CN109474838A - A kind of data processing method, equipment, system and storage medium - Google Patents
A kind of data processing method, equipment, system and storage medium Download PDFInfo
- Publication number
- CN109474838A CN109474838A CN201811295146.8A CN201811295146A CN109474838A CN 109474838 A CN109474838 A CN 109474838A CN 201811295146 A CN201811295146 A CN 201811295146A CN 109474838 A CN109474838 A CN 109474838A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- application server
- value pair
- user account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
Abstract
The embodiment of the present invention discloses a kind of data processing method, equipment, system and storage medium, wherein method includes: that first terminal obtains the corresponding user account information of target application, and obtains the corresponding device identifier of user account information;Device identifier is unique identification information that application server is first terminal distribution;First terminal constructs corresponding first key-value pair of user account information using user account information as key name, and using device identifier as the corresponding key assignments of the key name, and the logging request for carrying the first key-value pair is sent to application server;Application server receives logging request, and authenticates to the first key-value pair carried in logging request, and login response information is generated when authenticating successfully, and login response information is returned to first terminal.First terminal receives login response information, and the target application according to login response information registration.Using the present invention, authentication dynamics can be further increased while promoting identification.
Description
Technical field
The present invention relates to Internet technical fields more particularly to a kind of data processing method, equipment, system and storage to be situated between
Matter.
Background technique
With the development of network video, people can watch net by the Video Applications in smart television or TV box
Network video file, and the broadcasting of most of video file in these network video files requires certain play right, i.e.,
Need the member as the Video Applications that could completely watch the video content in these video files.
However, for the Video Applications for operating in TV or TV box subclass, usually according to the MAC of equipment itself
(Media Access Control, medium access control) address come distinguish log in the Video Applications in equipment.Due to current
There are some mountain vallage boxes generated for save the cost in the market, between these mountain vallage boxes with can sharing same MAC
Location, these boxes with same MAC Address belong to distinct device, therefore, in existing authentication scheme, the Video Applications pair
It the video backstage answered, can be by these with same MAC when being authenticated using the user account information and MAC Address that receive
The distinct device of address is judged as same equipment, and is the open permission for logging in the Video Applications of these distinct devices.In consideration of it,
In existing technical solution, the distinct device with same MAC Address can not be distinguished, and then cause not being somebody's turn to do to logging in
The quantity of the equipment of Video Applications carries out effectively permission and controls.
Summary of the invention
The embodiment of the present invention provides a kind of data processing method, equipment, system and storage medium, can promote identification
While, further increase authentication dynamics.
On the one hand the embodiment of the present invention provides a kind of data processing method, which comprises
First terminal obtains the corresponding user account information of target application, and obtains that the user account information is corresponding to be set
Standby identifier;The device identifier is unique identification information that application server is the first terminal distribution;
The first terminal is using the user account information as key name, and using the device identifier as the key name
Corresponding key assignments constructs corresponding first key-value pair of the user account information, and the login that will carry first key-value pair
Request is sent to the application server;
The application server receives the logging request, and to first key-value pair carried in the logging request
It is authenticated, and generates login response information when authenticating successfully, and the login response information is returned to described first eventually
End;
The first terminal receives the login response information, and the target according to the login response information registration is answered
With.
On the one hand the embodiment of the present invention provides a kind of data processing method, the method is applied to first terminal, comprising:
The first terminal obtains the corresponding user account information of target application, and it is corresponding to obtain the user account information
Device identifier;The device identifier is unique identification information that application server is the first terminal distribution;
The first terminal is using the user account information as key name, and using the device identifier as the key name
Corresponding key assignments constructs corresponding first key-value pair of the user account information, and the login that will carry first key-value pair
Request is sent to the application server, so that the application server receives the logging request, and to the logging request
First key-value pair of middle carrying is authenticated, and login response information is generated when authenticating successfully;The login response letter
Breath is used to indicate corresponding first key-value pair of the user account information and has logon rights;
The first terminal receives the login response information, and the target according to the login response information registration is answered
With.
On the one hand the embodiment of the present invention provides a kind of data processing method, the method is applied to application server, packet
It includes:
The application server receives the logging request that first terminal is sent;Described first is carried in the logging request eventually
Hold corresponding first key-value pair;First key-value pair is by the first terminal by using user account information as key name,
And using device identifier as constructed by the corresponding key assignments of the key name;The device identifier is that the application server is
Unique identification information of the first terminal distribution;
The application server authenticates first key-value pair carried in the logging request;
The application server generates login response information when authenticating successfully, and the login response information is returned to
The first terminal, so that the first terminal corresponding mesh of user account information according to the login response information registration
Mark application.
On the one hand the embodiment of the present invention provides a kind of user terminal, the user terminal includes:
Account obtains module, for obtaining the corresponding user account information of target application;
Identifier obtains module, for obtaining the corresponding device identifier of the user account information;The device identification
Symbol is unique identification information that application server is the terminal distribution;
Request sending module is used for using the user account information as key name, and using the device identifier as institute
The corresponding key assignments of key name is stated, constructs corresponding first key-value pair of the user account information, and first key-value pair will be carried
Logging request be sent to the application server so that the application server receives the logging request, and stepped on to described
First key-value pair carried in record request is authenticated, and login response information is generated when authenticating successfully;The login
Response message is used to indicate corresponding first key-value pair of the user account information and has logon rights;
Receiving module is responded, for receiving the login response information, and according to the login response information registration
Target application.
On the one hand the embodiment of the present invention provides a kind of application server, the application server includes:
Request receiving module, for receiving the logging request of first terminal transmission;Described is carried in the logging request
Corresponding first key-value pair of one terminal;First key-value pair is to be passed through by the first terminal using user account information as key
Name, and using device identifier as constructed by the corresponding key assignments of the key name;The device identifier is the application service
Device is unique identification information of first terminal distribution;
Authentication module, for being authenticated to first key-value pair carried in the logging request;
Generation module is responded, generates login response information when authenticating successfully for the application server, and will be described
Login response information returns to the first terminal, so that the first terminal is used according to the login response information registration
The corresponding target application of family account information.
On the one hand the embodiment of the present invention provides a kind of data processing system, the system comprises: user terminal and application
Server, wherein the user terminal and the application server mentioned in the user terminal such as one side of the embodiment of the present invention
Such as the application server mentioned in one side of the embodiment of the present invention.
On the one hand the embodiment of the present invention provides a kind of user terminal, comprising: processor, memory and network interface;
The processor is connected with memory, network interface, wherein network interface is described for connecting application server
Memory is for storing program code, and the processor is for calling said program code, to execute following operation:
The corresponding user account information of target application is obtained, and obtains the corresponding device identification of the user account information
Symbol;The device identifier is unique identification information that the application server is the first terminal distribution;
Using the user account information as key name, and using the device identifier as the corresponding key assignments of the key name,
Corresponding first key-value pair of the user account information is constructed, and the logging request for carrying first key-value pair is sent to institute
Application server is stated, so that the application server receives the logging request, and to described in carrying in the logging request
First key-value pair is authenticated, and login response information is generated when authenticating successfully;The login response information is used to indicate institute
It states corresponding first key-value pair of user account information and has logon rights;
Receive the login response information, and the target application according to the login response information registration.
On the one hand the embodiment of the present invention provides a kind of application server, comprising: processor, memory and network connect
Mouthful;
The processor is connected with memory, network interface, wherein network interface is described to deposit for connecting first terminal
Reservoir is for storing program code, and the processor is for calling said program code, to execute following operation:
Receive the logging request that the first terminal is sent;The first terminal corresponding is carried in the logging request
One key-value pair;First key-value pair is by the first terminal by using user account information as key name, and by equipment mark
Symbol is known as constructed by the corresponding key assignments of the key name;The device identifier is that the application server is described first whole
Hold unique identification information of distribution;
First key-value pair carried in the logging request is authenticated;
Login response information is generated when authenticating successfully, and the login response information is returned into the first terminal,
So that the first terminal corresponding target application of user account information according to the login response information registration.
On the one hand the embodiment of the present invention provides a kind of computer storage medium, the computer storage medium is stored with meter
Calculation machine program, the computer program include program instruction, execute such as this hair when the processor executes described program instruction
Method in bright embodiment one side.
On the one hand the embodiment of the present invention provides a kind of computer storage medium, the computer storage medium is stored with meter
Calculation machine program, the computer program include program instruction, execute such as this hair when the processor executes described program instruction
Method in bright embodiment one side.
In embodiments of the present invention, the corresponding user account information of the available target application of first terminal, and obtain institute
State the corresponding device identifier of user account information;The device identifier is that application server is what the first terminal distributed
Unique identification information;The first terminal using the user account information as key name, and using the device identifier as
The corresponding key assignments of the key name, constructs corresponding first key-value pair of the user account information, and will carry first key assignments
Pair logging request be sent to the application server;The application server receives the logging request, and to the login
First key-value pair carried in request is authenticated, and login response information is generated when authenticating successfully, and step on described
Record response message returns to the first terminal;The first terminal receives the login response information, and according to the login
Response message logs in the target application.It can be seen that the application server can be the first terminal point of access target application
With unique identification information (i.e. device identifier), and have can not tamper and not reproducible for the device identifier of the distribution
Property.Therefore, which can be correctly found associated by user account information by the device identifier distributed
Key value mapping table, so as to by counting the corresponding association key-value pair of the same user account information of this in the key value mapping table
Quantity, and the quantity for having accessed the second terminal of the target application is known indirectly, and can be based on the quantity of the second terminal
Effectively the logon rights of the first terminal of the target application to be accessed are controlled, so as to promote the same of identification
When, further increase authentication dynamics.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of structural schematic diagram of network architecture provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram for sending logging request provided in an embodiment of the present invention;
Fig. 3 is a kind of process timing diagram of data processing method provided in an embodiment of the present invention;
Fig. 4 is the process timing diagram of another middle data processing method provided in an embodiment of the present invention;
Fig. 5 is the signal that data interaction is carried out between a kind of first terminal and application server provided in an embodiment of the present invention
Figure;
Fig. 6 is a kind of flow diagram of data processing method provided in an embodiment of the present invention;
Fig. 7 is the flow diagram of another data processing method provided in an embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of user terminal provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of another user terminal provided in an embodiment of the present invention;
Figure 10 is a kind of structural schematic diagram of application server provided in an embodiment of the present invention;
Figure 11 is the structural schematic diagram of another application server provided in an embodiment of the present invention;
Figure 12 is a kind of structural schematic diagram of data processing system provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It referring to Figure 1, is a kind of structural schematic diagram of network architecture provided in an embodiment of the present invention.As shown in Figure 1, described
The network architecture may include application server 2000 and user terminal cluster;The user terminal cluster may include multiple use
Family terminal, as shown in Figure 1, can specifically include user terminal 3000a, user terminal 3000b ..., user terminal 3000n.
Further, it is to be appreciated that the network architecture can also include application server 2000 shown in FIG. 1 and one
User terminal, the user terminal can be any one user terminal in multiple user terminals shown in FIG. 1 (for example, user
Terminal 3000a).The application server 2000 can be some corresponding backstage of application (i.e. target application) in the user terminal
Server can will be used to log in this when user logs in the target application using the user terminal (i.e. user terminal 3000a)
The user terminal of target application is referred to as first terminal, which can carry out network company with the application server 2000
It connects, in order to subsequent in the target application accessed in the user terminal, data interaction can be carried out.
As shown in Figure 1, the user terminal 3000a, user terminal 3000b ..., user terminal 3000n can respectively with
The application server 2000 is connected to the network, and the multiple user terminal can be answered by the way that certain network service platform is corresponding
The interaction between user data is realized with server 2000.Wherein, the network service platform can be to be mounted on any user
Video network platform corresponding to Video Applications in terminal, it should be understood that the Video Applications in any one user terminal can
Think one or more, for ease of understanding, the embodiment of the present invention is by taking the Video Applications are an application as an example, to describe to install
Between the user terminal and the application server of the application (application can be referred to as target application) carry out data interaction
Detailed process.It should be appreciated that the target application can also be the other application in addition to Video Applications, for example, voice applications,
Social application and payment application etc. will not carry out concrete restriction to the application for being mounted on the user terminal here.
For ease of understanding, a user terminal is selected in multiple user terminals that the embodiment of the present invention can be shown in Fig. 1
As target terminal user, for example, can be using user terminal 3000a shown in FIG. 1 as the target terminal user.Wherein,
The target terminal user may include: that smart phone, tablet computer, desktop computer, smart television etc. have audio-video and broadcast
The intelligent terminal of playing function.
It should be appreciated that for each user terminal of the target application to be accessed, the corresponding backstage of the target application
Server can be application server 2000 shown in FIG. 1, and therefore, which can be further to be accessed
The logging request that each user terminal is initiated is authenticated, to verify the logon rights of each user terminal to be accessed.For
More fully understand this programme, the embodiment of the present invention is with the target terminal user for above-mentioned multiple user terminals shown in FIG. 1
In a user terminal for, in order to further describe between the target terminal user and the application server 2000
The detailed process of data interaction.
For example, the target terminal user in the embodiment of the present invention can be user terminal 3000a as shown in Figure 1, the use
Family terminal 3000a can also be received before sending the logging request and be held the user of user terminal 3000a and answer target
It is instructed with performed touch control operation, and then can be instructed according to the touch control operation and show the corresponding register of the target application
Interface, and the corresponding user account information of the target application is received in the register interface.For ease of understanding, of the invention
The user terminal 3000a (i.e. target terminal user) for receiving the user account information can be referred to as first eventually by embodiment
End, it can the target terminal user of the target application to be accessed is referred to as first terminal, therefore, which can be
After getting above-mentioned user account information, the corresponding device identifier of the user account information is further obtained;The equipment
Identifier is unique identification information that above-mentioned application server shown in FIG. 1 2000 is the first terminal distribution.
Further, Fig. 2 is referred to, is a kind of schematic diagram for sending logging request provided in an embodiment of the present invention.Such as Fig. 2
Shown, B1~B9, for characterizing the icon for the Video Applications being mounted in above-mentioned first terminal, i.e. icon B1~icon B9 is peace
Multiple Video Applications in first terminal shown in Fig. 2, each Video Applications can correspond to different background servers.Such as
Shown in Fig. 2, when detecting that touch control operation of the user for any Video Applications in display interface 100a instruct (for example, needle
Clicking operation is executed to the corresponding display area icon B9 in display interface 100a) when, it can be referred to according to the touch control operation
It enables and the corresponding Video Applications of icon B9 is referred to as target application, and can be further in the corresponding register of the target application
In interface, the corresponding user account information of the target application is received, wherein the user account information can be user's registration
The registration information filled in when the member of the target application is (for example, the registration information can be the user that user's name is AAAA
Information).Further, it is corresponding can to obtain in the local database the user account information for first terminal shown in Fig. 2
Device identifier, the device identifier can be that the first terminal distributes only by application server 2000 shown in Fig. 2
One identification information (for example, unique identification information can be aaaaaa).Then, which can further will be upper
User account information is stated as key name, and using the device identifier as the corresponding key assignments of the key name, constructs the user
First key-value pair can be<AAAA by corresponding first key-value pair of account information, aaaaaa>, and first key assignments will be carried
Pair logging request be sent to application server 2000 shown in Fig. 2 so that the application server 2000 is further to the reception
To the first key-value pair authenticated, it can back-end data shown in Fig. 2 take a fancy to inquire the user account information associated by
Key value mapping table, and in the key value mapping table count with first key-value pair have same user account information associated key
The quantity of value pair, and when the quantity of the association key-value pair is less than threshold total number, determination authenticates successfully, and to shown in Fig. 2
First terminal returns to login response information.
For ease of understanding, the user terminal of above-mentioned target application to be accessed can be referred to as first eventually by the embodiment of the present invention
End can also will have other user terminals for having accessed the target application of same user account information to claim with the first terminal
Be second terminal, the second terminal can in embodiment corresponding to above-mentioned Fig. 1 different from its of the first terminal
His user terminal.Wherein, which can access above-mentioned target application with the first key-value pair constructed by itself, so as to
So that the corresponding application server 2000 of the target application further authenticates the first key-value pair got, and then can be with
Verify whether the first terminal has the permission for logging in the target application in background data base.For being believed with same user account
Breath has accessed for the second terminal of the target application, which can be in background data base by any second
The corresponding key-value pair of terminal is referred to as to be associated with key-value pair, which can be understood as currently passing through the user account information
Log in the user terminal of the target application.It should be appreciated that can store in the background data base and the user account information phase
Associated key value mapping table, and can permit a certain number of key-value pairs of storage in the association key assignments table.Therefore, when user's account
The quantity of association key-value pair in key value mapping table associated by number information reaches threshold total number (for example, the threshold total number can be with
It is 5) when, do not allow first terminal to access the target application with first key-value pair;Conversely, being associated with when in the key value mapping table
When the quantity of key-value pair is less than above-mentioned threshold total number, the first terminal is allowed to access the target application with first key-value pair.It can
See, by distributing different device identifiers for each user terminal for accessing the target application, effectively access can be somebody's turn to do
The user terminal of target application is identified, to be distinguished, and then can be whole to the user for accessing the target application
The quantity at end is limited, to improve the authentication dynamics to the equipment for accessing the target application.Wherein, any second terminal
The process that data interaction is carried out between the application server 2000, can be together referring to provided in an embodiment of the present invention first
The detailed process of data interaction, no longer carries out here between terminal (i.e. user terminal 3000a) and the application server 2000
It repeats.
It is understood that for the other users terminal in above-mentioned user terminal cluster shown in FIG. 1, when other
When any user terminal of user terminal accurately accesses target application, any user terminal of other users terminal can also be claimed
Be first terminal, and data interaction is carried out between any user terminal of other users terminal and the application server 2000
Detailed process may refer to carry out between user terminal 3000a and the application server 2000 provided by the embodiment of the present invention
The detailed process of data interaction will not continue to repeat here.
Wherein, the first terminal obtains the device identifier, and sends logging request to the application server, with
The detailed process for authenticating the application server to the first key-value pair in the logging request, may refer to following Fig. 3
To embodiment corresponding to Fig. 7.
It further, is a kind of process timing of data processing method provided in an embodiment of the present invention please also refer to Fig. 3
Figure.As shown in figure 3, the embodiment of the present invention the method may include following steps S101- step S104.
Step S101, first terminal obtain the corresponding user account information of target application, and obtain the user account letter
Cease corresponding device identifier;The device identifier is unique mark letter that application server is the first terminal distribution
Breath;
Specifically, first terminal is when receiving user and corresponding to the operational order of logging zone to target application, Ke Yigen
The user account information of user's typing is received in the login display area according to the operational order;Further, first end
End can search whether that there are the corresponding device identifiers of the user account information in the local database, and find the use
When the corresponding device identifier of family account information, step S102 is further executed.Optionally, if the first terminal is not found
The corresponding device identifier of the user account information, then it is corresponding can be based further on the user account information for the first terminal
The second key-value pair, trigger the application server be the first terminal distribute above equipment identifier.
The user account information used registration information when can be for the member of the user's registration target application,
In, the registration information can for the phone number of user, user's name ..., the user informations such as subscriber mailbox;
Wherein, which is unique identification information that the first terminal distributes by application server.
It should be appreciated that the first terminal is receiving unique mark that the application server is first terminal distribution
After knowing information (i.e. above equipment identifier), further the device identifier can be stored in above-mentioned local data base,
So as to can quickly and conveniently search in the local database when receiving the user account information of user's typing
To the device identifier, and then the timeliness that the first terminal accesses the target application can be improved.
It should be appreciated that the application server in the embodiment of the present invention can be each user terminal of the access target application
Corresponding device identifier is distributed, which can be used for knowing each user terminal for accessing the target application
Not.In consideration of it, any user terminal of above-mentioned target application to be accessed can be referred to as first terminal by the embodiment of the present invention, with
Further execute step S102.Optionally, when thering are multiple first terminals to need to access the mesh in the same time (for example, T1 moment)
When the mark corresponding video network platform of application, each first terminal in the multiple first terminal, which can receive, mutually to be applied
The user account information of family typing, and the corresponding device identification of relative users account information can be searched in each first terminal
Symbol, it is assumed that application server has been that each first terminal for accessing the target application at the TI moment is assigned with unique mark letter
Breath, therefore, each first terminal in the multiple first terminal can further execute following step S102.
For ease of understanding, the embodiment of the present invention to be for being carved with 3 first terminals in T1 and need to access the target application,
This 3 first terminals can be the user terminal 3000a in embodiment corresponding to above-mentioned Fig. 1, user terminal 3000b and user
Terminal 3000c.Further, table 1 is referred to, is a kind of user account information provided in an embodiment of the present invention and device identifier
Between the first mapping table.
Table 1
As shown in Table 1 above, at the T1 moment, there are three target applications shown in different first terminal tables 1 to be accessed.Its
In, user account information received by user terminal 3000a is AAAA shown in above-mentioned table 1, but in user terminal 3000a
Local terminal in find the corresponding device identifier of the user account information, which is shown in above-mentioned table 1
Unique identification information: aaaaaa.At the same time, user account information received by user terminal 3000b is above-mentioned 1 institute of table
The BBBB shown but finds the corresponding device identifier of the user account information in the local terminal of user terminal 3000b,
The device identifier is unique identification information shown in above-mentioned table 1: bbbbbbb.At the same time, user terminal 3000c is connect
The user account information received is CCCC shown in above-mentioned table 1, but finds this in the local terminal of user terminal 3000c
The corresponding device identifier of user account information, the device identifier are unique identification information shown in above-mentioned table 1:
cccccc.What it is due to these three different first terminal accesses is same Video Applications, thus, it can be understood that user terminal
3000a, user terminal 3000b and the corresponding same application server of user terminal 3000b, and the application server is these three
Different first terminals is correspondingly assigned with device identifier as shown in Table 1 above.
Step S102, the first terminal make the device identifier using the user account information as key name
For the corresponding key assignments of the key name, corresponding first key-value pair of the user account information is constructed, and first key will be carried
The logging request of value pair is sent to the application server;
It should be appreciated that each first terminal can correspond to one for three first terminals shown in the above-mentioned table 1
First key-value pair.For example, the user terminal 3000a can be by above-mentioned table when the first terminal is user terminal 3000a
AAAA shown in 1 is as key name, and using aaaaaa shown in above-mentioned table 1 as key assignments, and according to the format (example of title key-value pair
Such as,<key name, key assignments>) construct corresponding first key-value pair of the user account information, i.e., user terminal shown in above-mentioned table 1
First key-value pair constructed by 3000a is<AAAA, aaaaaa>, and the logging request for carrying first key-value pair is sent to institute
State application server.Can similarly obtain, when it is described to state first terminal be user terminal 3000b when, the user terminal 3000b can be with
Using BBBB shown in above-mentioned table 1 as key name, and using bbbbbb shown in above-mentioned table 1 as key assignments, and according to title key-value pair
Format (for example,<key name, key assignments>) construct corresponding first key-value pair of the user account information, i.e., used shown in above-mentioned table 1
First key-value pair constructed by the terminal 3000b of family be<BBBB, bbbbbb>, and will carry first key-value pair logging request hair
It send to the application server.Can similarly obtain, when it is described state first terminal be user terminal 3000c when, the user terminal
3000c can be using CCCC shown in above-mentioned table 1 as key name, and using cccccc shown in above-mentioned table 1 as key assignments, and according to name
The format (for example,<key name, key assignments>) of key-value pair is claimed to construct corresponding first key-value pair of the user account information, i.e., above-mentioned table 1
Shown in the first key-value pair constructed by user terminal 3000c be<CCCC, cccccc>, and stepping on for first key-value pair will be carried
Record request is sent to the application server.It is somebody's turn to do in consideration of it, the application server can be respectively received to access at the T1 moment
Logging request transmitted by each first terminal of target application, further to execute step S103.
Step S103, the application server receive the logging request, and to described in carrying in the logging request
First key-value pair is authenticated, and login response information is generated when authenticating successfully, and the login response information is returned to
The first terminal;
Specifically, the application server, can be further when receiving the logging request that above-mentioned first terminal is sent
First key-value pair entrained in the logging request is obtained, and obtains the letter of the user account in first key-value pair
Breath;Further, the application server can be inquired and the associated key assignments of the user account information in background data base
Mapping table, and counted in the key value mapping table and be associated with key assignments with same user account information with first key-value pair
Pair quantity;It is different from the corresponding associated key of second terminal of the first terminal in the key value mapping table comprising at least one
Value pair;If the application server determines that the quantity of the association key-value pair is less than threshold total number, it is determined that authenticate successfully, and will
First key-value pair is added to the key value mapping table, and at the same time, the application server can also be when authenticating successfully
The corresponding login response information of the logging request is generated, and the login response information is returned into the first terminal;
Wherein, the login response information is used to indicate corresponding first key-value pair of the user account information and has login
Permission.
For example, the application server can receive the user so that the first terminal is user terminal 3000a as an example
Logging request transmitted by terminal 3000a, and the first key-value pair entrained in the available logging request (i.e. < AAAA,
aaaaaa>).And the user account information can be obtained in first key-value pair, then looked into the background data base
Looking for user account information is the associated key value mapping table of AAAA, in the key value mapping table comprising at least one be different from this first
The corresponding key-value pair of the second terminal of terminal, and the key assignments of the second terminal different from first terminal in the key value mapping table
To can be referred to as association key-value pair;I.e. the association key-value pair and first key-value pair have same user account information.Mirror
In this, the application server can count the association key-value pair with same user account information in the key value mapping table
Quantity in the key value mapping table there are two association key assignments clock synchronizations (for example, can count on same user account information
Association key-value pair quantity be 3), and then can the quantity of the association key-value pair counted on be less than threshold total number (example
Such as, threshold total number is 5) when, determination authenticates successfully, and can be further using first key-value pair as new association key assignments
To being added to the key value mapping table, and the corresponding login response information of the logging request is generated, and by the login response
Information returns to the user terminal 3000a, to allow the first terminal to access the target application.
It should be appreciated that the application server can be rear after user terminal 3000a has accessed the target application
In platform database, the user terminal 3000a of the target application will have further been accessed as new second terminal, and in the key assignments
The corresponding new association key-value pair of the new second terminal is recorded in mapping table, so as in the key value mapping table to above-mentioned
Quantity (3) carries out plus a processing, i.e., ought have new first terminal (for example, user terminal 3000e) to prepare to access the target application
When, the quantity that can count on the association key-value pair with same user account information again is 4.
Optionally, when again have new first terminal (such as.User terminal 3000f) prepare to access the target application, and institute
Stating application server and counting on the quantity of the association key-value pair with same user account information again is 5, is had arrived at above-mentioned
When threshold total number, it is determined that failed authentication, and the corresponding login prompt information of the logging request is generated (for example, being currently accessed
User terminal have reached the upper limit).The login prompt information is used in failed authentication, prompts the user terminal 3000f
Do not have the permission for having access to the target application currently.
Step S104, the first terminal receive the login response information, and according to the login response information registration
The target application.
It can be seen that the application server passes through to access the unique mark letter of the first terminal of target application distribution
Breath can be improved when multiple user terminals are respectively as first terminal to the identifications of different user terminals, and then can be
The associated key value mapping table of relative users account information is found in background data base.In addition, whole according to the multiple user
The corresponding user account information of any user terminal and device identifier in end can also be based on searching in the background data base
To the key value mapping table in the corresponding association key-value pair of any second terminal, statistics accesses the user terminal of the target application
Quantity, and then the logon rights of the first terminal of the target application to be accessed can be efficiently controlled, so as to improve equipment
Authentication dynamics.The i.e. described application server can be based on the quantity for being associated with key assignments in the key assignments relation table, to having accessed the mesh
The quantity for marking the second terminal of application is counted, so as to stepping on for the first terminal effectively to the target application to be accessed
Record permission is controlled.
In embodiments of the present invention, the corresponding user account information of the available target application of first terminal, and obtain institute
State the corresponding device identifier of user account information;The device identifier is that application server is what the first terminal distributed
Unique identification information;The first terminal using the user account information as key name, and using the device identifier as
The corresponding key assignments of the key name, constructs corresponding first key-value pair of the user account information, and will carry first key assignments
Pair logging request be sent to the application server;The application server receives the logging request, and to the login
First key-value pair carried in request is authenticated, and login response information is generated when authenticating successfully, and step on described
Record response message returns to the first terminal;The first terminal receives the login response information, and according to the login
Response message logs in the target application.It can be seen that the application server can be the first terminal point of access target application
With unique identification information (i.e. device identifier), and have can not tamper and not reproducible for the device identifier of the distribution
Property.Therefore, which can be correctly found associated by user account information by the device identifier distributed
Key value mapping table, so as to by counting the corresponding association key-value pair of the same user account information of this in the key value mapping table
Quantity, and the quantity for having accessed the second terminal of the target application is known indirectly, and can be based on the quantity of the second terminal
Effectively the logon rights of the first terminal of the target application to be accessed are controlled, so as to promote the same of identification
When, further increase authentication dynamics.
Before obtaining the corresponding device identifier of the user account information with first terminal, application server needs are
The first terminal distributes unique identification information, and the as first terminal distributes the device identifier;Then the first terminal can
To construct the first key-value pair according to the user account information received and the device identifier found, and taken to the application
Business device sends the logging request for carrying first key-value pair, so that the application server return logging request is corresponding
Login response information.
Further, please also refer to Fig. 4, when being the process of another middle data processing method provided in an embodiment of the present invention
Sequence figure.As shown in figure 4, the realization process of the embodiment of the present invention may comprise steps of S201- step S210.
Step S201, first terminal obtain the corresponding user account information of target application.
This programme in order to better understand, the embodiment of the present invention are one with the user terminal of target application to be accessed and are
Example, to describe the detailed process of the data interaction between user terminal application server corresponding with the target application.Wherein,
The user terminal of the target application to be accessed can be referred to as first terminal by the embodiment of the present invention.Further, figure is referred to
5, it is the schematic diagram that data interaction is carried out between a kind of first terminal and application server provided in an embodiment of the present invention.Such as Fig. 5
Shown in first terminal can be the user terminal 3000a in embodiment corresponding to above-mentioned Fig. 1, and application service shown in fig. 5
Device can be the application server 2000 in embodiment corresponding to above-mentioned Fig. 1.As shown in figure 5, the first terminal can receive use
The user account information of family input, the user account information can be AAAA, and then, which can further execute step
Rapid S202.
Step S202, the first terminal search the corresponding device identification of the user account information in the local database
Symbol.
Specifically, the first terminal, can be into one after receiving the user account information in above-mentioned steps S201
Step searches the corresponding device identifier of the user account information in the local database.It should be appreciated that working as the first terminal pair
There are when device identifier in the local data base answered, which can further execute step S207, to get
State the corresponding device identifier of user account information.Optionally, it is not present when in the corresponding local data base of the first terminal
When device identifier, step S203 can be further executed.
Wherein, the corresponding local data base of the first terminal can be the local data base in embodiment corresponding to Fig. 5.
Device identifier in the local data base is unique mark letter that application server shown in fig. 5 is first terminal distribution
Breath.
Step S203 will when the first terminal does not find the corresponding device identifier of the user account information
The user account information constructs the user account information as key name, and using null value as the corresponding key assignments of the key name
Corresponding second key-value pair, and second key-value pair is uploaded to application serve.
Specifically, when device identifier corresponding there is no the user account information in the local data base, institute
Stating first terminal can be using the user account information as key name, and null value (i.e. NULL) is used as the corresponding key of the key name
Value, constructs corresponding second key of the user account information with the format of title key-value pair in the embodiment according to corresponding to above-mentioned Fig. 3
Value pair, i.e., described second key-value pair can be expressed as<user account information, and NULL>;Further, the first terminal can be with
The mark distribution request for carrying second key-value pair is sent to the corresponding application server of the target application, so that the application clothes
Business device further executes step S204 according to the mark distribution request.Optionally, the first terminal can also directly by this second
Key-value pair is sent to the application server, further executes step S204 to trigger the application server.
Step S204, the application server receive second key-value pair, and the key assignments based on second key-value pair
Obtain the corresponding private key of the first terminal.
Specifically, the application server can receive the mark distribution request that above-mentioned first terminal is sent, and obtaining should
The second key-value pair carried in mark distribution request;Optionally, the application server can also directly receive above-mentioned first eventually
Hold the second key-value pair sent;Further, the key assignments of available second key-value pair of the application server, and in determination
When the key assignments of second key-value pair is null value, the first data sequence for being generated by random generator is obtained, and by described first
Data sequence is determined as the corresponding private key of the first terminal.
Wherein, the random generator the first data sequence generated can be the random number of 32 bytes, described
The random number with 32 bytes that application server can generate this at random is determined as the corresponding private of first terminal shown in fig. 5
Key a, it should be understood that byte (byte) is equivalent to two positions (bit), that is, has 1byte=2bit.Assuming that passing through the random life
Obtained private key of growing up to be a useful person is first data sequence indicated with 16 systems, and the length of first data sequence is 64
(i.e. 32 bytes).Therefore, the corresponding private key of the first terminal can indicate are as follows:
0x28FD4A7B6A307F426A94F8114701E7C8E774E7E9A47E2C2035DB23A206321726。
The private key is converted to public key by step S205, the application server, and calculates the public key corresponding first
Cryptographic Hash, and according to first cryptographic Hash and the corresponding version information of the target application, calculate the public key corresponding
Two cryptographic Hash, and object identifier byte is determined from second cryptographic Hash.
Specifically, the application server can be based further on elliptic curve encryption algorithm, and the private key is converted to
Public key, and corresponding first cryptographic Hash of the public key is calculated based on the first hash algorithm;Further, the application server can
To obtain the corresponding version information of the target application, and according to the version information and first cryptographic Hash, obtain described
Corresponding second data sequence of first terminal;Further, the application server is also based on the second hash algorithm to institute
It states the second data sequence and carries out Hash operation twice, and the second data sequence after Hash operation twice is determined as the public key
Corresponding second cryptographic Hash;Finally, the application server can be obtained further from the data sequence of second cryptographic Hash
Target data sequence is taken, and the target data sequence that will acquire is determined as object identifier byte.
Wherein, obtained second cryptographic Hash of the application server is identical as the length of the data sequence of the private key,
That is second cryptographic Hash and above-mentioned the private key data sequence that is 32 bytes.
Wherein, above-mentioned private key can be converted to public key, this is ellipse by above-mentioned elliptic curve encryption algorithm by the application server
The core of circle Encryption Algorithm be public key can be calculated by the private key, but when known public key can not retrospectively calculate obtain
The corresponding private key of the public key.Wherein, the elliptic curve encryption algorithm can also be referred to as rivest, shamir, adelman
Therefore, it when private key is the data sequence of 32 bytes, after carrying out operation by above-mentioned elliptic curve encryption algorithm, obtains
To public key be data sequence that length is a 130bit, which can be indicated with 16 systems are as follows:
0x0460863AD64A87AE8D2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B2352
2CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BB7。
Wherein, first hash algorithm may include Secure Hash Algorithm and cryptographic hashing algorithm;The secure Hash
Algorithm can be 256 serial algorithms in SHA (Secure Hash Algorithm, secure hash algorithm), it can by the peace
Full hash algorithm is known as SHA256 algorithm, which is secure hash algorithm SHA (Secure Hash Algorithm)
One of serial algorithm, length of summarization 256bits, i.e. 32 bytes, therefore claim SHA256.
It should be appreciated that SHA serial algorithm is U.S.National Security Agency (NSA) design, American National Standard and technical research
A series of Cryptographic Hash Functions of institute (NIST) publication, may include SHA-1, SHA-224, SHA-256, SHA-384 and SHA-
512 equal variants.Wherein, SHA256 algorithm be primarily adapted for use in digital signature standard (DigitalSignature Standard,
DSS) the Digital Signature Algorithm (Digital Signature Algorithm DSA) that the inside defines.Wherein, using the algorithm meter
The principle for calculating eap-message digest can be with are as follows: for the message of random length (calculating by bit), (message can be the embodiment of the present invention
In the public key with 130 bit lengths), SHA256 can generate the data of 32 byte length, referred to as eap-message digest (
To obtain the first object value in the embodiment of the present invention).Therefore, the application server can be right by the SHA256 algorithm
Public key with 130 data lengths carries out first time Hash operation, obtains the corresponding first object value of the public key, this first
The data length of target word is 64, as 32 bytes.
Wherein, which has the property that 1. cannot restore information from eap-message digest;2. two differences
Message will not generate same eap-message digest.Therefore, also ensure that the application server can be true by the SHA256 algorithm
The uniqueness of the public key is protected, because the application server when obtaining the first object value, will be unable to reversely release the public key.Cause
This, when the user terminal that the T2 moment accesses the target application is two different first terminals (for example, the user in above-mentioned table 1
Terminal 3000a and user terminal 3000b) when, and equipment is not present in the corresponding local data base of the two first terminals
When identifier, which can distribute a random number for user terminal 3000a, and distribute for user terminal 3000b
One random number, and then available two different public keys, so as to generate two different first object values.
160 serial algorithms in RIPEMD (RACE raw integrity verification message abstract) algorithm can be referred to as
RIPEMD-160 algorithm.Then, the user terminal 3000a can also pass through above-mentioned cryptographic hashing algorithm (i.e. RIPEMD-160
Algorithm, the RIPEMD-160 algorithm belong to another algorithm for calculating eap-message digest) second is carried out to the first object value of acquisition
Secondary Hash operation so as to obtain corresponding second target value of above-mentioned first object value, and second target value is determined
For corresponding first cryptographic Hash of the public key.
Wherein, first cryptographic Hash can be indicated with 16 systems are as follows:
0x010866776006953D5567439E5E39F86A0D273BEE。
Wherein, second hash algorithm can be above-mentioned Secure Hash Algorithm (i.e. SHA256 algorithm).In consideration of it, described
The detailed process that application server obtains second cryptographic Hash can be with are as follows: the application server is calculated by above-mentioned SHA256
Method carries out third time Hash operation to second data sequence, obtains the corresponding third target value of second data sequence;
Wherein, second data sequence is the application server according to the corresponding version information (example of the target application
Such as, the version number of the target application in the first terminal is " 0x00 ") and above-mentioned first cryptographic Hash (i.e. above-mentioned second target value)
Obtained second data sequence after being integrated.Second data sequence can indicate are as follows:
0x00010866776006953D5567439E5E39F86A0D273BEE。
Further, the application server can carry out the to the third target value by above-mentioned SHA256 algorithm
Four Hash operations, obtain corresponding 4th target value of the third target value, and the 4th target value are determined as described
Corresponding second cryptographic Hash of public key.It should be appreciated that since SHA256 algorithm can be by the message of random length (calculating by bit)
(message can be the second data sequence in the embodiment of the present invention), SHA256 can generate the number of 32 byte length
According to therefore, the data length of third target value and the 4th target value in the embodiment of the present invention is 64, as 32 bytes.
In consideration of it, the application server can determine that second cryptographic Hash and above-mentioned private key have the data of equal length.
Wherein, the second cryptographic Hash with 32 byte lengths can be indicated with 16 systems are as follows:
0xE61967F63C7DD183914A4AE452C9F6AD5F462CE3D277798075B107615C1A8A3E。
Then, preceding 4 byte E61967F6 in the second cryptographic Hash can further be determined as by the application server
Object identifier byte.
Step S206, the application server are based on the object identifier byte, first cryptographic Hash and the version
Information generates the corresponding device identifier of the first terminal, and the device identifier is back to the first terminal.
Specifically, the application server can be by above-mentioned version information, above-mentioned first cryptographic Hash and above-mentioned target school
It tests byte to be integrated, obtains the corresponding target address information of the first terminal;Further, which can lead to
Target coding mode (for example, bit coin coding mode) is crossed, the target address information is encoded, and by the mesh after coding
Mark address information is determined as the corresponding device identifier of the first terminal, and the device identifier is back to described first eventually
End;The device identifier is unique identification information that the application server is the first terminal distribution.
Wherein, it is based on above-mentioned steps S205, the application server target check byte obtained can be with are as follows:
E61967F6;The application server the first cryptographic Hash obtained can be with are as follows: 0x010866776006953D5567439E5E39
F86A0D273BEE, application server version information obtained can be with are as follows: 0x 00.It therefore can be according to: version information+
First cryptographic Hash+object identifier byte sequence carries out above-mentioned version information, the first cryptographic Hash and object identifier byte whole
Close, with obtain the corresponding target address information of the first terminal (for example, the target address information can be indicated with 16 systems are as follows:
0x00010866776006953D5567439E5E39F86A0D273BEEE61967F6), then, which can lead to
Above-mentioned bit coin coding mode is crossed, which is encoded, and the target address information after coding is determined as
The corresponding device identifier of the first terminal;The device identifier is that the application server is the first terminal distribution
Unique identification information;
Wherein, application server is that unique identification information of first terminal distribution can indicate are as follows: 16UwLL9R
isc3QfPqBUvKofHmBQ7wMtjvM.Further, the device identifier which can finally determine this returns
It is back to the first terminal, so that the first terminal stores the device identifier in the local database.Therefore, this
One terminal can find unique identification information, i.e. 16UwLL9Risc3QfPqBUv in the local data base of the terminal
KofHmBQ7wMtjvM。
To facilitate the understanding of the present invention, the equipment mark that the embodiment of the present invention can will be stored in the first terminal
Know symbol (16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM) and be abbreviated as aaaaaa, the equipment can be based in order to subsequent
The specific implementation procedure of step S207- step S210 is set forth in identifier.
It can be seen that the application server can detect key assignments in the key-value pair received on backstage, and can
To generate the random of 32 bytes using random generator when detecting the key assignments in the key-value pair received as null value
Number (the first data sequence), and the random number is determined as the corresponding private key of first terminal, then (i.e. by elliptic curve encryption algorithm
Rivest, shamir, adelman) and multiple Hash operation, it can one user account information be corresponding sets for first terminal distribution
Standby identifier, it should be understood that the device identifier is unique identification information that the application server is first terminal distribution.
Step S207 obtains the corresponding device identifier of the user account information.
Wherein, the device identifier is unique identification information that application server is the first terminal distribution.
Step S208, the first terminal make the device identifier using the user account information as key name
For the corresponding key assignments of the key name, corresponding first key-value pair of the user account information is constructed, and first key will be carried
The logging request of value pair is sent to the application server.
Wherein, the specific executive mode of step S208 may refer in embodiment corresponding to above-mentioned Fig. 3 to step S102's
Description, will not continue to repeat here.
Step S209, the application server receive the logging request, and to described in carrying in the logging request
First key-value pair is authenticated, and login response information is generated when authenticating successfully, and the login response information is returned to
The first terminal.
Specifically, the application server can obtain institute when receiving the logging request that above-mentioned first terminal is sent
First key-value pair entrained in logging request is stated, and obtains the user account information in first key-value pair;Into one
Step ground, the application server can inquire in background data base and the associated key value mapping table of the user account information,
One user account information can be associated with a key value mapping table, so as to the statistics and described first in the key value mapping table
Key-value pair has the quantity of the association key-value pair of same user account information;It is different comprising at least one in the key value mapping table
In the corresponding association key-value pair of the second terminal of the first terminal;Further, if the application server determines the pass
The quantity for joining key-value pair is less than threshold total number, it is determined that authenticates successfully, and first key-value pair is added to the key assignments and is reflected
Firing table;At the same time, which can also generate the corresponding login response letter of the logging request when authenticating successfully
Breath, and the login response information is returned into the first terminal;The login response information is used to indicate user's account
Number corresponding first key-value pair of information has logon rights.
It should be appreciated that the application server passes through to access each first terminal of the target application and distribute corresponding equipment
Identifier can be improved and efficiently differentiate to the terminal for accessing the target application, so as to be based on the device identifier
Find key value mapping table associated by relative users account information.In addition, it should also be understood that in above-mentioned rear number of units shown in fig. 5
According in library, there may be key value mapping tables associated by multiple mutually different user account informations, for example, the background data base
In may include above-mentioned key value mapping table 10a shown in fig. 5, key value mapping table table 10b ..., key value mapping table 10n.It should manage
Solution, for multiple user terminals (i.e. multiple first terminals) of the target application to be accessed, if each first terminal is connect
It is different between the user account information received, then relative users account information institute can be found in above-mentioned background data base
Associated key value mapping table.For ease of understanding, the embodiment of the present invention by the first terminal be user terminal 3000a for, and
User account information received by user terminal 3000a is AAAA, and can be in the local data of user terminal 3000a
The corresponding device identifier of the user account information (i.e. above-mentioned aaaaaa) is found in library.In consideration of it, being based on above-mentioned steps
S208, the user account information in the first key-value pair accessed by the application server can be AAAA, and can be into one
Step obtains the associated key value mapping table of the user account information based on embodiment corresponding to above-mentioned Fig. 5 in background data base.Example
Such as, key value mapping table 10a shown in fig. 5 can corresponding user account be believed to access the user terminal 3000a of the target application
Associated key value mapping table is ceased, the association key-value pair in key value mapping table 10a can be in display interface 200a shown in Fig. 5
Association key-value pair.
Further, table 2 is referred to, to be associated with key assignments in a kind of key value mapping table 10a provided by the embodiment of the present invention
Pair distribution situation table.Wherein, user account information received by the first terminal are as follows: AAAA, therefore, the application clothes
Device be engaged in when receiving the first key-value pair, the user account information in available first key-value pair is AAAA.
Table 2
As shown in Table 2 above, which can find the user account information institute in the background data base
Associated key value mapping table 10a, and the user account information of any association key assignments centering in key value mapping table 10a is also:
AAAA, i.e. user account information in these association key-value pairs and above-mentioned first key-value pair are same user account information, therefore,
Any user terminal for having accessed the target application can be referred to as second terminal by the embodiment of the present invention, and by the second terminal
Corresponding key-value pair is referred to as to be associated with key-value pair.Therefore, the application server can be by being associated with the key assignments of key assignments centering (i.e.
Device identifier with uniqueness) efficiently differentiate out the second terminal for accessing the target application.Wherein, such as above-mentioned 2 institute of table
Show, second terminal can be user terminal 3000x, and association key-value pair corresponding to the second terminal can be key-value pair 1, the key
Value can be<AAAA to 1, xxxxxx>, wherein the device identifier in key-value pair 1 can be expressed as xxxxxx, i.e. the equipment
Identifier is by unique identification information that the application server is that user terminal 3000x is distributed.Similarly, second terminal is also
It can be user terminal 3000y, association key-value pair corresponding to the second terminal can be key-value pair 2, which can be
<AAAA, yyyyyy>, wherein the device identifier in key-value pair 2 can be expressed as yyyyyy, i.e., the device identifier is described
Unique identification information that application server is distributed for user terminal 3000y.Similarly, second terminal can also be whole for user
3000z is held, association key-value pair corresponding to the second terminal can be key-value pair 3, which can be < AAAA, zzzzzz
>, wherein the device identifier in key-value pair 3 can be expressed as zzzzzz, i.e., the device identifier is that the application server is
Unique identification information that user terminal 3000z is distributed.Similarly, second terminal can also be user terminal 3000k, this
Association key-value pair corresponding to two terminals can be key-value pair 4, which can be<AAAA, kkkkkk>, wherein key assignments
Kkkkkk can be expressed as to the device identifier in 4, i.e., it is the user terminal that the device identifier, which is the application server,
Unique identification information that 3000k is distributed.It can be seen that by distributing phase for each user terminal for accessing the target application
The identification of equipment, and quantity that can effectively to the equipment for accessing the target application can be improved in the device identifier answered
It is controlled, and then one kind can be provided and reliably log in controlling mechanism, so as to be effectively prevented the illegal of illegal terminal
Access.
Since the quantity (4) that the application server counts on the association key-value pair is less than threshold total number (assuming that threshold value is total
First key-value pair is added to the key assignments and mapped by number for 5), then the application server can be determined and be authenticated successfully
Table;At the same time, which can also generate the corresponding login response letter of the logging request when authenticating successfully
Breath, and the login response information is returned into the first terminal, so that the first terminal can further execute step
S210;Wherein, the login response information be used to indicate corresponding first key-value pair of the user account information have login power
Limit.
It should be appreciated that a user account information is associated with a key value mapping table, so as to be reflected by counting the key assignments
The quantity of the corresponding association key-value pair of the same user account information of this in firing table, and then can and know indirectly and accessed the mesh
Mark the quantity of the second terminal of application, and can the quantity based on the second terminal effectively to the of the target application to be accessed
The logon rights of one terminal are controlled, so as to further increase authentication dynamics while promoting identification.
Step S210, the first terminal receive the login response information, and according to the login response information registration
The target application.
Optionally, when the application server failed authentication, i.e., above-mentioned application server shown in fig. 5 counts on the pass
When the quantity (4) of connection key-value pair reaches threshold total number (assuming that threshold total number be 4), then the application server can determine to this
The authenticating result that one key-value pair carries out logging in authentication is failed authentication, and in failed authentication, it is corresponding to generate the logging request
Login prompt information, and the login prompt information is returned into the first terminal, so that the first terminal shows institute
State login prompt information (for example, login failure).Wherein, it should be appreciated that the login prompt information is used in failed authentication
When, prompt user terminal 3000a not have the permission for having access to the target application currently.
In embodiments of the present invention, the corresponding user account information of the available target application of first terminal, and obtain institute
State the corresponding device identifier of user account information;The device identifier is that application server is what the first terminal distributed
Unique identification information;The first terminal using the user account information as key name, and using the device identifier as
The corresponding key assignments of the key name, constructs corresponding first key-value pair of the user account information, and will carry first key assignments
Pair logging request be sent to the application server;The application server receives the logging request, and to the login
First key-value pair carried in request is authenticated, and login response information is generated when authenticating successfully, and step on described
Record response message returns to the first terminal;The first terminal receives the login response information, and according to the login
Response message logs in the target application.It can be seen that the application server can be the first terminal point of access target application
With unique identification information (i.e. device identifier), and have can not tamper and not reproducible for the device identifier of the distribution
Property.Therefore, which can be correctly found associated by user account information by the device identifier distributed
Key value mapping table, so as to by counting the corresponding association key-value pair of the same user account information of this in the key value mapping table
Quantity, and the quantity for having accessed the second terminal of the target application is known indirectly, and can be based on the quantity of the second terminal
Effectively the logon rights of the first terminal of the target application to be accessed are controlled, so as to promote the same of identification
When, further increase authentication dynamics.
Further, Fig. 6 is referred to, is a kind of flow diagram of data processing method provided in an embodiment of the present invention.
This method can be applied to first terminal, which can be for the target terminal user in embodiment corresponding to above-mentioned Fig. 1 (i.e.
User terminal 3000a).As shown in fig. 6, the realization process of the embodiment of the present invention includes the following steps S301- step S307.
Step S301 obtains the corresponding user account information of target application;
Step S302 searches the corresponding device identifier of the user account information in the local database;
Step S303, when not finding the corresponding device identifier of the user account information, by the user account
Information constructs corresponding second key of the user account information as key name, and using null value as the corresponding key assignments of the key name
Value pair, and second key-value pair is uploaded to application serve;
Step S304 receives the application server and is the device identifier of first terminal distribution, and sets described
Standby identifier is stored in the local data base;
Step S305 obtains the corresponding device identifier of the user account information;
Wherein, it is that the first terminal distributes only that the device identifier, which is the application server in above-mentioned steps S304,
One identification information;
Step S306, using the user account information as key name, and using the device identifier as the key name pair
The key assignments answered constructs corresponding first key-value pair of the user account information, and the login for carrying first key-value pair is asked
It asks and is sent to the application server;
Step S307, the first terminal receive the login response information, and according to the login response information registration
The target application.
Wherein, the specific implementation procedure of the step S301- step S307 can be found in right in embodiment corresponding to above-mentioned Fig. 4
The description of the specific executive mode of the first terminal will not continue to repeat here.
In embodiments of the present invention, the corresponding user account information of the available target application of first terminal, and in local
Device identifier corresponding with the user account information is searched in database, the user account information is corresponding to be set when not finding
When standby identifier, which can be further using the user account information as key name, and using null value as the key
The corresponding key assignments of name, to construct corresponding second key-value pair of the user account information, and is sent to the mesh for second key-value pair
Mark applies corresponding application server, so that the application server can distribute unique identification information (i.e. for the first terminal
Device identifier);In addition, the first terminal can further construct the user account based on received device identifier
Corresponding first key-value pair of information, and the logging request for carrying first key-value pair is sent to the application server, with
The application server is set to return to login response information based on the logging request received;The login response information is used to indicate
Corresponding first key-value pair of the user account information has logon rights, and therefore, first terminal can the login that received
Response message logs in the target application.It can be seen that the application server can be the first terminal distribution of access target application
Unique identification information (i.e. device identifier), and have can not tamper and non-reproduction for the device identifier of the distribution.
Therefore, which can correctly find key associated by user account information by the device identifier distributed
It is worth mapping table, so as to pass through the number for counting the corresponding association key-value pair of the same user account information of this in the key value mapping table
Amount, and the quantity for having accessed the second terminal of the target application is known indirectly, and can be had based on the quantity of the second terminal
Effect ground controls the logon rights of the first terminal of the target application to be accessed, so as to promote the same of identification
When, further increase authentication dynamics.
Further, Fig. 7 is referred to, is the process signal of another data processing method provided in an embodiment of the present invention
Figure.This method can be applied to application server, which can be the application service in embodiment corresponding to above-mentioned Fig. 1
Device 2000.As shown in fig. 7, the embodiment of the present invention the method may include following steps S401- step S403.
Step S401 is received the second key-value pair that first terminal uploads, and is obtained based on the key assignments of second key-value pair
The corresponding private key of the first terminal;
Wherein, second key-value pair is by the first terminal by using the user account information as key name, and
Using null value as the corresponding key assignments building of the key name;
The private key is converted to public key by step S402, and calculates corresponding first cryptographic Hash of the public key, and according to institute
The first cryptographic Hash and the corresponding version information of the target application are stated, calculates corresponding second cryptographic Hash of the public key, and from institute
It states and determines object identifier byte in the second cryptographic Hash;
Step S403 is based on the object identifier byte, first cryptographic Hash and the version information, generates described the
The corresponding device identifier of one terminal, and the device identifier is back to the first terminal;
Step S404 receives the logging request that first terminal is sent;
Wherein, corresponding first key-value pair of the first terminal is carried in the logging request;First key-value pair is
By the first terminal by using user account information as key name, and using device identifier as the corresponding key assignments of the key name
Constructed;The device identifier is unique identification information that the application server is the first terminal distribution;
Step S405 authenticates first key-value pair carried in the logging request;
Step S406 generates login response information when authenticating successfully, and the login response information is returned to described
First terminal;
Wherein, the specific executive mode of above-mentioned steps S401- step S404 can be found in right in embodiment corresponding to above-mentioned Fig. 4
The description of the specific executive mode of the application server will not continue to repeat here.
In embodiments of the present invention, which can be the unique mark of first terminal distribution of access target application
Know information (i.e. device identifier), and the device identifier of the distribution have can not tamper and non-reproduction.Therefore, this is answered
Key value mapping table associated by user account information can be correctly found by the device identifier distributed with server,
So as to pass through the quantity for counting the corresponding association key-value pair of the same user account information of this in the key value mapping table, and indirectly
The quantity for having accessed the second terminal of the target application is known on ground, and can the quantity based on the second terminal effectively to waiting
The logon rights for entering the first terminal of the target application are controlled, so as to further mention while promoting identification
High authentication dynamics.
Further, Fig. 8 is referred to, is a kind of structural schematic diagram of user terminal provided in an embodiment of the present invention, the use
Family terminal 1 can be the target terminal user in embodiment corresponding to above-mentioned Fig. 1, it can whole for above-mentioned user shown in FIG. 1
Hold 3000a.As shown in figure 8, the user terminal 1 may include: that account obtains module 100, identifier obtains module 200, request
Sending module 300 and response receiving module 400, further, which can also include: identifier searching module
500, key-value pair uploading module 600 and identifier receiving module 700;
The account obtains module 100, for obtaining the corresponding user account information of target application;
The identifier obtains module 200, for obtaining the corresponding device identifier of the user account information;It is described to set
Standby identifier is unique identification information that application server is the terminal distribution;
The request sending module 300, for using the user account information as key name, and by the device identifier
As the corresponding key assignments of the key name, corresponding first key-value pair of the user account information is constructed, and described first will be carried
The logging request of key-value pair is sent to the application server, so that the application server receives the logging request, and right
First key-value pair carried in the logging request is authenticated, and login response information is generated when authenticating successfully;Institute
It states login response information and is used to indicate corresponding first key-value pair of the user account information and have logon rights;
The response receiving module 400 is stepped on for receiving the login response information, and according to the login response information
Record the target application.
The identifier searching module 500, for searching in the local database, the user account information is corresponding to be set
Standby identifier;
The key-value pair uploading module 600, for the corresponding device identifier of the user account information ought not found
When, using the user account information as key name, and using null value as the corresponding key assignments of the key name, construct the user account
Corresponding second key-value pair of information, and second key-value pair is uploaded to application serve, so that the application server base
Key assignments in second key-value pair is the terminal distribution device identifier;
The identifier receiving module 700, for receiving the device identification that the application server is the terminal distribution
Symbol, and the device identifier is stored in the local data base.
Wherein, the account obtains module 100, and identifier obtains module 200, request sending module 300, and response receives mould
The specific implementation of block 400, identifier searching module 500, key-value pair uploading module 600 and identifier receiving module 700 can
Referring to the description in embodiment corresponding to above-mentioned Fig. 6 to step S301- step S307, will not continue to repeat here.
In embodiments of the present invention, the corresponding user account information of the available target application of user terminal 1, and obtain
The corresponding device identifier of the user account information;The device identifier is that application server is the user terminal 1 distribution
Unique identification information;The user terminal 1 using the user account information as key name, and using the device identifier as
The corresponding key assignments of the key name, constructs corresponding first key-value pair of the user account information, and will carry first key assignments
Pair logging request be sent to the application server;The application server receives the logging request, and to the login
First key-value pair carried in request is authenticated, and login response information is generated when authenticating successfully, and step on described
Record response message returns to user terminal 1;User terminal 1 receives the login response information, and is believed according to the login response
Breath logs in the target application.It can be seen that the application server can distribute uniquely for the user terminal 1 of access target application
Identification information (i.e. device identifier), and the device identifier of the distribution have can not tamper and non-reproduction.Therefore,
The application server can correctly find the mapping of key assignments associated by user account information by the device identifier distributed
Table, so as to pass through the quantity for counting the corresponding association key-value pair of the same user account information of this in the key value mapping table, and
Know the quantity for having accessed the second terminal of the target application indirectly, and can the quantity based on the second terminal it is effectively right
The logon rights of the user terminal 1 of the target application to be accessed are controlled, so as to while promoting identification, into one
Step improves authentication dynamics.
Further, Fig. 9 is referred to, is the structural schematic diagram of another user terminal provided in an embodiment of the present invention.Such as
Shown in Fig. 9, the user terminal 1000 can be applied to the user terminal 3000a in above-mentioned Fig. 1 corresponding embodiment, the user
Terminal 1000 may include: processor 1001, network interface 1004 and memory 1005, in addition, the user terminal 1000 is also
It may include: user interface 1003 and at least one communication bus 1002.Wherein, communication bus 1002 is for realizing these groups
Connection communication between part.Wherein, user interface 1003 may include display screen (Display), keyboard (Keyboard), optional
User interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include standard
Wireline interface, wireless interface (such as WI-FI interface).Memory 1004 can be high speed RAM memory, be also possible to non-shakiness
Fixed memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 1005 optionally can be with
It is the storage device that at least one is located remotely from aforementioned processor 1001.As shown in figure 9, as a kind of computer storage medium
It may include operating system, network communication module, Subscriber Interface Module SIM and equipment control application program in memory 1005.
The network interface 1004 in 1000 can also be attached with application server, and optional user interface 1003 is also
It may include display screen (Display), keyboard (Keyboard).In user terminal 1000 shown in Fig. 9, network interface 1004
It can provide network communication function;And user interface 1003 is mainly used for providing the interface of input for user;And processor 1001 can
With for call the equipment stored in memory 1005 control application program, with realize:
The corresponding user account information of target application is obtained, and obtains the corresponding device identification of the user account information
Symbol;The device identifier is unique identification information that application server is the first terminal distribution;
Using the user account information as key name, and using the device identifier as the corresponding key assignments of the key name,
Corresponding first key-value pair of the user account information is constructed, and the logging request for carrying first key-value pair is sent to institute
Application server is stated, so that the application server receives the logging request, and to described in carrying in the logging request
First key-value pair is authenticated, and login response information is generated when authenticating successfully;The login response information is used to indicate institute
It states corresponding first key-value pair of user account information and has logon rights;
Receive the login response information, and the target application according to the login response information registration.
It should be appreciated that embodiment corresponding to the executable Fig. 6 above of user terminal 1000 described in the embodiment of the present invention
In description to the data processing method, retouching to the user terminal 1 in embodiment corresponding to Fig. 8 above also can be performed
It states, details are not described herein.In addition, being described to using the beneficial effect of same procedure, also no longer repeated.
In addition, it need to be noted that: the embodiment of the invention also provides a kind of computer storage medium, and the meter
Computer program performed by the user terminal 1 being mentioned above, and the computer program packet are stored in calculation machine storage medium
Program instruction is included, when the processor executes described program instruction, is able to carry out in embodiment corresponding to Fig. 6 above to described
Therefore the description of data processing method will be repeated no longer here.In addition, described to using the beneficial effect of same procedure,
Also it is no longer repeated.For undisclosed technical detail in computer storage medium embodiment according to the present invention, please join
According to the description of embodiment of the present invention method.
Further, referring to Figure 10, it is a kind of structural schematic diagram of application server provided in an embodiment of the present invention.Institute
Stating application server 2 can be the application server in embodiment corresponding to above-mentioned Fig. 1.Further, which can
To include: request receiving module 10, authentication module 20, response generation module 30, further, the application server 2 may be used also
To include: key-value pair receiving module 40, cryptographic Hash computing module 50 and identifier generating module 60;
The request receiving module 10, for receiving the logging request of first terminal transmission;It is carried in the logging request
Corresponding first key-value pair of the first terminal;First key-value pair is by the first terminal by by user account information
As key name, and using device identifier as constructed by the corresponding key assignments of the key name;The device identifier is described answers
It is unique identification information of first terminal distribution with server;
The authentication module 20, for being authenticated to first key-value pair carried in the logging request;
Wherein, the authentication module 20, comprising: key-value pair acquiring unit 201, quantity statistics unit 202 and key-value pair add
Add unit 203;
The key-value pair acquiring unit 201 for obtaining the first key-value pair entrained in the logging request, and obtains
User account information in first key-value pair;
The quantity statistics unit 202, for the inquiry in background data base and the associated key of the user account information
It is worth mapping table, and counts the associated key that there is same user account information with first key-value pair in the key value mapping table
The quantity of value pair;It is different from the corresponding association of second terminal of the first terminal in the key value mapping table comprising at least one
Key-value pair;
The key-value pair adding unit 203, for if it is determined that the quantity of the association key-value pair then will less than threshold total number
First key-value pair is added to the key value mapping table.
Wherein, the specific side of execution of key-value pair acquiring unit 201, quantity statistics unit 202 and key-value pair adding unit 203
Formula can be found in the description in embodiment corresponding to above-mentioned Fig. 4 to step S209, will not continue to repeat here.
The response generation module 30 generates login response information when authenticating successfully for the application server, and
The login response information is returned into the first terminal, so that the first terminal is according to the login response information registration
The corresponding target application of the user account information.
The key-value pair receiving module 40 for receiving the second key-value pair of first terminal upload, and is based on described second
The key assignments of key-value pair obtains the corresponding private key of the first terminal;Second key-value pair is by the first terminal by by institute
User account information is stated as key name, and using null value as the corresponding key assignments building of the key name;
Wherein, the key-value pair receiving module 40 includes: key assignments acquiring unit 401, private key determination unit 402
The key assignments acquiring unit 401, the second key-value pair uploaded for receiving the first terminal, and obtain described the
The key assignments of two key-value pairs;
The private key determination unit 402, for obtaining by random when the key assignments for determining second key-value pair is null value
The first data sequence that generator generates, and first data sequence is determined as the corresponding private key of the first terminal.
Wherein, the key assignments acquiring unit 401, the specific executive mode of private key determination unit 402 can be found in above-mentioned Fig. 7 institute
To the description of step S401 in corresponding embodiment, will not continue to repeat here.
The cryptographic Hash computing module 50 for the private key to be converted to public key, and calculates the public key corresponding
One cryptographic Hash, and according to first cryptographic Hash and the corresponding version information of the target application, it is corresponding to calculate the public key
Second cryptographic Hash, and object identifier byte is determined from second cryptographic Hash;
Wherein, the cryptographic Hash computing module 50 includes: converting unit 501, the first cryptographic Hash computing unit 502, data
Retrieval unit 503, the second cryptographic Hash computing unit 504 and check byte determination unit 505;
The private key is converted to public key for being based on elliptic curve encryption algorithm by the converting unit 501;
The first cryptographic Hash computing unit 502, for calculating the public key corresponding first based on the first hash algorithm
Cryptographic Hash;
Wherein, first hash algorithm includes Secure Hash Algorithm and cryptographic hashing algorithm;
The first cryptographic Hash computing unit 502 includes: the first operation subelement 5021 and the second operation subelement 5022;
The first operation subelement 5021, for being carried out for the first time to the public key by the Secure Hash Algorithm
Hash operation obtains the corresponding first object value of the public key;
The second operation subelement 5022, for being carried out to the first object value by the cryptographic hashing algorithm
Second of Hash operation obtains corresponding second target value of the first object value, and second target value is determined as institute
State corresponding first cryptographic Hash of public key.
Wherein, the specific executive mode of the first operation subelement 5021 and the second operation subelement 5022 can be found in
The description in embodiment corresponding to Fig. 4 to step S205 is stated, will not continue to repeat here.
The data sequence acquiring unit 503, for obtaining the corresponding version information of the target application, and according to described
Version information and first cryptographic Hash obtain corresponding second data sequence of the first terminal;
The second cryptographic Hash computing unit 504, for being carried out based on the second hash algorithm to second data sequence
Hash operation twice, and the second data sequence after Hash operation twice is determined as corresponding second cryptographic Hash of the public key;
Second cryptographic Hash is identical as the length of the data sequence of the private key;
Wherein, second hash algorithm is Secure Hash Algorithm;
The second cryptographic Hash computing unit, comprising: third operation subelement 5041 and the 4th operation subelement 5042;
The third operation subelement 5041, for by the Secure Hash Algorithm, to second data sequence into
Row third time Hash operation obtains the corresponding third target value of second data sequence;
The 4th operation subelement 5042, for being carried out to the third target value by the Secure Hash Algorithm
4th Hash operation obtains corresponding 4th target value of the third target value, and the 4th target value is determined as institute
State corresponding second cryptographic Hash of public key.
Wherein, the specific executive mode of the third operation subelement 5041 and the 4th operation subelement 5042 can be found in
The description in embodiment corresponding to Fig. 4 to step S205 is stated, will not continue to repeat here.
The check byte determination unit 505, for obtaining target data from the data sequence of second cryptographic Hash
Sequence, and the target data sequence that will acquire is determined as object identifier byte.
Wherein, the converting unit 501, the first cryptographic Hash computing unit 502, data sequence acquiring unit 503, second breathes out
The specific executive mode of uncommon value computing unit 504 and check byte determination unit 505 can be found in embodiment corresponding to above-mentioned Fig. 7
Description to step S402 will not continue to repeat here.
The identifier generating module 60, for being based on the object identifier byte, first cryptographic Hash and the version
This information generates the corresponding device identifier of the first terminal, and the device identifier is back to the first terminal.
Wherein, the identifier generating module 60 includes: integral unit 601, coding unit 602 and identifier return unit
603;
The integral unit 601, for carrying out the version information, first cryptographic Hash and object identifier byte
Integration, obtains the corresponding target address information of the first terminal;
The coding unit 602, for being encoded to the target address information by target code mode, and will
Target address information after coding is determined as the corresponding device identifier of the first terminal;The device identifier is described answers
It is unique identification information of first terminal distribution with server;
The identifier return unit 603, for the device identifier to be back to the first terminal, so that described
First terminal stores the device identifier in the local database.
Wherein, the specific executive mode of the integral unit 601, coding unit 602 and identifier return unit 603 can join
See description of the embodiment corresponding to above-mentioned Fig. 4 to step S206, will not continue to repeat here.
Wherein, the request receiving module 10, authentication module 20 respond generation module 30, and key-value pair receiving module 40 is breathed out
The specific executive mode of uncommon value computing module 50 and identifier generating module 60 can be found in embodiment corresponding to above-mentioned Fig. 7 to step
The description of S401- step S404 will not continue to repeat here.
In embodiments of the present invention, the corresponding user account information of the available target application of first terminal, and obtain institute
State the corresponding device identifier of user account information;The device identifier is that application server 2 is the first terminal distribution
Unique identification information;The first terminal makees the device identifier using the user account information as key name
For the corresponding key assignments of the key name, corresponding first key-value pair of the user account information is constructed, and first key will be carried
The logging request of value pair is sent to the application server 2;The application server 2 receives the logging request, and to described
First key-value pair carried in logging request is authenticated, and login response information is generated when authenticating successfully, and by institute
It states login response information and returns to the first terminal;The first terminal receives the login response information, and according to described
Target application described in login response information registration.It can be seen that the application server 2 can be whole to access the first of target application
Unique identification information (i.e. device identifier) is distributed at end, and the device identifier of the distribution has and tamper and can not can not answer
Property processed.Therefore, which can be correctly found user account information and be closed by the device identifier distributed
The key value mapping table of connection, so as to by counting the corresponding association key assignments of the same user account information of this in the key value mapping table
Pair quantity, and know the quantity for having accessed the second terminal of the target application indirectly, and can be based on the second terminal
Quantity effectively controls the logon rights of the first terminal of the target application to be accessed, so as to promote identification
While, further increase authentication dynamics.
Referring to Figure 11, it is the structural schematic diagram of another application server provided in an embodiment of the present invention.Such as Figure 11 institute
Show, which can be the application server 2000 in embodiment corresponding to above-mentioned Fig. 1.The application server can
To include: processor 4001, network interface 4004 and memory 4005, in addition, the application server 4000 can also include:
User interface 4003 and at least one communication bus 4002.Wherein, communication bus 4002 is for realizing the company between these components
Connect letter.Wherein, user interface 4003 may include display screen (Display), keyboard (Keyboard), optional user interface
4003 can also include standard wireline interface and wireless interface.Network interface 4004 optionally may include that the wired of standard connects
Mouth, wireless interface (such as WI-FI interface).Memory 4004 can be high speed RAM memory, be also possible to non-labile storage
Device (non-volatile memory), for example, at least a magnetic disk storage.Memory 4005 optionally can also be at least one
A storage device for being located remotely from aforementioned processor 4001.As shown in figure 11, the memory as a kind of computer storage medium
It may include operating system, network communication module, Subscriber Interface Module SIM and equipment control application program in 4005.
Wherein, the network interface 4004 in application server 4000 can also be with the mesh in embodiment corresponding to above-mentioned Fig. 1
Mark user terminal is attached, and optional user interface 4003 can also include display screen (Display), keyboard
(Keyboard).In the application server 4000 shown in Figure 11, network interface 4004 can provide network communication function;And user
Interface 4003 is mainly used for providing the interface of input for user;And processor 4001 can be used for calling and store in memory 4005
Equipment control application program, with realize:
The corresponding user account information of target application is obtained, and obtains the corresponding device identification of the user account information
Symbol;The device identifier is unique identification information that the application server is the first terminal distribution;
Using the user account information as key name, and using the device identifier as the corresponding key assignments of the key name,
Corresponding first key-value pair of the user account information is constructed, and the logging request for carrying first key-value pair is sent to institute
Application server is stated, so that the application server receives the logging request, and to described in carrying in the logging request
First key-value pair is authenticated, and login response information is generated when authenticating successfully;The login response information is used to indicate institute
It states corresponding first key-value pair of user account information and has logon rights;
Receive the login response information, and the target application according to the login response information registration.
It should be appreciated that the executable embodiment corresponding to 7 above of application server 4000 described in the embodiment of the present invention
In description to the data processing method, also can be performed in embodiment corresponding to Figure 10 above to the application server 2
Description, details are not described herein.In addition, being described to using the beneficial effect of same procedure, also no longer repeated.
In addition, it need to be noted that: the embodiment of the invention also provides a kind of computer storage medium, and the meter
Computer program performed by the application server 2 being mentioned above, and the computer program are stored in calculation machine storage medium
It is able to carry out in embodiment corresponding to Fig. 7 above when the processor executes described program instruction to institute including program instruction
The description of data processing method is stated, therefore, will no longer be repeated here.In addition, being retouched to using the beneficial effect of same procedure
It states, is also no longer repeated.For undisclosed technical detail in computer storage medium embodiment according to the present invention, ask
Referring to the description of embodiment of the present invention method.
Further, referring to Figure 12, it is a kind of structural schematic diagram of data processing system provided in an embodiment of the present invention.
As shown in figure 12, user terminal 1a and application server 2a be can specifically include in the data processing system 3, needs to illustrate
It is, it, can be by any of the target application to be accessed when different users accesses target application by corresponding user terminal 1a
User terminal 1a is referred to as first terminal.
It should be appreciated that in embodiment corresponding to the executable Fig. 6 above of user terminal 1a described in the embodiment of the present invention
Retouching to the user terminal 1000 in embodiment corresponding to Fig. 9 above also can be performed in description to the data processing method
It states, details are not described herein.In addition, being described to using the beneficial effect of same procedure, also no longer repeated.In addition, of the invention
The data processing method is retouched in the executable embodiment corresponding to 7 above of application server 2a described in embodiment
It states, the description in embodiment corresponding to Figure 11 above to the application server 4000 also can be performed, details are not described herein.Separately
Outside, it describes to using the beneficial effect of same procedure, is also no longer repeated.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (15)
1. a kind of data processing method characterized by comprising
First terminal obtains the corresponding user account information of target application, and obtains the corresponding equipment mark of the user account information
Know symbol;The device identifier is unique identification information that application server is the first terminal distribution;
The first terminal is corresponded to using the user account information as key name using the device identifier as the key name
Key assignments, construct corresponding first key-value pair of the user account information, and the logging request that first key-value pair will be carried
It is sent to the application server;
The application server receives the logging request, and carries out to first key-value pair carried in the logging request
Authentication, and login response information is generated when authenticating successfully, and the login response information is returned into the first terminal;
The first terminal receives the login response information, and the target application according to the login response information registration.
2. the method according to claim 1, wherein obtaining the corresponding equipment of the user account information described
Before identifier, the method also includes:
The first terminal searches the corresponding device identifier of the user account information in the local database;
When the first terminal does not find the corresponding device identifier of the user account information, the user account is believed
Breath is used as key name, and using null value as the corresponding key assignments of the key name, constructs corresponding second key assignments of the user account information
It is right, and second key-value pair is uploaded to application serve;
The application server receives second key-value pair, and obtains described first eventually based on the key assignments of second key-value pair
Hold corresponding private key;
The private key is converted to public key by the application server, and calculates corresponding first cryptographic Hash of the public key, and according to
First cryptographic Hash and the corresponding version information of the target application, calculate corresponding second cryptographic Hash of the public key, and from
Object identifier byte is determined in second cryptographic Hash;
The application server is based on the object identifier byte, first cryptographic Hash and the version information, described in generation
The corresponding device identifier of first terminal, and the device identifier is back to the first terminal.
3. according to the method described in claim 2, it is characterized in that, the application server receives second key-value pair, and
Key assignments based on second key-value pair obtains the corresponding private key of the first terminal, comprising:
The application server receives the second key-value pair that the first terminal uploads, and obtains the key of second key-value pair
Value;
The application server obtains the generated by random generator when the key assignments for determining second key-value pair is null value
One data sequence, and first data sequence is determined as the corresponding private key of the first terminal.
4. according to the described in any item methods of claim 2-3, which is characterized in that the application server converts the private key
For public key, and corresponding first cryptographic Hash of the public key is calculated, and corresponding according to first cryptographic Hash and the target application
Version information, calculate corresponding second cryptographic Hash of the public key, and from second cryptographic Hash determine object identifier byte,
Include:
The application server is based on elliptic curve encryption algorithm, and the private key is converted to public key;
The application server is based on the first hash algorithm and calculates corresponding first cryptographic Hash of the public key;
The application server obtains the corresponding version information of the target application, and according to the version information and described first
Cryptographic Hash obtains corresponding second data sequence of the first terminal;
The application server is based on the second hash algorithm and carries out Hash operation twice to second data sequence, and will twice
The second data sequence after Hash operation is determined as corresponding second cryptographic Hash of the public key;Second cryptographic Hash and the private
The length of the data sequence of key is identical;
The application server obtains target data sequence, and the institute that will acquire from the data sequence of second cryptographic Hash
It states target data sequence and is determined as object identifier byte.
5. according to the method described in claim 4, it is characterized in that, first hash algorithm includes Secure Hash Algorithm and adds
Close hash algorithm;
The application server is based on the first hash algorithm and calculates corresponding first cryptographic Hash of the public key, comprising:
The application server carries out first time Hash operation by the Secure Hash Algorithm, to the public key, obtains described
The corresponding first object value of public key;
The application server carries out second of Hash operation by the cryptographic hashing algorithm, to the first object value, obtains
To corresponding second target value of the first object value, and second target value is determined as the public key corresponding first and is breathed out
Uncommon value.
6. according to the method described in claim 4, it is characterized in that, second hash algorithm is Secure Hash Algorithm;
The application server is based on the second hash algorithm and carries out Hash operation twice to second data sequence, and will twice
The second data sequence after Hash operation is determined as corresponding second cryptographic Hash of the public key, comprising:
The application server carries out third time Hash operation by the Secure Hash Algorithm, to second data sequence,
Obtain the corresponding third target value of second data sequence;
The application server is carried out the 4th Hash operation to the third target value, is obtained by the Secure Hash Algorithm
To corresponding 4th target value of the third target value, and the 4th target value is determined as the public key corresponding second and is breathed out
Uncommon value.
7. according to the method described in claim 2, it is characterized in that, the application server be based on the object identifier byte,
First cryptographic Hash and the version information, generate the corresponding device identifier of the first terminal, and by the equipment mark
Know symbol and be back to the first terminal, comprising:
The application server integrates the version information, first cryptographic Hash and object identifier byte, obtains
The corresponding target address information of the first terminal;
The application server encodes the target address information by target code mode, and by the mesh after coding
Mark address information is determined as the corresponding device identifier of the first terminal;The device identifier is that the application server is
Unique identification information of the first terminal distribution;
The device identifier is back to the first terminal by the application server, so that the first terminal is set described
Standby identifier storage is in the local database.
8. the method according to claim 1, wherein the application server receives the logging request, and right
First key-value pair carried in the logging request is authenticated, and login response information is generated when authenticating successfully, and
The login response information is returned into the first terminal, comprising:
The application server is obtained and is taken in the logging request when receiving the logging request that the first terminal is sent
First key-value pair of band, and obtain the user account information in first key-value pair;
The application server is inquired in background data base and the associated key value mapping table of the user account information, and in institute
State the quantity for being associated with key-value pair for counting in key value mapping table and there is same user account information with first key-value pair;It is described
It is different from the corresponding association key-value pair of second terminal of the first terminal in key value mapping table comprising at least one;
If the application server determines that the quantity of the association key-value pair is less than threshold total number, first key-value pair is added
Add to the key value mapping table;
The application server generates the corresponding login response information of the logging request when authenticating successfully, and by the login
Response message returns to the first terminal;The login response information is used to indicate the user account information corresponding first
Key-value pair has logon rights.
9. a kind of data processing method, the method is applied to first terminal characterized by comprising
The first terminal obtains the corresponding user account information of target application, and obtains that the user account information is corresponding to be set
Standby identifier;The device identifier is unique identification information that application server is the first terminal distribution;
The first terminal is corresponded to using the user account information as key name using the device identifier as the key name
Key assignments, construct corresponding first key-value pair of the user account information, and the logging request that first key-value pair will be carried
It is sent to the application server, so that the application server receives the logging request, and to taking in the logging request
First key-value pair of band is authenticated, and login response information is generated when authenticating successfully;The login response information is used
Have logon rights in corresponding first key-value pair of the instruction user account information;
The first terminal receives the login response information, and the target application according to the login response information registration.
10. a kind of data processing method, the method is applied to application server characterized by comprising
The application server receives the logging request that first terminal is sent;The first terminal pair is carried in the logging request
The first key-value pair answered;First key-value pair is by the first terminal by using user account information as key name, and will
Device identifier is as constructed by the corresponding key assignments of the key name;The device identifier is that the application server is described
Unique identification information of first terminal distribution;
The application server authenticates first key-value pair carried in the logging request;
The application server generates login response information when authenticating successfully, and the login response information is returned to described
First terminal, so that the first terminal corresponding target of user account information according to the login response information registration is answered
With.
11. a kind of user terminal characterized by comprising
Account obtains module, for obtaining the corresponding user account information of target application;
Identifier obtains module, for obtaining the corresponding device identifier of the user account information;The device identifier is
Application server is unique identification information of the terminal distribution;
Request sending module is used for using the user account information as key name, and using the device identifier as the key
The corresponding key assignments of name, constructs corresponding first key-value pair of the user account information, and will carry stepping on for first key-value pair
Record request is sent to the application server, so that the application server receives the logging request, and asks to the login
It asks first key-value pair of middle carrying to be authenticated, and generates login response information when authenticating successfully;The login response
Information is used to indicate corresponding first key-value pair of the user account information and has logon rights;
Receiving module is responded, for receiving the login response information, and the target according to the login response information registration
Using.
12. a kind of application server characterized by comprising
Request receiving module, for receiving the logging request of first terminal transmission;Described first is carried in the logging request eventually
Hold corresponding first key-value pair;First key-value pair is by the first terminal by using user account information as key name,
And using device identifier as constructed by the corresponding key assignments of the key name;The device identifier is that the application server is
Unique identification information of the first terminal distribution;
Authentication module, for being authenticated to first key-value pair carried in the logging request;
Generation module is responded, generates login response information when authenticating successfully for the application server, and by the login
Response message returns to the first terminal, so that first terminal user's account according to the login response information registration
Number corresponding target application of information.
13. a kind of user terminal characterized by comprising processor, memory and network interface;
The processor is connected with memory, network interface, wherein network interface is for connecting application server, the storage
Device is for storing program code, and the processor is for calling said program code, to execute following operation:
The corresponding user account information of target application is obtained, and obtains the corresponding device identifier of the user account information;Institute
Stating device identifier is unique identification information that the application server is the first terminal distribution;
Using the user account information as key name, and using the device identifier as the corresponding key assignments of the key name, building
Corresponding first key-value pair of the user account information, and the logging request for carrying first key-value pair is sent to described answer
With server, so that the application server receives the logging request, and to described first carried in the logging request
Key-value pair is authenticated, and login response information is generated when authenticating successfully;The login response information is used to indicate the use
Account information corresponding first key-value pair in family has logon rights;
Receive the login response information, and the target application according to the login response information registration.
14. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with computer program, described
Computer program includes program instruction, and side as claimed in claim 9 is executed when the processor executes described program instruction
Method.
15. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with computer program, described
Computer program includes program instruction, and side as claimed in claim 10 is executed when the processor executes described program instruction
Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295146.8A CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295146.8A CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109474838A true CN109474838A (en) | 2019-03-15 |
| CN109474838B CN109474838B (en) | 2020-10-30 |
Family
ID=65672552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811295146.8A Active CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109474838B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110321287A (en) * | 2019-06-20 | 2019-10-11 | 北京奇艺世纪科技有限公司 | A kind of detection method of server capability, device and electronic equipment |
| CN110866242A (en) * | 2019-11-13 | 2020-03-06 | 网易(杭州)网络有限公司 | Information processing method and device |
| CN111522604A (en) * | 2020-04-26 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Application data processing method and device and computer readable storage medium |
| CN111814166A (en) * | 2020-07-10 | 2020-10-23 | 上海淇毓信息科技有限公司 | Data encryption method and device and electronic equipment |
| CN112651772A (en) * | 2020-12-18 | 2021-04-13 | 浙江同花顺智能科技有限公司 | Event touch method, device, equipment and storage medium |
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
| CN113342854A (en) * | 2021-06-21 | 2021-09-03 | 杭州推啊网络科技有限公司 | Method and system for generating unique ID of mobile equipment |
| CN113515707A (en) * | 2020-09-21 | 2021-10-19 | 腾讯科技(深圳)有限公司 | Data processing method, intelligent device, intelligent equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237305A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Password protection method for smart card on mobile terminals |
| CN103415014A (en) * | 2013-08-28 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for authenticating mobile terminal |
| CN103746983A (en) * | 2013-12-30 | 2014-04-23 | 迈普通信技术股份有限公司 | Access authentication method and authentication server |
| US20150067328A1 (en) * | 2013-08-30 | 2015-03-05 | Verizon Patent And Licensing Inc. | Authenticating a user device to access services based on a device id |
| US20150154510A1 (en) * | 2013-03-25 | 2015-06-04 | Kabushiki Kaisha Toshiba | Electronic device |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
| US20180077206A1 (en) * | 2016-09-15 | 2018-03-15 | Takeru Inoue | Information processing terminal, management system, communication system, information processing method, and recording medium |
-
2018
- 2018-11-01 CN CN201811295146.8A patent/CN109474838B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150154510A1 (en) * | 2013-03-25 | 2015-06-04 | Kabushiki Kaisha Toshiba | Electronic device |
| CN103237305A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Password protection method for smart card on mobile terminals |
| CN103415014A (en) * | 2013-08-28 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for authenticating mobile terminal |
| US20150067328A1 (en) * | 2013-08-30 | 2015-03-05 | Verizon Patent And Licensing Inc. | Authenticating a user device to access services based on a device id |
| CN103746983A (en) * | 2013-12-30 | 2014-04-23 | 迈普通信技术股份有限公司 | Access authentication method and authentication server |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
| US20180077206A1 (en) * | 2016-09-15 | 2018-03-15 | Takeru Inoue | Information processing terminal, management system, communication system, information processing method, and recording medium |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110321287A (en) * | 2019-06-20 | 2019-10-11 | 北京奇艺世纪科技有限公司 | A kind of detection method of server capability, device and electronic equipment |
| CN110866242B (en) * | 2019-11-13 | 2022-04-12 | 网易(杭州)网络有限公司 | Information processing method and device |
| CN110866242A (en) * | 2019-11-13 | 2020-03-06 | 网易(杭州)网络有限公司 | Information processing method and device |
| CN111522604A (en) * | 2020-04-26 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Application data processing method and device and computer readable storage medium |
| CN111522604B (en) * | 2020-04-26 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Application data processing method and device and computer readable storage medium |
| CN111814166A (en) * | 2020-07-10 | 2020-10-23 | 上海淇毓信息科技有限公司 | Data encryption method and device and electronic equipment |
| CN111814166B (en) * | 2020-07-10 | 2023-09-12 | 上海淇毓信息科技有限公司 | Data encryption method and device and electronic equipment |
| CN113515707A (en) * | 2020-09-21 | 2021-10-19 | 腾讯科技(深圳)有限公司 | Data processing method, intelligent device, intelligent equipment and storage medium |
| CN113515707B (en) * | 2020-09-21 | 2024-02-09 | 腾讯科技(深圳)有限公司 | Data processing method, intelligent device, intelligent equipment and storage medium |
| CN112651772A (en) * | 2020-12-18 | 2021-04-13 | 浙江同花顺智能科技有限公司 | Event touch method, device, equipment and storage medium |
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
| CN112749412B (en) * | 2021-01-18 | 2024-01-23 | 中国民航信息网络股份有限公司 | Processing method, system, equipment and storage medium for passenger identity information |
| CN113342854A (en) * | 2021-06-21 | 2021-09-03 | 杭州推啊网络科技有限公司 | Method and system for generating unique ID of mobile equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109474838B (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474838A (en) | A kind of data processing method, equipment, system and storage medium | |
| US11587074B2 (en) | Recordation of device usage to blockchains | |
| US20220019559A1 (en) | Blockchain Services | |
| US9391676B2 (en) | Network audio distribution system and method | |
| CN102594823B (en) | Trusted system for remote secure access of intelligent home | |
| US8589372B2 (en) | Method and system for automated document registration with cloud computing | |
| JP6608256B2 (en) | Electronic data existence certification program and existence certification server | |
| US7783767B2 (en) | System and method for distributed media streaming and sharing | |
| US8914351B2 (en) | Method and system for secure automated document registration from social media networks | |
| US20110213974A1 (en) | Identifying relationships between users of a communications domain | |
| US20110029555A1 (en) | Method, system and apparatus for content identification | |
| US11316681B2 (en) | User identity authentication method and device, readable storage medium and computer equipment | |
| JP6275302B2 (en) | Existence proof device, existence proof method, and program therefor | |
| Yao et al. | PBCert: Privacy-preserving blockchain-based certificate status validation toward mass storage management | |
| CN103190130A (en) | Registration server, gateway apparatus and method for providing a secret value to devices | |
| WO2022237497A1 (en) | Data storage method and apparatus based on blockchain network | |
| CN110263579A (en) | A kind of data processing method, system and relevant device | |
| MX2022010227A (en) | Authentication server function selection in authentication and key management. | |
| WO2020212784A1 (en) | Destination addressing associated with a distributed ledger | |
| TW200929948A (en) | Method for building a network connection and network device thereof | |
| KR102271201B1 (en) | Method for maintaining private information on blockchain network and device thereof | |
| CN111930753A (en) | Data retrieving method and device, electronic equipment and storage medium | |
| Bieniasz et al. | SocialStegDisc: Application of steganography in social networks to create a file system | |
| JP3215882U (en) | Cloud storage based file access control system | |
| KR20200137520A (en) | A database structure capable of synchronizing data between devices in a local area network environment and a data synchronization method using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |