CN112199652B - Login method, terminal, server, system, medium and equipment of application program - Google Patents
Login method, terminal, server, system, medium and equipment of application program Download PDFInfo
- Publication number
- CN112199652B CN112199652B CN202011148600.4A CN202011148600A CN112199652B CN 112199652 B CN112199652 B CN 112199652B CN 202011148600 A CN202011148600 A CN 202011148600A CN 112199652 B CN112199652 B CN 112199652B
- Authority
- CN
- China
- Prior art keywords
- user
- login
- terminal
- identity authentication
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention provides a login method, a terminal, a server, a system, a medium and electronic equipment of an application program. The method comprises the following steps: sending a login request for logging in an application program to an identity authentication server; in response to receiving a request sent by the identity authentication server for acquiring device information, sending the device information to the identity authentication server, so that the identity authentication server determines a device identifier for uniquely representing the terminal based on the device information; responding to the identity authentication server to determine that the equipment identifier is associated with any one or more accounts in the application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so as to be used for a user to login an application program; wherein the application set at least comprises an application program. Aiming at the login of the application program in the application set, the technical scheme can effectively save the computing resources occupied by the identity authentication process and reduce the time consumption of login.
Description
Technical Field
The present invention relates to the field of information processing technologies, and more particularly, to a login method of an application program, a terminal, a server, a login system of an application program, and a computer readable medium and an electronic device for implementing the login system of an application program.
Background
This section is intended to provide a background or context to the invention that is recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In order to ensure account security, each application program on the market generally needs to perform user identity authentication before the user does not perform identity authentication. For example, identity authentication can be performed by inputting an account number and a password, can be performed by the account number and biological characteristics such as fingerprints, facial expressions, facial features and the like, and can be performed by checking the account number and a short message. And after the authentication is passed, the application program can provide service for the user.
Therefore, in the technical scheme provided in the prior art, identity authentication is required before the user successfully logs in the account of the application program, the identity authentication process causes certain waste of computing resources, and the login process is time-consuming, so that the user is not convenient to log in the application program.
Disclosure of Invention
Therefore, an improved application login system is highly needed to effectively save the computing resources occupied by the identity authentication process, reduce the login time, and enable the user to conveniently log in the application.
In this context, embodiments of the present invention desirably provide an application login system, an application login method, a terminal, a server, a computer-readable medium, and an electronic device.
In a first aspect of the embodiment of the present invention, an application login system is provided and applied to a terminal, where the terminal can load a corresponding application, and the method includes:
sending a login request for logging in an application program to an identity authentication server; in response to receiving a request sent by the identity authentication server for acquiring equipment information, sending the equipment information to the identity authentication server so that the identity authentication server determines equipment identification for uniquely representing the terminal based on the equipment information; responding to the identity authentication server to determine that the equipment identifier is associated with any one or more accounts in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can log in the application program; wherein the application set at least comprises the application program.
In an exemplary embodiment, based on the foregoing scheme, the method further includes: receiving a user identity authentication request generated by the identity authentication server to authenticate the user in response to the equipment identifier being not associated with any account in the application set; receiving identity authentication information of the user as an identity authentication response and sending the identity authentication information to the identity authentication server so that the identity authentication server associates the equipment identifier and a first account corresponding to the identity authentication information after the identity authentication of the user is successful; and responding to the successful authentication of the identity authentication server to the user based on the identity authentication response, receiving a login response of which the user identity is legal sent by the identity authentication server, and logging in the application program by the first account.
In an exemplary embodiment, based on the foregoing solution, the receiving a login response sent by the authentication server and having a user identity in a legal state includes: responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is currently in a login state, and receiving a second account number in the login state sent by the identity authentication server for the user to select the second account number; receiving the second account number selected by the user and sending the second account number to the identity authentication server; and receiving a login response sent by the identity authentication server when the identity authentication server receives the second account selected by the user and the user identity is legal.
In an exemplary embodiment, based on the foregoing solution, the receiving, by the authentication server, a login response that the user identity is legal, where the second account is multiple, includes:
responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is currently in a login state, and receiving a plurality of second account numbers in the login state sent by the identity authentication server for the user to select from the plurality of second account numbers; receiving at least one second account selected by the user from a plurality of second accounts, and sending the second account to the identity authentication server; and receiving a login response sent by the identity authentication server when the identity authentication server receives at least one second account number selected by the user and the user identity is legal.
In an exemplary embodiment, based on the foregoing solution, the receiving the second account number in the login state sent by the authentication server includes: and after the identity authentication server desensitizes the second account, receiving the desensitized second account sent by the identity authentication server.
In an exemplary embodiment, based on the foregoing solution, the receiving a login response sent by the authentication server and having a user identity in a legal state includes: responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is not in a login state currently, and receiving a request sent by the identity authentication server to acquire a third account number which is logged in history, so that a user provides the third account number; receiving a third account number which is input by a user and successfully logged in, and sending the third account number to the identity authentication server; and responding to the identity authentication server to determine that the third account number provided by the user is the account number which is successfully logged in the history, and receiving a login response which is sent by the identity authentication server and is in a legal state.
In an exemplary embodiment, based on the foregoing scheme, the device information includes one or more of the following information: network address of the terminal, system information of the terminal, model information of the terminal, and component information of the terminal.
In an exemplary embodiment, based on the foregoing scheme, the device identifier is generated by the authentication server encoding the device information according to a preset mapping rule.
In an exemplary embodiment, based on the foregoing scheme, the device information is multiple, and the device identifier is a series of corresponding multiple hash values generated by the identity authentication server encoding the multiple device information according to a hash algorithm, where the hash values are used to evaluate the identity probability of the corresponding terminals according to the weighted similarity.
In an exemplary embodiment, based on the foregoing solution, after the receiving a login response that the user identity sent by the authentication server is legal, the method further includes: and the terminal sends the login response to an application server so that the application server provides the service of the application program for the terminal.
In a second aspect provided by an embodiment of the present invention, a login method of an application program is provided and applied to an authentication server, where the method includes: in response to receiving a login request for logging in an application program, acquiring device information of a terminal loading the application program, and determining a device identifier for uniquely representing the terminal based on the device information; according to the equipment identification, determining that the equipment identification is associated with any one or more accounts in an application set, wherein the application set at least comprises the application program; and sending a login response with legal user identity to the terminal for the user to log in the application program.
In an exemplary embodiment, based on the foregoing solution, after the sending, to the terminal, a login response with a user identity in a legal state, the method further includes: the device identification and the first account number are associated to increase the number of account numbers associated with the device identification.
In an exemplary embodiment, based on the foregoing scheme, the method further includes: responding to the equipment identification, if any account number in the application set is not associated, generating a user identity authentication request and sending the user identity authentication request to the terminal so as to authenticate the user; receiving an identity authentication response of the terminal, and associating the equipment identifier and a first account corresponding to the identity authentication information after the identity authentication of the user is successful; and sending a login response of which the user identity is legal to the terminal so that the first account logs in the application program.
In an exemplary embodiment, based on the foregoing solution, the sending, to the terminal, a login response that the user identity is in a legal state includes: determining that an account number associated with the equipment identifier in the application set is currently in a login state, and sending the second account number in the login state to the terminal for the user to select the second account number; and responding to the received second account number selected by the user, and sending a login response with the legal user identity to the terminal.
In an exemplary embodiment, based on the foregoing solution, the sending, to the terminal, a login response that the user identity is legal, where the second account is multiple includes:
determining that an account number associated with the equipment identifier in the application set is currently in a login state, and sending a plurality of second account numbers in the login state to the terminal so as to enable the user to select among the plurality of second account numbers; and responding to the receiving of at least one second account selected by the user from a plurality of second accounts by the terminal, and sending a login response with the legal user identity to the terminal.
In an exemplary embodiment, based on the foregoing solution, the sending the second account number in the login state to the terminal includes: and desensitizing the second account, and sending the desensitized second account to the terminal.
In an exemplary embodiment, based on the foregoing solution, the sending, to the terminal, a login response that the user identity is in a legal state includes: determining that an account number associated with the equipment identifier in the application set is not in a login state currently, and sending a request for acquiring a third account number which is logged in a history to the terminal so that a user can provide the third account number; and responding to the third account number provided by the user as the account number which is successfully logged in the history, and sending a login response of which the user identity is legal.
In an exemplary embodiment, based on the foregoing scheme, the device information includes one or more of the following information: network address of the terminal, system information of the terminal, model information of the terminal, and component information of the terminal.
In an exemplary embodiment, based on the foregoing scheme, the determining, based on the device information, a device identifier for uniquely representing the terminal includes: and encoding the equipment information according to a preset mapping rule to generate an equipment identifier for uniquely representing the terminal.
In an exemplary embodiment, based on the foregoing solution, the device information is plural, and the determining, based on the device information, a device identifier for uniquely representing the terminal includes: a series of corresponding plurality of hash values generated by encoding the plurality of device information according to a hash algorithm are used to evaluate the identity probability of the respective terminals according to the weighted similarity.
In an exemplary embodiment, based on the foregoing solution, after the fourth account is successfully logged in, storing the comparison device identifier corresponding to the fourth account; wherein, according to the device identifier, determining that the device identifier is associated with any one or more accounts in an application set containing the application program includes: and determining a current equipment identifier according to the equipment information, and determining that any one or more accounts in an application set containing the application program are associated with the comparison equipment identifier in response to the difference between the current equipment identifier and the comparison equipment identifier being smaller than a preset value.
In an exemplary embodiment, based on the foregoing solution, after the sending, to the terminal, a login response with a user identity in a legal state, the method further includes: and the terminal sends the login response to an application server so that the application server provides the service of the application program for the terminal.
In a third aspect of the embodiments of the present invention, there is provided a terminal capable of loading a corresponding application, wherein the terminal includes:
the first sending module is used for sending a login request for logging in the application program to the identity authentication server; the second sending module is used for responding to a request sent by the identity authentication server for acquiring equipment information and sending the equipment information to the identity authentication server so that the identity authentication server can determine equipment identification for uniquely representing the terminal based on the equipment information; the receiving module is used for responding to the identity authentication server to determine that the equipment identifier is associated with any one or more accounts in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can login the application program; wherein the application set at least comprises the application program.
In a fourth aspect of the embodiments of the present invention, there is provided a server, wherein the server includes:
the first acquisition module is used for responding to a login request for logging in an application program, acquiring equipment information of a terminal loading the application program, and determining an equipment identifier for uniquely representing the terminal based on the equipment information; the determining module is used for determining that the equipment identifier is associated with any one or more account numbers in an application set according to the equipment identifier, wherein the application set at least comprises the application program; and the third sending module is used for sending a login response with the legal user identity to the terminal so as to be used for logging in the application program by the user.
In a fifth aspect of the embodiments of the present invention, there is provided a login system for an application, wherein the system includes: the terminal can load a corresponding application program, and can realize the login method of the application program according to the first aspect; and an authentication server capable of implementing the login method of the application program described in the second aspect.
In a sixth aspect of the embodiments of the present invention, there is provided a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a login method for an application as described in the first aspect.
In a seventh aspect of the embodiment of the present invention, there is provided an electronic device, including: a processor and a memory, the memory storing executable instructions, the processor being configured to invoke the executable instructions stored by the memory to perform the method of logging in an application as described in the first aspect above.
In the embodiment provided by the invention, firstly, after a terminal loading a corresponding application program sends a login request for logging in the application program to an identity authentication server, the identity authentication server determines a device identifier for uniquely representing the terminal based on device information. According to the technical scheme, the terminal is uniquely identified through the equipment identifier, and the successfully logged-in account information is associated with the equipment identifier, so that if the equipment identifier is associated with any one or more accounts in the application set, the user is considered to be the user which has undergone identity authentication, the identity of the user is determined to be legal, and the user can log in the application program without re-identity authentication, namely, the user can successfully log in the application program without providing any account information or password information, and the technical effect of the terminal equipment, namely the identity, is achieved. For the login of any application program in the application set, if any account number carries out identity authentication, the login of other account numbers can avoid carrying out identity authentication again, and therefore the user can be prevented from carrying out identity authentication repeatedly in the technical scheme, the computing resources occupied by the identity authentication process are effectively saved, the login time is reduced, and the convenience of the user for logging in the application program is improved.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
FIG. 1 schematically illustrates a flow diagram of an application login system according to an embodiment of the invention;
FIG. 2 schematically illustrates a flow chart of an application login system according to another embodiment of the invention;
FIG. 3 schematically illustrates an interaction diagram of an application login system according to an embodiment of the invention;
fig. 4 schematically shows a flow diagram of a device identification determination method according to an embodiment of the invention;
FIG. 5 schematically illustrates a flow diagram of a device identification alignment method according to an embodiment of the invention;
FIG. 6 schematically illustrates an interaction diagram of an application login system according to an embodiment of the invention;
FIG. 7 schematically illustrates an interaction diagram of an application login system according to an embodiment of the invention;
fig. 8 schematically shows a schematic structural view of a terminal according to an embodiment of the present invention;
fig. 9 schematically shows a structural diagram of a server according to an embodiment of the present invention;
FIG. 10 schematically illustrates a schematic configuration of a login system for an application according to an embodiment of the present invention;
FIG. 11 schematically illustrates a schematic diagram of a computer-readable medium according to an example embodiment of the invention; the method comprises the steps of,
fig. 12 schematically shows a block diagram of an electronic device according to an example embodiment of the invention.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable those skilled in the art to better understand and practice the invention and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
One skilled in the art will appreciate that embodiments of the present invention may be implemented as a system, apparatus, device, or computer program product. Thus, the invention may be embodied in the form of: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to an embodiment of the present invention, an application login system, an application login method, a terminal, a server, a computer-readable medium, and an electronic device are provided.
Furthermore, any number of elements in the figures is for illustration and not limitation, and any naming is used for distinction only and not for any limiting sense.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
Summary of The Invention
The present inventors have found that for the first application login system provided in the prior art, a user needs to perform an identity authentication when using an application within an application group (or "application consortium") on the same device. This results in the concept of "application set/application federation" being a dummy, i.e. no user is provided with a more convenient experience for logging in applications within an application set, so that the user cannot feel the relationship between applications within an application set.
The present inventors have also found that for the second application login system provided in the prior art is: at present, application program login states in the application alliance on the market are transferred and shared, user information authorization (or a private protocol pulls current login information of a user to a central management server) is needed by relying on the central management server, at this time, the current equipment is required to be ensured to install an application related to the central management server, and the application is in an effective login state, so that a more convenient in-alliance application program login scheme can be provided for the user. If the application related to the central management server is in an unregistered state, the user still needs to perform account identity authentication once when logging in any application program in the alliance.
The following disadvantages exist for the second application login scheme existing in the related art: when the user uses the application program in the alliance on the same equipment, the central management server needs to be actively or passively evoked to acquire the login account information of the user in the central management server, so that the purpose of transmitting the login state of the application program in the application alliance is achieved. In this way, each authorization process may have the risk that the counterfeit application program breaks the intermediate protocol and steals the authorization information to counterfeit the account number for login.
In addition, for the user, the application system which does not perform identity authentication needs to call the central application server for authorization every time, if the application related to the central management server is in an unregistered state, account identity authentication still needs to be performed, and the problem of repeated identity authentication exists when the account of the application program in the alliance is logged in.
Based on the above, the basic idea of the invention is that the terminal is uniquely identified by the device identifier, and the successfully logged-in account information is associated with the device identifier, so that if the device identifier is associated with any one or more accounts in the application set, the user is considered to be the user which has undergone identity authentication, and the identity of the user is determined to be legal, and the user can log in the application program without re-identity authentication, i.e. the user can successfully log in the application program without providing any account information or password information, thereby playing the technical effect of the terminal device, i.e. identity.
Having described the basic principles of the present invention, an exemplary use scenario of the present invention is described below.
Application scene overview
It should be noted that the following application scenarios are only shown for facilitating understanding of the spirit and principles of the present invention, and embodiments of the present invention are not limited in this respect. Rather, embodiments of the invention may be applied to any scenario where applicable.
The technical scheme is suitable for preventing the identity authentication from logging in when the same terminal logs in the account in any application set again after the account in the application set is authenticated once. Wherein the application set comprises at least one application program, and each application program comprises at least one account. The application types in the application set or the relation between the applications are not limited by the technical scheme.
By way of example, the application set may be a plurality of applications deployed by a company on the market, such as: xx mailbox class applications, xx music class applications, xx shopping class applications. The application set may also be a group that is created by the user according to his/her preference, and includes a plurality of application programs, such as: the user creates a plurality of shopping applications as an application set.
In an exemplary use case, the application set may be referred to as a "federation". And on the premise of ensuring the safety of the user account, the identity of the user is authenticated once. After one authentication is successful, the application provides a technical scheme without authentication again in order to facilitate the user to log in the account numbers of other applications or other account numbers of the same application in the alliance.
In an exemplary usage scenario, in the prior art, if a user uninstalls a certain application program or does not use the application program for a long time, when the identity authentication state is invalid, the user needs to re-use the same account to log in the application program on the same device, and therefore, account identity authentication is still required, which results in inconvenient experience. By the technical scheme provided by the application, after the user finishes identity authentication once, even if a certain application program in the alliance is uninstalled or the application program is not used for a long time, the successful login without identity authentication can be realized.
Various non-limiting embodiments of the present application are described in detail below.
Exemplary method
An application login system according to an exemplary embodiment of the present application will be described below with reference to any one of fig. 1 to 7 in conjunction with the above application scenario.
Fig. 1 and 2 each schematically show a flow diagram of an application login system according to an embodiment of the invention. The execution subject of the method shown in fig. 1 is a terminal, and the execution subject of the method shown in fig. 2 is an identification server. Referring to fig. 1, when an execution subject is a terminal capable of loading a corresponding application, an application login system includes:
step S11, a login request for logging in an application program is sent to an identity authentication server; step S12, in response to receiving a request for acquiring equipment information sent by the identity authentication server, sending the equipment information to the identity authentication server so that the identity authentication server determines equipment identification for uniquely representing the terminal based on the equipment information; step S13, responding to the identity authentication server to determine that the equipment identifier is associated with any one or more account numbers in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can log in the application program; wherein the application set at least comprises the application program.
Referring to fig. 2, when the executing entity is an authentication server, the application login system includes:
step S21, in response to receiving a login request for logging in an application program, acquiring device information of a terminal loading the application program, and determining a device identifier for uniquely representing the terminal based on the device information; step S22, according to the equipment identifier, determining that the equipment identifier is associated with any one or more accounts in an application set, wherein the application set at least comprises the application program; step S23, a login response with legal user identity is sent to the terminal for the user to log in the application program.
And fig. 3 schematically shows an information interaction diagram when the terminal and the authentication server perform an application login system. A specific embodiment of the steps shown in fig. 1 and 2 is described below in conjunction with fig. 3:
as a specific embodiment of step S11, in step S1, the terminal 31 transmits a login request for logging in the application to the authentication server 32.
The application program essence refers to a program that logs in through account numbers and identity authentication. For example, the Application may be an APP based on a client/server (server) network architecture mode, a web Application based on a browser/server (server) network architecture mode, an applet, or the like.
Illustratively, the terminal 31 provides a control for a user to trigger a login request. For example, the user logs in "xx music" through the terminal, and after opening the application, the user can pass through the "login" control displayed on the terminal, and the terminal 31 is triggered to send a login request for logging in "xx music" the application to the authentication server 32.
As a specific embodiment of step S21, in response to receiving the login request, the authentication server 32 sends a request for acquiring device information of the terminal loaded with the application to the terminal 31 in step S2. And, as a specific embodiment of step S12, in step S3, the terminal 31 transmits device information about the terminal to the authentication server 32.
In an exemplary embodiment, the device information includes one or more of the following: network address of the terminal, system information of the terminal, model information of the terminal, and component information of the terminal. Specifically, reference may be made to table 1:
TABLE 1
In this embodiment, the device identifier is determined by the device information of multiple types/multiple dimensions as shown in table 1, which has the advantages that: on the one hand, if the device identifier determined by the information with a single dimension is used, the possibility of being forged is high, and therefore the technical scheme is beneficial to improving the security of application program login. On the other hand, even for the same terminal, if the types of the device information which can be acquired are different if the operating systems are different, and the user authorization states may be different when the device information is acquired for different times, the types of the device information acquired for two times are greatly different, and further, the device identifiers which are determined for two times may be different, so that the identification accuracy of the terminal is affected. For example, in the two login processes on the same device, the device information acquired once includes [ information-1 ], information-2 ] and information-3 ], and the device information acquired another time includes [ information-1 ], information-4 ] and information-5 ], so that the difference between the two determined device identifications is definitely large, and further identity-free authentication of the account cannot be guaranteed to be successfully logged in.
According to the technical scheme, even if some part of acquired equipment information is missing or updated, the identification of the equipment identification is not affected, and the robustness of the terminal identification is improved. On the other hand, even for the same terminal, there is inevitably some time-dependent and place-dependent equipment information (such as operator information and GPS information, respectively), and when it is changed, the accuracy of this type of information can be ensured by controlling the threshold control and/or machine learning calculation of this type, so as to avoid affecting the recognition accuracy of the terminal due to the change of part of the equipment information. On the other hand, as the system of the terminal is in continuous development and upgrade (such as operating system version update, network type change and the like), the technical scheme adopts multidimensional equipment information to calculate equipment identification, so that flexible expansion and compatibility can be carried out, and the system of more versions and the equipment information of more types of machine types in the future have good expansibility and compatibility, so that the robustness of terminal identification is further improved.
Further, as a specific embodiment of step S21, the identity authentication server 32 determines a device identifier for uniquely representing the terminal based on the device information in step S4.
In an exemplary embodiment, the device information is encoded according to a preset mapping rule to generate a device identifier for uniquely representing the terminal.
The login request received by the identity authentication server includes an application set identifier to which the application to be logged in belongs, so as to indicate which application set the application to be logged in belongs to. Meanwhile, in order to distinguish different application sets, or to determine whether the current application belongs to the application set a or the application set B (specifically, may be determined according to the application set identifier included in the login request), the device identifiers determined by different application sets (may be referred to as "federation") need to be different for the same terminal. Thus, the algorithm for determining device identification is different for different application sets. That is, the device identification is determined by a unified algorithm for account numbers of applications of the same application set.
In an exemplary embodiment, fig. 4 schematically shows a flow diagram of a method of assessing the identity of a device according to an embodiment of the invention. Specifically, a hash value used as a device identification is first determined, and device identity is further evaluated based on the hash value. Referring to fig. 4, comprising:
Step S41, a series of corresponding multiple hash values generated by encoding the multiple device information according to a hash algorithm; and step S42, based on the hash value, evaluating the identity probability of the corresponding terminal according to the weighted similarity.
In this embodiment, the hash value of each piece of device information is determined based on the hash algorithm corresponding to the application set to which the application program belongs. The device information is terminal-related information that the user is allowed to acquire, as shown in table 1.
Illustratively, the acquired device information is arranged according to a preset sequence, and divided into a plurality of sections, characters are generated based on hash values of the information, and the hash value characters are unique mapping identifications of the information.
For example: the device information acquired by the terminal M includes [ information-1 ], information-2 ], information-3 ], … … and information-100, and the format of the device identifier may be expressed as: (hash value 1) - (hash value 2) - (hash value 3) - … … - (hash value 100). Wherein, the liquid crystal display device comprises a liquid crystal display device,
(hash value-1) is [ information-1 ] a character generated based on a hash value manner, such as: "(hash value-1)" is: 416d363aa99f802;
(hash value-2) is [ information-2 ] a character generated based on a hash value manner, such as: "(hash value-2)" is: 6d363aa99f802f3;
(hash value-3) is a character generated based on the hash value manner, such as: "(hash value-3)" is: d363aa99f802f3g;
……
(hash value-100) is [ information-100 ] a character generated based on a hash value manner, such as: "(hash value-100)" is: a3416d363aa99f8.
Then, the device identity of the terminal M may be expressed as a series of hash values: 416d363aa99f802-6d363aa99f802f3-d363aa99 f3g- … … -a3416d363aa99f8.
In an exemplary embodiment, the algorithm for determining device identification is the same for the same application set/federation. However, there may be a difference in the acquired device information when the account numbers of different applications in the same application set are registered/when the account numbers of different applications are registered/when the same account number is registered at different times, for example, "system version" in the device information acquired when the first account number of the application is registered is "10.3.2", and "system version" in the device information acquired when the second account number of the application is registered is "10.3.5". Therefore, after the device identifier corresponding to the current account is calculated, it should also be determined whether the current device identifier and the device identifier associated with the account (denoted as "comparison device identifier") are the same device identifier, so as to further improve the security of application login.
In an exemplary embodiment, as a specific implementation manner of step S42, fig. 5 schematically shows a flowchart of a device identifier comparison method according to an embodiment of the present invention. Referring to fig. 5, comprising:
step S51, after the fourth account is successfully logged in, storing a comparison device identifier corresponding to the fourth account; and step S52, determining a current equipment identifier according to the equipment information, and determining that any one or more account numbers in an application set containing the application program are associated with the comparison equipment identifier in response to the difference between the current equipment identifier and the comparison equipment identifier is smaller than a preset value.
For example, different identification weights are set for hash values corresponding to the device information, so as to ensure that the accuracy of device identification determination is not affected when the acquired device information changes.
For example, if more information can be collected by the identity recognition server after the terminal is opened later, the corresponding hash value can be sequentially increased to the original hash value, so that the identification of the information collected earlier is not affected, and the accuracy of equipment identification determination is not affected.
By way of example, the [ information-1 ] of the 100 pieces of device information acquired for the terminal a is the network address of the terminal, and the terminal a can be uniquely represented by only the [ information-1 ]. The identification weight of the information 1 can be set to a larger value in order to influence whether the identification of the identity authentication server is the same terminal device or not to a larger extent. For example, [ information-50 ] in 100 pieces of equipment information collected by the terminal a, when the first account is logged in, the first account is changed from the fourth account before the first account is logged in. The identification weight of the information 50 may be set to a small value so as not to affect whether the identification server identifies the same terminal device. Illustratively, the identification weights of the respective information may be dynamically adapted by artificial intelligence learning to determine the accuracy of identification of the device identification.
By way of example, it may be determined whether two device identifications obtained by acquiring device information twice belong to the same terminal (i.e., to achieve an evaluation of identity) according to the following formula:
device identity probability = (information 1 contrast ratio information 1 weight ratio) + (information 2 contrast ratio information 2 weight ratio) + (information 3 contrast ratio information 3 weight ratio) + … … + (information 100 contrast ratio information 100 weight ratio)
If the device identity probability is within the range defined by the system, the device identity probability is considered to be the same terminal. That is, it may be determined whether the current device identifier corresponds to the same terminal as the comparison device identifier.
In an exemplary embodiment, in step S22, it is determined, according to the device information, whether the device identifier is associated with any one or more account numbers in the application set.
If the device identifier is associated with an account in the application set, which indicates that there are already accounts successfully logged in the application set, that is, the user identities are legal for all accounts in the application set, referring to fig. 3, in step S5, the identity authentication server 32 determines that the device identifier is associated with any one or more accounts in the application set, and then step S23/S6 is executed: a login response with a legal user identity is sent to the terminal 31.
If the device identifier is not associated with the account number in the application set, the account number which is not successfully logged in the application set is indicated, and identity authentication is needed to be carried out on the user once. Step S24 is performed: and generating a user identity authentication request and sending the user identity authentication request to the terminal so as to authenticate the user in response to the equipment identifier not being associated with any account in the application set. Further, in order to avoid the authentication again when other applications in the application set log in later, step S25 is executed: the identity authentication server receives the identity authentication response of the terminal, and associates the equipment identifier and a first account corresponding to the identity authentication information after the identity authentication of the user is successful; and sending a login response with legal user identity to the terminal so as to enable the first account to log in the application program.
The identity authentication information at least comprises account password information, sign information of a terminal user and/or short message verification code information received by the terminal.
After the login authentication of the application program passes, the identity authentication service associates the account number in the identity authentication information with the equipment identifier, so that when a user logs in other application programs in the same application set on the same equipment, the user can avoid repeated identity authentication by judging that the equipment identifier is already associated with the first account number, the application login speed is improved, and the application login experience of the user is improved.
In an exemplary embodiment, in order to further improve the security of user account login, before step S6/step S23 is performed, that is, before a login response with a legal user identity is sent to the terminal, the technical solution further determines, by using the identity authentication server 32, whether the account associated with the device identity is currently in a login state.
Case one:
if the account associated with the device identification is currently in the login state (denoted as "second account"), the authentication server may consider that the user of the current terminal (i.e. the user attempting to login to the application program) and the user of the second account belong to the same user with a high probability, so that a manner of letting the user select to confirm may be adopted to determine whether the current user and the user of the second account are the same user. Fig. 6 illustrates an exemplary technical solution in a case where the second account number associated with the device identifier is currently in a login state. Wherein fig. 6 is implemented on the basis of fig. 3, and in particular, referring to fig. 6, the method comprises:
Step S5', determining that the equipment identifier is associated with a second account in the application set, wherein the second account is in a login state; step S61, the authentication server 32 sends the second account number in the login state to the terminal, so that the user can select the second account number; and step S62, the authentication server 32 sends a login response with the user identity being in a legal state to the terminal 31 in response to receiving the second account selected by the user.
In an exemplary embodiment, if the number of the second account numbers in the login state is plural, the specific implementation manner of sending, by the authentication server, the login response that the user identity is in the legal state includes:
the identity authentication server determines that an account number associated with the equipment identifier in the application set is in a login state currently, and the identity authentication server sends a plurality of second account numbers in the login state to the terminal for a user to select among the plurality of second account numbers; further, after the user selects, the terminal sends at least one second account selected by the user from the plurality of second accounts to the identity authentication server, so that the identity authentication server receives the at least one second account selected by the user, and the identity authentication server sends a login response that the user identity is legal.
The user is exemplified to log in the xx music currently, after receiving the login request and determining the equipment identifier according to the acquired equipment information, the identity authentication server obtains that an xx mailbox account and an xx game account associated with the equipment identifier are both in a login state currently, and then the identity authentication server sends the xx mailbox account and the xx game account in the login state to the terminal so as to be selected and confirmed by the user. If the user confirms the account belonging to the user after looking up the related second account (such as the "xx mailbox" account and the "xx game" account), at least one account belonging to the user in the second account is sent to the identity authentication server through the terminal. Thus, the identity authentication server determines that the current user and the user of the second account are the same user. Further, since the second account is associated with the device identifier, the second account is an account that has undergone identity authentication, and it is currently determined whether the current user is the same as the user of the second account, so that the user can be allowed to directly log in the "xx music" without repeating the identity authentication.
Still another example, the first application, the second application, and the third application belong to the same application set. The first application program is that the micro-information is subjected to identity authentication through an account password, and the second application program is that the micro-information is subjected to identity authentication through a sign information. When the user wants to log in the third application program, the identity authentication server can selectively feed back the account information of the WeChat or the account information of the microblog to the user for the user to select and confirm, and the user confirms that the user successfully logs in the WeChat or the microblog on the terminal equipment, so that the identity authentication server allows the user to successfully log in the third application program without identity authentication.
For example, in order to determine the security of the account, the second account needs to be desensitized, and then the desensitized second account is sent to the terminal, for example, an "xx mailbox" account is shown as "136 x 9579@xx.com". The second account may be displayed on the terminal display in a control manner, so that the user may manually select the second account in step S60. Of course, the second account may also be played by the terminal in a voice manner, so that the user can select the second account by voice control in step S60.
For example, when the number of the second accounts is multiple, for example, the user logs in "xx music", after receiving the login request and determining the device identifier according to the collected device information, the identity authentication server finds that the "xx mailbox" account and the "xx game" account associated with the device identifier are all in the login state currently, and then the terminal can display the "xx mailbox" account and the "xx game" account in a list manner, so that the user can conveniently view and select.
In this embodiment, when a user uses an application program in an application set (or referred to as a "federation") on a device, the identity authentication server retrieves one or more accounts in the federation associated with the device (i.e., retrieves other accounts in the federation logged on the same device) through the device identifier, and determines that the associated account is currently in a login state (i.e., the second account), and returns related information of the second account to the terminal for confirmation by the user. After the user confirms that the returned second account belongs to the user account, the identity authentication server considers that the current user is the user passing the identity authentication, namely the user can directly and successfully log in the application in the alliance on the same equipment, and the technical effect of equipment, namely the identity is achieved.
And a second case:
if the account associated with the device identifier is not currently in the login state (denoted as "third account"), for example, the user logs out of the accounts of all the applications in the login alliance on the same device, or the user deletes all the applications in the alliance on the same device, or the user restarts the device, for ensuring the security of the account, the identity authentication server may not consider that the user of the current terminal (i.e. the user attempting to login the application) and the user of the third account belong to the same user with a high probability, and the user needs to provide the third account which is successfully logged in the history, so as to verify whether the current user and the user of the third account are the same user. Fig. 7 illustrates an exemplary technical solution in a case where the third account number associated with the device identifier is not currently in the login state. Wherein fig. 7 is also implemented on the basis of fig. 3, and in particular, with reference to fig. 7, the method comprises:
step S5", determining that the equipment identifier is associated with a third account in the application set, and the third account is not in a login state; step S71, the authentication server 32 sends a request for obtaining the third account logged in by the history to the terminal 31, so that the user provides the third account; and step S72, the authentication server 32 responds to the third account provided by the user as the account of the history successful login, and sends a login response that the user identity is in a legal state.
For example, the user currently logs in "xx music" (application program to be logged in), and after receiving the login request and determining the device identifier according to the collected device information, the identity authentication server obtains an "xx mailbox" account and an "xx game" account associated with the device identifier, where, however, the "xx mailbox" account and the "xx game" account are not currently in a login state. In order to further verify whether the user attempting to log in "XX music" (i.e. the application to be logged in) is the same user as the user of the "XX mailbox" account and the "XX game" account, the authentication server sends a request for obtaining the third account logged in historically to the terminal. For example, "please provide" xx mailbox "account information that you have logged in historically" or "please provide" xx game "account information that you have logged in historically".
If the identity authentication server judges that the account information provided by the user is consistent with the third account information, the current user and the user of the third account can be determined to be the same user. Furthermore, since the third account is associated with the device identifier, the third account is an account which has undergone identity authentication, and it is currently determined that the current user is the same as the user of the third account, so that the user can be allowed to log in the application to be logged in by using the third account, that is, the user can be allowed to log in "xx music" by using the account of the "xx game" or the "xx mailbox", thereby avoiding the process of performing identity authentication on the account of the "xx music".
For example, the request for obtaining the third account logged in through history may be displayed on the terminal display in a manner of displaying a control, so that the user may manually input the third account at the display control in step S70. Of course, the request for obtaining the third account with the logged-in history may also be played back in voice by the terminal, so that the user in step S70 inputs the third account with the logged-in history in a voice control manner.
In an exemplary embodiment, referring to fig. 3, 6 or 7, in step S6, the authentication server 32 transmits a login response with the user identity in a legal state to the terminal 31. Further, in step S7, the terminal 31 delivers the authentication result of the legal status to the application server 33. Further, in step S8, the application server 33 provides the terminal with the application service corresponding to the application program. Therefore, the user can avoid repeatedly carrying out identity authentication to successfully log in the application program, and conveniently acquire the application service corresponding to the application program.
In an exemplary embodiment, the authentication server 32 may perform step S9 after transmitting a login response that the user identity is in a legal state to the terminal 31: the device identification is associated with the account number of the application. The user can associate the account number of the current application program to the equipment corresponding to the equipment identifier, so that the account number of the application program can be used as an alternative second account number or a third account number in the future to log in other application programs. For example: after the user successfully logs in to the xx music through the account of the xx game, the user can select to log out the account of the xx game, replace the account of the xx music and maintain the login state of the xx music, and at the moment, the user can associate the account of the xx music with equipment corresponding to the equipment identifier, so that the user can conveniently log in other application programs in the alliance in the future by taking the account of the xx music as a second account or a third account, and the identity authentication process is omitted.
It should be noted that, in fig. 3, fig. 6, and fig. 7, the authentication server is used to provide an authentication service, and the application server is used to provide an application service, which is merely a providing manner of the authentication service and the application service. In the actual operation process, the identity authentication service and the application service can come from the same server, and the application is not particularly limited.
According to the technical scheme provided by the application, the terminal equipment is uniquely identified through the equipment identifier, and the successfully logged-in account information is associated with the equipment identifier, so that if the equipment identifier is associated with any one or more accounts in the application set, the user is considered to be the user which has undergone identity authentication, and the identity of the user is determined to be legal, and further, the user can log in the application program without the need of re-identity authentication, namely, the user can successfully log in the application program without any account information or password information provided by the user, and the technical effect of the terminal equipment, namely, the identity is achieved. For the application programs in the application set, if only the account number of any one application program is subjected to identity authentication, the user can be prevented from carrying out identity authentication again when logging in other application programs, and therefore the technical scheme can prevent the user from carrying out identity authentication repeatedly, so that the computing resources occupied by the identity authentication process are effectively saved, the time consumption for logging in is reduced, and the convenience of logging in the application programs by the user is improved.
Exemplary apparatus
Having described the method of the exemplary embodiment of the present invention, next, a terminal and a server according to exemplary embodiments of the present invention will be described with reference to fig. 8 and 9, respectively.
Fig. 8 schematically shows a schematic structural diagram of a terminal capable of loading a corresponding application according to an embodiment of the present invention. Referring to fig. 8, a terminal 800 includes: a first transmitting module 801, a second transmitting module 802, and a receiving module 803.
The first sending module 801 is configured to send a login request for logging in an application program to an authentication server; the second sending module 802 is configured to send, in response to receiving a request sent by the authentication server for obtaining device information, the device information to the authentication server, so that the authentication server determines, based on the device information, a device identifier that is used to uniquely represent the terminal; and the receiving module 803 is configured to, in response to the authentication server determining, according to the device identifier, that the device identifier is associated with any one or more accounts in the application set, receive a login response sent by the authentication server, where the user identity is in a legal state, so that the user logs in to the application program;
Wherein the application set at least comprises the application program.
Fig. 9 schematically shows a structural diagram of a server according to an embodiment of the present invention. Referring to fig. 9, the server 900 includes: a first acquisition module 901, a determination module 902 and a third transmission module 903.
The first obtaining module 901 is configured to obtain, in response to receiving a login request for logging in an application, device information of a terminal that loads the application, and determine, based on the device information, a device identifier that uniquely represents the terminal; the determining module 902 is configured to determine, according to the device identifier, that the device identifier is associated with any one or more accounts in an application set, where the application set at least includes the application program; and the third sending module 903 is configured to send a login response with a legal user identity to the terminal, so that the user logs in the application program.
Fig. 10 schematically shows a schematic configuration of a login system of an application according to an embodiment of the present invention. Referring to fig. 10, the login system 1000 of the application includes: the terminal 800 and the server 900. Wherein, the terminal 800 and the server 900
The specific details of each module in the terminal 800 and each module in the server 900 are described in detail in the corresponding login method of the application program, so that they will not be described here again.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Exemplary Medium
Having described the login system of the application program of the exemplary embodiment of the present invention, next, a medium of the exemplary embodiment of the present invention will be described.
In some possible embodiments, the aspects of the present invention may also be implemented as a medium having stored thereon program code for carrying out the steps in an application logging system according to the various exemplary embodiments of the present invention described in the "exemplary methods" section of this specification, when said program code is executed by a processor of a device.
For example, the processor of the device, when executing the program code, may implement step S11 as described in fig. 1, sending a login request for logging in an application to an authentication server; step S12, in response to receiving a request for acquiring equipment information sent by the identity authentication server, sending the equipment information to the identity authentication server so that the identity authentication server determines equipment identification for uniquely representing the terminal based on the equipment information; step S13, responding to the identity authentication server to determine that the equipment identifier is associated with any one or more account numbers in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can log in the application program; wherein the application set at least comprises the application program.
Referring to fig. 11, a program product 1100 for implementing the above-described application login system according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited thereto.
It should be noted that: the medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take many forms, including, but not limited to: electromagnetic signals, optical signals, or any suitable combination of the preceding. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the consumer electronic device, partly on the remote electronic device, or entirely on the remote electronic device or server. In the case of remote electronic devices, the remote electronic device may be connected to the consumer electronic device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external electronic device (e.g., connected through the internet using an internet service provider).
Exemplary electronic device
Having described the application login system, the application login method, the terminal, the server, and the computer-readable medium according to an exemplary embodiment of the present invention, next, an electronic device according to another exemplary embodiment of the present invention is described.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
In some possible embodiments, an electronic device according to embodiments of the invention may comprise at least one processor, and at least one memory. Wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps in an application login system according to various exemplary embodiments of the invention described in the exemplary methods section above of this specification. For example, the processor may perform step S11 described in fig. 1, and send a login request for logging in the application to the authentication server; step S12, in response to receiving a request for acquiring equipment information sent by the identity authentication server, sending the equipment information to the identity authentication server so that the identity authentication server determines equipment identification for uniquely representing the terminal based on the equipment information; step S13, responding to the identity authentication server to determine that the equipment identifier is associated with any one or more account numbers in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can log in the application program; wherein the application set at least comprises the application program.
An electronic device 1200 according to an exemplary embodiment of the present invention is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 12, the electronic device 1200 is embodied in the form of a general-purpose electronic device. Components of electronic device 1200 may include, but are not limited to: the at least one processing unit 1201, the at least one memory unit 1202, a bus 1203 connecting the different system components, including the memory unit 1202 and the processing unit 1201.
Bus 1203 includes a data bus, an address bus, and a control bus.
The storage unit 1202 may include a readable medium in the form of volatile memory, such as Random Access Memory (RAM) 12021 and/or cache memory 12022, and may further include Read Only Memory (ROM) 12023.
The storage unit 1202 may also include a program/utility 12025 having a set (at least one) of program modules 12024, such program modules 12024 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
The electronic device 1200 may also communicate with one or more external devices 1204 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1200, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 1200 to communicate with one or more other electronic devices. Such communication may occur through an input/output (I/O) interface 1205. Also, electronic device 1200 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 1206. As shown, the network adapter 1206 communicates with other modules of the electronic device 1200 over the bus 1203. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 1200, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
It should be noted that although in the above detailed description several units/modules or sub-units/modules of a data processing apparatus are mentioned, such a division is only exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present invention. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
It should be noted that although several units or sub-units of terminals and servers are mentioned in the above detailed description, this division is merely exemplary and not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the operations of the methods of the present invention are depicted in the drawings in a particular order, this is not required to either imply that the operations must be performed in that particular order or that all of the illustrated operations be performed to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
While the spirit and principles of the present invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the particular embodiments of the invention nor does it imply that features in the various aspects are not useful in combination, nor are they intended to be useful in any way, such as for convenience of description. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (22)
1. The login method of the application program is applied to a terminal, and the terminal can load the corresponding application program, wherein the method comprises the following steps:
sending a login request for logging in an application program to an identity authentication server;
in response to receiving a request sent by the identity authentication server for acquiring equipment information, sending the equipment information to the identity authentication server so that the identity authentication server determines equipment identification for uniquely representing the terminal based on the equipment information; the equipment information is multiple, the equipment identifier is a series of corresponding multiple hash values generated by the identity authentication server for encoding the multiple pieces of equipment information according to a hash algorithm, and the hash values are used for evaluating the identity probability of the corresponding terminals according to the weighted similarity;
responding to the identity authentication server to determine that the equipment identifier is associated with any one or more accounts in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can log in the application program;
wherein the application set at least comprises the application program.
2. The method of logging in an application program according to claim 1, wherein the method further comprises:
receiving a user identity authentication request generated by the identity authentication server to authenticate the user in response to the equipment identifier being not associated with any account in the application set;
receiving identity authentication information of the user as an identity authentication response and sending the identity authentication information to the identity authentication server so that the identity authentication server associates the equipment identifier and a first account corresponding to the identity authentication information after the identity authentication of the user is successful;
and responding to the successful authentication of the identity authentication server to the user based on the identity authentication response, receiving a login response of which the user identity is legal sent by the identity authentication server, and logging in the application program by the first account.
3. The login method of an application program according to claim 1, wherein the receiving a login response that the user identity sent by the authentication server is in a legal state includes:
responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is currently in a login state, and receiving a second account number in the login state sent by the identity authentication server for the user to select the second account number;
Receiving the second account number selected by the user and sending the second account number to the identity authentication server;
and receiving a login response sent by the identity authentication server when the identity authentication server receives the second account selected by the user and the user identity is legal.
4. The method for logging in an application program according to claim 3, wherein the number of the second account numbers is plural, and the receiving the login response that the user identity is legal sent by the identity authentication server includes:
responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is currently in a login state, and receiving a plurality of second account numbers in the login state sent by the identity authentication server for the user to select from the plurality of second account numbers;
receiving at least one second account selected by the user from a plurality of second accounts, and sending the second account to the identity authentication server;
and receiving a login response sent by the identity authentication server when the identity authentication server receives at least one second account number selected by the user and the user identity is legal.
5. A login method of an application program according to claim 3, wherein the receiving the second account number in a login state sent by the authentication server includes:
and after the identity authentication server desensitizes the second account, receiving the desensitized second account sent by the identity authentication server.
6. The login method of an application program according to claim 1, wherein the receiving a login response that the user identity sent by the authentication server is in a legal state includes:
responding to the identity authentication server to determine that an account number associated with the equipment identifier in the application set is not in a login state currently, and receiving a request sent by the identity authentication server to acquire a third account number which is logged in history, so that a user provides the third account number;
receiving a third account number which is input by a user and successfully logged in, and sending the third account number to the identity authentication server;
and responding to the identity authentication server to determine that the third account number provided by the user is the account number which is successfully logged in the history, and receiving a login response which is sent by the identity authentication server and is in a legal state.
7. The login method of an application according to any one of claims 1 to 5, wherein the device information includes one or several of the following information:
network address of the terminal, system information of the terminal, model information of the terminal, and component information of the terminal.
8. The login method of an application according to any one of claims 1 to 5, wherein after the receiving the login response that the user identity is in a legal state sent by the authentication server, the method further comprises:
and the terminal sends the login response to an application server so that the application server provides the service of the application program for the terminal.
9. A login method of an application program is applied to an identity authentication server, wherein the method comprises the following steps:
in response to receiving a login request for logging in an application program, acquiring a plurality of pieces of equipment information of a terminal loading the application program, determining an equipment identifier for uniquely representing the terminal based on the equipment information, and encoding the plurality of pieces of equipment information according to a hash algorithm to generate a series of corresponding plurality of hash values, wherein the hash values are used for evaluating the identity probability of the corresponding terminal according to the weighted similarity;
According to the equipment identification, determining that the equipment identification is associated with any one or more accounts in an application set, wherein the application set at least comprises the application program;
and sending a login response with legal user identity to the terminal for the user to log in the application program.
10. The method of logging in an application program according to claim 9, wherein the method further comprises:
responding to the equipment identification, if any account number in the application set is not associated, generating a user identity authentication request and sending the user identity authentication request to the terminal so as to authenticate the user;
receiving an identity authentication response of the terminal, and associating the equipment identifier and a first account corresponding to the identity authentication information after the identity authentication of the user is successful;
and sending a login response of which the user identity is legal to the terminal so that the first account logs in the application program.
11. The login method of the application program according to claim 9, wherein the sending a login response to the terminal that the user identity is in a legal state includes:
determining that an account number associated with the equipment identifier in the application set is currently in a login state, and sending the second account number in the login state to the terminal for the user to select the second account number;
And responding to the received second account number selected by the user, and sending a login response with the legal user identity to the terminal.
12. The method for logging in an application program according to claim 11, wherein the number of the second account numbers is plural, and the sending a login response that the user identity is legal to the terminal includes:
determining that an account number associated with the equipment identifier in the application set is currently in a login state, and sending a plurality of second account numbers in the login state to the terminal so as to enable the user to select among the plurality of second account numbers;
and responding to the receiving of at least one second account selected by the user from a plurality of second accounts by the terminal, and sending a login response with the legal user identity to the terminal.
13. The login method of the application program according to claim 11, wherein the sending the second account number in the login state to the terminal includes:
and desensitizing the second account, and sending the desensitized second account to the terminal.
14. The login method of the application program according to claim 9, wherein the sending a login response to the terminal that the user identity is in a legal state includes:
Determining that an account number associated with the equipment identifier in the application set is not in a login state currently, and sending a request for acquiring a third account number which is logged in a history to the terminal so that a user can provide the third account number;
and responding to the third account number provided by the user as the account number which is successfully logged in the history, and sending a login response of which the user identity is legal.
15. The login method for an application according to any one of claims 9 to 14, wherein the device information includes one or several of the following information:
network address of the terminal, system information of the terminal, model information of the terminal, and component information of the terminal.
16. The login method of an application program according to claim 9, wherein after a fourth account is successfully logged in, a comparison device identifier corresponding to the fourth account is stored; wherein, the liquid crystal display device comprises a liquid crystal display device,
the step of determining that the equipment identifier is associated with any one or more accounts in the application set containing the application program according to the equipment identifier comprises the following steps:
and determining a current equipment identifier according to the equipment information, and determining that any one or more accounts in an application set containing the application program are associated with the comparison equipment identifier in response to the difference between the current equipment identifier and the comparison equipment identifier being smaller than a preset value.
17. The login method for an application according to any one of claims 9 to 14, wherein after said sending a login response to the terminal that the user identity is in a legal state, the method further comprises:
and the terminal sends the login response to an application server so that the application server provides the service of the application program for the terminal.
18. A terminal capable of loading a corresponding application, wherein the terminal comprises:
the first sending module is used for sending a login request for logging in the application program to the identity authentication server;
the second sending module is used for responding to a request sent by the identity authentication server for acquiring equipment information and sending the equipment information to the identity authentication server so that the identity authentication server can determine equipment identification for uniquely representing the terminal based on the equipment information; the equipment information is multiple, the equipment identifier is a series of corresponding multiple hash values generated by the identity authentication server for encoding the multiple pieces of equipment information according to a hash algorithm, and the hash values are used for evaluating the identity probability of the corresponding terminals according to the weighted similarity;
The receiving module is used for responding to the identity authentication server to determine that the equipment identifier is associated with any one or more accounts in an application set according to the equipment identifier, and receiving a login response sent by the identity authentication server, wherein the user identity is in a legal state, so that the user can login the application program;
wherein the application set at least comprises the application program.
19. A server, wherein the server comprises:
a first obtaining module, configured to obtain, in response to receiving a login request for logging in an application program, a plurality of device information of a terminal loading the application program, determine, based on the device information, a device identifier for uniquely representing the terminal, and encode the plurality of device information according to a hash algorithm to generate a series of corresponding plurality of hash values, where the hash values are used to evaluate identity probabilities of the corresponding terminals according to weighted similarities;
the determining module is used for determining that the equipment identifier is associated with any one or more account numbers in an application set according to the equipment identifier, wherein the application set at least comprises the application program;
and the third sending module is used for sending a login response with the legal user identity to the terminal so as to be used for logging in the application program by the user.
20. A login system for an application, wherein the system comprises:
a terminal capable of loading a corresponding application program, the terminal being capable of implementing the login method for an application program according to any one of claims 1 to 8; or alternatively, the process may be performed,
an authentication server capable of implementing a login method for an application according to any one of claims 9 to 17.
21. A computer readable medium having stored thereon a computer program which, when executed by a processor, implements a method of logging in an application program according to any one of claims 1 to 8, or,
the program, when executed by a processor, implements a login method for an application according to any one of claims 9 to 17.
22. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which when executed by the one or more processors cause the one or more processors to implement the method of logging in an application as claimed in any one of claims 1 to 8 or to implement the method of logging in an application as claimed in any one of claims 9 to 17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011148600.4A CN112199652B (en) | 2020-10-23 | 2020-10-23 | Login method, terminal, server, system, medium and equipment of application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011148600.4A CN112199652B (en) | 2020-10-23 | 2020-10-23 | Login method, terminal, server, system, medium and equipment of application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112199652A CN112199652A (en) | 2021-01-08 |
| CN112199652B true CN112199652B (en) | 2023-08-25 |
Family
ID=74011200
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011148600.4A Active CN112199652B (en) | 2020-10-23 | 2020-10-23 | Login method, terminal, server, system, medium and equipment of application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112199652B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112765571A (en) * | 2021-01-29 | 2021-05-07 | 北京达佳互联信息技术有限公司 | Authority management method, system, device, server and storage medium |
| CN113114770B (en) * | 2021-04-14 | 2022-08-09 | 每日互动股份有限公司 | User identification method, electronic device, and computer-readable storage medium |
| CN113360868A (en) * | 2021-06-29 | 2021-09-07 | 平安普惠企业管理有限公司 | Application program login method and device, computer equipment and storage medium |
| CN113688369B (en) * | 2021-07-28 | 2024-02-02 | 支付宝(杭州)信息技术有限公司 | Login mode recommending method, device and equipment after unloading and reloading of application program |
| CN114828000B (en) * | 2022-04-14 | 2023-07-28 | 中国联合网络通信集团有限公司 | Login method, login device and computer readable storage medium |
| CN115242511B (en) * | 2022-07-22 | 2024-04-12 | 成都中科大旗软件股份有限公司 | Multi-environment application management platform and management method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856332A (en) * | 2014-03-22 | 2014-06-11 | 中国科学院信息工程研究所 | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication |
| CN106605246A (en) * | 2014-06-16 | 2017-04-26 | 贝宝公司 | Systems and methods for authenticating a user based on a computing device |
| CN107317807A (en) * | 2017-06-22 | 2017-11-03 | 北京洋浦伟业科技发展有限公司 | A kind of apparatus bound method, apparatus and system |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108460251A (en) * | 2017-02-21 | 2018-08-28 | 腾讯科技(深圳)有限公司 | Run the method, apparatus and system of application program |
| CN109413096A (en) * | 2018-11-30 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | A kind of login method and device more applied |
-
2020
- 2020-10-23 CN CN202011148600.4A patent/CN112199652B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856332A (en) * | 2014-03-22 | 2014-06-11 | 中国科学院信息工程研究所 | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication |
| CN106605246A (en) * | 2014-06-16 | 2017-04-26 | 贝宝公司 | Systems and methods for authenticating a user based on a computing device |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108460251A (en) * | 2017-02-21 | 2018-08-28 | 腾讯科技(深圳)有限公司 | Run the method, apparatus and system of application program |
| CN107317807A (en) * | 2017-06-22 | 2017-11-03 | 北京洋浦伟业科技发展有限公司 | A kind of apparatus bound method, apparatus and system |
| CN109413096A (en) * | 2018-11-30 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | A kind of login method and device more applied |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112199652A (en) | 2021-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112199652B (en) | Login method, terminal, server, system, medium and equipment of application program | |
| US8819787B2 (en) | Securing asynchronous client server transactions | |
| US20140096241A1 (en) | Cloud-assisted method and service for application security verification | |
| US9198036B2 (en) | Method for providing application service | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN113268336B (en) | Service acquisition method, device, equipment and readable medium | |
| CN112528262A (en) | Application program access method, device, medium and electronic equipment based on token | |
| MXPA05011088A (en) | Portable computing environment. | |
| CN111788801B (en) | Multi-level robot architecture for data access | |
| CN110691085A (en) | Login method, login device, password management system and computer readable medium | |
| CN109088884B (en) | Website access method, device, server and storage medium based on identity authentication | |
| CN115695012A (en) | Login request processing method and device, electronic equipment and storage medium | |
| CN106534280A (en) | Data sharing method and device | |
| CN111177536B (en) | Method and device for transmitting customized information to unregistered user based on device fingerprint and electronic device | |
| US20170279777A1 (en) | File signature system and method | |
| KR20140121571A (en) | System for intergrated authentication, method and apparatus for intergraged authentication thereof | |
| CN115941217A (en) | Method for secure communication and related product | |
| CN114386010A (en) | Application login method and device, electronic equipment and storage medium | |
| CN110177096A (en) | Client certificate method, apparatus, medium and calculating equipment | |
| KR20130113787A (en) | Method and system for providing game service using virtual ip of pc-room | |
| CN115102724B (en) | Login method and system of double Token cross-end jump system | |
| CN115174161B (en) | Account login method and device, electronic equipment and storage medium | |
| CN114640522B (en) | Firewall security policy processing method, device, equipment and storage medium | |
| CN115103361A (en) | Account login method and device, electronic equipment and storage medium | |
| CN114024688A (en) | Network request method, network authentication method, terminal equipment and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |