2012-04-01 2012-08-22 华为技术有限公司 Wireless application method, device and system
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN105083214A (en) * 2014-04-28 2015-11-25 比亚迪股份有限公司 Authorization method, authorization system and authorization mobile terminal for vehicle and authorized mobile terminal
CN105119931A (en) * 2015-09-11 2015-12-02 深圳市亚略特生物识别科技有限公司 Application logging method and application logging system
CN107086979A (en) * 2016-02-15 2017-08-22 中国移动通信集团江苏有限公司 A kind of user terminal method for verifying login and device

Also Published As

Publication number Publication date
CN108616499A (en) 2018-10-02

Similar Documents

Publication Publication Date Title
CN108616499B (en) Authentication method of application program, terminal and computer readable storage medium
CN109257740B (en) Profile downloading method, mobile terminal and readable storage medium
US20210336780A1 (en) Key updating method, apparatus, and system
CN112733107B (en) Information verification method, related device, equipment and storage medium
CN107040543B (en) Single sign-on method, terminal and storage medium
CN109033801B (en) Method for verifying user identity by application program, mobile terminal and storage medium
WO2020164526A1 (en) Control method for nodes in distributed system and related device
CN107276991B (en) Method and device for loading Web page and computer readable storage medium
CN109618316B (en) Network sharing method, mobile terminal and storage medium
CN107395560B (en) Security verification and initiating and managing method, equipment, server and storage medium thereof
CN109600740B (en) File downloading method and device and computer readable storage medium
US10454905B2 (en) Method and apparatus for encrypting and decrypting picture, and device
CN108923931B (en) Electronic certificate processing method and device and computer readable storage medium
CN110677851B (en) Terminal network access method and network access equipment access method
CN107317680B (en) Method and system for marking safety account and computer readable storage medium
CN110213765A (en) APN information acquisition methods, terminal, server and storage medium
CN112533202A (en) Identity authentication method and device
CN108601062B (en) WiFi connection sharing method, terminal and computer storage medium
CN108012270B (en) Information processing method, equipment and computer readable storage medium
CN107302526B (en) System interface calling method, device and computer readable storage medium
CN113037741A (en) Authentication method and related device
CN113238868A (en) Task processing method, device, server, equipment, system and storage medium
CN108920917A (en) Log in end switching method, mobile terminal and computer readable storage medium
CN107204977B (en) Interface security verification method and device and computer readable storage medium
CN110445746B (en) Cookie obtaining method and device and storage equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant