CN109474838B - Data processing method, device, system and storage medium - Google Patents
Data processing method, device, system and storage medium Download PDFInfo
- Publication number
- CN109474838B CN109474838B CN201811295146.8A CN201811295146A CN109474838B CN 109474838 B CN109474838 B CN 109474838B CN 201811295146 A CN201811295146 A CN 201811295146A CN 109474838 B CN109474838 B CN 109474838B
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- application server
- key value
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Graphics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a data processing method, equipment, a system and a storage medium, wherein the method comprises the following steps: the method comprises the steps that a first terminal obtains user account information corresponding to a target application and obtains a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server; the method comprises the steps that a first terminal takes user account information as a key name, takes a device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to an application server; and the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal. And the first terminal receives the login response information and logs in the target application according to the login response information. By adopting the invention, the authentication strength can be further improved while the identification degree is improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data processing method, device, system, and storage medium.
Background
With the development of network videos, people can watch network video files through video applications in smart televisions or television boxes, and playing of most of the network video files requires certain playing permissions, that is, the users need to become members of the video applications to watch the video contents in the video files completely.
However, for a video application running in a television or a television box, it is common to distinguish the devices logged into the video application according to their own MAC (Media Access Control) addresses. Because some emulational boxes generated for saving cost exist in the current market, the emulational boxes can share the same MAC address, and the boxes with the same MAC address belong to different devices, in the existing authentication scheme, when a video background corresponding to the video application performs authentication by using received user account information and the MAC address, the different devices with the same MAC address can be judged as the same device, and the authority for logging in the video application is opened for the different devices. In view of this, in the existing technical solutions, different devices having the same MAC address cannot be distinguished, so that effective authority control cannot be performed on the number of devices logging in the video application.
Disclosure of Invention
Embodiments of the present invention provide a data processing method, device, system, and storage medium, which can further improve authentication strength while improving the recognition degree.
An embodiment of the present invention provides a data processing method, where the method includes:
the method comprises the steps that a first terminal obtains user account information corresponding to a target application and obtains a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
the first terminal takes the user account information as a key name, takes the equipment identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server;
the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal;
and the first terminal receives the login response information and logs in the target application according to the login response information.
An embodiment of the present invention provides a data processing method, which is applied to a first terminal, and includes:
the first terminal acquires user account information corresponding to a target application and acquires a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
the first terminal takes the user account information as a key name, takes the device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, sends a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, and generates login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
and the first terminal receives the login response information and logs in the target application according to the login response information.
An embodiment of the present invention provides a data processing method, which is applied to an application server, and includes:
the application server receives a login request sent by a first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
the application server authenticates the first key value pair carried in the login request;
and the application server generates login response information when the authentication is successful, and returns the login response information to the first terminal, so that the first terminal logs in the target application corresponding to the user account information according to the login response information.
An embodiment of the present invention provides a user terminal, where the user terminal includes:
the account acquisition module is used for acquiring user account information corresponding to the target application;
the identifier acquisition module is used for acquiring the equipment identifier corresponding to the user account information; the device identifier is unique identification information distributed to the terminal by the application server;
the request sending module is used for taking the user account information as a key name, taking the equipment identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, sending a login request carrying the first key value pair to the application server, enabling the application server to receive the login request, authenticating the first key value pair carried in the login request, and generating login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
and the response receiving module is used for receiving the login response information and logging in the target application according to the login response information.
An embodiment of the present invention provides an application server, where the application server includes:
the request receiving module is used for receiving a login request sent by a first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
the authentication module is used for authenticating the first key value pair carried in the login request;
and the response generation module is used for generating login response information when the application server succeeds in authentication and returning the login response information to the first terminal so that the first terminal can log in the target application corresponding to the user account information according to the login response information.
An aspect of an embodiment of the present invention provides a data processing system, where the system includes: a user terminal and an application server, wherein the user terminal is the user terminal mentioned in one aspect of the embodiments of the present invention, and the application server is the application server mentioned in one aspect of the embodiments of the present invention.
An embodiment of the present invention provides a user terminal, including: a processor, a memory, and a network interface;
the processor is connected with a memory and a network interface, wherein the network interface is used for connecting an application server, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the following operations:
acquiring user account information corresponding to a target application, and acquiring a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
taking the user account information as a key name, taking the device identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, sending a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, and generates login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
and receiving the login response information, and logging in the target application according to the login response information.
An embodiment of the present invention provides an application server, including: a processor, a memory, and a network interface;
the processor is connected with a memory and a network interface, wherein the network interface is used for connecting a first terminal, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the following operations:
receiving a login request sent by the first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
authenticating the first key value pair carried in the login request;
and generating login response information when the authentication is successful, and returning the login response information to the first terminal so that the first terminal logs in the target application corresponding to the user account information according to the login response information.
An aspect of the present embodiments provides a computer storage medium storing a computer program, the computer program comprising program instructions that, when executed by a processor, perform a method according to an aspect of the present embodiments.
An aspect of the present embodiments provides a computer storage medium storing a computer program, the computer program comprising program instructions that, when executed by a processor, perform a method according to an aspect of the present embodiments.
In the embodiment of the invention, a first terminal can acquire user account information corresponding to a target application and acquire a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server; the first terminal takes the user account information as a key name, takes the equipment identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server; the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal; and the first terminal receives the login response information and logs in the target application according to the login response information. It follows that the application server may assign unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of a first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention;
fig. 2 is a schematic diagram of sending a login request according to an embodiment of the present invention;
FIG. 3 is a flow chart of a data processing method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating another data processing method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of data interaction between a first terminal and an application server according to an embodiment of the present invention;
FIG. 6 is a flow chart illustrating a data processing method according to an embodiment of the present invention;
FIG. 7 is a flow chart illustrating another data processing method according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a user terminal according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of another ue according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an application server according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of another application server provided in the embodiment of the present invention;
fig. 12 is a schematic structural diagram of a data processing system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention. As shown in fig. 1, the network architecture may include an application server 2000 and a user terminal cluster; the user terminal cluster may include a plurality of user terminals, as shown in fig. 1, and specifically may include a user terminal 3000a, user terminals 3000b, …, and a user terminal 3000 n.
Further, it is understood that the network architecture may further include the application server 2000 shown in fig. 1 and a user terminal, which may be any one of the user terminals (e.g., the user terminal 3000a) shown in fig. 1. The application server 2000 may be a background server corresponding to an application (i.e., a target application) in the user terminal, and when a user logs in the target application using the user terminal (i.e., the user terminal 3000a), the user terminal for logging in the target application may be referred to as a first terminal, and the first terminal may be in network connection with the application server 2000, so that data interaction may be performed subsequently when accessing the target application in the user terminal.
As shown in fig. 1, the user terminal 3000a, the user terminals 3000b, …, and the user terminal 3000n may be respectively connected to the application server 2000 through a network, and the user terminals may implement interaction between user data through the application server 2000 corresponding to a certain network service platform. The network service platform may be a video network platform corresponding to a video application installed in any user terminal, it should be understood that one or more video applications may be installed in any user terminal, and for convenience of understanding, in the embodiment of the present invention, the video application is taken as an example to describe a specific process of data interaction between the user terminal installed with the application (which may be referred to as a target application) and the application server. It should be understood that the target application may also be other applications besides the video application, such as an audio application, a social application, a payment application, and the like, and the application installed in the user terminal will not be particularly limited herein.
For convenience of understanding, in the embodiment of the present invention, one user terminal may be selected as the target user terminal from the plurality of user terminals shown in fig. 1, for example, the user terminal 3000a shown in fig. 1 may be used as the target user terminal. Wherein the target user terminal may include: the intelligent terminal comprises an intelligent terminal with an audio and video playing function, such as a smart phone, a tablet computer, a desktop computer and a smart television.
It should be understood that, for each user terminal to be accessed to the target application, the background server corresponding to the target application may be the application server 2000 shown in fig. 1, and therefore, the application server 2000 may further authenticate the login request initiated by each user terminal to be accessed to verify the login authority of each user terminal to be accessed. In order to better understand the present solution, in the embodiment of the present invention, the target ue is one of the ue shown in fig. 1, for example, so as to further describe a specific process of data interaction between the target ue and the application server 2000.
For example, the target user terminal in the embodiment of the present invention may be the user terminal 3000a shown in fig. 1, before the user terminal 3000a sends the login request, the user terminal 3000a may further receive a touch operation instruction executed by the user holding the user terminal 3000a on the target application, further display a login operation interface corresponding to the target application according to the touch operation instruction, and receive user account information corresponding to the target application in the login operation interface. For convenience of understanding, in the embodiment of the present invention, the user terminal 3000a (i.e., the target user terminal) that receives the user account information may be referred to as a first terminal, that is, the target user terminal to be accessed to the target application may be referred to as a first terminal, so that the first terminal may further obtain the device identifier corresponding to the user account information after obtaining the user account information; the device identifier is unique identification information allocated to the first terminal by the application server 2000 shown in fig. 1.
Further, please refer to fig. 2, which is a schematic diagram illustrating a method for sending a login request according to an embodiment of the present invention. As shown in fig. 2, B1 through B9, i.e., icons B1 through B9, which are icons for characterizing video applications installed in the first terminal are a plurality of video applications installed in the first terminal shown in fig. 2, and each video application may correspond to a different background server. As shown in fig. 2, when a touch operation instruction of a user with respect to any video application in the display interface 100a is detected (for example, a click operation is performed on a display area corresponding to an icon B9 in the display interface 100 a), the video application corresponding to the icon B9 may be referred to as a target application according to the touch operation instruction, and user account information corresponding to the target application may be further received in a login operation interface corresponding to the target application, where the user account information may be registration information (for example, the registration information may be user information of a user name, which is referred to as AAAA) filled when the user registers a member of the target application. Further, the first terminal shown in fig. 2 may obtain, in a local database, a device identifier corresponding to the user account information, where the device identifier may be unique identification information allocated to the first terminal by the application server 2000 shown in fig. 2 (for example, the unique identification information may be aaaaaa). Then, the first terminal may further use the user account information as a key name, and use the device identifier as a key value corresponding to the key name, construct a first key-value pair corresponding to the user account information, i.e. the first key-value pair may be < AAAA, aaaaaa >, and sends a login request carrying the first key-value pair to the application server 2000 shown in fig. 2, so that the application server 2000 further authenticates the received first key-value pair, that is, the background data view shown in fig. 2 may be used to query the key-value mapping table associated with the user account information, and counting the number of associated key value pairs having the same user account information as the first key value pair in the key value mapping table, and when the number of the associated key value pairs is smaller than the total threshold value, determining that the authentication is successful, and returning login response information to the first terminal shown in fig. 2.
For convenience of understanding, in the embodiment of the present invention, a user terminal to access the target application may be referred to as a first terminal, and another user terminal that has the same user account information as the first terminal and has accessed the target application may be referred to as a second terminal, where the second terminal may be another user terminal different from the first terminal in the embodiment corresponding to fig. 1. The first terminal may access the target application by using the first key value pair established by the first terminal, so that the application server 2000 corresponding to the target application may further authenticate the acquired first key value pair, and may further verify, in the background database, whether the first terminal has the right to log in the target application. For the second terminal accessing the target application with the same user account information, the application server 2000 may refer to a key-value pair corresponding to any second terminal as an associated key-value pair in the background database, and the second terminal may be understood as the user terminal currently logging in the target application through the user account information. It should be understood that the background database may store a key-value mapping table associated with the user account information, and the associated key-value table may allow a certain number of key-value pairs to be stored. Therefore, when the number of associated key value pairs in the key value mapping table associated with the user account information reaches a threshold total number (for example, the threshold total number may be 5), the first terminal is not allowed to access the target application with the first key value pair; otherwise, when the number of the associated key value pairs in the key value mapping table is smaller than the total threshold number, the first terminal is allowed to access the target application by the first key value pair. It can be seen that by allocating different device identifiers to each user terminal accessing the target application, the user terminals accessing the target application can be effectively identified and thus distinguished, and the number of the user terminals accessing the target application can be further limited, so as to improve the authentication of the device accessing the target application. The process of data interaction between any second terminal and the application server 2000 may refer to the specific process of data interaction between the first terminal (i.e., the user terminal 3000a) and the application server 2000 provided in the embodiment of the present invention, and details are not described herein again.
It can be understood that, for other user terminals in the user terminal cluster shown in fig. 1, when any user terminal of the other user terminals accurately accesses the target application, any user terminal of the other user terminals may also be referred to as a first terminal, and a specific process of performing data interaction between any user terminal of the other user terminals and the application server 2000 may refer to a specific process of performing data interaction between the user terminal 3000a and the application server 2000 provided in the embodiment of the present invention, which will not be described again.
The specific process that the first terminal acquires the device identifier and sends a login request to the application server, so that the application server authenticates the first key value pair in the login request may refer to the following embodiments corresponding to fig. 3 to 7.
Further, please refer to fig. 3, which is a flowchart illustrating a data processing method according to an embodiment of the present invention. As shown in fig. 3, the method of the embodiment of the present invention may include the following steps S101 to S104.
Step S101, a first terminal acquires user account information corresponding to a target application and acquires a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
specifically, when receiving an operation instruction of a user to a login area corresponding to a target application, a first terminal may receive user account information entered by the user in the login display area according to the operation instruction; further, the first terminal may search in a local database whether the device identifier corresponding to the user account information exists, and further execute step S102 when the device identifier corresponding to the user account information is found. Optionally, if the first terminal does not find the device identifier corresponding to the user account information, the first terminal may further trigger the application server to allocate the device identifier to the first terminal based on the second key value pair corresponding to the user account information.
The user account information may be registration information used when the user registers the member of the target application, wherein the registration information may be user information such as a mobile phone number, a user name, …, a user mailbox, and the like of the user;
the device identifier is unique identification information allocated to the first terminal by the application server.
It should be understood that, after receiving the unique identification information (i.e., the device identifier) assigned by the application server to the first terminal, the first terminal may further store the device identifier in the local database, so that when receiving the user account information entered by the user, the first terminal may quickly and conveniently find the device identifier in the local database, and thus, the timeliness of accessing the first terminal to the target application may be improved.
It should be understood that the application server in the embodiment of the present invention may allocate a corresponding device identifier to each user terminal accessing the target application, and the device identifier may be used to identify each user terminal accessing the target application. In view of this, the embodiment of the present invention may refer to any ue to be accessed to the target application as the first ue, so as to further perform step S102. Optionally, when a plurality of first terminals need to access the video network platform corresponding to the target application at the same time (for example, at time T1), each of the plurality of first terminals may receive the user account information entered by the corresponding user, and may search for the device identifier corresponding to the corresponding user account information in each first terminal, assuming that the application server has assigned unique identification information for each first terminal accessing the target application at time TI, and therefore, each of the plurality of first terminals may further perform step S102 described below.
For convenience of understanding, the embodiment of the present invention takes as an example that there are 3 first terminals needing to access the target application at time T1, and the 3 first terminals may be the user terminal 3000a, the user terminal 3000b, and the user terminal 3000c in the embodiment corresponding to fig. 1. Further, please refer to table 1, which is a first mapping relationship table between the user account information and the device identifier according to the embodiment of the present invention.
TABLE 1
As shown in table 1 above, there are three different first terminals to be accessed to the target application shown in table 1 at time T1. The user account information received by the user terminal 3000a is the AAAA shown in table 1, but the device identifier corresponding to the user account information is found in the local terminal of the user terminal 3000a, and the device identifier is the unique identification information shown in table 1: aaaaaa. Meanwhile, the user account information received by the user terminal 3000b is the BBBB shown in table 1, but the device identifier corresponding to the user account information is found in the local terminal of the user terminal 3000b, and the device identifier is the unique identification information shown in table 1: bbbbbbb. Meanwhile, the user account information received by the user terminal 3000c is the CCCC shown in table 1, but the device identifier corresponding to the user account information is found in the local terminal of the user terminal 3000c, and the device identifier is the unique identification information shown in table 1: cccccc. Since the same video application is accessed by the three different first terminals, it can be understood that the user terminal 3000a, the user terminal 3000b and the user terminal 3000b correspond to the same application server, and the application server correspondingly allocates the device identifiers shown in the above table 1 to the three different first terminals.
Step S102, the first terminal takes the user account information as a key name, takes the device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server;
it should be understood that for the three first terminals shown in table 1 above, each first terminal may correspond to one first key-value pair. For example, when the first terminal is the user terminal 3000a, the user terminal 3000a may use the AAAA shown in the above table 1 as a key name, use the aaaaaaaa shown in the above table 1 as a key value, construct a first key-value pair corresponding to the user account information according to a format of the name-key-value pair (e.g., < key name, key value >), that is, the first key-value pair constructed by the user terminal 3000a shown in the above table 1 is < AAAA, aaaaaa >, and send a login request carrying the first key-value pair to the application server. Similarly, when the first terminal is the user terminal 3000b, the user terminal 3000b may use the BBBB shown in table 1 as a key name, use the bbbbbb shown in table 1 as a key value, construct a first key value pair corresponding to the user account information according to a format of the name key value pair (e.g., < key name, key value >), that is, the first key value pair constructed by the user terminal 3000b shown in table 1 is < BBBB >, and send a login request carrying the first key value pair to the application server. Similarly, when the first terminal is the user terminal 3000c, the user terminal 3000c may use the CCCC shown in table 1 as a key name, use the ccccc shown in table 1 as a key value, construct a first key value pair corresponding to the user account information according to a format of the name key value pair (e.g., < key name, key value >), that is, the first key value pair constructed by the user terminal 3000c shown in table 1 is < CCCC, CCCC >, and send a login request carrying the first key value pair to the application server. In view of this, the application server may receive the login request sent by each first terminal accessing the target application at time T1, respectively, to further execute step S103.
Step S103, the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal;
specifically, when receiving a login request sent by the first terminal, the application server may further obtain the first key value pair carried in the login request, and obtain user account information in the first key value pair; further, the application server may query a key value mapping table associated with the user account information in a background database, and count the number of associated key value pairs having the same user account information as the first key value pair in the key value mapping table; the key value mapping table comprises at least one associated key value pair corresponding to a second terminal different from the first terminal; if the application server determines that the number of the associated key value pairs is smaller than the total threshold value, the application server determines that authentication is successful, and adds the first key value pair to the key value mapping table, and meanwhile, the application server can also generate login response information corresponding to the login request when authentication is successful, and returns the login response information to the first terminal;
the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority.
For example, taking the first terminal as the user terminal 3000a as an example, the application server may receive a login request sent by the user terminal 3000a, and may obtain a first key-value pair (i.e., < AAAA, aaaaaa >) carried in the login request. The user account information can be obtained in the first key value pair, and then a key value mapping table with the user account information associated with AAAA is searched in the background database, wherein the key value mapping table comprises at least one key value pair corresponding to a second terminal different from the first terminal, and the key value pair of the second terminal different from the first terminal in the key value mapping table can be called as an associated key value pair; that is, the associated key-value pair and the first key-value pair have the same user account information. In view of this, the application server may count the number of associated key value pairs having the same user account information in the key-value mapping table (for example, when there are two associated key value pairs in the key-value mapping table, the number of associated key value pairs having the same user account information may be counted as 3), and further, when the counted number of associated key value pairs is smaller than a threshold total number (for example, the threshold total number is 5), it may determine that the authentication is successful, and may further add the first key value pair as a new associated key value pair to the key-value mapping table, generate login response information corresponding to the login request, and return the login response information to the user terminal 3000a, so as to allow the first terminal to access the target application.
It should be understood that, after the user terminal 3000a accesses the target application, the application server may further use the user terminal 3000a that has accessed the target application as a new second terminal in the background database, and record a new associated key value pair corresponding to the new second terminal in the key-value mapping table, so that the number (3) may be added in the key-value mapping table, that is, when a new first terminal (e.g., the user terminal 3000e) is ready to access the target application, the number of associated key value pairs with the same user account information may be counted again to be 4.
Optionally, when a new first terminal (e.g., the user terminal 3000f) is ready to access the target application, and the application server counts again that the number of the associated key value pairs with the same user account information is 5, and the above threshold total number is reached, it is determined that the authentication fails, and login prompt information corresponding to the login request is generated (e.g., the currently accessed user terminal has reached the upper limit). The login prompt information is used to prompt that the user terminal 3000f does not currently have the right to access the target application when authentication fails.
And step S104, the first terminal receives the login response information and logs in the target application according to the login response information.
Therefore, the application server allocates unique identification information to the first terminal accessing the target application, so that when a plurality of user terminals are respectively used as the first terminals, the identification degrees of different user terminals can be improved, and the key value mapping table associated with corresponding user account information can be searched in a background database. In addition, according to the user account information and the device identifier corresponding to any one of the plurality of user terminals, the number of the user terminals accessing the target application can be counted in the background database based on the found associated key value pair corresponding to any one of the second terminals in the key value mapping table, so that the login authority of the first terminal to be accessed to the target application can be effectively controlled, and the authentication of the device can be improved. That is, the application server may count the number of the second terminals that have accessed the target application based on the number of the associated key values in the key value relationship table, so that the login right of the first terminal to be accessed to the target application may be effectively controlled.
In the embodiment of the invention, a first terminal can acquire user account information corresponding to a target application and acquire a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server; the first terminal takes the user account information as a key name, takes the equipment identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server; the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal; and the first terminal receives the login response information and logs in the target application according to the login response information. It follows that the application server may assign unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of a first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Before a first terminal is used for acquiring the equipment identifier corresponding to the user account information, an application server needs to allocate unique identification information to the first terminal, namely the equipment identifier is allocated to the first terminal; then, the first terminal may construct a first key-value pair according to the received user account information and the found device identifier, and send a login request carrying the first key-value pair to the application server, so that the application server returns login response information corresponding to the login request.
Further, please refer to fig. 4, which is a flowchart illustrating another data processing method according to an embodiment of the present invention. As shown in fig. 4, the implementation process of the embodiment of the present invention may include the following steps S201 to S210.
Step S201, the first terminal acquires user account information corresponding to the target application.
In order to better understand the present solution, the embodiment of the present invention takes a user terminal to be accessed to a target application as an example, so as to describe a specific process of data interaction between the user terminal and an application server corresponding to the target application. The user terminal to be accessed to the target application may be referred to as a first terminal in the embodiment of the present invention. Further, please refer to fig. 5, which is a schematic diagram illustrating data interaction between a first terminal and an application server according to an embodiment of the present invention. The first terminal shown in fig. 5 may be the user terminal 3000a in the embodiment corresponding to fig. 1, and the application server shown in fig. 5 may be the application server 2000 in the embodiment corresponding to fig. 1. As shown in fig. 5, the first terminal may receive user account information input by a user, where the user account information may be AAAA, and then the first terminal may further perform step S202.
Step S202, the first terminal searches a local database for the device identifier corresponding to the user account information.
Specifically, after receiving the user account information in step S201, the first terminal may further search a local database for a device identifier corresponding to the user account information. It should be understood that, when the device identifier exists in the local database corresponding to the first terminal, the first terminal may further perform step S207 to obtain the device identifier corresponding to the user account information. Optionally, when the device identifier does not exist in the local database corresponding to the first terminal, step S203 may be further performed.
The local database corresponding to the first terminal may be the local database in the embodiment corresponding to fig. 5. The device identifier in the local database is the unique identification information assigned by the application server to the first terminal as shown in fig. 5.
Step S203, when the first terminal does not find the device identifier corresponding to the user account information, using the user account information as a key name, and using a null value as a key value corresponding to the key name, constructing a second key value pair corresponding to the user account information, and uploading the second key value pair to an application server.
Specifically, when the device identifier corresponding to the user account information does not exist in the local database, the first terminal may use the user account information as a key name, and use a NULL value (i.e., NULL) as a key value corresponding to the key name, and construct a second key value pair corresponding to the user account information according to a format of a name key value pair in the embodiment corresponding to fig. 3, that is, the second key value pair may be expressed as < user account information, NULL >; further, the first terminal may send the identifier allocation request carrying the second key value pair to the application server corresponding to the target application, so that the application server further performs step S204 according to the identifier allocation request. Optionally, the first terminal may also directly send the second key-value pair to the application server, so as to trigger the application server to further execute step S204.
Step S204, the application server receives the second key value pair, and obtains a private key corresponding to the first terminal based on a key value of the second key value pair.
Specifically, the application server may receive an identifier allocation request sent by the first terminal, and obtain a second key value pair carried in the identifier allocation request; optionally, the application server may also directly receive a second key-value pair sent by the first terminal; further, the application server may obtain a key value of the second key-value pair, and when it is determined that the key value of the second key-value pair is a null value, obtain a first data sequence generated by a random generator, and determine the first data sequence as a private key corresponding to the first terminal.
The first data sequence generated by the random generator may be a 32-byte random number, and the application server may determine the randomly generated random number with 32 bytes as a private key corresponding to the first terminal shown in fig. 5, it should be understood that one byte (byte) is equivalent to two bits (bit), that is, 1byte is 2 bits. It is assumed that the private key obtained by the random generator is a first data sequence represented by 16, and the length of the first data sequence is 64 bits (i.e. 32 bytes). Therefore, the private key corresponding to the first terminal can be expressed as:
0x28FD4A7B6A307F426A94F8114701E7C8E774E7E9A47E2C2035DB23A206321726。
step S205, the application server converts the private key into a public key, calculates a first hash value corresponding to the public key, calculates a second hash value corresponding to the public key according to the first hash value and the version information corresponding to the target application, and determines a target check byte from the second hash value.
Specifically, the application server may further convert the private key into a public key based on an elliptic curve cryptography algorithm, and calculate a first hash value corresponding to the public key based on a first hash algorithm; further, the application server may obtain version information corresponding to the target application, and obtain a second data sequence corresponding to the first terminal according to the version information and the first hash value; further, the application server may perform two hash operations on the second data sequence based on a second hash algorithm, and determine the second data sequence after the two hash operations as a second hash value corresponding to the public key; finally, the application server may further obtain a target data sequence from the data sequence of the second hash value, and determine the obtained target data sequence as a target check byte.
The length of the second hash value obtained by the application server is the same as the length of the data sequence of the private key, that is, the second hash value and the private key are both 32-byte data sequences.
The application server can convert the private key into a public key through the elliptic encryption algorithm, and the elliptic encryption algorithm has the core that the public key can be obtained through calculation, but the private key corresponding to the public key cannot be obtained through reverse calculation when the public key is known. Wherein, the elliptic encryption algorithm can also be called as asymmetric encryption algorithm
Therefore, when the private key is a 32-byte data sequence, after the private key is operated by the above elliptic encryption algorithm, the obtained public key is a 130-bit data sequence, and the data sequence can be represented by 16-ary:
0x0460863AD64A87AE8D2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BB7。
wherein, the first hash algorithm may comprise a secure hash algorithm and a cryptographic hash algorithm; the Secure Hash Algorithm may be 256 series of algorithms in SHA (Secure Hash Algorithm), that is, the Secure Hash Algorithm may be referred to as SHA256 Algorithm, and the SHA256 Algorithm is one of the Secure Hash algorithms SHA (Secure Hash Algorithm) series of algorithms, and the digest length of the Algorithm is 256bits, that is, 32 bytes, and is referred to as SHA 256.
It should be understood that the SHA family of algorithms is a National Security Agency (NSA) design, a family of cryptographic hash functions issued by the National Institute of Standards and Technology (NIST), and may include variations of SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The SHA256 Algorithm is mainly applicable to a Digital Signature Algorithm (Digital Signature Algorithm DSA) defined in a Digital Signature Standard (DSS). The principle of calculating the message digest by adopting the algorithm can be as follows: for any length (calculated by bit) of the message (which may be a public key with a length of 130 bits in the embodiment of the present invention), the SHA256 generates a data with a length of 32 bytes, which is called a message digest (i.e. the first target value in the embodiment of the present invention can be obtained). Therefore, the application server may perform a first hash operation on the public key with the data length of 130 bits by using the SHA256 algorithm to obtain a first target value corresponding to the public key, where the data length of the first target word is 64 bits, that is, 32 bytes.
The SHA256 algorithm has the following characteristics: 1. information may not be recovered from the message digest; 2. two different messages do not produce the same message digest. Thus, it is also ensured by the SHA256 algorithm that the application server can ensure the uniqueness of the public key, since the application server will not be able to reverse-deduce the public key when getting the first target value. Therefore, when the user terminal accessing the target application at time T2 is two different first terminals (e.g., the user terminal 3000a and the user terminal 3000b in table 1), and the device identifiers do not exist in the local databases corresponding to the two first terminals, the application server may allocate a random number to the user terminal 3000a and allocate a random number to the user terminal 3000b, and may obtain two different public keys, so that two different first target values may be generated.
The 160 series algorithm in the algorithm of ripemm (RACE raw integrity check message digest) may be referred to as ripemm-160 algorithm for short. Then, the user terminal 3000a may further perform a second hash operation on the obtained first target value through the above-mentioned encryption hash algorithm (i.e., the ripemm-160 algorithm, which belongs to another algorithm for calculating a message digest), so as to obtain a second target value corresponding to the first target value, and determine the second target value as the first hash value corresponding to the public key.
Wherein the first hash value can be represented by 16:
0x010866776006953D5567439E5E39F86A0D273BEE。
the second hash algorithm may be the secure hash algorithm (i.e., SHA256 algorithm) described above. In view of this, the specific process of the application server obtaining the second hash value may be: the application server performs a third hash operation on the second data sequence through the SHA256 algorithm to obtain a third target value corresponding to the second data sequence;
the second data sequence is obtained by integrating, by the application server, version information corresponding to the target application (for example, a version number of the target application in the first terminal is "0 x 00") and the first hash value (that is, the second target value). The second data sequence may be represented as:
0x00010866776006953D5567439E5E39F86A0D273BEE。
further, the application server may perform a fourth hash operation on the third target value through the SHA256 algorithm to obtain a fourth target value corresponding to the third target value, and determine the fourth target value as a second hash value corresponding to the public key. It should be understood that since the SHA256 algorithm may use a message (calculated by bits) of any length (the message may be the second data sequence in the embodiment of the present invention), the SHA256 generates data of a length of 32 bytes, and therefore, the data length of the third target value and the data length of the fourth target value in the embodiment of the present invention are both 64 bits, that is, 32 bytes. In view of this, the application server may determine that the second hash value has the same length of data as the private key.
Wherein, the second hash value with a length of 32 bytes can be represented by 16-ary:
0xE61967F63C7DD183914A4AE452C9F6AD5F462CE3D277798075B107615C1A8A3E。
then, the application server may further determine the first 4 bytes E61967F6 in the second hash value as the target check byte.
Step S206, the application server generates a device identifier corresponding to the first terminal based on the target check byte, the first hash value, and the version information, and returns the device identifier to the first terminal.
Specifically, the application server may integrate the version information, the first hash value, and the target check byte to obtain target address information corresponding to the first terminal; further, the application server may encode the destination address information in a destination encoding manner (e.g., a bitcoin encoding manner), determine the encoded destination address information as a device identifier corresponding to the first terminal, and return the device identifier to the first terminal; the device identifier is unique identification information allocated to the first terminal by the application server.
Based on the step S205, the target check byte obtained by the application server may be: E61967F 6; the first hash value obtained by the application server may be: 0x010866776006953D5567439E5E39F86A0D273BEE, and the version information obtained by the application server may be: 0x 00. Thus, the following can be followed: integrating the version information, the first hash value and the target check byte in the order of the version information + the first hash value + the target check byte to obtain target address information corresponding to the first terminal (for example, the target address information can be represented by 16-ary: 0x00010866776006953D5567439E5E39F86A0D273bee 61967F6), and then, the application server can encode the target address information by the bitcoin encoding method and determine the encoded target address information as the device identifier corresponding to the first terminal; the device identifier is unique identification information distributed to the first terminal by the application server;
the unique identification information allocated by the application server to the first terminal may be represented as: 16UwLL9Risc3QfPqBUvKofHmBQ7 wMtjvM. Further, the application server may return the finally determined device identifier to the first terminal, so that the first terminal stores the device identifier in a local database. Thus, the first terminal may find the unique identification information, i.e. 16UwLL9Risc3 qfpqbuvbkofhhmbq 7wMtjvM, in the local database of the terminal.
In order to better understand the present invention, the embodiment of the present invention may simplify the device identifier (16UwLL9Risc3 qfpqbuvbkofhhmbq 7wMtjvM) stored in the first terminal as aaaaaa, so that the specific implementation of steps S207 to S210 can be described in detail based on the device identifier in the following.
Therefore, the application server can detect the key value in the received key value pair in the background, and when detecting that the key value in the received key value pair is a null value, generate a random number (a first data sequence) of 32 bytes by using a random generator, determine the random number as a private key corresponding to the first terminal, and then allocate an equipment identifier corresponding to the user account information to the first terminal through an elliptic encryption algorithm (i.e., an asymmetric encryption algorithm) and multiple hash operations, and it should be understood that the equipment identifier is unique identification information allocated to the first terminal by the application server.
Step S207, acquiring the device identifier corresponding to the user account information.
The device identifier is unique identification information distributed to the first terminal by the application server.
Step S208, the first terminal uses the user account information as a key name, uses the device identifier as a key value corresponding to the key name, constructs a first key-value pair corresponding to the user account information, and sends a login request carrying the first key-value pair to the application server.
The specific implementation manner of step S208 may refer to the description of step S102 in the embodiment corresponding to fig. 3, and will not be described again.
Step S209, the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal.
Specifically, the application server may obtain the first key value pair carried in the login request and obtain the user account information in the first key value pair when receiving the login request sent by the first terminal; further, the application server may query, in a background database, a key value mapping table associated with the user account information, where one user account information may be associated with one key value mapping table, so that the number of associated key value pairs having the same user account information as the first key value pair may be counted in the key value mapping table; the key value mapping table comprises at least one associated key value pair corresponding to a second terminal different from the first terminal; further, if the application server determines that the number of the associated key value pairs is smaller than the total threshold number, it determines that authentication is successful, and adds the first key value pair to the key value mapping table; meanwhile, the application server can also generate login response information corresponding to the login request when the authentication is successful, and return the login response information to the first terminal; the login response information is used for indicating that the first key value pair corresponding to the user account information has login authority.
It should be understood that, by allocating a corresponding device identifier to each first terminal accessing the target application, the application server may improve effective distinction between terminals accessing the target application, so that the key-value mapping table associated with the corresponding user account information may be found based on the device identifier. In addition, it should be understood that, in the background database shown in fig. 5, a plurality of key-value mapping tables associated with different user account information may exist, for example, the background database may include the key-value mapping table 10a, the key-value mapping tables 10b and …, and the key-value mapping table 10n shown in fig. 5. It should be understood that, for a plurality of user terminals (i.e., a plurality of first terminals) to access the target application, if the user account information received by each first terminal is different from each other, the key-value mapping table associated with the corresponding user account information may be found in the background database. For convenience of understanding, in the embodiment of the present invention, the first terminal is taken as the user terminal 3000a as an example, the user account information received by the user terminal 3000a is AAAA, and the device identifier (i.e., the aaaaaa) corresponding to the user account information may be found in the local database of the user terminal 3000 a. In view of this, based on the step S208, the user account information in the first key-value pair acquired by the application server may be AAAA, and further based on the embodiment corresponding to fig. 5, the key-value mapping table associated with the user account information may be acquired in the background database. For example, the key-value mapping table 10a shown in fig. 5 may be a key-value mapping table associated with user account information corresponding to the user terminal 3000a accessing the target application, and the associated key-value pair in the key-value mapping table 10a may be an associated key-value pair in the display interface 200a shown in fig. 5.
Further, please refer to table 2, which is a distribution table of associated key-value pairs in the key-value mapping table 10a according to an embodiment of the present invention. The user account information received by the first terminal is as follows: therefore, when the application server receives the first key value pair, the user account information in the first key value pair can be obtained as the AAAA.
TABLE 2
As shown in table 2 above, the application server may find the key-value mapping table 10a associated with the user account information in the background database, and the user account information in any associated key-value pair in the key-value mapping table 10a is also: AAAA, that is, the associated key value pairs and the user account information in the first key value pair are the same user account information, so that any user terminal that has access to the target application may be referred to as a second terminal, and a key value pair corresponding to the second terminal may be referred to as an associated key value pair in the embodiments of the present invention. Therefore, the application server can effectively distinguish the second terminal accessing the target application by the key value (i.e. the unique device identifier) in the association key value pair. As shown in table 2, the second terminal may be a user terminal 3000x, the associated key-value pair corresponding to the second terminal may be a key-value pair 1, where the key-value pair 1 may be < AAAA, xxxxxx >, and a device identifier in the key-value pair 1 may be represented as xxxxxxxx, that is, the device identifier is unique identification information allocated by the application server to the user terminal 3000 x. Similarly, the second terminal may also be a user terminal 3000y, the associated key-value pair corresponding to the second terminal may be a key-value pair 2, and the key-value pair 2 may be < AAAA, yyyyyy >, where the device identifier in the key-value pair 2 may be represented as yyyyyyy, that is, the device identifier is unique identification information allocated by the application server to the user terminal 3000 y. Similarly, the second terminal may also be a user terminal 3000z, the associated key-value pair corresponding to the second terminal may be a key-value pair 3, and the key-value pair 3 may be < AAAA, zzzzzzzz >, wherein the device identifier in the key-value pair 3 may be represented as zzzzzzzz, that is, the device identifier is unique identification information allocated by the application server to the user terminal 3000 z. Similarly, the second terminal may also be a user terminal 3000k, the associated key-value pair corresponding to the second terminal may be a key-value pair 4, and the key-value pair 4 may be < AAAA, kkkkkkkkkkkkk >, wherein the device identifier in the key-value pair 4 may be represented as kkkkkkkkkkkkk, that is, the device identifier is unique identification information allocated by the application server to the user terminal 3000 k. Therefore, the corresponding device identifier is distributed to each user terminal accessing the target application, so that the identification degree of the device can be improved, the number of the devices accessing the target application can be effectively controlled, a reliable login control mechanism can be provided, and the illegal access of the illegal terminal can be effectively prevented.
Since the application server counts that the number (4) of the associated key-value pairs is smaller than a threshold total number (assuming that the threshold total number is 5), the application server may determine that the authentication is successful and add the first key-value pair to the key-value mapping table; meanwhile, the application server may further generate login response information corresponding to the login request when the authentication is successful, and return the login response information to the first terminal, so that the first terminal can further execute step S210; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority.
It should be understood that one piece of user account information is associated with one key value mapping table, so that the number of associated key value pairs corresponding to the same piece of user account information in the key value mapping table can be counted, the number of second terminals which have accessed the target application can be known indirectly, and the login authority of a first terminal which is to be accessed to the target application can be effectively controlled based on the number of the second terminals, so that the identification degree can be improved, and meanwhile, the authentication strength can be further improved.
Step S210, the first terminal receives the login response information, and logs in the target application according to the login response information.
Optionally, when the authentication of the application server fails, that is, when the application server shown in fig. 5 counts that the number (4) of the associated key-value pairs reaches a threshold total number (assuming that the threshold total number is 4), the application server may determine that an authentication result of performing login authentication on the first key-value pair is authentication failure, and when the authentication failure occurs, generate login prompt information corresponding to the login request, and return the login prompt information to the first terminal, so that the first terminal displays the login prompt information (for example, login failure). It should be understood that the login prompt message is used to prompt the user terminal 3000a that the user terminal does not currently have the right to access the target application when the authentication fails.
In the embodiment of the invention, a first terminal can acquire user account information corresponding to a target application and acquire a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server; the first terminal takes the user account information as a key name, takes the equipment identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server; the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal; and the first terminal receives the login response information and logs in the target application according to the login response information. It follows that the application server may assign unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of a first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Further, please refer to fig. 6, which is a flowchart illustrating a data processing method according to an embodiment of the present invention. The method may be applied to a first terminal, which may be the target user terminal (i.e., the user terminal 3000a) in the embodiment corresponding to fig. 1. As shown in fig. 6, the implementation process of the embodiment of the present invention includes the following steps S301 to S307.
Step S301, acquiring user account information corresponding to a target application;
step S302, searching a local database for a device identifier corresponding to the user account information;
step S303, when the device identifier corresponding to the user account information is not found, taking the user account information as a key name, taking a null value as a key value corresponding to the key name, constructing a second key value pair corresponding to the user account information, and uploading the second key value pair to an application server;
step S304, receiving the device identifier distributed by the application server for the first terminal, and storing the device identifier in the local database;
step S305, acquiring a device identifier corresponding to the user account information;
wherein, the device identifier is the unique identification information allocated by the application server to the first terminal in the step S304;
step S306, using the user account information as a key name, using the device identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, and sending a login request carrying the first key value pair to the application server;
step S307, the first terminal receives the login response information, and logs in the target application according to the login response information.
For the specific execution process of steps S301 to S307, reference may be made to the description of the specific execution manner of the first terminal in the embodiment corresponding to fig. 4, which will not be further described here.
In the embodiment of the present invention, a first terminal may obtain user account information corresponding to a target application, and search for an equipment identifier corresponding to the user account information in a local database, and when the equipment identifier corresponding to the user account information is not found, the first terminal may further use the user account information as a key name, and use a null value as a key value corresponding to the key name, so as to construct a second key value pair corresponding to the user account information, and send the second key value pair to an application server corresponding to the target application, so that the application server may allocate unique identification information (i.e., an equipment identifier) to the first terminal; in addition, the first terminal may further construct a first key-value pair corresponding to the user account information based on the received device identifier, and send a login request carrying the first key-value pair to the application server, so that the application server returns login response information based on the received login request; the login response information is used for indicating that the first key value pair corresponding to the user account information has login authority, so that the first terminal can login the target application through the received login response information. It follows that the application server may assign unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of a first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Further, please refer to fig. 7, which is a flowchart illustrating another data processing method according to an embodiment of the present invention. The method may be applied to an application server, which may be the application server 2000 in the embodiment corresponding to fig. 1. As shown in fig. 7, the method of the embodiment of the present invention may include the following steps S401 to S403.
Step S401, receiving a second key value pair uploaded by a first terminal, and acquiring a private key corresponding to the first terminal based on a key value of the second key value pair;
the second key value pair is constructed by the first terminal by taking the user account information as a key name and taking a null value as a key value corresponding to the key name;
step S402, converting the private key into a public key, calculating a first hash value corresponding to the public key, calculating a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determining a target check byte from the second hash value;
step S403, generating a device identifier corresponding to the first terminal based on the target check byte, the first hash value, and the version information, and returning the device identifier to the first terminal;
step S404, receiving a login request sent by a first terminal;
the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
step S405, authenticating the first key value pair carried in the login request;
step S406, generating login response information when the authentication is successful, and returning the login response information to the first terminal;
the specific implementation manners of steps S401 to S404 may refer to the description of the specific implementation manner of the application server in the embodiment corresponding to fig. 4, and details are not repeated here.
In an embodiment of the present invention, the application server may allocate unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and the allocated device identifier has non-tamper property and non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of a first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Further, please refer to fig. 8, which is a schematic structural diagram of a user terminal according to an embodiment of the present invention, where the user terminal 1 may be a target user terminal in the embodiment corresponding to fig. 1, that is, the user terminal 3000a shown in fig. 1. As shown in fig. 8, the user terminal 1 may include: the account acquiring module 100, the identifier acquiring module 200, the request sending module 300 and the response receiving module 400, and further, the user terminal 1 may further include: an identifier lookup module 500, a key-value pair upload module 600 and an identifier receiving module 700;
the account acquisition module 100 is configured to acquire user account information corresponding to a target application;
the identifier obtaining module 200 is configured to obtain a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the terminal by the application server;
the request sending module 300 is configured to use the user account information as a key name, use the device identifier as a key value corresponding to the key name, construct a first key-value pair corresponding to the user account information, send a login request carrying the first key-value pair to the application server, enable the application server to receive the login request, authenticate the first key-value pair carried in the login request, and generate login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
the response receiving module 400 is configured to receive the login response information, and log in the target application according to the login response information.
The identifier searching module 500 is configured to search a local database for a device identifier corresponding to the user account information;
the key-value pair uploading module 600 is configured to, when the device identifier corresponding to the user account information is not found, use the user account information as a key name, use a null value as a key value corresponding to the key name, construct a second key-value pair corresponding to the user account information, and upload the second key-value pair to an application server, so that the application server allocates the device identifier to the terminal based on the key value in the second key-value pair;
the identifier receiving module 700 is configured to receive the device identifier assigned by the application server to the terminal, and store the device identifier in the local database.
For specific implementation manners of the account acquisition module 100, the identifier acquisition module 200, the request sending module 300, the response receiving module 400, the identifier searching module 500, the key-value pair uploading module 600, and the identifier receiving module 700, reference may be made to the description of step S301 to step S307 in the embodiment corresponding to fig. 6, which will not be further described here.
In the embodiment of the present invention, the user terminal 1 may obtain user account information corresponding to a target application, and obtain a device identifier corresponding to the user account information; the device identifier is unique identification information distributed by the application server to the user terminal 1; the user terminal 1 takes the user account information as a key name, takes the device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server; the application server receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the user terminal 1; and the user terminal 1 receives the login response information and logs in the target application according to the login response information. It follows that the application server may assign unique identification information (i.e. a device identifier) to the user terminal 1 accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicability. Therefore, the application server can accurately find the key value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key value pairs corresponding to the same user account information in the key value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of the user terminal 1 to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Further, please refer to fig. 9, which is a schematic structural diagram of another ue according to an embodiment of the present invention. As shown in fig. 9, the ue 1000 may be applied to the ue 3000a in the embodiment corresponding to fig. 1, where the ue 1000 may include: the processor 1001, the network interface 1004, and the memory 1005, and the user terminal 1000 may further include: a user interface 1003, and at least one communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display) and a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a standard wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1004 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 1005 may optionally be at least one memory device located remotely from the processor 1001. As shown in fig. 9, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a device control application program.
The network interface 1004 in the 1000 may also be connected to an application server, and the optional user interface 1003 may also include a Display screen (Display) and a Keyboard (Keyboard). In the user terminal 1000 shown in fig. 9, the network interface 1004 may provide a network communication function; the user interface 1003 is an interface for providing a user with input; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:
acquiring user account information corresponding to a target application, and acquiring a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
taking the user account information as a key name, taking the device identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, sending a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, and generates login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
and receiving the login response information, and logging in the target application according to the login response information.
It should be understood that the ue 1000 described in the embodiment of the present invention may perform the description of the data processing method in the embodiment corresponding to fig. 6, and may also perform the description of the ue 1 in the embodiment corresponding to fig. 8, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail.
Further, here, it is to be noted that: an embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores the aforementioned computer program executed by the user terminal 1, and the computer program includes program instructions, and when the processor executes the program instructions, the description of the data processing method in the embodiment corresponding to fig. 6 can be executed, so that details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer storage medium to which the present invention relates, reference is made to the description of the method embodiments of the present invention.
Further, please refer to fig. 10, which is a schematic structural diagram of an application server according to an embodiment of the present invention. The application server 2 may be the application server in the embodiment corresponding to fig. 1. Further, the application server 2 may include: the request receiving module 10, the authentication module 20, and the response generating module 30, further, the application server 2 may further include: a key-value pair receiving module 40, a hash value calculation module 50, and an identifier generation module 60;
the request receiving module 10 is configured to receive a login request sent by a first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
the authentication module 20 is configured to authenticate the first key value pair carried in the login request;
wherein, the authentication module 20 includes: a key-value pair obtaining unit 201, a number counting unit 202, and a key-value pair adding unit 203;
the key-value pair obtaining unit 201 is configured to obtain a first key-value pair carried in the login request, and obtain user account information in the first key-value pair;
the quantity counting unit 202 is configured to query a key value mapping table associated with the user account information in a background database, and count the quantity of associated key value pairs having the same user account information as the first key value pair in the key value mapping table; the key value mapping table comprises at least one associated key value pair corresponding to a second terminal different from the first terminal;
the key-value pair adding unit 203 is configured to add the first key-value pair to the key-value mapping table if it is determined that the number of the associated key-value pairs is smaller than the total threshold number.
For specific implementation manners of the key-value pair obtaining unit 201, the number counting unit 202, and the key-value pair adding unit 203, reference may be made to the description of step S209 in the embodiment corresponding to fig. 4, and details will not be further described here.
The response generating module 30 is configured to generate login response information when the authentication is successful, and return the login response information to the first terminal, so that the first terminal logs in the target application corresponding to the user account information according to the login response information.
The key value pair receiving module 40 is configured to receive a second key value pair uploaded by a first terminal, and obtain a private key corresponding to the first terminal based on a key value of the second key value pair; the second key value pair is constructed by the first terminal by taking the user account information as a key name and taking a null value as a key value corresponding to the key name;
wherein the key-value pair receiving module 40 includes: key value obtaining unit 401, private key determining unit 402
The key value obtaining unit 401 is configured to receive a second key value pair uploaded by the first terminal, and obtain a key value of the second key value pair;
the private key determining unit 402 is configured to, when it is determined that the key value of the second key value pair is a null value, obtain a first data sequence generated by a random generator, and determine the first data sequence as a private key corresponding to the first terminal.
For specific execution manners of the key value obtaining unit 401 and the private key determining unit 402, reference may be made to the description of step S401 in the embodiment corresponding to fig. 7, and details will not be further described here.
The hash value calculation module 50 is configured to convert the private key into a public key, calculate a first hash value corresponding to the public key, calculate a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determine a target check byte from the second hash value;
wherein the hash value calculation module 50 includes: a conversion unit 501, a first hash value calculation unit 502, a data sequence acquisition unit 503, a second hash value calculation unit 504 and a check byte determination unit 505;
the conversion unit 501 is configured to convert the private key into a public key based on an elliptic curve cryptography algorithm;
the first hash value calculating unit 502 is configured to calculate a first hash value corresponding to the public key based on a first hash algorithm;
wherein the first hash algorithm comprises a secure hash algorithm and a cryptographic hash algorithm;
the first hash value calculation unit 502 includes: a first operator unit 5021 and a second operator unit 5022;
the first operation subunit 5021 is configured to perform a first hash operation on the public key through the secure hash algorithm to obtain a first target value corresponding to the public key;
the second operation subunit 5022 is configured to perform a second hash operation on the first target value through the cryptographic hash algorithm to obtain a second target value corresponding to the first target value, and determine the second target value as the first hash value corresponding to the public key.
The specific implementation manners of the first operation subunit 5021 and the second operation subunit 5022 can refer to the description of step S205 in the embodiment corresponding to fig. 4, and will not be further described here.
The data sequence obtaining unit 503 is configured to obtain version information corresponding to the target application, and obtain a second data sequence corresponding to the first terminal according to the version information and the first hash value;
the second hash value calculation unit 504 is configured to perform two hash operations on the second data sequence based on a second hash algorithm, and determine the second data sequence after the two hash operations as a second hash value corresponding to the public key; the second hash value is the same as the length of the data sequence of the private key;
wherein the second hash algorithm is a secure hash algorithm;
the second hash value calculation unit includes: a third operation sub-unit 5041 and a fourth operation sub-unit 5042;
the third operation subunit 5041 is configured to perform a third hash operation on the second data sequence through the secure hash algorithm to obtain a third target value corresponding to the second data sequence;
the fourth operation subunit 5042 is configured to perform a fourth hash operation on the third target value through the secure hash algorithm to obtain a fourth target value corresponding to the third target value, and determine the fourth target value as a second hash value corresponding to the public key.
For a specific implementation manner of the third operation sub-unit 5041 and the fourth operation sub-unit 5042, reference may be made to the description of step S205 in the embodiment corresponding to fig. 4, and details will not be further described here.
The check byte determining unit 505 is configured to obtain a target data sequence from the data sequence of the second hash value, and determine the obtained target data sequence as a target check byte.
The specific implementation manners of the conversion unit 501, the first hash value calculation unit 502, the data sequence acquisition unit 503, the second hash value calculation unit 504, and the check byte determination unit 505 may refer to the description of step S402 in the embodiment corresponding to fig. 7, and will not be further described here.
The identifier generating module 60 is configured to generate a device identifier corresponding to the first terminal based on the target check byte, the first hash value, and the version information, and return the device identifier to the first terminal.
Wherein the identifier generating module 60 comprises: an integration unit 601, an encoding unit 602, and an identifier return unit 603;
the integration unit 601 is configured to integrate the version information, the first hash value, and a target check byte to obtain target address information corresponding to the first terminal;
the encoding unit 602 is configured to encode the destination address information in a destination encoding manner, and determine the encoded destination address information as a device identifier corresponding to the first terminal; the device identifier is unique identification information distributed to the first terminal by the application server;
the identifier returning unit 603 is configured to return the device identifier to the first terminal, so that the first terminal stores the device identifier in a local database.
For specific implementation manners of the integration unit 601, the encoding unit 602, and the identifier returning unit 603, reference may be made to the description of step S206 in the embodiment corresponding to fig. 4, and details will not be further described here.
For specific implementation manners of the request receiving module 10, the authentication module 20, the response generating module 30, the key value pair receiving module 40, the hash value calculating module 50, and the identifier generating module 60, reference may be made to the description of step S401 to step S404 in the embodiment corresponding to fig. 7, which will not be described again.
In the embodiment of the invention, a first terminal can acquire user account information corresponding to a target application and acquire a device identifier corresponding to the user account information; the device identifier is unique identification information allocated to the first terminal by the application server 2; the first terminal takes the user account information as a key name, takes the device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server 2; the application server 2 receives the login request, authenticates the first key value pair carried in the login request, generates login response information when the authentication is successful, and returns the login response information to the first terminal; and the first terminal receives the login response information and logs in the target application according to the login response information. It follows that the application server 2 may assign unique identification information (i.e. a device identifier) to the first terminal accessing the target application, and that the assigned device identifier has a non-tamper-ability and a non-replicable property. Therefore, the application server 2 can accurately find the key-value mapping table associated with the user account information through the allocated device identifier, so that the number of associated key-value pairs corresponding to the same user account information in the key-value mapping table can be counted, the number of second terminals accessed to the target application can be indirectly known, the login authority of the first terminal to be accessed to the target application can be effectively controlled based on the number of the second terminals, and the authentication strength can be further improved while the identification degree is improved.
Fig. 11 is a schematic structural diagram of another application server according to an embodiment of the present invention. As shown in fig. 11, the application server 4000 may be the application server 2000 in the embodiment corresponding to fig. 1. The application server may include: a processor 4001, a network interface 4004 and a memory 4005, wherein the application server 4000 further comprises: a user interface 4003, and at least one communication bus 4002. The communication bus 4002 is used to realize connection communication among these components. The user interface 4003 may include a Display (Display) and a Keyboard (Keyboard), and the optional user interface 4003 may also include a standard wired interface and a standard wireless interface. Network interface 4004 may optionally include a standard wired interface, a wireless interface (e.g., a WI-FI interface). The memory 4004 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 4005 may alternatively be at least one memory device located remotely from the processor 4001. As shown in fig. 11, a memory 4005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a device control application program.
The network interface 4004 in the application server 4000 may also be connected to the target user terminal in the embodiment corresponding to fig. 1, and the optional user interface 4003 may also include a Display screen (Display) and a Keyboard (Keyboard). In the application server 4000 shown in fig. 11, the network interface 4004 may provide a network communication function; and user interface 4003 is primarily an interface for providing input to a user; and processor 4001 may be used to invoke a device control application stored in memory 4005 to implement:
acquiring user account information corresponding to a target application, and acquiring a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
taking the user account information as a key name, taking the device identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, sending a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, and generates login response information when the authentication is successful; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority;
and receiving the login response information, and logging in the target application according to the login response information.
It should be understood that the application server 4000 described in the embodiment of the present invention may perform the description on the data processing method in the embodiment corresponding to the foregoing 7, and may also perform the description on the application server 2 in the embodiment corresponding to the foregoing fig. 10, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail.
Further, here, it is to be noted that: an embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores the aforementioned computer program executed by the application server 2, and the computer program includes program instructions, and when the processor executes the program instructions, the description of the data processing method in the embodiment corresponding to fig. 7 can be executed, so that details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer storage medium to which the present invention relates, reference is made to the description of the method embodiments of the present invention.
Further, please refer to fig. 12, which is a schematic structural diagram of a data processing system according to an embodiment of the present invention. As shown in fig. 12, the data processing system 3 may specifically include a user terminal 1a and an application server 2a, and it should be noted that when different users access a target application through corresponding user terminals 1a, any user terminal 1a to be accessed to the target application may be referred to as a first terminal.
It should be understood that the ue 1a described in the embodiment of the present invention may perform the description of the data processing method in the embodiment corresponding to fig. 6, and may also perform the description of the ue 1000 in the embodiment corresponding to fig. 9, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail. In addition, the application server 2a described in the embodiment of the present invention may perform the description of the data processing method in the embodiment corresponding to fig. 7, and may also perform the description of the application server 4000 in the embodiment corresponding to fig. 11, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.
Claims (13)
1. A data processing method, comprising:
the method comprises the steps that a first terminal obtains user account information corresponding to a target application;
when the first terminal does not find the equipment identifier corresponding to the user account information in a local database, taking the user account information as a key name, taking a null value as a key value corresponding to the key name, constructing a second key value pair corresponding to the user account information, and uploading the second key value pair to an application server;
the application server receives the second key value pair, acquires a first data sequence generated by a random generator when determining that the key value of the second key value pair is a null value, and determines the first data sequence as a private key corresponding to the first terminal;
the application server converts the private key into a public key, calculates a first hash value corresponding to the public key, calculates a second hash value corresponding to the public key according to the first hash value and the version information corresponding to the target application, and determines a target check byte from the second hash value;
the application server generates a device identifier corresponding to the first terminal based on the target check byte, the first hash value and the version information, and returns the device identifier to the first terminal;
the first terminal acquires a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
the first terminal takes the user account information as a key name, takes the equipment identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, and sends a login request carrying the first key value pair to the application server;
the application server receives the login request, authenticates the first key value pair carried in the login request, determines that the authentication is successful when the number of the associated key value pairs is smaller than the total threshold value number, generates login response information and returns the login response information to the first terminal; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in a key value mapping table;
and the first terminal receives the login response information and logs in the target application according to the login response information.
2. The method according to claim 1, wherein the converting, by the application server, the private key into a public key, calculating a first hash value corresponding to the public key, calculating a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determining a target check byte from the second hash value comprises:
the application server converts the private key into a public key based on an elliptic curve encryption algorithm;
the application server calculates a first hash value corresponding to the public key based on a first hash algorithm;
the application server acquires version information corresponding to the target application, and obtains a second data sequence corresponding to the first terminal according to the version information and the first hash value;
the application server performs two times of hash operation on the second data sequence based on a second hash algorithm, and determines the second data sequence after the two times of hash operation as a second hash value corresponding to the public key; the second hash value is the same as the length of the data sequence of the private key;
and the application server acquires a target data sequence from the data sequence of the second hash value and determines the acquired target data sequence as a target check byte.
3. The method of claim 2, wherein the first hash algorithm comprises a secure hash algorithm and a cryptographic hash algorithm;
the application server calculates a first hash value corresponding to the public key based on a first hash algorithm, and the method comprises the following steps:
the application server carries out a first hash operation on the public key through the secure hash algorithm to obtain a first target value corresponding to the public key;
and the application server performs second hash operation on the first target value through the encryption hash algorithm to obtain a second target value corresponding to the first target value, and determines the second target value as a first hash value corresponding to the public key.
4. The method of claim 2, wherein the second hash algorithm is a secure hash algorithm;
the application server performs two hash operations on the second data sequence based on a second hash algorithm, and determines the second data sequence after the two hash operations as a second hash value corresponding to the public key, including:
the application server performs a third hash operation on the second data sequence through the secure hash algorithm to obtain a third target value corresponding to the second data sequence;
and the application server performs a fourth hash operation on the third target value through the secure hash algorithm to obtain a fourth target value corresponding to the third target value, and determines the fourth target value as a second hash value corresponding to the public key.
5. The method of claim 1, wherein the generating, by the application server, a device identifier corresponding to the first terminal based on the target check byte, the first hash value, and the version information and returning the device identifier to the first terminal comprises:
the application server integrates the version information, the first hash value and a target check byte to obtain target address information corresponding to the first terminal;
the application server encodes the target address information in a target encoding mode, and determines the encoded target address information as a device identifier corresponding to the first terminal; the device identifier is unique identification information distributed to the first terminal by the application server;
the application server returns the device identifier to the first terminal to cause the first terminal to store the device identifier in a local database.
6. The method according to claim 1, wherein the receiving, by the application server, the login request, authenticating the first key value pair carried in the login request, determining that the authentication is successful when the number of associated key value pairs is smaller than a threshold total number, generating login response information, and returning the login response information to the first terminal includes:
when the application server receives a login request sent by the first terminal, acquiring the first key value pair carried in the login request, and acquiring user account information in the first key value pair;
the application server inquires a key value mapping table associated with the user account information in a background database, and counts the number of associated key value pairs having the same user account information with the first key value pair in the key value mapping table; the key value mapping table comprises at least one associated key value pair corresponding to a second terminal different from the first terminal;
if the application server determines that the number of the associated key value pairs is smaller than the total threshold number, the authentication is determined to be successful, and the first key value pair is added to the key value mapping table;
the application server generates login response information corresponding to the login request when authentication is successful, and returns the login response information to the first terminal; the login response information is used for indicating that the first key value pair corresponding to the user account information has login authority.
7. A data processing method applied to a first terminal is characterized by comprising the following steps:
the first terminal acquires user account information corresponding to a target application;
when the first terminal does not find the device identifier corresponding to the user account information in a local database, taking the user account information as a key name and a null value as a key value corresponding to the key name, constructing a second key value pair corresponding to the user account information, uploading the second key value pair to an application server, so that the application server receives the second key value pair, acquiring a first data sequence generated by a random generator when determining that the key value of the second key value pair is the null value, determining the first data sequence as a private key corresponding to the first terminal, converting the private key into a public key, calculating a first hash value corresponding to the public key, calculating a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determining a target check byte from the second hash value, generating a device identifier corresponding to the first terminal based on the target check byte, the first hash value and the version information, and returning the device identifier to the first terminal;
the first terminal acquires a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the first terminal by the application server;
the first terminal takes the user account information as a key name, takes the device identifier as a key value corresponding to the key name, constructs a first key value pair corresponding to the user account information, sends a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, determines that the authentication is successful when the number of the associated key value pairs is smaller than the total threshold value number, and generates login response information; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in a key value mapping table;
and the first terminal receives the login response information and logs in the target application according to the login response information.
8. A data processing method is applied to an application server and is characterized by comprising the following steps:
the application server receives a second key value pair sent by the first terminal; when the first terminal does not find the device identifier corresponding to the user account information in the local database, the second key value pair is generated by taking the user account information as a key name and taking a null value as a key value corresponding to the key name;
when the application server determines that the key value of the second key value pair is a null value, acquiring a first data sequence generated by a random generator, and determining the first data sequence as a private key corresponding to the first terminal;
the application server converts the private key into a public key, calculates a first hash value corresponding to the public key, calculates a second hash value corresponding to the public key according to the first hash value and version information corresponding to a target application, and determines a target check byte from the second hash value;
the application server generates a device identifier corresponding to the first terminal based on the target check byte, the first hash value and the version information, and returns the device identifier to the first terminal;
the application server receives a login request sent by a first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
the application server authenticates the first key value pair carried in the login request;
the application server determines that authentication is successful when the number of the associated key value pairs is smaller than the total threshold value number, generates login response information, and returns the login response information to the first terminal, so that the first terminal logs in a target application corresponding to the user account information according to the login response information; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in the key value mapping table.
9. A user terminal, comprising:
an account number obtaining module, configured to obtain user account number information corresponding to a target application, when a device identifier corresponding to the user account number information is not found in a local database, use the user account number information as a key name, use a null value as a key value corresponding to the key name, construct a second key value pair corresponding to the user account number information, and upload the second key value pair to an application server, so that the application server receives the second key value pair, when the key value of the second key value pair is determined to be a null value, obtain a first data sequence generated by a random generator, determine the first data sequence as a private key corresponding to the user terminal, convert the private key into a public key, calculate a first hash value corresponding to the public key, and calculate a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, determining a target check byte from the second hash value, generating a device identifier corresponding to the user terminal based on the target check byte, the first hash value and the version information, and returning the device identifier to the user terminal;
the identifier acquisition module is used for acquiring the equipment identifier corresponding to the user account information; the device identifier is unique identification information distributed to the terminal by the application server;
a request sending module, configured to use the user account information as a key name, use the device identifier as a key value corresponding to the key name, construct a first key-value pair corresponding to the user account information, send a login request carrying the first key-value pair to the application server, so that the application server receives the login request, authenticates the first key-value pair carried in the login request, determines that the authentication is successful when the number of associated key-value pairs is smaller than a threshold total number, and generates login response information; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in a key value mapping table;
and the response receiving module is used for receiving the login response information and logging in the target application according to the login response information.
10. An application server, comprising:
the key value pair receiving module is used for receiving a second key value pair sent by the first terminal; when the first terminal does not find the device identifier corresponding to the user account information in the local database, the second key value pair is generated by taking the user account information as a key name and taking a null value as a key value corresponding to the key name;
the key value pair receiving module is further configured to, when it is determined that the key value of the second key value pair is a null value, obtain a first data sequence generated by a random generator, and determine the first data sequence as a private key corresponding to the first terminal;
the hash value calculation module is used for converting the private key into a public key, calculating a first hash value corresponding to the public key, calculating a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determining a target check byte from the second hash value;
an identifier generating module, configured to generate a device identifier corresponding to the first terminal based on the target check byte, the first hash value, and the version information, and return the device identifier to the first terminal;
the request receiving module is used for receiving a login request sent by a first terminal; the login request carries a first key value pair corresponding to the first terminal; the first key value pair is constructed by the first terminal by taking user account information as a key name and taking a device identifier as a key value corresponding to the key name; the device identifier is unique identification information distributed to the first terminal by the application server;
the authentication module is used for authenticating the first key value pair carried in the login request;
the response generation module is used for determining that authentication is successful when the number of the associated key value pairs is smaller than the total threshold value, generating login response information and returning the login response information to the first terminal so that the first terminal can login the target application corresponding to the user account information according to the login response information; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in the key value mapping table.
11. A user terminal, comprising: a processor, a memory, and a network interface;
the processor is connected with a memory and a network interface, wherein the network interface is used for connecting an application server, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the following operations:
acquiring user account information corresponding to a target application;
when the device identifier corresponding to the user account information is not found in the local database, taking the user account information as a key name and a null value as a key value corresponding to the key name, constructing a second key value pair corresponding to the user account information, uploading the second key value pair to an application server so that the application server receives the second key value pair, acquiring a first data sequence generated by a random generator when the key value of the second key value pair is determined to be the null value, determining the first data sequence as a private key corresponding to the user terminal, converting the private key into a public key, calculating a first hash value corresponding to the public key, calculating a second hash value corresponding to the public key according to the first hash value and version information corresponding to the target application, and determining a target check byte from the second hash value, generating a device identifier corresponding to the user terminal based on the target check byte, the first hash value and the version information, and returning the device identifier to the user terminal;
acquiring a device identifier corresponding to the user account information; the device identifier is unique identification information distributed to the user terminal by the application server;
taking the user account information as a key name, taking the device identifier as a key value corresponding to the key name, constructing a first key value pair corresponding to the user account information, sending a login request carrying the first key value pair to the application server, so that the application server receives the login request, authenticates the first key value pair carried in the login request, determines that the authentication is successful when the number of the associated key value pairs is less than the total threshold value number, and generates login response information; the login response information is used for indicating that a first key value pair corresponding to the user account information has login authority; the number of the associated key value pairs refers to the number of key value pairs with the same user account information as the first key value pairs in a key value mapping table;
and receiving the login response information, and logging in the target application according to the login response information.
12. A computer storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method of claim 7.
13. A computer storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295146.8A CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295146.8A CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109474838A CN109474838A (en) | 2019-03-15 |
| CN109474838B true CN109474838B (en) | 2020-10-30 |
Family
ID=65672552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811295146.8A Active CN109474838B (en) | 2018-11-01 | 2018-11-01 | Data processing method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109474838B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110321287A (en) * | 2019-06-20 | 2019-10-11 | 北京奇艺世纪科技有限公司 | A kind of detection method of server capability, device and electronic equipment |
| CN110866242B (en) * | 2019-11-13 | 2022-04-12 | 网易(杭州)网络有限公司 | Information processing method and device |
| CN111522604B (en) * | 2020-04-26 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Application data processing method and device and computer readable storage medium |
| CN111814166B (en) * | 2020-07-10 | 2023-09-12 | 上海淇毓信息科技有限公司 | Data encryption method and device and electronic equipment |
| CN113515707B (en) * | 2020-09-21 | 2024-02-09 | 腾讯科技(深圳)有限公司 | Data processing method, intelligent device, intelligent equipment and storage medium |
| CN112651772B (en) * | 2020-12-18 | 2024-07-23 | 浙江同花顺智能科技有限公司 | Event touch method, device, equipment and storage medium |
| CN112749412B (en) * | 2021-01-18 | 2024-01-23 | 中国民航信息网络股份有限公司 | Processing method, system, equipment and storage medium for passenger identity information |
| CN113342854B (en) * | 2021-06-21 | 2023-05-26 | 杭州推啊网络科技有限公司 | Method and system for generating unique ID of mobile equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237305A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Password protection method for smart card on mobile terminals |
| CN103415014A (en) * | 2013-08-28 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for authenticating mobile terminal |
| CN103746983A (en) * | 2013-12-30 | 2014-04-23 | 迈普通信技术股份有限公司 | Access authentication method and authentication server |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPWO2014155498A1 (en) * | 2013-03-25 | 2017-02-16 | 株式会社東芝 | Electronics |
| US9537659B2 (en) * | 2013-08-30 | 2017-01-03 | Verizon Patent And Licensing Inc. | Authenticating a user device to access services based on a device ID |
| US10581936B2 (en) * | 2016-09-15 | 2020-03-03 | Ricoh Company, Ltd. | Information processing terminal, management system, communication system, information processing method, and recording medium |
-
2018
- 2018-11-01 CN CN201811295146.8A patent/CN109474838B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237305A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Password protection method for smart card on mobile terminals |
| CN103415014A (en) * | 2013-08-28 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for authenticating mobile terminal |
| CN103746983A (en) * | 2013-12-30 | 2014-04-23 | 迈普通信技术股份有限公司 | Access authentication method and authentication server |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109474838A (en) | 2019-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474838B (en) | Data processing method, device, system and storage medium | |
| CN110263579B (en) | Data processing method, system and related equipment | |
| US10263978B1 (en) | Multifactor authentication for programmatic interfaces | |
| JP2023507927A (en) | Destination addressing of transactions associated with a distributed ledger | |
| CN102594823B (en) | Trusted system for remote secure access of intelligent home | |
| US10516666B2 (en) | Authentication method, apparatus, and system | |
| CN110602216B (en) | Method and device for using single account by multiple terminals, cloud server and storage medium | |
| TW201405459A (en) | Method, client, server and system of login verification | |
| CN108040355B (en) | Network access method and system | |
| US10904220B2 (en) | Provisioning using a generic configuration | |
| CN112988667B (en) | Data storage method and device based on block chain network | |
| CN103190130A (en) | Registration server, gateway apparatus and method for providing a secret value to devices | |
| WO2019149006A1 (en) | Method and device for obtaining and providing access information of wireless access point, and medium | |
| US20220261798A1 (en) | Computer-Implemented System and Method for Facilitating Transactions Associated with a Blockchain Using a Network Identifier for Participating Entities | |
| JP2016519828A (en) | Access control method, apparatus, program, and recording medium | |
| KR20200088901A (en) | Self-authentication of devices for secure transactions | |
| CN111367923A (en) | Data processing method, data processing device, node equipment and storage medium | |
| CN104836777B (en) | Identity verification method and system | |
| US20220270085A1 (en) | Destination addressing associated with a distributed ledger | |
| JP2011082923A (en) | Terminal device, signature producing server, simple id management system, simple id management method, and program | |
| US20190306110A1 (en) | Experience differentiation | |
| WO2020212784A1 (en) | Destination addressing associated with a distributed ledger | |
| CN111010379A (en) | Data login method and device based on block chain network | |
| US9648002B2 (en) | Location-based user disambiguation | |
| KR102271201B1 (en) | Method for maintaining private information on blockchain network and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |