CN109086595B - Service account switching method, system, device and server - Google Patents

Service account switching method, system, device and server Download PDF

Info

Publication number
CN109086595B
CN109086595B CN201810829517.XA CN201810829517A CN109086595B CN 109086595 B CN109086595 B CN 109086595B CN 201810829517 A CN201810829517 A CN 201810829517A CN 109086595 B CN109086595 B CN 109086595B
Authority
CN
China
Prior art keywords
account
client
service
server
service account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810829517.XA
Other languages
Chinese (zh)
Other versions
CN109086595A (en
Inventor
吴伟林
黄铁鸣
叶波
侯帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810829517.XA priority Critical patent/CN109086595B/en
Publication of CN109086595A publication Critical patent/CN109086595A/en
Application granted granted Critical
Publication of CN109086595B publication Critical patent/CN109086595B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers

Abstract

The invention provides a method, a system, a device and a server for switching service accounts, wherein the method comprises the steps that a first client sends a state switching request to the server, and the state switching request comprises a second service account; the server records the second service account, issues a state switching notification to the second client and starts a switch-back prevention mechanism; the second client side issues a service account query request to the server according to the identification account, and acquires a second service account fed back by the server; and the second client logs in the application program according to the identification account and the second service account. The invention can meet the requirement that the mobile terminal of the user switches the service account and the desktop terminal quickly follows the switching of the service account under the condition of not reducing the safety of the user account.

Description

Service account switching method, system, device and server
Technical Field
The present invention relates to the field of communications, and in particular, to a method, a system, an apparatus, and a server for switching a service account.
Background
Most of the existing application software only supports business account switching at a single client, but does not support the function of simultaneously logging in the same business account at two clients and automatically switching the business account in one client along with the business account of the other client.
Taking the instant messaging software enterprise WeChat as an example, the method supports the same business account number to be logged on two client sides of a mobile terminal and a desktop terminal at the same time, but each time the mobile terminal switches the business account number, the desktop terminal is forced to be offline, and a user needs to log on the client side again, which obviously brings inconvenience to the user.
Disclosure of Invention
The invention provides a method, a system, a device and a server for switching service accounts, which are specifically realized by the following technical scheme:
the first part, a business account number switching method, in the method, a first client sends a state switching request to a server, and the state switching request includes a second business account number; the first business account and the second business account both correspond to the identification account;
the server records the second service account and issues a state switching notification to a second client;
the second client sends a business account query request to the server according to the identification account, and acquires a second business account fed back by the server;
and the second client logs in the application program according to the identification account and the second service account.
In a second aspect, a method for switching service accounts includes:
acquiring a state switching request which is issued by a first client and used for switching a current first service account into a second service account, wherein the first service account and the second service account both correspond to an identification account;
recording the second service account, and issuing a state switching notification to a second client;
and acquiring a service account query request issued by the second client according to a pre-stored identification account, and feeding back the second service account to the second client so that the second client logs in an application program according to the identification account and the second service account.
The third part is a service account number switching system, which comprises a first client, a second client and a server;
the first client is used for authorizing a second client to log in an application program in advance according to the identification account and the first service account; the second client is used for saving the identification account and the first service account;
the first client is also used for issuing a state switching request, and the state switching request comprises a second service account; the first business account and the second business account both correspond to the identification account;
the server is also used for recording the second service account and issuing a state switching notification to the second client;
the second client is also used for issuing a business account query request to the server according to the identification account and acquiring a second business account fed back by the server; and logging in the application program according to the identification account and the second service account.
A fourth aspect is a device for switching service account numbers, where the device includes:
the switching request acquisition module is used for acquiring a state switching request which is issued by a first client and used for switching a current first service account into a second service account, wherein the first service account and the second service account both correspond to an identification account;
the second business account recording module is used for recording the second business account;
the notification issuing module is used for issuing a state switching notification to the second client;
and the switching module is used for acquiring a service account query request issued by the second client according to a pre-stored identification account, and feeding back the second service account to the second client so that the second client logs in an application program according to the identification account and the second service account.
And the fifth part is a server, wherein the server runs the service account switching device.
In a sixth aspect, a computer-readable storage medium is used for storing a program, where the program is used to implement a service account switching method as described above.
Seventh, a computer program product comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out one of the above-mentioned service account number switching methods.
In the eighth section, the first and second sections,
the method, the system, the device and the server for switching the business account number have the following beneficial effects that:
the invention provides a method for switching service accounts, which can meet the requirement that a mobile terminal of a user switches service accounts and a desktop terminal quickly follows the switching of the service accounts under the condition of not reducing the safety of the user accounts. After the mobile terminal is used for switching the service account, the desktop terminal is naturally switched to another service account without logging in again, so that the operation path is shorter under the condition of switching the use of multiple service accounts, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic illustration of an implementation environment provided by an embodiment of the invention;
FIG. 2 is a schematic diagram of a server cluster according to an embodiment of the present invention;
fig. 3 is a flowchart of a service account switching method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a service account user interface provided in an embodiment of the present invention;
fig. 5 is a schematic diagram of a first client logging in an application program by using an identification account and a first service account according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a second client logging in an application program by using an identification account and a first business account under authorization of a first client according to an embodiment of the present invention;
fig. 7 is a schematic interface diagram of switching a service account by a first client according to an embodiment of the present invention;
fig. 8 is a schematic interface diagram after a second client performs state switching correspondingly according to an embodiment of the present invention;
FIG. 9 is a flowchart of a method for a first client to authorize a second client to log in to an application according to an embodiment of the present invention;
fig. 10 is a flowchart of a first client issuing an authorization instruction to a second client to log in to an authentication server according to an embodiment of the present invention;
fig. 11 is a flowchart of a service account switching method according to an embodiment of the present invention;
fig. 12 is a block diagram of a service account switching apparatus according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 14 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, if a second client logs in a certain application program and requires the authorization of a first client as a precondition, the second client is generally not allowed to acquire and record an identification account. Taking an instant messaging software enterprise wechat as an example, when a user logs in an enterprise wechat or a mobile phone number at an enterprise wechat mobile terminal (a first client), firstly, an identification account is logged in, after the identification account is successfully logged in, a service account list is pulled through an identification account login state, and after the user selects a service account, an enterprise wechat desktop terminal (a second client) is authorized to log in the enterprise wechat through the service account. According to the technical scheme, the server only issues the service account to the enterprise WeChat desktop end, so that the enterprise WeChat desktop end is ensured to only log in the authority of the service account authorized by the enterprise WeChat mobile end and not to have the authority of actively switching the service account. However, in this technical scheme, after the enterprise wechat mobile terminal switches the service account, the server cancels all login states of the enterprise wechat mobile terminal user corresponding to the enterprise wechat desktop terminal, which may result in that the service account pre-stored by the enterprise wechat desktop terminal cannot be used, the enterprise wechat desktop terminal cannot perform subsequent communication with the server, and the service account cannot be switched along with the enterprise wechat mobile terminal.
In order to solve the problem that an application desktop terminal cannot switch a service account along with an application mobile terminal in the prior art, the embodiment of the invention provides a service account switching method.
Referring to fig. 1, a schematic diagram of an implementation environment provided by an embodiment of the invention is shown. The implementation environment includes: a first terminal 120, a server 140, and a second terminal 160.
The first terminal 120 has a first client running therein. The first terminal 120 may be a mobile terminal, a palm top computer, a Personal Digital Assistant (PDA), and the second terminal 160 has a second client operating therein. The second terminal 160 may be a desktop computer, a tablet computer, or a palm top computer. For example, the first client may be an instant messaging application handset client and the second client may be an instant messaging application desktop client. In practical applications, when a client running in a terminal device is used to implement the function of the first client side in the method example of the present invention, the terminal device serves as a first terminal; when the client operating in the terminal device is used to implement the function of the second client side in the method example of the present invention, the terminal device is used as the second terminal.
The server 140 may be a server, a server cluster composed of several servers, or a cloud computing service center.
The server 140 may establish communication connections with the first terminal 120 and the second terminal 160, respectively, through a communication network. The network may be a wireless network or a wired network.
In one example, as shown in fig. 2, when the server 140 is a cluster architecture, the server 140 may include: authentication server 142, ticket authorization server 144, and service server 146. There may be multiple service servers 146, with different service servers 146 providing different services. Such as mailbox services, chat services, gaming services, video services, payment services, life services, and the like.
The authentication server 142 is used for providing authentication services, and the authentication server 142 can access a user database, verify user information (validity of an account password), and issue an account authorization ticket corresponding to the user information one by one. The authentication server 142 may also communicate with the first client to obtain permission from the user holding the first client to provide authentication services to the second client.
The ticket granting server 144 is used to provide ticket granting services, and the ticket granting server 144 can issue service tickets related to specific services.
The service server 146 is configured to provide the service corresponding to the service ticket to the second terminal 160.
Wherein the authentication server 142 is communicatively coupled to both the first terminal 120 and the second terminal 160. The ticket authority server 144 and the service server are both communicatively connected to the second terminal 160.
An embodiment of the present invention provides a method for switching service accounts, where the method is applicable to an implementation environment shown in fig. 1, as shown in fig. 3, in the method, a first client authorizes a second client to log in an application program according to an identification account and a first service account in advance, so that the second client stores the identification account and the first service account, and the method further includes:
s101, a first client sends a state switching request to a server, wherein the state switching request comprises a second service account; and the first business account number and the second business account number correspond to the identification account number.
The identification account number corresponds to the user information one by one, and can be a user mobile phone number and a user enterprise micro signal by taking enterprise micro signals as an example. For example, the user a may have a plurality of social relationships, and each social relationship may correspond to one service account. As shown in fig. 4, the user a has three service accounts, which are a family, a company, and a football club of dear interest, respectively, and switches among the three service accounts, where the account before switching is a first service account, and the account after switching is a second service account.
S102, the server records the second service account, issues a state switching notification to a second client and starts a switch-back prevention mechanism; and the anti-switching-back mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
In the embodiment of the invention, the second client needs to rely on the authorization of the first client for logging in the application program, so that the first client can perform random switching of the application program state, and the second client can only keep state synchronization with the first client, namely, the second client switches the self state in response to the switching of the application program logging state by the first client. If the first client switches the login state corresponding to the first service account to the login state corresponding to the second service account, the second client should synchronously switch, and simultaneously needs to prevent the second client from switching the login state back to the login state corresponding to the first service account again, so that after the first client issues the state switching request, the server starts a switch-back prevention mechanism to prevent the second client from switching the state back to the login state corresponding to the first service account.
Specifically, after the first client issues a status request to the server, the server may perform a cut-back prevention record, where the cut-back prevention record is mainly used to mark the identification account and the first service account, so that when the second client requests to log in to the server or queries the status of the first client according to the first service account, the server returns a offline error code to prompt that the current second client is already in an offline state, thereby ensuring that the second client does not cross the control of the first client to switch the login status of the application program at will.
Taking the instant messaging software enterprise wechat as an example, the enterprise wechat desktop terminal needs to rely on the authorization of the enterprise wechat mobile terminal for logging in the enterprise wechat, and if the user of the enterprise wechat mobile terminal a logs in the enterprise wechat according to the first service account, the enterprise wechat desktop terminal can only log in the enterprise wechat according to the first service account correspondingly. If the user A switches the first service account to the second service account at the enterprise WeChat mobile terminal to log in the enterprise WeChat, correspondingly, the enterprise WeChat desktop terminal can only log in the enterprise WeChat according to the second service account synchronously, and can not switch the logging state back to the first service account. Namely, the switching of the login state of the enterprise wechat mobile terminal can synchronously affect the enterprise wechat desktop terminal, and the enterprise wechat desktop terminal cannot change the login state of the enterprise wechat mobile terminal.
And S103, the second client issues a service account query request to the server according to the identification account, and acquires a second service account fed back by the server.
And S104, the second client logs in the application program according to the identification account and the second service account.
As can be seen from the above, in order to solve the problem in the prior art that the second client cannot perform service account switching along with the first client, in the embodiment of the present invention, the identification account is transmitted to the second client, and the second client has a condition for continuing to communicate with the server after the first client switches the service account by saving the identification account, so that the second client also has a capability of performing service state switching along with the first client.
However, as described in the aforementioned prior art, in the prior art, the transmission of the identification account to the second client is avoided in order to ensure that the second client does not have the authority to actively switch the service account, and therefore, in order to avoid the second client performing the back-switch by using the identification account, in the embodiment of the present invention, the back-switch prevention mechanism is provided at one end of the server, so that the initiative authority of the first client to actively perform the service account switch is maintained, and the technical purpose that the second client performs the account switch automatically following the first client is achieved.
Referring to fig. 5, a schematic diagram of the first client logging in to the application program by using the identification account and the first business account is shown. In fig. 5, the identification account is an account corresponding to "picking", and the first service account corresponds to "test group". Accordingly, please refer to fig. 6, which shows a schematic diagram of the second client logging in the application program by using the identification account and the first business account under the authorization of the first client. Referring to fig. 7, a schematic interface diagram of the first client switching the service account is shown. In fig. 7, the identification account is an account corresponding to "picking", and the service account is switched from "test group" to "vacation". Please refer to fig. 8, which shows a schematic interface diagram after the second client performs state switching.
The embodiment of the invention provides a method for switching service accounts, which can meet the requirement that a mobile terminal of a user switches the service accounts and a desktop terminal quickly follows the switching of the service accounts under the condition of not reducing the safety of the user accounts. After the mobile terminal is used for switching the service account, the desktop terminal is naturally switched to another service account without logging in again, so that the operation path is shorter under the condition of switching the use of multiple service accounts, and the user experience is improved.
The embodiment of the invention can be applied to the following application scenarios. The method comprises the steps that an application program logs in a first client side and a second client side at the same time, the first client side can run on an iOS terminal or an Android terminal, and the second client side can run on a windows operating system or a Mac operating system. And the user of the first client switches the service account number, and the second client automatically switches the service account number according to the situation.
After the service account switching method disclosed by the embodiment of the invention is used, when the first client switches the service account, the second client can automatically follow the switching without quitting and logging in again. Further, in order to improve user experience, after the second client automatically follows the switching of the service account, the application program interface after the switching of the service account can be maintained at the original display position and is not jumped to the topmost layer for display. The design has the advantages that the process of switching the service account number has no excessively abrupt interface change, and the harassment to the user is reduced.
After the first client switches the service account, if the application program of the second client is in an open state, a prompt pops up to prompt a user that the service account of the application program is changed.
After the first client switches the service account, if the application program of the second client is in a closed state, responding to an application program opening instruction of the second client, and automatically changing the service account of the application program of the second client.
The embodiment of the invention can keep the synchronization of the service account of the second client and the first client no matter whether the second client logs in currently or not, thereby avoiding the need of operating the second client to switch the service account after the user switches the first client, shortening the operation path of the user and improving the user experience.
In order to improve account security of an application program and maintain data of a user not to be compromised, an embodiment of the present invention provides a method for a first client to authorize a second client to log in the application program, where as shown in fig. 9, the method includes:
s201, a first client issues an authorization instruction for logging in a second client to an authentication server so that the authentication server generates an account authorization bill and a first encryption key, wherein the account authorization bill is obtained by encrypting account authorization data through a first shared key, the account authorization data comprises the first encryption key and first encryption data, and the first encryption data comprises data obtained by encrypting an identification account corresponding to the first client by the first encryption key and data obtained by encrypting device information of the authorized client by the first encryption key.
The authorized client in this step is the second client.
S202, the authentication server issues an account authorization ticket to the second client.
And S203, the second client initiates a service bill acquisition request to a bill authorization server according to the account authorization bill.
The ticket authorization server and the authentication server share a first shared key.
The service ticket acquiring request can also be called as a service account number query request.
S204, the bill authorization server decrypts the account authorization bill according to the first shared key to obtain account authorization data; acquiring a first encryption key from the account authorization data, decrypting the first encryption key according to the first encryption key, and acquiring the equipment information of the authorized client; and judging whether the equipment information of the authorized client is the same as the equipment information of a second client initiating a service bill acquisition request to the authorized client, if so, issuing a service bill to the second client, wherein the service bill is obtained by encrypting service data through a second shared key, the service data comprises a second encryption key and second encryption data, and the second encryption data comprises data obtained by encrypting a service account by the first encryption key and data obtained by encrypting the equipment information of the authorized client by the second encryption key.
Specifically, in the login link, the service account is a first service account.
S205, the second client initiates a login request to the service server according to the service ticket.
S206, the service server decrypts the service ticket according to the second shared secret key to obtain service data; acquiring a second encryption key in the service data, decrypting the second encryption key according to the second encryption key, and acquiring the equipment information of the authorized client; and judging whether the equipment information of the authorized client is the same as the equipment information of a second client initiating the login request to the authorized client, if so, generating a session, and returning a login success notice and an encryption request header to the second client.
And the bill authorization server and the service server share a second shared secret key.
In particular, sessions (sessions) are referred to as "session control" in computers, especially in web applications. The Session object stores the attributes and configuration information needed for a particular user Session.
And S207, the second client displays that the business account is successfully logged in.
The encryption request body may also be referred to as hkey, and may be used as an encryption request header of the CGI, so as to ensure security of communication between the second client and the service server based on the CGI. CGI (common Gateway interface) is one of the most important technologies in the WWW technology, is an interface standard between an external application program (CGI program) and a WEB server, and is a process of transferring information between the CGI program and the WEB server.
Further, the embodiment of the present invention discloses a specific method for issuing, by a first client, an authorization instruction for logging in a second client to an authentication server, as shown in fig. 10, where the method includes:
and S2011, the second client issues an authentication identifier acquisition request to the authentication server, wherein the authentication identifier acquisition request comprises the equipment information of the second client.
Specifically, the authentication identifier requested to be obtained by the second client may be a two-dimensional code and a barcode.
And S2012, the authentication server generates an authentication identifier, records the corresponding relation between the authentication identifier and the second client device information, and transmits the authentication identifier to the second client.
S2013, the second client displays the authentication identification.
And S2014, the first client reports a code scanning action for the authentication identifier to the authentication server and issues an authorization instruction.
Specifically, the user of the first client may scan the authentication identifier, so as to drive the first client to report a code scanning action to the authentication server, and the user of the first client may issue an authorization instruction on an interface of the first client.
S2015, the authentication server generates an account authorization ticket and a first encryption key.
Further, after step S102, if the second client still issues a communication request to the server through the first service account, the server returns an error that the current service account is offline. Then, the second client will automatically execute step S103.
In order to improve account security, the identification account is packaged in an account authorization ticket, and the second business account is packaged in a business ticket, so the execution logic of steps S103-S104 is the same as that of steps S203-S207.
An embodiment of the present invention further provides a method for switching a service account, where the method uses a server as an execution main body, and as shown in fig. 11, the method includes:
s301, a state switching request which is issued by a first client and used for switching a current first service account into a second service account is obtained, wherein the first service account and the second service account both correspond to an identification account.
S302, the server records the second service account, issues a state switching notification to the second client and starts a switch-back prevention mechanism; and the anti-switching-back mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
And S303, acquiring a service account query request issued by the second client according to a pre-stored identification account, and feeding back the second service account to the second client, so that the second client logs in the application program according to the identification account and the second service account.
The embodiment of the invention also provides a service account switching system, which comprises a first client, a second client and a server;
the first client is used for authorizing a second client to log in an application program in advance according to the identification account and the first service account; the second client is used for saving the identification account and the first service account;
the first client is also used for issuing a state switching request, and the state switching request comprises a second service account; the first business account and the second business account both correspond to the identification account;
the server is also used for recording the second service account, issuing a state switching notification to the second client and starting a switch-back prevention mechanism; the anti-rollback mechanism is used for preventing a second client from logging in the application program according to the identification account and the first business account;
the second client is also used for issuing a business account query request to the server according to the identification account and acquiring a second business account fed back by the server; and logging in the application program according to the identification account and the second service account.
An embodiment of the present invention further provides a device for switching service account numbers, where as shown in fig. 12, the device includes:
a switching request obtaining module 401, configured to obtain a state switching request issued by a first client to switch a current first service account to a second service account, where the first service account and the second service account both correspond to an identification account;
a second service account recording module 402, configured to record the second service account;
a notification issuing module 403, configured to issue a state switching notification to the second client;
an anti-switchback module 404 for initiating an anti-switchback mechanism; the anti-rollback mechanism is used for preventing a second client from logging in the application program according to the identification account and the first business account;
a switching module 405, configured to obtain a service account query request issued by the second client according to a pre-stored identification account, and feed back the second service account to the second client, so that the second client logs in the application program according to the identification account and the second service account.
It should be noted that, when the apparatus and the system provided in the foregoing embodiments implement the functions thereof, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed and completed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
The embodiment of the invention also provides a storage medium, which can be used for storing program codes required for realizing the business account switching method in the embodiment.
Optionally, in this embodiment, the storage medium may be located in at least one network device of a plurality of network devices of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Referring to fig. 13, a schematic structural diagram of a terminal according to an embodiment of the present invention is shown. The terminal is configured to implement the function of the first client or the second client in the service account switching method provided in the foregoing embodiment.
The terminal may include RF (Radio Frequency) circuitry 110, memory 120 including one or more computer-readable storage media, input unit 130, display unit 140, sensor 150, audio circuitry 160, WiFi (wireless fidelity) module 170, processor 180 including one or more processing cores, and power supply 190. Those skilled in the art will appreciate that the terminal structure shown in fig. 13 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, receives downlink information from a base station and then sends the received downlink information to the one or more processors 180 for processing; in addition, data relating to uplink is transmitted to the base station. In general, the RF circuitry 110 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, the RF circuitry 110 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (short messaging Service), etc.
The memory 120 may be used to store software programs and modules, and the processor 180 executes various functional applications and data processing by operating the software programs and modules stored in the memory 120. The memory 120 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 120 may further include a memory controller to provide the processor 180 and the input unit 130 with access to the memory 120.
The input unit 130 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 130 may include a touch-sensitive surface 131 as well as other input devices 132. The touch-sensitive surface 131, also referred to as a touch display screen or a touch pad, may collect touch operations by a user on or near the touch-sensitive surface 131 (e.g., operations by a user on or near the touch-sensitive surface 131 using a finger, a stylus, or any other suitable object or attachment), and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface 131 may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 180, and can receive and execute commands sent by the processor 180. Additionally, the touch-sensitive surface 131 may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch-sensitive surface 131, the input unit 130 may also include other input devices 132. In particular, other input devices 132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 140 may be used to display information input by or provided to a user and various graphic user interfaces of the terminal, which may be configured by graphics, text, icons, video, and any combination thereof. The Display unit 140 may include a Display panel 141, and optionally, the Display panel 141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch-sensitive surface 131 may cover the display panel 141, and when a touch operation is detected on or near the touch-sensitive surface 131, the touch operation is transmitted to the processor 180 to determine the type of the touch event, and then the processor 180 provides a corresponding visual output on the display panel 141 according to the type of the touch event. Although in FIG. 13, touch-sensitive surface 131 and display panel 141 are shown as two separate components to implement input and output functions, in some embodiments, touch-sensitive surface 131 may be integrated with display panel 141 to implement input and output functions.
The terminal may also include at least one sensor 150, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 141 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 141 and/or a backlight when the terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when the terminal is stationary, and can be used for applications of recognizing terminal gestures (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal, detailed description is omitted here.
Audio circuitry 160, speaker 161, microphone 162 may provide an audio interface between a user and the terminal. The audio circuit 160 may transmit the electrical signal converted from the received audio data to the speaker 161, and convert the electrical signal into a sound signal for output by the speaker 161; on the other hand, the microphone 162 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 160, and then outputs the audio data to the processor 180 for processing, and then to the RF circuit 110 to be transmitted to, for example, another terminal, or outputs the audio data to the memory 120 for further processing. The audio circuit 160 may also include an earbud jack to provide communication of peripheral headphones with the terminal.
WiFi belongs to a short-distance wireless transmission technology, and the terminal can help a user to send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 170, and provides wireless broadband internet access for the user. Although fig. 13 shows the WiFi module 170, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 180 is a control center of the terminal, connects various parts of the entire terminal using various interfaces and lines, performs various functions of the terminal and processes data by operating or executing software programs and/or modules stored in the memory 120 and calling data stored in the memory 120, thereby performing overall monitoring of the terminal. Optionally, processor 180 may include one or more processing cores; preferably, the processor 180 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 180.
The terminal also includes a power supply 190 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 180 via a power management system to manage charging, discharging, and power consumption management functions via the power management system. The power supply 190 may also include any component including one or more of a dc or ac power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
Although not shown, the terminal may further include a camera, a bluetooth module, and the like, which are not described herein again. Specifically, in this embodiment, the display unit of the terminal is a touch screen display, the terminal further includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors, where the one or more programs include instructions for executing functions of the first client or the second client in the service account switching method.
Referring to fig. 14, a schematic structural diagram of a server according to an embodiment of the present invention is shown. The server is configured to implement the service account switching method provided in the foregoing embodiment. Specifically, the method comprises the following steps:
the server 1200 includes a Central Processing Unit (CPU)1201, a system memory 1204 including a Random Access Memory (RAM)1202 and a Read Only Memory (ROM)1203, and a system bus 1205 connecting the system memory 1204 and the central processing unit 1201. The server 1200 also includes a basic input/output system (I/O system) 1206 to facilitate transfer of information between devices within the computer, and a mass storage device 1207 for storing an operating system 1213, application programs 1214, and other program modules 1215.
The basic input/output system 1206 includes a display 1208 for displaying information and an input device 1209, such as a mouse, keyboard, etc., for a user to input information. Wherein the display 1208 and input device 1209 are connected to the central processing unit 1201 through an input-output controller 1210 coupled to the system bus 1205. The basic input/output system 1206 may also include an input/output controller 1210 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 1210 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 1207 is connected to the central processing unit 1201 through a mass storage controller (not shown) connected to the system bus 1205. The mass storage device 1207 and its associated computer-readable media provide non-volatile storage for the server 1200. That is, the mass storage device 1207 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.
Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 1204 and mass storage device 1207 described above may be collectively referred to as memory.
The server 1200 may also operate as a remote computer connected to a network via a network, such as the internet, in accordance with various embodiments of the present invention. That is, the server 1200 may be connected to the network 1212 through a network interface unit 1211 coupled to the system bus 1205, or the network interface unit 1211 may be used to connect to other types of networks or remote computer systems (not shown).
The memory also includes one or more programs stored in the memory and configured to be executed by one or more processors. The one or more programs include instructions for performing the method of the server.
Some embodiments may include a computer program product comprising instructions that, when executed on at least one processor, cause the at least one processor to carry out a business account number switching method.
It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (12)

1. A method for switching service accounts is characterized in that a first client authorizes a second client to log in an application program in advance according to an identification account and a first service account, so that the second client saves the identification account and the first service account, and the method further comprises the following steps:
the method comprises the steps that a first client side switches a service account of the first client side into a second service account, and issues a state switching request to a server, wherein the state switching request comprises the second service account; the first business account and the second business account both correspond to the identification account;
the server records the second service account and issues a state switching notification to a second client;
the second client sends a business account query request to the server according to the identification account, and acquires a second business account fed back by the server;
the second client logs in the application program according to the identification account and the second service account;
and the server starts a switch-back prevention mechanism, wherein the switch-back prevention mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
2. The method of claim 1, wherein the initiating an anti-rollback mechanism comprises:
and carrying out a cut-back prevention record, wherein the cut-back prevention record is used for marking the identification account and the first business account so that the server returns a offline error code when the second client requests to log in or inquires the state of the first client according to the first business account.
3. The method according to claim 1, further comprising the first client authorizing the second client to log in to the application, specifically comprising:
the method comprises the steps that a first client side issues an authorization instruction for logging in a second client side to an authentication server, so that the authentication server generates an account authorization bill and a first encryption key, the account authorization bill is obtained by encrypting account authorization data through a first shared key, the account authorization data comprises the first encryption key and first encryption data, and the first encryption data comprises data obtained by encrypting an identification account corresponding to the first client side through the first encryption key and data obtained by encrypting equipment information of the authorized client side through the first encryption key;
the authentication server issues an account authorization bill to the second client;
the second client initiates a service bill acquisition request to a bill authorization server according to the account authorization bill;
the bill authorization server decrypts the account authorization bill according to the first shared key to obtain account authorization data; acquiring a first encryption key from the account authorization data, decrypting the first encryption key according to the first encryption key, and acquiring the equipment information of the authorized client; judging whether the equipment information of the authorized client is the same as the equipment information of a second client initiating a service bill acquisition request to the authorized client, if so, issuing a service bill to the second client, wherein the service bill is obtained by encrypting service data through a second shared key, the service data comprises a second encryption key and second encryption data, and the second encryption data comprises data obtained by encrypting a first service account by the second encryption key and data obtained by encrypting the equipment information of the authorized client by the second encryption key;
the second client initiates a login request to the service server according to the service bill;
the service server decrypts the service ticket according to the second shared secret key to obtain service data; acquiring a second encryption key in the service data, decrypting the second encryption key according to the second encryption key, and acquiring the equipment information of the authorized client; judging whether the equipment information of the authorized client is the same as the equipment information of a second client initiating a login request to the authorized client, if so, generating a session, and returning a login success notice and an encryption request header to the second client;
and the second client displays that the first service account is successfully logged in.
4. The method of claim 3, wherein:
the ticket authorization server and the authentication server share a first shared key;
and the bill authorization server and the service server share a second shared secret key.
5. The method of claim 3, wherein the first client issuing an authorization instruction to the authentication server to log in to the second client comprises:
the second client-side issues an authentication identification obtaining request to the authentication server, wherein the authentication identification obtaining request comprises equipment information of the second client-side;
the authentication server generates an authentication identifier, records the corresponding relation between the authentication identifier and the second client equipment information, and transmits the authentication identifier to the second client;
the second client displays the authentication identification;
the first client reports a code scanning action for the authentication identifier to the authentication server and issues an authorization instruction;
the authentication server generates an account authorization ticket and a first encryption key.
6. The method of claim 5, wherein:
the authentication identification is a two-dimensional code and a bar code.
7. A method for switching service account numbers is characterized by comprising the following steps:
acquiring a state switching request which is issued by a first client and used for switching a current first service account into a second service account, wherein the first service account and the second service account both correspond to an identification account; the first client is used for switching the business account of the first client into a second business account;
recording the second service account, and issuing a state switching notification to a second client;
acquiring a service account query request issued by the second client according to a pre-stored identification account, and feeding back the second service account to the second client so that the second client logs in an application program according to the identification account and the second service account;
starting an anti-back-switching mechanism; and the anti-switching-back mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
8. A business account switching system is characterized by comprising a first client, a second client and a server;
the first client is used for authorizing a second client to log in an application program in advance according to the identification account and the first service account; the second client is used for saving the identification account and the first service account;
the first client is also used for switching the service account of the first client into a second service account and issuing a state switching request, wherein the state switching request comprises the second service account; the first business account and the second business account both correspond to the identification account;
the server is also used for recording the second service account and issuing a state switching notification to the second client;
the second client is also used for issuing a business account query request to the server according to the identification account and acquiring a second business account fed back by the server; logging in the application program according to the identification account and the second service account;
the server is further used for starting a switch-back prevention mechanism, and the switch-back prevention mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
9. A business account switching device, comprising:
the switching request acquisition module is used for acquiring a state switching request which is issued by a first client and used for switching a current first service account into a second service account, wherein the first service account and the second service account both correspond to an identification account; the first client is used for switching the business account of the first client into a second business account;
the second business account recording module is used for recording the second business account;
the notification issuing module is used for issuing a state switching notification to the second client;
the switching module is used for acquiring a service account query request issued by the second client according to a pre-stored identification account, and feeding back the second service account to the second client so that the second client logs in an application program according to the identification account and the second service account;
the back-cut prevention module is used for starting a back-cut prevention mechanism; and the anti-switching-back mechanism is used for preventing a second client from logging in the application program according to the identification account and the first service account.
10. A server, characterized in that a service account switching device as claimed in claim 9 is operated in the server.
11. A computer-readable storage medium for storing a program, wherein the program is configured to implement a service account switching method according to any one of claims 1 to 7.
12. An electronic device, comprising: a processor and a memory, wherein the processor is used for calling and executing the program stored in the memory, and the memory is used for storing the program, and the program is used for implementing the service account number switching method according to any one of claims 1 to 7.
CN201810829517.XA 2018-07-25 2018-07-25 Service account switching method, system, device and server Active CN109086595B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810829517.XA CN109086595B (en) 2018-07-25 2018-07-25 Service account switching method, system, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810829517.XA CN109086595B (en) 2018-07-25 2018-07-25 Service account switching method, system, device and server

Publications (2)

Publication Number Publication Date
CN109086595A CN109086595A (en) 2018-12-25
CN109086595B true CN109086595B (en) 2020-04-28

Family

ID=64838659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810829517.XA Active CN109086595B (en) 2018-07-25 2018-07-25 Service account switching method, system, device and server

Country Status (1)

Country Link
CN (1) CN109086595B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743329B (en) * 2019-01-22 2021-12-14 腾讯科技(深圳)有限公司 Account processing method and device
CN110290232A (en) * 2019-06-25 2019-09-27 江苏梦嘉控股集团有限公司 A kind of public platform management method and system
CN111259278B (en) * 2020-01-15 2023-07-18 宝宝巴士股份有限公司 Automatic code scanning method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2579220A1 (en) * 2010-05-26 2013-04-10 ZTE Corporation Entrance guard control method and system thereof
CN107817932A (en) * 2017-10-19 2018-03-20 福建中金在线信息科技有限公司 Account switching method, device and user terminal
CN108200572A (en) * 2018-01-09 2018-06-22 西安万像电子科技有限公司 Switching method, the apparatus and system of terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8160494B2 (en) * 2007-01-17 2012-04-17 Research In Motion Limited Methods and apparatus for use in switching user account data and operations between two different mobile communication devices
CN102685167B (en) * 2011-03-17 2016-03-09 深圳市同洲国际视讯有限公司 A kind of multiple terminals business switch method and system
CN107797721B (en) * 2016-09-07 2020-10-09 腾讯科技(深圳)有限公司 Interface information display method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2579220A1 (en) * 2010-05-26 2013-04-10 ZTE Corporation Entrance guard control method and system thereof
CN107817932A (en) * 2017-10-19 2018-03-20 福建中金在线信息科技有限公司 Account switching method, device and user terminal
CN108200572A (en) * 2018-01-09 2018-06-22 西安万像电子科技有限公司 Switching method, the apparatus and system of terminal

Also Published As

Publication number Publication date
CN109086595A (en) 2018-12-25

Similar Documents

Publication Publication Date Title
US11057376B2 (en) Method, apparatus, and system for controlling intelligent device, and storage medium
US11088836B2 (en) Key updating method, apparatus, and system
US11488234B2 (en) Method, apparatus, and system for processing order information
CN111193695B (en) Encryption method and device for third party account login and storage medium
EP3605989A1 (en) Information sending method, information receiving method, apparatus, and system
US10304461B2 (en) Remote electronic service requesting and processing method, server, and terminal
EP3200487B1 (en) Message processing method and apparatus
CN111066284B (en) Service certificate management method, terminal and server
WO2019042274A1 (en) Resource transfer method and apparatus, and storage medium
US20150319173A1 (en) Co-verification method, two dimensional code generation method, and device and system therefor
CN108881103B (en) Network access method and device
CN111478849B (en) Service access method, device and storage medium
WO2020164526A1 (en) Control method for nodes in distributed system and related device
CN104954126B (en) Sensitive operation verification method, device and system
US10993090B2 (en) Network access method, apparatus, and system
CN104683301B (en) Password storage method and device
US10454905B2 (en) Method and apparatus for encrypting and decrypting picture, and device
WO2016078504A1 (en) Identity authentication method and device
CN109086595B (en) Service account switching method, system, device and server
CN109428871B (en) Defense strategy determination method and device
CN107148011B (en) Method, device and system for executing target service
CN107995150B (en) Identity verification method and device
CN108122151B (en) Graphic code display method, graphic code processing method, device and system
US9633227B2 (en) Method, apparatus, and system of detecting unauthorized data modification
CN113923005A (en) Method and system for writing data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant