CN111711602A - Login authentication method and device, electronic equipment and readable storage medium - Google Patents
Login authentication method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN111711602A CN111711602A CN202010398932.1A CN202010398932A CN111711602A CN 111711602 A CN111711602 A CN 111711602A CN 202010398932 A CN202010398932 A CN 202010398932A CN 111711602 A CN111711602 A CN 111711602A
- Authority
- CN
- China
- Prior art keywords
- terminal
- session data
- token
- authentication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Abstract
The embodiment of the invention provides a login authentication method, a login authentication device, electronic equipment and a readable storage medium, and aims to enable an authentication process to have safety and usability. The authentication method is applied to a server, and comprises the following steps: receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result; under the condition that the first authentication result represents that authentication is passed, judging whether the server stores session data corresponding to the terminal or not according to the token; and under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a login authentication method, device, electronic device, and readable storage medium.
Background
In the field of internet technology, authentication refers to a server verifying whether a terminal has a right to access a system, view information, or acquire resources. In the related art, some servers of internet enterprises authenticate terminals by using token technology. This technique has an advantage of high usability and a disadvantage of low security. For example, when a network attacker steals a token encryption algorithm of a server and uses the stolen encryption algorithm to perform network attack on the server, the authentication operation of the server is disabled, so that all user data is at risk of being stolen.
There are also some internet enterprises in which a server authenticates a terminal using session technology (also called session technology, which is a technology for distinguishing different users). This technique has an advantage of high security and a disadvantage of low usability. Failure of the session database for storing session data, for example, during storage of the session data by the server, will result in failure of session data storage. In the future, when authentication operation is performed based on session data, the authentication operation is unavailable due to the fact that the session data cannot be read, so that the terminal cannot pass the authentication, and cannot access a system, view information or acquire resources.
It can be seen that the existing authentication technology has problems of low security or low availability, and these problems may cause a great risk of leakage of user data or cause a service of a server to be unavailable.
Disclosure of Invention
Embodiments of the present invention provide a login authentication method, device, electronic device, and readable storage medium, and aim to enable an authentication process to have both security and usability. The specific technical scheme is as follows:
in a first aspect of the embodiments of the present invention, a login authentication method is first provided, which is applied to a server, and the method includes:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
under the condition that the first authentication result represents that authentication is passed, judging whether the server stores session data corresponding to the terminal or not according to the token;
and under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result.
In a second aspect of the embodiments of the present invention, another login authentication method is provided, which is applied to a server, and the method includes:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
judging whether the server stores session data corresponding to the terminal or not according to the token;
under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result;
and judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
In a third aspect of the embodiments of the present invention, there is provided a login authentication apparatus, which is disposed in a server, and includes:
the first authentication module is used for receiving a token sent by a terminal and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
the judging module is used for judging whether the server stores session data corresponding to the terminal or not according to the token under the condition that the first authentication result represents that the authentication is passed;
and the second authentication module is used for executing a second authentication operation on the terminal based on the session data corresponding to the terminal under the condition that the server stores the session data corresponding to the terminal, so as to obtain a second authentication result.
In a fourth aspect of the embodiments of the present invention, there is provided another login authentication apparatus, which is disposed in a server, and includes:
the first authentication module is used for receiving a token sent by a terminal and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
the judging module is used for judging whether the server stores the session data corresponding to the terminal according to the token;
the second authentication module is used for executing second authentication operation on the terminal based on the session data corresponding to the terminal under the condition that the server stores the session data corresponding to the terminal, and obtaining a second authentication result;
and the authority determining module is used for judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
In a fifth aspect of the embodiments of the present invention, there is further provided an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor, configured to implement the method steps of the first aspect or the second aspect of the embodiments of the present invention when executing the program stored in the memory.
In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute any of the above-mentioned login authentication methods.
In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the login authentication methods described above.
By implementing the login authentication method provided by the embodiment of the invention, the server executes the first authentication operation on the terminal based on the token after receiving the token sent by the terminal. Wherein, the invention ensures the availability of authentication due to the high availability of token technology.
In addition, when the first authentication result represents that the authentication is passed, that is, when the first authentication operation is passed, whether the server stores the session data corresponding to the terminal is determined according to the token. And under the condition that the server is determined to store the session data corresponding to the terminal, namely under the condition that the second authentication operation is available, executing the second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result. Thereby further improving authentication security in case a second authentication operation is available.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a flowchart of a login authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a login authentication method according to another embodiment of the present invention;
fig. 3 is an interaction diagram of a login authentication method according to another embodiment of the present invention;
fig. 4 is a flowchart of a login authentication method according to another embodiment of the present invention;
fig. 5(a) is a schematic diagram of a login authentication device according to an embodiment of the present invention;
fig. 5(b) is a schematic diagram of a login authentication device according to another embodiment of the present invention;
fig. 5(c) is a schematic diagram of a login authentication device according to another embodiment of the present invention;
fig. 6 is a schematic diagram of a login authentication device according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
In the field of internet technology, terminals interact with servers, and aim to access systems, view information, or obtain resources. In order to ensure data security, the server needs to authenticate the terminal, and opens a system, displays information or provides resources to the terminal under the condition that the terminal is determined to have the authority. In the related art, some servers of internet enterprises authenticate terminals by using token technology. This technique has an advantage of high usability and a disadvantage of low security. For example, when a network attacker steals a token encryption algorithm of a server and uses the stolen encryption algorithm to perform network attack on the server, the authentication operation of the server is disabled, so that all user data is at risk of being stolen.
There are also some internet enterprises in which servers authenticate terminals using session technology (also called session technology, which is a technology for distinguishing between different users). This technique has an advantage of high security and a disadvantage of low usability. For example, during the period that the server stores the session data, the failure of the database for storing the session data will cause the failure of the session data storage. In the future, when authentication operation is performed based on session data, the authentication operation is unavailable due to the fact that the session data cannot be read, so that the terminal cannot pass the authentication, and cannot access a system, view information or acquire resources.
Therefore, the existing authentication technology has the problems of low security or low usability and the like. In view of the above, the present invention combines token technology and session technology in a novel manner, and provides an authentication method, an apparatus, an electronic device and a readable storage medium through the following embodiments, where the authentication method has both security and usability.
Referring to fig. 1, fig. 1 is a flowchart of a login authentication method according to an embodiment of the present invention, where the login authentication method is applied to a server. As shown in fig. 1, the method comprises the steps of:
step S11: and receiving a token sent by the terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result.
In the present invention, the types of terminals include, but are not limited to: mobile phones, tablet computers, notebook computers, desktop computers, and the like.
In the invention, the token sent by the terminal to the server can be sent to the terminal by the server in advance. In specific implementation, after a user logs in an account by using the terminal, the server generates a token for the terminal and sends the token to the terminal for storage. When the terminal sends a request to the server in the following, for example, a personal information viewing request, a resource acquisition request, a system access request, and the like, the token pre-stored in the terminal is carried in the request. As such, the server may perform an authentication operation for the terminal based on the token after receiving the token.
In some embodiments of the invention, the token may include a string and an encrypted string of the string. The encrypted character string of the character string is an encrypted result obtained after the server encrypts the character string by using a private key or an encryption algorithm mastered by the server.
For example, when the server performs the first authentication operation based on the token, at least one of the following checks may be specifically performed: algorithm checking, validity period checking and environment parameter checking.
Wherein, the algorithm verification means that: after receiving the token sent by the terminal, the server encrypts the character string in the token by using a private key or an encryption algorithm mastered by the server, compares the encrypted result with the original encrypted character string in the token, and determines that the terminal passes algorithm verification under the condition that the encrypted result is consistent with the original encrypted character string in the token.
The validity period check refers to that: and when the server receives the token returned by the terminal, if the time returned by the token does not exceed the validity period recorded in the token, the server determines that the terminal passes the validity period check. Or the server records a timestamp when generating the token for the terminal, calculates the time difference between the recorded timestamp and the current time when receiving the token returned by the terminal, judges whether the token returned by the terminal is overtime according to the time difference, and determines that the terminal passes the validity period check if the token returned by the terminal is not overtime.
The environmental parameter verification means that: the character string of the token comprises a user identification field, the server records a user identification, when the server receives the token returned by the terminal, the user identification field in the token is compared with the user identification recorded by the service degree, and if the user identification field in the token is consistent with the user identification recorded by the service degree, the terminal is determined to pass the environment parameter verification. Wherein, the user identifier may be: a user name, a user number, or a user phone number, etc.
It should be noted that the above examples of the first authentication operation are only examples, and the present invention does not limit the specific manner of the first authentication operation.
In the invention, the first authentication result obtained by the first authentication operation can represent that the authentication is passed or not passed. And determining that the terminal does not have the authority under the condition that the first authentication result represents that the authentication is not passed.
For convenience of understanding, it is assumed that, when the server performs the first authentication operation, three kinds of verification, such as algorithm verification, validity period verification, and environment parameter verification, are specifically performed. And under the condition that all three kinds of verification pass, the obtained first authentication result represents that the authentication passes, otherwise, the obtained first authentication result represents that the authentication does not pass. If the first authentication result represents that the authentication is passed, the following step S12 is performed. And if the first authentication result represents that the authentication is not passed, determining that the terminal does not have the authority, and terminating the whole authentication process. In other words, if all three kinds of checks pass, the following step S12 is executed, otherwise, it is determined that the terminal does not have the authority, and the whole authentication process is terminated.
Step S12: under the condition that the first authentication result represents that authentication is passed, judging whether the server stores session data corresponding to the terminal or not according to the token;
the session data is data stored by the server for each account to distinguish different accounts. In the related art, the session data may also be referred to as session data, and each account corresponds to different session data. When the account number interacts with the server, the account number specifically interacts with the server by relying on a terminal logging in the account number. Therefore, the session data corresponding to the account may also be referred to as session data corresponding to the terminal. In other words, the session data corresponding to the terminal in the present invention is the session data corresponding to the account registered on the terminal.
In the specific implementation of the present invention, the server specifically determines whether the server stores session data corresponding to the terminal according to the information in the token. When the server stores the session data corresponding to the terminal and the server does not store the session data corresponding to the terminal, different information is respectively corresponding to the token.
In some embodiments of the present invention, a preset field may be added to the token, and different contents in the preset field are respectively used for characterizing: the server stores the session data corresponding to the terminal, and the server does not store the session data corresponding to the terminal. In this way, when the step S12 is executed, specifically, it may be determined whether field content of a preset field in the token is target content, and if the field content is the target content, it is determined that the server stores session data corresponding to the terminal; and if the field content is not the target content, determining that the server does not store the session data corresponding to the terminal.
For ease of understanding, assuming that a preset field has _ session is added to the token, if the server successfully creates session data for the terminal in advance and successfully stores the session data, the server may cause the preset field has _ session of the token to be filled with target content, such as a character "1", during generation of the token for the terminal. If the server fails to successfully create session data for the terminal or fails to successfully store the session data of the terminal, the server may cause the preset field has _ session of the token to be filled with other contents, such as a character "0", during generation of the token for the terminal.
In this way, when the server executes the step S12, it may be determined whether the session data corresponding to the terminal is stored in the server by determining whether the field content in the preset field has _ session is "1". And if the field content in the preset field has _ session is '1', determining that the server stores the session data corresponding to the terminal. And if the field content in the preset field has _ session is not '1', determining that the server does not store the session data corresponding to the terminal.
In some embodiments of the present invention, when the step S12 is executed, specifically, it may be determined whether the token includes a preset identifier, and if the token includes the preset identifier, it is determined that the server stores session data corresponding to the terminal; and if the token does not contain the preset identification, determining that the server does not store the session data corresponding to the terminal.
In specific implementation, the token may include a character string and an encrypted character string of the character string, where the encrypted character string of the character string is an encryption result obtained after the server encrypts the character string by using a private key or an encryption algorithm mastered by the server. The preset identifier is a field in the character string, and correspondingly, the encrypted character string contains the field of the preset identifier after encryption. The preset identifier can be any one of the following forms: a designated number, a designated character, a designated letter, etc.
For ease of understanding, it is assumed that the preset identifier may be the designated character "HasSession". If the server successfully created session data for the terminal in advance and successfully stored the session data, the server may insert a specified character "HasSession" in the token during generation of the token for the terminal. If the server fails to successfully create session data for the terminal or fails to successfully store the session data for the terminal, the server does not insert the designated character "HasSession" in the token during generation of the token for the terminal.
In this way, when the server executes step S12, the server can determine whether the session data corresponding to the terminal is stored in the server by determining whether the token includes the specified character "HasSession". And if the token contains the specified character 'HasSession', determining that the server stores the session data corresponding to the terminal. And if the token does not contain the specified character 'HasSession', determining that the server does not store the session data corresponding to the terminal.
The server may determine whether the server stores session data corresponding to the terminal, based on information in the token. When the method is specifically implemented, the server can also judge whether the server stores the session data corresponding to the terminal according to the encryption mode of the token.
For ease of understanding, if the server successfully created session data for the terminal in advance and successfully stored the session data, the server may encrypt the token using a first encryption algorithm (or a first key) during generation of the token for the terminal. If the server fails to successfully create session data for the terminal or fails to successfully store session data for the terminal, the server may encrypt the token with a second encryption algorithm (or a second key) during generation of the token for the terminal. In this way, when the server executes step S12 described above, if the server verifies the token based on the first encryption algorithm, it is determined that the server stores the session data corresponding to the terminal. And if the server passes the token verification based on the second encryption algorithm, determining that the server does not store the session data corresponding to the terminal. The specific way of verifying the token through the encryption algorithm may refer to the above, and is not described herein again.
The invention reflects whether the server stores the session data corresponding to the terminal or not through the token, and has the advantages that: the invention reflects whether the server stores the session data corresponding to the terminal or not through the token. After the server sends the token to the terminal, the terminal stores the token. When the terminal initiates a request to the server again, the token is carried, and the server can determine whether the terminal has corresponding session data according to the token. Therefore, the server can be ensured to successfully know whether the current terminal has the corresponding session data, and the usability of the authentication operation based on the session data is further improved.
On the other hand, if the information indicating whether the server stores the session data corresponding to the terminal is not represented by the token, but the information indicating whether the terminal has the session data corresponding to each terminal is stored by another method, it is difficult to ensure the availability of the authentication operation based on the session data. For convenience of understanding, it is assumed that the server separately creates a storage system to store information of whether each terminal has corresponding session data, for example, the server creates a database, the database stores a plurality of key-value pairs, the key name of each key-value pair represents a terminal, and the key value of the key-value pair represents whether the server stores session data corresponding to the terminal. In this case, the storage system (i.e. the database) separately opened by the server still has the possibility of being crashed, down and unavailable in service, and in the case that the storage system (i.e. the database) is crashed, down or unavailable in service, the server cannot know whether the current terminal has the corresponding session data, so that the authentication operation based on the session data is unavailable.
In addition, since the token itself is also verified through the first authentication operation, the token information is effectively prevented from being tampered by a network attacker, or even if the token information is tampered by the network attacker, the server can detect the tampering action. Therefore, the login authentication method provided by the invention can give consideration to both authentication security and authentication availability as much as possible.
For understanding, it is assumed that a network attacker tampers token information (e.g., tampers the field content of a preset field in the token or deletes a preset identifier in the token) after intercepting the token sent by the terminal to the server, and then sends the tamped token to the server. After receiving the token, the server performs algorithm verification on the token. That is, the server encrypts token information (character string) in the token using a private key or an encryption algorithm that the server possesses, and then compares the encryption result with the original encryption character string in the token. Since the token information has been tampered with, the encryption result is not consistent with the original encryption string in the token. Thus, the algorithm check fails (that is, the first check result represents that the authentication fails), the server determines that the token information of the token is tampered, thereby determining that the authentication fails, and ending the whole authentication process.
In the present invention, when the first authentication operation is passed, the server performs the step S12 to determine whether the session data corresponding to the terminal is stored in the server in advance, so as to determine whether to perform the second authentication operation (i.e., the step S13). As such, on the one hand, the server may perform a second authentication operation (as in step S13 described below) to obtain a second authentication result in a case where the server stores session data corresponding to the terminal. Since the second authentication operation is an authentication operation performed based on the session data, the security of the entire authentication process can be improved.
On the other hand, the server may not perform the second authentication operation in a case where it does not store the session data corresponding to the terminal, and determine whether the terminal has the right according to the first authentication result, thereby ensuring authentication availability.
In consideration of the present invention, the server performs the above step S12 to determine whether the server stores the session data corresponding to the terminal when the first authentication result represents that the authentication passes. Therefore, when it is determined that the server does not store the session data corresponding to the terminal and cannot perform the second authentication operation, that is, when the token does not include the preset identifier, since the first authentication operation has passed, the server may directly determine that the terminal has the right in order to ensure the authentication availability, and end the entire authentication process.
Step S13: and under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result.
In the invention, the second authentication result obtained by the second authentication operation can represent that the authentication is passed or not passed. During the specific implementation of the invention, whether the terminal has the authority can be judged according to the second authentication result; if the second authentication result represents that the authentication is passed, determining that the terminal has the authority; and if the second authentication result represents that the authentication is not passed, determining that the terminal does not have the authority.
In some embodiments of the present invention, when performing the second authentication operation on the terminal based on the session data corresponding to the terminal, the server may specifically access a storage area to read the session data corresponding to the terminal, where the storage area stores the session data corresponding to each of the plurality of terminals; and under the condition that the session data corresponding to the terminal is successfully read, obtaining a second authentication result representing that the authentication is passed. In other words, when the session data corresponding to the terminal is successfully read, it is determined that the second authentication operation passes.
During specific implementation, a session database of the server stores multiple pieces of session data, the multiple pieces of session data respectively correspond to different terminals, each piece of session data has a session _ id (i.e., a session data identifier), and the session _ ids of different pieces of session data are different from each other. The server receives the token sent by the terminal and also receives the session _ id sent by the terminal (after the server generates session data for the terminal, the session _ id of the session data is sent to the terminal, the session _ id is stored in cookie data by the terminal, and when the terminal sends a request to the server, the cookie data is carried by the terminal, so that the session _ id is sent to the server). And the server takes the session _ id sent by the terminal as an index, accesses a session database to query the session data with the session _ id, and if the session data with the session _ id is successfully queried, determines that the second authentication operation is passed. In other words, if the session data with the session _ id is successfully queried, a second authentication result is obtained, and the second authentication result represents that the authentication is passed.
By performing the above-described authentication method including steps S11 to S13, the server performs a first authentication operation on the terminal based on the token after receiving the token transmitted by the terminal. Wherein, the invention ensures the availability of authentication due to the high availability of token technology.
In addition, when the first authentication result represents that the authentication is passed, that is, when the first authentication operation is passed, whether the server stores the session data corresponding to the terminal is determined according to the token. And under the condition that the server is determined to store the session data corresponding to the terminal, namely under the condition that the second authentication operation is available, executing the second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result. Thereby further improving authentication security in case a second authentication operation is available.
In some embodiments of the present invention, it is considered that, when the server executes the step S13, although the server stores the session data corresponding to the terminal, the server does not necessarily have successful access to the storage area for storing the session data. For example, the session database of the server fails to query the session data, or the network in the server is interrupted to query the session data.
In order to further improve the authentication availability, in the embodiments of the present invention, the server determines that the terminal has the authority when determining that the server stores the session data corresponding to the terminal but fails to access the storage area, so as to avoid that the authentication is unavailable due to a session database failure or a network failure inside the server.
In the above embodiments, if the server determines that the server stores the session data corresponding to the terminal by executing the step S12, the server executes the step S13 to further obtain the second authentication result. In the above embodiments of the present invention, if the server determines that it does not store the session data corresponding to the terminal by performing the above step S12, it indicates that the second authentication operation by the server for the terminal is not available, and in order to ensure the availability of the entire authentication operation, the server may determine whether the terminal has the right directly according to the first authentication result of the first authentication operation. In short, when the first authentication result represents that the authentication is passed but the server does not store the session data corresponding to the terminal, it is determined that the terminal has the right.
Referring to fig. 2, fig. 2 is a flowchart of a login authentication method according to another embodiment of the present invention, the login authentication method is applied to a server. As shown in fig. 2, the flow of the authentication method includes:
s21: the server receives the token sent by the terminal, and executes a first authentication operation on the terminal based on the token to obtain a first authentication result.
S22: if the first authentication result represents that the authentication is not passed, namely the first authentication operation is not passed, determining that the terminal does not have the authority, and ending the whole authentication process.
S23: and if the first authentication result represents that the authentication is passed, namely the first authentication operation is passed, judging whether the server stores the session data corresponding to the terminal according to the token.
S24: and if the server does not store the session data corresponding to the terminal, determining that the terminal has the authority, and ending the whole authentication process.
S25: and if the server stores the session data corresponding to the terminal, accessing the storage area storing the session data to inquire the session data corresponding to the terminal.
S26: if the session data corresponding to the terminal is successfully inquired, a second authentication result representing that the authentication is passed is obtained, namely the second authentication operation is passed. Thus, the terminal is determined to have the authority, and the whole authentication process is ended.
S27: and if the access to the storage area fails, determining that the terminal has the authority, and ending the whole authentication process.
For the specific implementation of each process step shown in fig. 2, reference may be made to the above specific explanation for step S11 to step S13, and in order to avoid repetition, the present invention is not described herein again.
Referring to fig. 3, fig. 3 is an interaction diagram of a login authentication method according to another embodiment of the present invention. As shown in fig. 3, the terminal may transmit a login request to the server in advance. Illustratively, the login request carries a user name and a login password. The server performs login authentication on the terminal, and generates a token for the terminal after the login authentication is passed. As shown in fig. 3, the server further creates session data for the terminal and stores the session data, and processes the token according to a first preset processing mode when the session data is successfully stored, and sends the processed token to the terminal. In addition, the server may also transmit session _ id of the session data (i.e., session data identification) to the terminal.
The token representation processed according to the first preset processing mode is as follows: the server stores the session data corresponding to the terminal. It should be noted that, if the server does not successfully store the session data, the server processes the token according to the second preset processing mode, and sends the processed token to the terminal. The token representation processed according to the second preset processing mode is as follows: the server does not store the session data corresponding to the terminal. To simplify the drawing, the case where the server does not successfully store the session data is not shown in fig. 3.
In specific implementation, a token generated by the server for the terminal includes a preset field, and meanwhile, the server tries to create session data for the terminal and stores the session data. For the sake of understanding, assume the first preset processing mode is: the server fills a character '1' in a preset field of the token, and the second preset processing mode is as follows: the server fills in the preset field of the token with the character "0". And if the server successfully creates session data for the terminal and successfully stores the session data, the server fills a preset field in the token with a character '1' according to a first preset processing mode. And then the server returns the session _ id of the session data and the token filled with the characters to the terminal, and the terminal stores the token after receiving the session _ id and the token returned by the server and stores the session _ id in cookie data.
In addition, if the server does not successfully store the session data corresponding to the terminal, the server fills a preset field in the token with a character "0" according to a second preset processing mode. And then the server returns the session _ id of the session data and the token filled with the characters to the terminal, and the terminal stores the token after receiving the session _ id and the token returned by the server and stores the session _ id in cookie data.
As shown in fig. 3, when the terminal sends a request to the server in the following, for example, a personal information viewing request, a resource acquisition request, a system access request, and the like, the request carries a token stored in the terminal. In addition, the request may also carry cookie data of the terminal, where the cookie data includes session _ id of session data corresponding to the terminal. After receiving the token sent by the terminal, the server executes a first authentication operation on the terminal based on the token and obtains a first authentication result. In case that the first authentication result represents that the authentication is not passed, that is, in case that the first authentication operation is not passed, the server may determine that the terminal does not have the authority, and terminate the entire authentication operation. In order to simplify the figure, the first authentication result is not shown in fig. 3 to characterize the case that the authentication is not passed.
As shown in fig. 3, when the first authentication result indicates that the authentication is passed, that is, when the first authentication operation is passed, the server determines whether the session data corresponding to the terminal is stored therein according to the token. If the server does not store the session data corresponding to the terminal, the server may not perform the second authentication operation but directly determine that the terminal has the authority, and terminate the entire authentication operation. In order to simplify the figure, the first authentication result is not shown in fig. 3 to characterize the case that the authentication is not passed.
As shown in fig. 3, if the server stores session data corresponding to the terminal, the server attempts to access the session database by using the received session _ id as an index, so as to query the session data corresponding to the session _ id (i.e., the session data corresponding to the terminal). And if the server successfully inquires the session data corresponding to the session _ id, determining that the terminal has the authority.
If the server fails to access the session database successfully, in this case, the server may directly determine that the terminal has the authority without performing the second authentication operation, and terminate the entire authentication operation. In order to simplify the figure, the first authentication result is not shown in fig. 3 to characterize the case that the authentication is not passed.
In the embodiment shown in fig. 3, when the server responds to the login request of the user, if the login authentication passes, the server first generates a token and creates and stores session data for the terminal, and selects a first preset processing mode or a second preset processing mode to process the generated token according to whether the session data is successfully stored or not. Briefly, in the embodiment shown in fig. 3, a user's login request is responded to in the following order: generating a token, creating session data, and processing the token.
In other modes, when the server responds to the login request of the user, if the login verification is passed, the server may also create session data for the terminal first, and store the session data; under the condition that the session data are successfully stored, generating a token for the terminal according to a first preset generation mode, and sending the generated token to the terminal, wherein the token generated according to the first preset generation mode is characterized by: the server stores session data corresponding to the terminal; under the condition that the session data is not successfully stored, generating a token for the terminal according to a second preset generation mode, and sending the generated token to the terminal, wherein the token generated according to the second preset generation mode is characterized by: the server does not store the session data corresponding to the terminal.
In the embodiments, the server first attempts to create session data and store the session data for the terminal, and generates a token for the terminal according to a first preset generation manner when the session data is successfully created and stored. And under the condition that the session data is not successfully stored, generating a token for the terminal according to a second preset generation mode. Briefly, in the embodiments described above, the login request of the user is responded in the following order: creating session data and generating a token.
In addition, it is considered that in some cases, one account may be successively logged in by a plurality of devices in a short time, for example, a certain member user may borrow the account for a plurality of persons successively. Therefore, the respective terminals of the plurality of users log in the account of the member user in sequence, and the server generates tokens and session data for the plurality of terminals in sequence. However, considering that user data leakage is easily caused by sharing one account by multiple people and a threat is caused to data security, in order to effectively limit the sharing number of accounts, in some embodiments of the present invention, the server may set an upper limit number of session data for each account, and in a case that the number of session data of the account exceeds the upper limit number, reserve the upper limit number of session data for the account as valid session data, and use the remaining session data of the account as invalid session data. And when the server executes the second authentication operation, if the second authentication operation is executed based on the failure session data, the obtained second authentication result represents that the authentication is not passed. In the specific implementation, if the session data queried by the server from the session database is invalid session data, the obtained second authentication result represents that the authentication is not passed, that is, the second authentication operation is not passed.
Taking account a as an example, assuming that the upper limit number of session data is 3, after receiving a user name of account a and a login password of account a sent by a certain terminal, if the login verification passes, the server generates token1 for the terminal, creates and stores session data session1 for the terminal, configures a preset identifier for the token1, and sends the session _ id of session data session1 and the token1 configured with the preset identifier to the terminal. In addition, the server may also query the number of valid session data existing for account a before creating the session data session1, and if the number reaches 3, the server sets the created session data session1 as invalid session data.
Thus, when the terminal subsequently sends a request to the server and carries the token1 and the session _ id, the server performs the first authentication operation based on the token1, and if the first authentication operation passes, the server queries the session data session1 corresponding to the terminal according to the received session _ id. Because the queried session data session1 is invalid session data, the second authentication operation is not passed, and thus the server determines that the terminal does not have the authority, thereby effectively limiting the sharing number of the account a.
In addition, since the session data stored in the server usually has a validity period, for example, several hours, several days, or several weeks, the originally valid session data automatically expires after the validity period is reached. When the originally valid session data fails, the next generated session data may be determined to be valid session data. The 3 active session data for one account is not fixed.
In addition, when the server stores each piece of session data, the storage time of the piece of session data and the account corresponding to the piece of session data may be recorded, and after a certain user modifies the password of the account, the server may regard all pieces of session data of the account before the password is modified as invalid data. And when the server executes the second authentication operation, if the second authentication operation is executed based on the failure session data, the obtained second authentication result represents that the authentication is not passed. In the specific implementation, if the session data queried by the server from the session database is invalid session data, the obtained second authentication result represents that the authentication is not passed, that is, the second authentication operation is not passed.
Based on the same inventive concept, referring to fig. 1, an embodiment of the present invention further provides another login authentication method. Referring to fig. 4, fig. 4 is a flowchart of a login authentication method according to another embodiment of the present invention, the login authentication method is applied to a server. As shown in fig. 4, the method comprises the steps of:
step S41: receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
step S42: judging whether the server stores session data corresponding to the terminal or not according to the token;
step S43: under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result;
step S44: and judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
For the specific implementation of step S41, reference may be made to the above-mentioned specific implementation of step S11. For a specific implementation of step S42, reference may be made to the specific implementation described above for step S12. For a specific implementation of step S43, reference may be made to the specific implementation described above for step S13.
In executing the above step S44, specifically, if both the first authentication result and the second authentication result represent that the authentication is passed, it is determined that the terminal has the authority. Otherwise, determining that the terminal does not have the authority.
When performing authentication by using the login authentication method shown in fig. 4, the server receives the token sent by the terminal, and then performs a first authentication operation on the terminal based on the token. Wherein, the invention ensures the availability of authentication due to the high availability of token technology. In addition, the server also judges whether the server stores the session data corresponding to the terminal according to the token. And under the condition that the server is determined to store the session data corresponding to the terminal, namely under the condition that the second authentication operation is available, executing the second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result. Thereby further improving authentication security in case a second authentication operation is available.
Based on the same inventive concept, an embodiment of the invention provides a login authentication device. Referring to fig. 5(a), fig. 5(a) is a schematic diagram of a login authentication device according to an embodiment of the present invention, the login authentication device is disposed in a server. As shown in fig. 5(a), the apparatus includes:
a first authentication module 51, configured to receive a token sent by a terminal, and perform a first authentication operation on the terminal based on the token to obtain a first authentication result;
a determining module 52, configured to determine, according to the token, whether the server stores session data corresponding to the terminal when the first authentication result represents that the authentication passes;
a second authentication module 53, configured to, when the server stores session data corresponding to the terminal, perform a second authentication operation on the terminal based on the session data corresponding to the terminal, so as to obtain a second authentication result.
Optionally, the determining module 52 is specifically configured to determine whether field content of a preset field in the token is target content, and if the field content is the target content, determine that the server stores session data corresponding to the terminal; if the field content is not the target content, determining that the server does not store the session data corresponding to the terminal;
or specifically, the token is used to determine whether the token includes a preset identifier, and if the token includes the preset identifier, it is determined that the server stores session data corresponding to the terminal; and if the token does not contain the preset identification, determining that the server does not store the session data corresponding to the terminal.
Optionally, the second authentication module 53 is specifically configured to, when the server stores session data corresponding to the terminal, access a storage area to read the session data corresponding to the terminal, where the storage area stores session data corresponding to each of a plurality of terminals; and under the condition that the session data corresponding to the terminal is successfully read, obtaining a second authentication result representing that the authentication is passed.
Optionally, the second authentication module 53 is further specifically configured to determine that the terminal has the right in case of a failure in accessing the storage area.
Based on the same inventive concept, referring to fig. 5(b), fig. 5(b) is a schematic diagram of a login authentication device according to another embodiment of the present invention, the login authentication device is disposed in a server. As shown in fig. 5(b), the apparatus includes not only: the first authentication module 51, the determining module 52 and the second authentication module 53 further include:
an authority determining module 54, configured to determine whether the terminal has an authority according to the second authentication result; if the second authentication result represents that the authentication is passed, determining that the terminal has the authority; and if the second authentication result represents that the authentication is not passed, determining that the terminal does not have the authority.
Optionally, the authority determining module 54 is further configured to determine that the terminal has the authority if the first authentication result represents that authentication is passed, but the server does not store session data corresponding to the terminal.
Optionally, as shown in fig. 5(b), the apparatus further comprises:
a token generation module 55, configured to generate a token for the terminal;
a session data creating and storing module 56, configured to create session data for the terminal, and store the session data;
a token processing module 57, configured to, under the condition that the session data is successfully stored, process the token according to a first preset processing manner, and send the processed token to the terminal, where the token processed according to the first preset processing manner is characterized in that: the server stores session data corresponding to the terminal; and under the condition that the session data is not successfully stored, processing the token according to a second preset processing mode, and sending the processed token to the terminal, wherein the token processed according to the second preset processing mode is characterized in that: the server does not store the session data corresponding to the terminal.
Based on the same inventive concept, referring to fig. 5(c), fig. 5(c) is a schematic diagram of a login authentication device according to another embodiment of the present invention, the login authentication device is disposed in a server. As shown in fig. 5(c), the apparatus includes not only: the first authentication module 51, the judgment module 52, the second authentication module 53 and the authority determination module 54 further include:
a session data creating and storing module 55, configured to create session data for the terminal, and store the session data;
a token generating module 56, configured to, in the case that the session data is successfully stored, generate a token for the terminal according to a first preset generating manner, and send the generated token to the terminal, where the token generated according to the first preset generating manner represents: the server stores session data corresponding to the terminal; under the condition that the session data is not successfully stored, generating a token for the terminal according to a second preset generation mode, and sending the generated token to the terminal, wherein the token generated according to the second preset generation mode is characterized by: the server does not store the session data corresponding to the terminal.
As shown in fig. 5(b) or 5(c), the login authentication device may further include:
a session data processing module 58, configured to set an upper limit number of session data for each account, and when the number of session data of the account exceeds the upper limit number, reserve the upper limit number of session data for the account as valid session data, and use the remaining session data of the account as invalid session data; and when the server executes a second authentication operation based on the failure session data, the obtained second authentication result represents that the authentication is failed.
Based on the same inventive concept, an embodiment of the invention provides a login authentication device. Referring to fig. 6, fig. 6 is a schematic diagram of a login authentication device according to another embodiment of the present invention, the login authentication device is disposed in a server. As shown in fig. 6, the apparatus includes:
the first authentication module 61 is configured to receive a token sent by a terminal, and perform a first authentication operation on the terminal based on the token to obtain a first authentication result;
a judging module 62, configured to judge whether the server stores session data corresponding to the terminal according to the token;
a second authentication module 63, configured to, when the server stores session data corresponding to the terminal, perform a second authentication operation on the terminal based on the session data corresponding to the terminal, so as to obtain a second authentication result;
and an authority determining module 64, configured to determine whether the terminal has an authority according to the first authentication result and the second authentication result.
An embodiment of the present invention further provides an electronic device, as shown in fig. 7, including a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 complete mutual communication through the communication bus 704,
a memory 703 for storing a computer program;
the processor 701 is configured to implement the following steps when executing the program stored in the memory 703:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
and under the condition that the first authentication result represents that authentication is passed, detecting whether the token comprises a preset identifier pre-configured by the server, wherein the preset identifier is used for representing: the server stores session data corresponding to the terminal in advance;
and under the condition that the token comprises the preset identification, executing second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result, and judging whether the terminal has the authority or not according to the second authentication result.
Or, the following steps are implemented:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
judging whether the server stores session data corresponding to the terminal or not according to the token;
under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result;
and judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
Alternatively, the processor 701 may also implement the steps in the other method embodiments described above when executing the program stored in the memory 703.
The communication bus mentioned in the above terminal may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the terminal and other equipment.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In yet another embodiment of the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, which when run on a computer, cause the computer to perform the authentication method described in any of the above embodiments.
In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the authentication method described in any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (14)
1. A login authentication method is applied to a server, and comprises the following steps:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
under the condition that the first authentication result represents that authentication is passed, judging whether the server stores session data corresponding to the terminal or not according to the token;
and under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result.
2. The method according to claim 1, wherein the step of determining whether the server stores session data corresponding to the terminal according to the token comprises:
judging whether field content of a preset field in the token is target content, and if the field content is the target content, determining that the server stores session data corresponding to the terminal; if the field content is not the target content, determining that the server does not store the session data corresponding to the terminal;
alternatively, the first and second electrodes may be,
judging whether the token contains a preset identifier or not, and if the token contains the preset identifier, determining that the server stores session data corresponding to the terminal; and if the token does not contain the preset identification, determining that the server does not store the session data corresponding to the terminal.
3. The method according to claim 1, wherein the step of performing a second authentication operation on the terminal based on the session data corresponding to the terminal in a case that the server stores the session data corresponding to the terminal includes:
under the condition that the server stores session data corresponding to the terminal, accessing a storage area to read the session data corresponding to the terminal, wherein the storage area stores the session data corresponding to each of a plurality of terminals;
and under the condition that the session data corresponding to the terminal is successfully read, obtaining a second authentication result representing that the authentication is passed.
4. The method of claim 3, further comprising:
and determining that the terminal has the authority in the case of failure in accessing the storage area.
5. The method of claim 1, wherein after obtaining the second authentication result, the method further comprises:
judging whether the terminal has the authority or not according to the second authentication result;
if the second authentication result represents that the authentication is passed, determining that the terminal has the authority; and if the second authentication result represents that the authentication is not passed, determining that the terminal does not have the authority.
6. The method of claim 1, further comprising:
and determining that the terminal has the authority under the condition that the first authentication result represents that the authentication is passed but the server does not store the session data corresponding to the terminal.
7. The method according to any of claims 1 to 6, wherein before receiving the token sent by the terminal, the method further comprises:
generating a token for the terminal;
creating session data for the terminal and storing the session data;
under the condition of successfully storing the session data, processing the token according to a first preset processing mode, and sending the processed token to the terminal, wherein the token processed according to the first preset processing mode is characterized in that: the server stores session data corresponding to the terminal;
under the condition that the session data is not successfully stored, processing the token according to a second preset processing mode, and sending the processed token to the terminal, wherein the token processed according to the second preset processing mode is characterized in that: the server does not store the session data corresponding to the terminal.
8. The method according to any of claims 1 to 6, wherein before receiving the token sent by the terminal, the method further comprises:
creating session data for the terminal and storing the session data;
under the condition that the session data are successfully stored, generating a token for the terminal according to a first preset generation mode, and sending the generated token to the terminal, wherein the token generated according to the first preset generation mode is characterized by: the server stores session data corresponding to the terminal;
under the condition that the session data is not successfully stored, generating a token for the terminal according to a second preset generation mode, and sending the generated token to the terminal, wherein the token generated according to the second preset generation mode is characterized by: the server does not store the session data corresponding to the terminal.
9. The method of any of claims 1 to 6, further comprising:
setting the upper limit number of session data for each account, and reserving the upper limit number of session data for the account as valid session data and taking the rest of the session data of the account as invalid session data under the condition that the number of the session data of the account exceeds the upper limit number;
and when the server executes a second authentication operation based on the failure session data, the obtained second authentication result represents that the authentication is failed.
10. A login authentication method is applied to a server, and comprises the following steps:
receiving a token sent by a terminal, and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
judging whether the server stores session data corresponding to the terminal or not according to the token;
under the condition that the server stores the session data corresponding to the terminal, executing a second authentication operation on the terminal based on the session data corresponding to the terminal to obtain a second authentication result;
and judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
11. A login authentication device is arranged on a server, and the device comprises:
the first authentication module is used for receiving a token sent by a terminal and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
the judging module is used for judging whether the server stores session data corresponding to the terminal or not according to the token under the condition that the first authentication result represents that the authentication is passed;
and the second authentication module is used for executing a second authentication operation on the terminal based on the session data corresponding to the terminal under the condition that the server stores the session data corresponding to the terminal, so as to obtain a second authentication result.
12. A login authentication device is arranged on a server, and the device comprises:
the first authentication module is used for receiving a token sent by a terminal and executing a first authentication operation on the terminal based on the token to obtain a first authentication result;
the judging module is used for judging whether the server stores the session data corresponding to the terminal according to the token;
the second authentication module is used for executing second authentication operation on the terminal based on the session data corresponding to the terminal under the condition that the server stores the session data corresponding to the terminal, and obtaining a second authentication result;
and the authority determining module is used for judging whether the terminal has the authority or not according to the first authentication result and the second authentication result.
13. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1 to 9 or the method steps of claim 10 when executing a program stored in the memory.
14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 9 or carries out the method steps of claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010398932.1A CN111711602A (en) | 2020-05-12 | 2020-05-12 | Login authentication method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010398932.1A CN111711602A (en) | 2020-05-12 | 2020-05-12 | Login authentication method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111711602A true CN111711602A (en) | 2020-09-25 |
Family
ID=72537448
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010398932.1A Pending CN111711602A (en) | 2020-05-12 | 2020-05-12 | Login authentication method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111711602A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111379A (en) * | 2009-12-24 | 2011-06-29 | 中国移动通信集团公司 | Authentication system, method and device |
| US20140298441A1 (en) * | 2013-03-28 | 2014-10-02 | DeNA Co., Ltd. | Authentication method, authentication system, and service delivery server |
| CN109587126A (en) * | 2018-11-26 | 2019-04-05 | 平安科技(深圳)有限公司 | User anthority identifying method and system |
| CN110086802A (en) * | 2019-04-24 | 2019-08-02 | 上海易点时空网络有限公司 | Method for authenticating and device for session |
| CN110690972A (en) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | Token authentication method and device, electronic equipment and storage medium |
-
2020
- 2020-05-12 CN CN202010398932.1A patent/CN111711602A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111379A (en) * | 2009-12-24 | 2011-06-29 | 中国移动通信集团公司 | Authentication system, method and device |
| US20140298441A1 (en) * | 2013-03-28 | 2014-10-02 | DeNA Co., Ltd. | Authentication method, authentication system, and service delivery server |
| CN109587126A (en) * | 2018-11-26 | 2019-04-05 | 平安科技(深圳)有限公司 | User anthority identifying method and system |
| CN110086802A (en) * | 2019-04-24 | 2019-08-02 | 上海易点时空网络有限公司 | Method for authenticating and device for session |
| CN110690972A (en) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | Token authentication method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108752B2 (en) | Systems and methods for managing resetting of user online identities or accounts | |
| US9942220B2 (en) | Preventing unauthorized account access using compromised login credentials | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| US8505085B2 (en) | Flexible authentication for online services with unreliable identity providers | |
| CN111917773B (en) | Service data processing method and device and server | |
| US10491588B2 (en) | Local and remote access apparatus and system for password storage and management | |
| US9118665B2 (en) | Authentication system and method | |
| US20120324545A1 (en) | Automated security privilege setting for remote system users | |
| KR101451359B1 (en) | User account recovery | |
| CN109756446B (en) | Access method and system for vehicle-mounted equipment | |
| CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN109842616B (en) | Account binding method and device and server | |
| EP2775658A2 (en) | A password based security method, systems and devices | |
| CN116668190A (en) | Cross-domain single sign-on method and system based on browser fingerprint | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| CN116248351A (en) | Resource access method and device, electronic equipment and storage medium | |
| CN109639695A (en) | Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework | |
| US20080022004A1 (en) | Method And System For Providing Resources By Using Virtual Path | |
| CN111711602A (en) | Login authentication method and device, electronic equipment and readable storage medium | |
| US20080060060A1 (en) | Automated Security privilege setting for remote system users | |
| CN105071993A (en) | Encryption state detection method and system | |
| JP4671686B2 (en) | Network file system and authentication method | |
| KR20140023085A (en) | A method for user authentication, a authentication server and a user authentication system | |
| EP4207682A1 (en) | Device, method and system of handling access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200925 |