CN109525604B

CN109525604B - Account number binding method and related equipment

Info

Publication number: CN109525604B
Application number: CN201811640253.XA
Authority: CN
Inventors: 宋伟军; 吴伟康
Original assignee: Hong Kong LiveMe Corp ltd
Current assignee: Zhuomi Private Ltd
Priority date: 2018-12-29
Filing date: 2018-12-29
Publication date: 2021-04-20
Anticipated expiration: 2038-12-29
Also published as: CN109525604A

Abstract

The invention discloses an account binding method and related equipment, which comprise the following steps: when a Web end corresponding to a first server detects an account number binding request aiming at a second server, firstly, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server; acquiring account information of a first account used by a user for logging in a second server from the second server; then, displaying first prompt information according to the account information, wherein the first prompt information is used for prompting whether a user binds a first account and a second account used by the user for logging in a first server or not, and receiving a confirmation instruction aiming at the first prompt information and input by the user; and finally, according to the confirmation instruction, sending the binding information of the first account to the first server to indicate the first server to bind the first account and the second account. By adopting the embodiment of the invention, the user can clarify important information in the account binding process, thereby reducing the error rate of account binding and improving the user experience.

Description

Account number binding method and related equipment

Technical Field

The invention relates to the field of internet and account number systems, in particular to an account number binding method and related equipment.

Background

Currently, the Open Authorization protocol (oauth 2.0) of version 2.0 is rarely used to bind 2 accounts already existing in two independent account systems. Since in oauth2.0 the user authorization process is often ignored during the binding process, resulting in a very unfriendly user experience. For example, a user has 2 accounts a and B, if the user wishes to bind the account a, and the user logs in to the account B by using the account password of the account B due to operation miss, the binding is successful as long as the account B logs in successfully, and the binding process is completed by the server in the background and is not sensible to the user, so that the user mistakenly regards that the account a is bound, and great inconvenience is brought to subsequent account login and use.

Disclosure of Invention

The invention provides an account binding method and related equipment. The method and the device can enable the user to clarify important information in the account binding process, thereby reducing the error rate of account binding and improving the user experience.

A first aspect of the embodiments of the present invention provides an account binding method, including:

when a Web end corresponding to a first server detects an account number binding request aiming at a second server, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server;

the Web terminal acquires account information of a first account used by the user for logging in the second server from the second server;

the Web end displays first prompt information according to the account information, wherein the first prompt information is used for prompting whether the user binds the first account and a second account used by the user for logging in the first server;

the Web end receives a confirmation instruction aiming at the first prompt message and input by the user;

and the Web end sends the binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account.

The method for acquiring the account information of the first account used by the user for logging in the second server by the Web end from the second server includes:

the Web terminal obtains an authorization code of the first account generated by the second server;

the Web end sends an information access request to the second server according to the authorization code, wherein the information access request is used for indicating the second server to send the account information;

and the Web end receives the account information sent by the second server.

Wherein the information access request comprises a first information access request and a second information access request;

the sending, by the Web end, the information access request to the second server according to the authorization code includes:

the Web end sends the first information access request to the second server, wherein the first information access request carries the authorization code and identity authentication information distributed to the Web end by the second server, and the first information access request is used for indicating the second server to send a first login token of the first account;

the Web end receives the first login token sent by the second server;

and the Web end sends the second information access request to the second server, wherein the second information access request carries the first login token and the identity authentication information, and the second information access request is used for indicating the second server to send the account information.

Wherein the binding information includes the first login token and authentication information, and the authentication information is used for preventing the first login token from being stolen.

The sending, by the Web side, the binding information of the first account to the first server according to the confirmation instruction includes:

and when the confirmation instruction confirms the binding, the Web end sends the binding information to the first server.

When the confirmation instruction is to confirm the binding, the Web side further includes, after sending the binding information to the first server:

the Web end receives the binding result information sent by the first server;

and the Web end displays second prompt information according to the binding result information, wherein the second prompt information is used for informing the user of the binding result of the first account and the second account.

A second aspect of the embodiments of the present invention provides another account binding method, including:

the method comprises the steps that a first server receives binding information of a first account used by a user for logging in a second server, wherein the binding information is sent by the Web server after receiving a confirmation instruction which is input by the user and aims at whether the first account is bound or not and the second account used by the user for logging in the first server;

and the first server binds the first account and the second account according to the binding information.

Wherein the binding, by the first server, the first account and the second account according to the binding information includes:

the first server sends the first login token to the second server, wherein the first login token is used for indicating the second server to send a first user identifier corresponding to the first account;

the first server receives the first user identification sent by the second server;

the first server determines a second user identifier corresponding to the second account according to a second login token of the second account, wherein the second login token is generated when the user logs in by using the second account through the first server;

and the first server establishes an association relation between the first user identification and the second user identification.

Wherein the binding information further comprises verification information;

before the first server sends the first login token to the second server, the method further includes:

the first server verifies the verification information;

and when the verification information passes verification, the first server executes the operation of sending the first login token to the second server.

Wherein the verification information comprises a verification parameter and a timestamp;

the first server verifying the verification information comprises:

the first server matches the verification parameters with preset parameters and determines whether the interval duration between the time corresponding to the timestamp and the current time exceeds a preset threshold value;

and when the verification parameters are the same as the preset parameters and the interval duration does not exceed the preset threshold, the first server determines that the verification information passes verification.

The verification information may be encrypted according to a preset encryption rule;

before the first server verifies the verification information, the method further includes:

and the first server decrypts the verification information according to the preset encryption rule.

Accordingly, an embodiment of the present invention provides a third aspect of a Web end, where the Web end corresponds to a first server, and includes:

the display module is used for displaying a login page of a second server when an account binding request aiming at the second server is detected, wherein the login page is used for indicating a user to log in the second server;

the acquisition module is used for acquiring account information of a first account used by the user for logging in the second server from the second server;

the display module is further configured to display first prompt information according to the account information, where the first prompt information is used to prompt whether the user binds the first account and a second account used by the user to log in the first server;

the receiving module is used for receiving a confirmation instruction which is input by the user and aims at the first prompt message;

and a sending module, configured to send, according to the confirmation instruction, binding information of the first account to the first server, where the binding information is used to instruct the first server to bind the first account and the second account.

Wherein the obtaining module is further configured to:

obtaining an authorization code of the first account generated by the second server;

the sending module is further configured to:

sending an information access request to the second server according to the authorization code, wherein the information access request is used for indicating the second server to send the account information;

the receiving module is further configured to:

and receiving the account information sent by the second server.

the sending module is further configured to:

sending the first information access request to the second server, where the first information access request carries the authorization code and the identity authentication information allocated to the Web end by the second server, and the first information access request is used to instruct the second server to send a first login token of the first account;

the receiving module is further configured to:

receiving the first login token sent by the second server;

the sending module is further configured to:

and sending the second information access request to the second server, wherein the second information access request carries the first login token and the identity authentication information, and the second information access request is used for indicating the second server to send the account information.

Wherein the sending module is further configured to:

and when the confirmation instruction confirms the binding, sending the binding information to the first server.

Wherein the receiving module is further configured to:

receiving binding result information sent by the first server;

the display module is further configured to:

and displaying second prompt information according to the binding result information, wherein the second prompt information is used for informing the user of the binding result of the first account and the second account.

Accordingly, an embodiment of the present invention provides a fourth aspect of a first server, including:

a receiving module, configured to receive binding information of a first account used by a user to log in a second server, where the binding information is sent by a Web end corresponding to the first server after receiving a confirmation instruction, which is input by the user, for whether to bind the first account and the second account used by the user to log in the first server;

and the binding module is used for binding the first account and the second account according to the binding information.

The binding information comprises a first login token of the first account;

the binding module is further configured to:

sending the first login token to the second server, wherein the first login token is used for indicating the second server to send a first user identifier corresponding to the first account;

receiving the first user identification sent by the second server;

determining a second user identifier corresponding to the second account according to a second login token of the second account, wherein the second login token is generated when the user logs in by using the second account through the first server;

and establishing an association relation between the first user identification and the second user identification.

Wherein the binding information further comprises verification information;

the binding module is further configured to:

verifying the verification information;

and when the verification information passes verification, sending the first login token to the second server.

the binding module is further configured to:

matching the verification parameters with preset parameters, and determining whether the interval duration between the time corresponding to the timestamp and the current time exceeds a preset threshold value;

and when the verification parameters are the same as the preset parameters and the interval duration does not exceed the preset threshold, determining that the verification information passes verification.

the binding module is further configured to:

and decrypting the verification information according to the preset encryption rule.

Accordingly, an embodiment of the present invention provides another Web end, which is characterized by including: a processor, a memory, a communication interface, and a bus;

the processor, the memory and the communication interface are connected through the bus and complete mutual communication;

the memory stores executable program code;

the processor reads the executable program code stored in the memory to run a program corresponding to the executable program code, so as to execute the account binding method disclosed in the first aspect of the embodiment of the present invention.

Accordingly, an embodiment of the present invention provides another first server, including: a processor, a memory, a communication interface, and a bus;

the memory stores executable program code;

the processor reads the executable program code stored in the memory to run a program corresponding to the executable program code, so as to execute the account binding method disclosed in the second aspect of the embodiment of the present invention.

Accordingly, an embodiment of the present invention provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute the account binding method disclosed in the first aspect of the embodiment of the present invention when running.

Correspondingly, an embodiment of the present invention provides another storage medium, where the storage medium is used to store an application program, and the application program is used to execute the account binding method disclosed in the second aspect of the embodiment of the present invention when running.

Accordingly, an embodiment of the present invention provides an application program, where the application program is configured to execute the account binding method disclosed in the first aspect of the embodiment of the present invention during running.

Correspondingly, the embodiment of the present invention provides another application program, where the application program is configured to execute the account binding method disclosed in the second aspect of the embodiment of the present invention during running.

By implementing the embodiment of the invention, when a Web end corresponding to a first server detects an account binding request aiming at a second server, a login page of the second server is firstly displayed, and the login page is used for indicating a user to log in the second server; acquiring account information of a first account used by a user for logging in a second server from the second server; then, displaying first prompt information according to the account information, wherein the first prompt information is used for prompting whether a user binds a first account and a second account used by the user for logging in a first server or not, and receiving a confirmation instruction aiming at the first prompt information and input by the user; and finally, sending binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account, so that a user can clearly determine important information in an account binding process, the error rate of account binding is reduced, and the user experience is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flowchart of an account binding method according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of a prompt message according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating another account binding method according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of actual use of an account binding method according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a Web end according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a first server according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of another Web end provided in the embodiment of the present invention;

fig. 8 is a schematic structural diagram of another first server according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, fig. 1 is a flowchart illustrating an account binding method according to an embodiment of the present invention. As shown in the figure, the method in the embodiment of the present invention includes:

s101, when a Web end corresponding to a first server detects an account binding request aiming at a second server, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server.

In a specific implementation, the first server and the second server may be servers corresponding to two independent account systems, and each independent account system may include one server and one Web end. The Web end may be responsible for maintaining and managing a front-end website of the account system. The server can undertake data processing services of the account system. When the Web end corresponding to the first server detects an account binding request for the second server, the Web end can jump to the second server, that is, a transit login page (such as a proxy login front-end page) of the account system corresponding to the second server. The user can input an account name and an account password in the transfer login page so as to log in the second server, namely, log in an account system corresponding to the second server.

And S102, the Web terminal acquires account information of a first account used by the user for logging in the second server from the second server.

It should be noted that the first account system corresponding to the first server may perform authentication in the second account system corresponding to the second server, and acquire the identity authentication information allocated by the second server, where the identity authentication information may include an identity (client _ id) and an authentication password (client _ secret), and the identity authentication information may be used as the identity authentication information of the first server and the Web side of the first account system. When the server corresponding to the other system sends the information request to the second server, the second server verifies the identity authentication information of the server, and if the verification is passed, the information request is responded, so that the information security of the second account system corresponding to the second server is ensured. After the identity authentication information distributed by the second server is acquired, the Web side may send the redirect address (redirect _ uri) corresponding to the front-end website to the second server, and the second server may establish an association relationship between the client _ id and the redirect _ uri. Similarly, the second account system corresponding to the second server may perform authentication in the first account system corresponding to the first server, and acquire the identity authentication information allocated by the first server.

In specific implementation, after a user inputs an account name and an account password on a transfer login page, the second server may obtain the account name and the account password input by the user, verify the account name and the account password, and control the transfer login page to jump to a redirect _ uri of a front-end website corresponding to the Web end after the verification is successful, and the second server may further generate an authorization code of the account (the first account) used by the user for the login, and carry the authorization code as an additional parameter in the redirect _ uri, so that the Web end obtains the authorization code (code), where the authorization code may be a character string. The Web side may send an information access request to the second server according to the authorization code, so as to obtain account information of the first account from the second server, where the account information may include, but is not limited to, an account name, user information corresponding to the account (such as a head portrait, an email box, a mobile phone number, and information issued by a user using the account). The information access request comprises a first information access request and a second information access request.

Specifically, the Web end may first send a first information access request to a first server. The first information access request carries an authorization code, a client _ id and a client _ secret and is used for indicating the first server to send a first login token (access _ token), wherein the second server can check the client _ id and the client _ secret after receiving the first information access request, if the check is passed, the first login token of the first account is searched according to the authorization code, and the searched first login token is sent to the Web end.

And the Web end sends a second information access request to a second server after receiving the first login token. The second information access request may carry the first login token and the identity authentication information, and is used to instruct the second server to send the account information. The second server may check the identity authentication information after receiving the second information access request, and if the check is passed, search the account information of the first account according to the first login token, and send the searched account information to the Web end.

For information security, the account information of the account is exchanged by the access _ token of the agreed account in the oauth2.0 protocol, and the second server does not directly send the login token access _ token of the first account to the Web end, but firstly returns the authorization code to the Web end, and the Web end obtains the access _ token according to the code. The reason for this is that: the code is carried in the redirect _ uri as an additional parameter, the code can be seen in an address bar of the browser, the access _ token is obviously unsafe to be transferred in this way, and the access _ token is exchanged by the code in the background, so that the access _ token can be ensured not to be exposed.

Optionally, before the Web end acquires the account information of the first account used by the user to log in the second server from the second server, authorization prompt information may be displayed on a transit login page first to prompt the user to authorize the Web end to acquire the account information of the first account; the second server obtains an authorization instruction which can be input by the user and aims at the authorization prompt message. And if and only if the authorization instruction is the confirmation authorization, the second server returns an authorization code to the Web end. For example, if the name of the first account system is cm, and the name of the second account system corresponding to the Web end is contents, an authorization prompt message "contents need to acquire account information of your cm, please confirm whether to authorize" may be displayed.

And S103, the Web end displays first prompt information according to the account information, wherein the first prompt information is used for prompting whether the user binds the first account and a second account used by the user for logging in the first server.

In a specific implementation, before the Web side obtains account information of a first account used by the user to log in the second server from the second server, the Web side may display a login page of the first server, and the user may input an account name and a password of the second account in the login page; and the Web terminal carries the account name and the password in the login request and sends the login request to the first server, the first server verifies the account name and the password, if the verification is passed, the login request is accepted, and the login of the second account is successful. And meanwhile, the first server generates a second login token of the second account, and can transmit the second login token to the Web end.

And the Web end can display prompt information according to the acquired account information. For example, as shown in fig. 2, the name of the account that the current user logs in the first account system cm corresponding to the first server is an applet. Acquiring account information logged in a second account system content corresponding to a second server by a user, wherein the account information includes an account name peak, an avatar and an email box associated with the account, a Web end can display prompt information, binding your cm account peak and content account applet below, acquiring the avatar of the peak and the use right of the associated email box by the bound content, and asking you to confirm! "

S104, the Web receives a confirmation instruction which is input by the user and aims at the first prompt message.

In a specific implementation, the Web end may receive a confirmation instruction in a voice format input by a user or a confirmation instruction input by the user through a related key.

And S105, the Web terminal sends the binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account.

In a specific implementation, the validation instruction includes a validation binding and a rejection binding. And when the confirmation instruction is to confirm the binding, the Web end sends the binding information of the first account to the first server. When the confirmation instruction is to cancel the binding, the Web end does not need to send the binding information of the first account to the first server, where the binding information of the first account may include, but is not limited to, a first login token of the first account and authentication information, where the authentication information may be used to prevent the first login token from being stolen, and may also verify whether the first login token is expired. As shown in fig. 2, when it is detected that the user clicks the button of "determine binding", the binding information of the peer is transmitted to the corresponding server. When the fact that the user clicks the button of 'cancel binding' is detected, the fact that the user does not agree with the binding account is indicated, and then the binding information of the peer does not need to be sent to the corresponding server.

In the embodiment of the invention, when a Web end corresponding to a first server detects an account binding request aiming at a second server, a login page of the second server is firstly displayed, and the login page is used for indicating a user to log in the second server; acquiring account information of a first account used by a user for logging in a second server from the second server; then, displaying first prompt information according to the account information, wherein the first prompt information is used for prompting whether a user binds a first account and a second account used by the user for logging in a first server or not, and receiving a confirmation instruction aiming at the first prompt information and input by the user; and finally, sending binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account. The method comprises the steps of adding a step of displaying prompt information before sending binding information to a server, so that a user can clearly determine important information (such as account name of a bound account) in an account binding process, so that the user can confirm whether account binding is carried out again before the server executes account binding operation, and the binding information is sent to the server only when the user inputs a binding confirmation instruction. Compared with the method for sending the binding information to the server to indicate the server to perform account binding as long as the first account is successfully logged in the prior art, the method provided by the embodiment of the invention can reduce the error rate of account binding and improve the user experience.

Referring to fig. 3, fig. 3 is a flowchart illustrating another account binding method according to an embodiment of the present invention. As shown in the figure, the method in the embodiment of the present invention includes:

s301, when a Web end corresponding to a first server detects an account binding request for a second server, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server. This step is the same as S101 in the previous embodiment, and is not described again.

S302, the second server obtains the account name and the password of the first account input by the user on the login page, and verifies the account name and the password.

In a specific implementation, the login page is a transfer login page. The second server may verify the account name and the password according to a preset verification rule.

And S303, the Web end acquires the authorization code of the first account generated by the second server.

In a specific implementation, after the account name and the password of the first account are successfully verified, the second server may control the redirect login page to jump to the redirect _ uri of the front-end website corresponding to the Web end, and take the authorization code of the account (the first account) used by the user for logging in this time as an additional parameter to be carried in the redirect _ uri, so that the Web end obtains the authorization code.

S304, the Web terminal sends a first information access request to the second server.

In a specific implementation, the first information access request may carry an authorization code, a client _ id, and a client _ secret.

S305, the second server sends the first login token of the first account to the Web end.

In a specific implementation, after receiving the first information access request, the second server may check the identity authentication information client _ id and the client _ secret, and if the check is passed, search for the first login token of the first account according to the authorization code, and send the searched first login token to the Web end.

S306, the Web end sends a second information access request to the second server.

In a specific implementation, the second information access request may carry the first login token, the client _ id, and the client _ secret.

S307, the second server sends the account information of the first account to the Web end.

In a specific implementation, after receiving the second information access request, the second server may check the identity authentication information, and if the check is passed, search for the account information of the first account according to the first login token, and send the searched account information to the Web end.

And S308, the Web end displays first prompt information according to the account information, wherein the first prompt information is used for prompting whether a user binds the first account and a second account used by the user for logging in the first server. This step is the same as S103 in the previous embodiment, and is not described again.

S309, the Web end receives a confirmation instruction aiming at the first prompt message and input by the user. This step is the same as S104 in the previous embodiment, and is not described again.

And S310, the Web end sends the binding information of the first account to the first server according to the confirmation instruction. This step is the same as S105 in the previous embodiment, and is not described again.

S311, the first server binds the first account and the second account according to the binding information.

In a specific implementation, the binding information includes a first login token of the first account. The first server may first send the first login token to the second server, so as to instruct the second server to send a first user identifier corresponding to the first account, where the first user identifier may be, but is not limited to, an openid; after receiving the openid of the first account, determining a second user identifier corresponding to the second account according to a second login token of the second account, where the second user identifier may be, but is not limited to, the openid, and the second login token is generated by the first server when the user logs in using the second account; and then establishing an incidence relation between the openid of the first account and the openid of the second account.

Optionally, the binding information may further include authentication information, and the authentication information may prevent the first login token of the first account from being stolen. For example, when the binding information is intercepted by a third party during transmission and attempts to maliciously use the first login token, because the authentication information contains authentication parameters agreed by the first server and the second server, the third party cannot pass the authentication when verifying the authentication information, so that the first login token cannot be extracted from the binding information, and the purpose of preventing the first login token from being stolen is achieved. The verification information can also be used for verifying whether the first login token is expired, wherein the expired first login token indicates that the first login token is possible to be hijacked, tampered or even implanted with viruses. The first server needs to verify the verification information before sending the first login token to the second server, and if the verification information passes the verification, the first login token can be extracted from the binding information and sent to the second server. In order to improve the generation and verification efficiency of the verification information and thus improve the account binding efficiency, the verification information includes verification parameters and a timestamp, the verification parameters are the same as preset parameters agreed by the first server and the second server under normal conditions, the timestamp can be the generation time of the first login token, and the generation time of the first login token can be acquired from the second server. The first server can match the verification parameter with a preset parameter and determine whether the interval duration between the time corresponding to the timestamp and the current time exceeds a preset threshold, wherein the preset parameter is the first server and the second server. And when the verification parameter is the same as the preset parameter and the interval duration does not exceed a preset threshold (such as 60 seconds (s)), determining that the verification information passes verification. . And when the interval duration exceeds a preset threshold, determining that the first login token of the first account is expired. For example, if the timestamp corresponds to the time 2018-12-12-10:45:09 and the current time 2018-12-12-10:46:01, the interval duration 52s exists between the timestamp and the current time, and since 52s does not exceed 60s, it is determined that the first login token has not expired.

Optionally, the agreed authentication parameters of the first server and the second server still have the risk of being stolen, and the timestamp may be tampered. Therefore, in order to further secure the login token, the authentication information may be encrypted according to a preset encryption rule, and the preset encryption rule may be, but is not limited to, an RSA encryption rule. Therefore, before verifying the verification information, the first server further needs to decrypt the verification information according to the preset encryption rule.

For example: first, get From (salt, time, From), where the salt is a fixed constant, and under a normal condition, the salt is the same as a preset parameter agreed by the first server and the second server, the time is a timestamp, and the From identifies an identifier of the binding source, and in the embodiment of the present invention, the From may be a client _ id of the first server. The From may then be encrypted using an RSA encryption algorithm, with the encrypted From as the authentication information.

Optionally, after the first server binds the first account and the second account, the first server may also send binding result information to the Web end. Correspondingly, the Web end can also receive the binding result information sent by the first server, and display prompt information according to the binding result information so as to inform a user of the binding result of the first account and the second account. For example, the Web site may display "bind successfully! ".

In summary, in the account binding method provided in the embodiment of the present invention, after a user successfully logs in a second server by using a first account, a Web end corresponding to the first server first obtains account information of the first account from the second server according to an authorization code of the first account, and displays a prompt message according to the account information to prompt the user to confirm whether to bind the first account and the second account. And when the user confirms the binding, sending the binding information of the first account to the first server for account binding. In the prior art, after a user successfully logs in a second server by using a first account, a Web side corresponding to the first server immediately acquires binding information of the first account according to an authorization code of the first account, and then sends the binding information to the first server to indicate the first server to execute account binding operation. Compared with the prior art, the account binding method provided by the embodiment of the invention can enable the user to clarify important information in the account binding process, thereby reducing the error rate of account binding and improving the user experience.

The following describes an implementation process of the account binding method provided by the implementation of the present invention by using an example.

For example: as shown in fig. 4, www.contentos is a front-end website of account system content, corresponding to a Web end of the content, www.contentos includes a Web page implemented by javascript (js) and a server implemented by Json. The server of the account system content corresponding to the Open content includes an Open application Programming Interface (Open api) and an internal Open api. cm represents a server corresponding to the account system cm, and the server comprises an IPtlogin proxy and a data processing part iopen, wherein the IPtlogin is a proxy login front-end page of the account system cm.

Firstly, a user can log in account system contents by using an account c in a JS webpage, wherein the user can input an account name and a password of the account c in the JS webpage, then the JS webpage sends a login request to a server, the login request carries the account name and the password of the account c input by the user, the server forwards the login request to an external Open api, the external Open api verifies the account name and the password of the account c, after the verification is successful, a login token c _ access _ token and account information of the account c are returned to the server, and the server forwards the account information of the account c to the JS webpage for display. And then, the user can click a corresponding button in the JS webpage to bind the account d of the cm account system, the clicking operation is equivalent to a binding request, the JS webpage jumps to a transit login page of the cm account d when the binding request is detected, and the user can input the account name and the password of the account d on the transit login page. The IPtlogin agent can acquire an account name and a password of an account d which can be input by a user on a relay login page, and transmits the account name and the password to iopen for verification, if the verification is passed, namely the account d successfully logs in, the iopen then generates a login token cm _ access _ token of d, controls the relay login page to jump to redirect _ uir of server, and returns an authorization code (cm _ code) of the account d, wherein the cm _ code can be attached to redirect _ uir. The server can then obtain the cm _ code from redirect _ uir. Then, operations of exchanging cm _ code for cm _ access _ token and exchanging cm _ access _ token for account information of account d are performed between the server and the iopen, wherein the operations are accompanied by transmission of client _ id and client _ secret of the content account system, and the parameters belong to internal references and are not written in the figure. The server transmits the acquired account information of the account d to the JS webpage so that the JS webpage can display prompt information to prompt a user to confirm that the account d is bound to the account c. And if a binding confirmation instruction of the user is received, the JS webpage informs the server to transmit a cm _ access _ token + from ciphertext to the internal Open api, wherein the from ciphertext is verification information. And the internal Open api decrypts and verifies the from ciphertext, if the from ciphertext passes the verification, the openid corresponding to the account d is extracted and obtained from iopen by using the cm _ access _ token, and the openid corresponding to the account c is obtained by analyzing the c _ access _ token, wherein the internal Open api can obtain the c _ access _ token from the external Open api. And then establishing an incidence relation of two openids so as to complete account binding. And finally, the internal Open api sends the result information of successful binding to the server, the server transmits the result information of successful binding to the JS webpage, and the JS webpage displays prompt information according to the result information of successful binding and informs the user of successful binding of the account number.

Referring to fig. 5, fig. 5 is a schematic structural diagram of a Web end according to an embodiment of the present invention. The Web end in the embodiment of the present invention corresponds to the first server, and as shown in the drawing, the Web end in the embodiment of the present invention includes:

a display module 501, configured to display a login page of a second server when an account binding request for the second server is detected, where the login page is used to indicate a user to log in the second server.

In a specific implementation, the first server and the second server may be servers corresponding to two independent account systems, and each independent account system may include one server and one Web end. The Web end may be responsible for maintaining and managing a front-end website of the account system. The server can undertake data processing services of the account system. When an account binding request for the second server is detected, the user may jump to the second server, that is, a transit login page (e.g., a proxy login front-end page) of the account system corresponding to the second server, and the display module 501 may display the transit login page. Then, the user can input an account name and an account password on the transit login page so as to log in the second server, namely, log in an account system corresponding to the second server.

An obtaining module 502, configured to obtain account information of a first account used by the user to log in the second server from the second server.

It should be noted that the first account system corresponding to the first server may perform authentication in the second account system corresponding to the second server, and acquire the identity authentication information allocated by the second server, where the identity authentication information may include an identity (client _ id) and an authentication password (client _ secret), and the identity authentication information may be used as the identity authentication information of the first server and the Web side of the first account system. After the identity authentication information distributed by the second server is acquired, the Web side may send the redirect address (redirect _ uri) corresponding to the front-end website to the second server, and the second server may establish an association relationship between the client _ id and the redirect _ uri. Similarly, the second account system corresponding to the second server may perform authentication in the first account system corresponding to the first server, and acquire the identity authentication information allocated by the first server.

In a specific implementation, after a user inputs an account name and an account password on a transfer login page, the second server may obtain the account name and the account password input by the user, check the account name and the account password, and control the transfer login page to jump to a redirect _ uri of a front-end website corresponding to a Web end after the check is successful, the second server may further generate an authorization code of the account (first account) used by the user for the login, and carry the authorization code as an additional parameter in the redirect _ uri, so that the obtaining module 502 obtains the authorization code (code), where the authorization code may be a character string. For information security, the second server does not directly send the account information of the first account and the login token required for acquiring the account information to the Web end at this time, but returns the authorization code to the Web end. The obtaining module 502 may instruct the sending module 504 to send an information access request to the second server according to the authorization code, so as to obtain account information of the first account from the second server, where the account information may include, but is not limited to, an account name, and user information corresponding to the account (such as a head portrait, an email address, a mobile phone number, and information issued by a user using the account). The information access request comprises a first information access request and a second information access request.

Specifically, the obtaining module 502 may first instruct the sending module 504 to send the first information access request to the first server. The first information access request carries an authorization code, a client _ id, and a client _ secret, and is used to instruct the first server to send a first login token (access _ token), where the second server may check the client _ id and the client _ secret after receiving the first information access request, and if the check is passed, search for the first login token of the first account according to the authorization code, and send the searched first login token to the Web end, so the obtaining module 502 may instruct the receiving module 503 to receive the first login token.

Upon receiving the first login token, the acquisition module 502 may then instruct the sending module 504 to send a second information access request to the second server. The second information access request may carry the first login token and the identity authentication information, and is used to instruct the second server to send the account information. The second server may check the identity authentication information after receiving the second information access request, and if the check is passed, search the account information of the first account according to the first login token, and send the searched account information to the Web end. The obtaining module 502 may instruct the receiving module 503 to receive the account information.

Optionally, before the obtaining module 502 obtains the account information of the first account used by the user to log in the second server from the second server, the display module 501 may first display authorization prompt information on a transit login page to prompt the user to authorize the Web end to obtain the account information of the first account; the second server obtains an authorization instruction which can be input by the user and aims at the authorization prompt message. And if and only if the authorization instruction is the confirmation authorization, the second server returns an authorization code to the Web end. For example, if the name of the first account system is cm, and the name of the second account system corresponding to the Web end is contents, an authorization prompt message "contents need to acquire account information of your cm, please confirm whether to authorize" may be displayed.

The display module 501 is further configured to display first prompt information according to the account information, where the first prompt information is used to prompt whether the user binds the first account and a second account used by the user to log in the first server.

In a specific implementation, before the obtaining module 502 obtains the account information of the first account used by the user to log in the second server from the second server, the display module 501 may further display a login page of the first server, so that the user may input the account name and the password of the second account in the login page; then, the sending module 504 carries the account name and the password in the login request and sends the login request to the first server, the first server verifies the account name and the password, if the verification is passed, the login request is accepted, and the second account login is successful. Meanwhile, the first server generates a second login token of the second account, and may transmit the second login token to the obtaining module 502 of the Web end.

The receiving module 503 may be further configured to receive a confirmation instruction for the first prompt information, which is input by the user. Specifically, a confirmation instruction in a voice format input by the user or a confirmation instruction input by the user through the relevant key may be received.

The sending module 504 may be further configured to send, according to the confirmation instruction, binding information of the first account to the first server, where the binding information is used to instruct the first server to bind the first account and the second account.

In a specific implementation, the validation instruction includes a validation binding and a rejection binding. And when the confirmation instruction is to confirm the binding, sending the binding information of the first account to the first server. When the confirmation instruction is to cancel the binding, the binding information of the first account does not need to be sent to the first server, wherein the binding information of the first account may include, but is not limited to, a first login token of the first account and authentication information, and the authentication information may be used to prevent the first login token from being stolen and also to verify whether the first login token is expired. As shown in fig. 2, when it is detected that the user clicks the button of "determine binding", the binding information of the peer is transmitted to the corresponding server. When the fact that the user clicks the button of 'cancel binding' is detected, the fact that the user does not agree with the binding account is indicated, and then the binding information of the peer does not need to be sent to the corresponding server.

Optionally, the receiving module 503 is further configured to receive binding result information sent by the first server, and the displaying module 501 is further configured to display second prompt information according to the binding result information, so as to notify the user of the binding result of the first account and the second account.

In the embodiment of the invention, when a Web end corresponding to a first server detects an account binding request aiming at a second server, a login page of the second server is firstly displayed, and the login page is used for indicating a user to log in the second server; acquiring account information of a first account used by a user for logging in a second server from the second server; then, displaying first prompt information according to the account information, wherein the first prompt information is used for prompting whether a user binds a first account and a second account used by the user for logging in a first server or not, and receiving a confirmation instruction aiming at the first prompt information and input by the user; and finally, sending binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account, so that a user can clearly determine important information in an account binding process, the error rate of account binding is reduced, and the user experience is improved.

Referring to fig. 6, fig. 6 is a schematic structural diagram of a first server according to an embodiment of the present invention. As shown in the figure, the first server in the embodiment of the present invention includes:

a receiving module 601, configured to receive binding information of a first account used by a user to log in a second server, where the binding information is sent by a Web end corresponding to the first server.

In a specific implementation, the first server and the second server may be servers corresponding to two independent account systems, and each independent account system may include one server and one Web end. The Web end may be responsible for maintaining and managing a front-end website of the account system. The server can undertake data processing services of the account system. The account information may include, but is not limited to, an account name, and user information corresponding to the account (e.g., a head portrait, an email, a cell phone number, and information issued by the user using the account).

A binding module 602, configured to bind, according to the binding information, the first account and a second account used by the user to log in the first server.

In a specific implementation, the binding information includes a first login token of the first account. The first login token may be first sent to the second server, so as to instruct the second server to send a first user identifier corresponding to the first account, where the first user identifier may be, but is not limited to, an openid; after receiving the openid of the first account, determining a second user identifier corresponding to the second account according to a second login token of the second account, where the second user identifier may be, but is not limited to, the openid, and the second login token is generated by the first server when the user logs in using the second account; and then establishing an incidence relation between the openid of the first account and the openid of the second account.

Optionally, the binding information may further include authentication information, where the authentication information may be used as encryption information of the first login token of the first account, to prevent the first login token of the first account from being stolen, and to verify whether the first login token is expired. Before sending the first login token to the second server, the verification information needs to be verified, and when the verification information passes the verification, the first login token is sent to the second server. The verification information comprises verification parameters and a timestamp, wherein the verification parameters can be matched with preset parameters, and whether the interval duration between the time corresponding to the timestamp and the current time exceeds a preset threshold value or not is determined. And when the verification parameter is the same as the preset parameter and the interval duration does not exceed a preset threshold (such as 60s), determining that the verification information passes verification. The preset parameter is a parameter agreed in advance by the first server and the second server. And when the interval duration exceeds a preset threshold, determining that the first login token of the first account is expired.

Optionally, the verification information may be encrypted according to a preset encryption rule, and the preset encryption rule may be, but is not limited to, an RSA encryption rule. Therefore, before verifying the verification information, the binding module 602 is further configured to decrypt the verification information according to the preset encryption rule.

In the embodiment of the invention, a first server firstly receives binding information of a first account used by a user for logging in a second server, which is sent by a Web end corresponding to the first server; and then binding the first account and a second account used by the user for logging in the first server according to the binding information. The binding information not only comprises a login token of the first account for account binding, but also comprises verification information, so that the server can verify the verification information before the login token of the first account binds the first account and the second account, and when the verification information passes, the first account and the second account are bound, and the security of account binding can be realized.

Referring to fig. 7, fig. 7 is a schematic structural diagram of another Web end according to an embodiment of the present invention. The Web end in the embodiment of the present invention corresponds to the first server. As shown, the Web end may include: at least one processor 701, e.g., a CPU, at least one communication interface 702, at least one memory 703, at least one bus 704. Bus 704 is used to enable, among other things, connectivity communications between these components. In this embodiment of the present invention, the communication interface 702 at the Web end is a wired sending port, and may also be a wireless device, for example, including an antenna apparatus, and configured to perform signaling or data communication with other node devices. The memory 703 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 703 may optionally be at least one memory device located remotely from the processor 701. A set of program code is stored in the memory 703 and the processor 701 is used to invoke the program code stored in the memory for performing the following operations:

when an account binding request aiming at a second server is detected, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server;

acquiring account information of a first account used by the user for logging in the second server from the second server;

displaying first prompt information according to the account information, wherein the first prompt information is used for prompting whether the user binds the first account and a second account used by the user for logging in the first server;

receiving a confirmation instruction for the first prompt message input by the user;

and sending binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account.

The processor 701 is further configured to perform the following operation steps:

and receiving the account information sent by the second server.

receiving the first login token sent by the second server;

receiving binding result information sent by the first server;

It should be noted that, at the same time, an embodiment of the present invention also provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute, at runtime, an operation performed by a Web end in one account binding method shown in fig. 1 and fig. 3.

It should be noted that, at the same time, an embodiment of the present invention also provides an application program, where the application program is used to execute, during running, an operation performed by a Web end in the account binding method shown in fig. 1 and fig. 3.

Referring to fig. 8, fig. 8 is a schematic structural diagram of another first server according to an embodiment of the present invention. As shown, the first server may include: at least one processor 801, such as a CPU, at least one communication interface 802, at least one memory 803, at least one bus 804. Bus 804 is used to enable, among other things, connectivity communications between these components. In this embodiment of the present invention, the communication interface 802 of the first server is a wired sending port, and may also be a wireless device, for example, including an antenna apparatus, for performing signaling or data communication with other node devices. The memory 803 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 803 may optionally be at least one memory device located remotely from the processor 801 as previously described. A set of program code is stored in the memory 803 and the processor 801 is used to call up the program code stored in the memory for performing the following operations:

receiving binding information of a first account used for a user to log in a second server, which is sent by a Web end corresponding to the first server;

and binding the first account and a second account used by the user for logging in the first server according to the binding information.

The binding information comprises a first login token of the first account;

the processor 801 is further configured to perform the following operation steps:

receiving the first user identification sent by the second server;

Wherein the binding information further comprises verification information;

verifying the verification information;

and when the verification information passes verification, executing the operation of sending the first login token to the second server.

It should be noted that, the embodiment of the present invention also provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute, at runtime, an operation performed by the first server in the account binding method shown in fig. 1 and fig. 3.

It should be noted that, the embodiment of the present invention also provides an application program, where the application program is configured to execute, at runtime, operations performed by the first server in the account binding method shown in fig. 1 and fig. 3.

It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.

The content downloading method, the related device and the system provided by the embodiment of the present invention are described in detail above, and a specific example is applied in the text to explain the principle and the embodiment of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.

The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims

1. An account binding method is characterized by comprising the following steps:

when a Web end corresponding to a first server detects an account binding request aiming at a second server, displaying a login page of the second server, wherein the login page is used for indicating a user to log in the second server;

the Web end sends binding information of the first account to the first server according to the confirmation instruction, wherein the binding information is used for indicating the first server to bind the first account and the second account, the binding information comprises a first login token of the first account and verification information, the verification information is used for preventing the first login token from being stolen, and the verification information is information encrypted according to a preset encryption rule.

2. The method of claim 1, wherein the Web side obtaining account information of the first account used by the user to log in the second server from the second server comprises:

and the Web end receives the account information sent by the second server.

3. The method of claim 2, wherein the information access request comprises a first information access request and a second information access request;

the Web end sends the first information access request to the second server, wherein the first information access request carries the authorization code and the identity authentication information distributed to the Web end by the second server, and the first information access request is used for indicating the second server to send the first login token;

the Web end receives the first login token sent by the second server;

4. The method according to any one of claims 1 to 3, wherein the sending, by the Web side, the binding information of the first account to the first server according to the confirmation instruction includes:

5. An account binding method is characterized by comprising the following steps:

the first server binds the first account and the second account according to the binding information, wherein the binding information comprises a first login token of the first account and verification information, the verification information is used for preventing the first login token from being stolen, and the verification information is information encrypted according to a preset encryption rule.

6. The method of claim 5, wherein the first server binding the first account and the second account according to the binding information comprises:

the first server verifies the verification information;

and when the verification information passes the verification, the first server binds the first account and the second account according to the login token.

7. The method of claim 5, wherein the authentication information comprises an authentication parameter and a timestamp;

the first server verifying the verification information comprises:

8. The method according to claim 6 or 7, wherein the authentication information is information encrypted according to a preset encryption rule;

9. A Web side, wherein the Web side corresponds to a first server, and wherein the Web side comprises:

a sending module, configured to send, to the first server, binding information of the first account according to the confirmation instruction, where the binding information is used to indicate that the first server binds the first account and the second account, the binding information includes a first login token of the first account and verification information, the verification information is used to prevent the first login token from being stolen, and the verification information is encrypted according to a preset encryption rule.

10. The Web end of claim 9, wherein the acquisition module is further configured to:

the sending module is further configured to:

the receiving module is further configured to:

and receiving the account information sent by the second server.

11. The Web side of claim 10, wherein the information access request comprises a first information access request and a second information access request;

the sending module is further configured to:

sending the first information access request to the second server, where the first information access request carries the authorization code and the identity authentication information allocated to the Web end by the second server, and the first information access request is used to instruct the second server to send the first login token;

the receiving module is further configured to:

receiving the first login token sent by the second server;

the sending module is further configured to:

12. The Web end of any of claims 9-11, wherein the sending module is further to:

13. A first server, wherein the first server comprises:

and the binding module is used for binding the first account and the second account according to the binding information, the binding information comprises a first login token of the first account and verification information, the verification information is used for preventing the first login token from being stolen, and the verification information is information encrypted according to a preset encryption rule.

14. The first server of claim 13, wherein the binding module is further to:

verifying the verification information;

and when the verification information passes the verification, binding the first account and the second account according to the login token.

15. The first server of claim 14, wherein the authentication information comprises an authentication parameter and a timestamp;

the binding module is further configured to:

16. The first server according to claim 14 or 15, wherein the authentication information is information encrypted according to a preset encryption rule;

the binding module is further configured to:

17. A Web side, comprising: a processor, a memory, a communication interface, and a bus;

the memory stores executable program code;

the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for executing the account binding method according to any one of claims 1 to 4.

18. A first server, comprising: a processor, a memory, a communication interface, and a bus;

the memory stores executable program code;

the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for executing the account binding method according to any one of claims 5 to 8.

19. A computer-readable storage medium storing instructions adapted to be loaded by a processor and to perform the account binding method according to any of claims 1 to 4.

20. A computer-readable storage medium storing instructions adapted to be loaded by a processor and to perform the account binding method according to any of claims 5 to 8.