CN112822222B - Login verification method, automatic login verification method, server and client - Google Patents
Login verification method, automatic login verification method, server and client Download PDFInfo
- Publication number
- CN112822222B CN112822222B CN202110344525.7A CN202110344525A CN112822222B CN 112822222 B CN112822222 B CN 112822222B CN 202110344525 A CN202110344525 A CN 202110344525A CN 112822222 B CN112822222 B CN 112822222B
- Authority
- CN
- China
- Prior art keywords
- client
- equipment
- server
- token
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The embodiment of the specification provides a login verification method, which comprises the following steps: firstly, receiving equipment information of equipment where the client side responds to a starting instruction, and generating a first equipment token aiming at the equipment information; then, determining a device identifier corresponding to the device information, establishing a first mapping relation between the device identifier and a first device token, and sending the first device token to the client; then, receiving a login verification request sent by a client, wherein the login verification request at least comprises a first equipment token, a user name and a password; then, under the condition that the user name and the password pass verification, acquiring a device identifier corresponding to the first device token according to a first mapping relation, and acquiring a user identifier corresponding to the user name; the user identification is correspondingly generated based on the user name successfully registered; and then, returning the user identification to the client and generating an authorization record, wherein the authorization record at least comprises the equipment identification and the user identification.
Description
The application is a divisional application of an invention patent application of 'login verification method, automatic login verification method, server side and client side' submitted on 25 days of 6 months of 2018 and with application number 201810664036.8.
Technical Field
The embodiment of the specification relates to the technical field of Internet, in particular to a login verification method, an automatic login verification method, a server side and a client side.
Background
With the development of internet technology, people are increasingly frequently using mobile terminals, such as mobile phones and tablet computers, to meet various demands in life and work. In order to use various functions provided in an application, such as a transfer function in a payment device, a user is often required to log in to the application using a user name and a password. Based on this, in order to enable the user to complete the login more quickly, most applications provide an automatic login function, that is, after the user successfully logs in for a certain time, the user does not need to input a user name and a password again, but the application is directly opened to realize the login.
However, existing automatic login methods are less secure. Therefore, it is necessary to provide a safer and more reliable automatic login method to better ensure the information and property safety of the user.
Disclosure of Invention
The specification describes an automatic login verification method, wherein verification of login information is completed by combining equipment information, so that the security of automatic login is improved.
According to a first aspect, there is provided a login authentication method, the execution subject being a server, the method including: receiving equipment information of equipment where the client side is sent by responding to a starting instruction, and generating a first equipment token aiming at the equipment information; determining a device identifier corresponding to the device information, and establishing a first mapping relation between the device identifier and the first device token; transmitting the first device token to the client; receiving a login verification request sent by the client, wherein the login verification request at least comprises the first equipment token, a user name and a password; under the condition that the user name and the password pass verification, acquiring the equipment identifier corresponding to the first equipment token according to the first mapping relation, and acquiring a user identifier corresponding to the user name; the user identification is correspondingly generated based on the user name successfully registered; returning the user identification to the client; an authorization record is generated, the authorization record including at least the device identification and the user identification.
According to one embodiment, the determining the device identifier corresponding to the device information includes: the device identification is generated based on the device information.
According to one embodiment, the determining the device identifier corresponding to the device information includes: determining the equipment identifier corresponding to the equipment information based on a second mapping relation between the equipment information and the equipment identifier, which is established in advance; wherein the second mapping relationship is established in response to the first reporting of the device information by the client, the device identification in the second mapping relationship being generated based on the first reporting of the device information by the client.
According to one embodiment, the login authentication request further comprises a client identification, the client identification being generated when the client is first started; the generating an authorization record includes: and storing the equipment identifier, the user identifier and the client identifier in an associated mode as the authorization record.
According to a second aspect, there is provided a verification method for automatic login, in which an execution subject is a server, the method including: receiving equipment information of equipment where the client side is sent by responding to the starting instruction, and generating a second equipment token aiming at the equipment information; determining the equipment identifier corresponding to the equipment information according to a second mapping relation between the equipment information and the equipment identifier, which is pre-established, and establishing a third mapping relation between the equipment identifier and the second equipment token; sending the second device token to the client; receiving an automatic login request sent by the client, wherein the automatic login request at least comprises the second equipment token and a user identifier returned to the client by the server under the condition that the previous login is successful; acquiring the equipment identifier corresponding to the second equipment token based on the third mapping relation; the obtained device identity and the user identity are verified based on an authorization record generated according to the method provided in the first aspect.
According to one embodiment, the second mapping relationship is established by the server in response to the first report of the device information by the client, and the device identifier in the second mapping relationship is generated by the server for the first report of the device information by the client.
According to an embodiment, the establishing a third mapping relationship between the device identifier and the second device token includes: and updating an existing device token stored in association with the device identity with the second device token.
According to one embodiment, the automatic login request further includes a client identifier, and the client identifier is generated when the client is started for the first time; the authorization record also comprises the client identification received from the client when the previous login is successful.
According to a third aspect, there is provided a login authentication method, the execution subject being a client, the method comprising: responding to a starting instruction, and sending equipment information of equipment where the client is located to a server; receiving a first device token from the server, the first device token generated by the server for the device information; sending a login verification request to the server, wherein the login verification request at least comprises the first equipment token, a user name and a password; receiving a user identification from a server, wherein the user identification is correspondingly generated by the server based on the user name which is successfully registered under the condition that the user name and the password are verified; and generating a log-free record based on the user identification.
According to one embodiment, the login authentication request further comprises a client identification, which is generated when the client is first started.
According to a fourth aspect, there is provided a verification method of automatic login, an execution subject being a client, the method including: responding to a starting instruction, and sending equipment information of equipment where the client is located to a server; receiving a second device token from the server, the second device token generated by the server for the device information; acquiring a user identification based on the log-free record generated according to the method provided in the third aspect; and sending an automatic login request to a server, wherein the automatic login request at least comprises the second equipment token and the user identifier. According to one embodiment, the automatic login request further includes a client identifier, where the client identifier is generated when the client is started for the first time.
According to a fifth aspect, there is provided a server, including: a receiving unit, configured to receive device information of a device where the client is located, the device information being sent by the client in response to a start instruction; a generation unit configured to generate a first device token for the device information; a determining unit, configured to determine an equipment identifier corresponding to the equipment information; the establishing unit is used for establishing a first mapping relation between the equipment identifier and the first equipment token; the sending unit is further configured to send the first device token to the client; the receiving unit is further configured to receive a login verification request sent by the client, where the login verification request at least includes the first device token, a user name, and a password; the obtaining unit is used for obtaining the equipment identifier corresponding to the first equipment token according to the first mapping relation and obtaining the user identifier corresponding to the user name under the condition that the user name and the password pass verification; the user identification is correspondingly generated based on the user name successfully registered; the sending unit is further configured to return the user identifier to the client; and the second generation unit is used for generating an authorization record, and the authorization record at least comprises the equipment identifier and the user identifier.
According to a sixth aspect, there is provided a server, including: a receiving unit, configured to receive device information of a device where the client is located, the device information being sent by the client in response to a start instruction; a generation unit configured to generate a second device token for the device information; a determining unit, configured to determine, according to a second mapping relationship between the device information and a device identifier, the device identifier corresponding to the device information; the establishing unit is used for establishing a third mapping relation between the equipment identifier and the second equipment token; a sending unit, configured to send the second device token to the client; the receiving unit is further configured to receive an automatic login request sent by the client, where the automatic login request at least includes the second device token and a user identifier returned to the client by the server if the previous login is successful; the obtaining unit is used for obtaining the equipment identifier corresponding to the second equipment token based on the third mapping relation; a verification unit for verifying the obtained device identity and the user identity based on an authorization record generated according to the method provided in the first aspect.
According to a seventh aspect, there is provided a client comprising: the sending unit is used for responding to the starting instruction and sending equipment information of equipment where the client is located to the server; a receiving unit, configured to receive a first device token from the server, where the first device token is generated by the server for the device information; the sending unit is further configured to send a login verification request to the server, where the login verification request at least includes the first device token, a user name, and a password; the receiving unit is further configured to receive a user identifier from a server, where the user identifier is correspondingly generated by the server based on the user name that is successfully registered when the user name and the password pass verification; and the generation unit is used for generating a log-free record based on the user identification.
According to an eighth aspect, there is provided a client comprising: the sending unit is used for responding to the starting instruction and sending equipment information of equipment where the client is located to the server; a receiving unit, configured to receive a second device token from the server, where the second device token is generated by the server for the device information; an acquisition unit that acquires a user identification based on the log-free record generated according to the method provided in the third aspect; the sending unit is configured to send an automatic login request to a server, where the automatic login request at least includes the second device token and the user identifier.
According to a ninth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first, or second, or third, or fourth aspect.
According to a tenth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory has executable code stored therein, the processor, when executing the executable code, implementing the method of the first, second, third, or fourth aspect.
In the verification method of automatic login disclosed in the embodiment of the present disclosure, the automatic login request sent by the client includes the device token returned by the server, where the device token is dynamically generated by the server for the device information reported by the client when each time of startup, and after receiving the automatic login request, the server does not verify the device token directly, but verifies the device token based on the pre-generated authorization record after the device identifier corresponding to the device token is called, so that the security of automatic login is greatly improved, and information and property security of a user can be better ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments disclosed in the present specification, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only examples of the embodiments disclosed in the present specification, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates an implementation scenario diagram according to one embodiment;
FIG. 2 illustrates interaction of a client with a server during a login process according to one embodiment;
FIG. 3 illustrates a schematic diagram of the interaction of a client with a server during an automatic login process according to one embodiment;
FIG. 4 illustrates a schematic diagram of three-way interactions in an automatic login process, according to one example;
FIG. 5 illustrates a server-side architecture diagram in accordance with one embodiment;
FIG. 6 illustrates a client architecture diagram in accordance with one embodiment;
FIG. 7 illustrates a server-side architecture diagram in accordance with one embodiment;
fig. 8 illustrates a client architecture diagram according to one embodiment.
Description of the embodiments
Various embodiments disclosed in this specification are described below with reference to the accompanying drawings.
First, an inventive concept and an application scenario of the automatic login verification method provided in the embodiments of the present specification will be described. The method is based mainly on the following observations and statistics:
currently, most mobile clients (hereinafter referred to as clients) are applications running on a mobile terminal, and in order to improve user experience, an automatic login mechanism is provided, that is, when a user successfully logs in by inputting authentication information, such as a user name and a password, the user only needs to open the client when logging in again, and the user can complete the login without inputting the authentication information again. However, in the conventional automatic login mechanism, referring to the application scenario shown in fig. 1, the client needs to submit, and at the same time, the server (i.e., serve the client, the content of the service such as providing resources to the client, saving client data, etc.) needs to be verified, the automatic login verification information generally refers to the client credential generated by the client, and/or the server credential generated by the server. Because the verification information is not changed after being generated, the verification information is easy to be cracked and stolen by lawbreakers, and the information and property safety of users are threatened.
Based on the above observations and statistics, in the verification method for automatic login provided in the embodiment of the present disclosure, the server generates a device identifier according to the device information reported by the client when the client is started for the first time, dynamically generates a corresponding device Token (Token) for the device information reported when each time of starting, and uses the device identifier and the device Token as related verification information in the automatic login process, so that the security of automatic login can be improved.
It should be noted that, in the embodiments disclosed in the present specification, the verification method of automatic login may be implemented based on a login verification method. In the following, according to a specific embodiment, the login verification method and the automatic login verification method are described with reference to fig. 2 and 3, respectively.
First, a login authentication method disclosed in the embodiment of the present description will be described. FIG. 2 illustrates interaction of a client with a server during a login process, according to one embodiment. As shown in fig. 2, the interaction process may include the steps of:
in step S210, the client sends device information of the device where the client is located to the server in response to the start command.
In one embodiment, the startup instruction may be generated based on an open operation to the client. In one example, the opening operation to the client may include: and clicking the icon corresponding to the client in the mobile terminal by the user. In another example, the opening operation may include: the user inputs a voice control instruction in the mobile terminal, for example, please open the payment device APP to enter the relevant operation of the client.
In one embodiment, the device information may include a media access control (Media Access Control, MAC) address of the device, an operating system, such as an android system, an IOS system, a Windows system, a screen resolution, and the like.
In step S220, the server generates a first device token for the device information.
It should be noted that, in the embodiment of the present disclosure, since the server may generate a new device token in response to the action of the client reporting the device information each time, the device token is a dynamically updated temporary index string.
In one embodiment, the server may generate the first device token based on the device information, that is, the content of the first device token may be related to the content of the device information, e.g., the first device token may be composed of a MAC address in the device information and a random number generated by the server. In another embodiment, the content of the first device token may be independent of the content of the device information, for example, the server may generate a random number in response to the client reporting the device information, and then store the random number in association with the device information.
The server may generate the first device token for the client to report the device information, and associate the device information with the first device token.
In step S230, the server determines the device identifier corresponding to the device information, and establishes a first mapping relationship between the device identifier and the first device token.
In one embodiment, the device identification may be a unique identification code that is used to distinguish between the devices.
In one embodiment, the reporting of the device information in step S210 is that the client reports the device information to the server for the first time. At this time, the server does not have the device identifier corresponding to the device information yet. Accordingly, determining the device identifier corresponding to the device information in step S230 may include: the device identification is generated based on the device information. In one example, the corresponding device identification may be determined based on the MAC address and resolution in the device information. In one embodiment, a mapping relationship between the device information and the device identifier is also established based on the device identifier, which is referred to herein as a second mapping relationship.
In another embodiment, before reporting the device information in step S210, the client already reports the device information to the server, that is, step S210 does not report the device information for the first time. As described above, when the client reports the device information for the first time, the server generates the device identifier based on the device information, and establishes the second mapping relationship between the device information and the device identifier. Therefore, if the device information is not reported for the first time in S210, the device identifier already exists in the server, and accordingly, determining the device identifier corresponding to the device information may include: determining the equipment identifier corresponding to the equipment information based on a second mapping relation between the pre-established equipment information and the equipment identifier; wherein the second mapping relationship is established in response to the first reporting of the device information by the client, and the device identification in the second mapping relationship is generated based on the first reporting of the device information by the client.
After determining the device identifier corresponding to the device information, a first mapping relationship between the device identifier and the generated first device token is established. In one embodiment, establishing the first mapping relationship may include: based on the association relationship between the device identifier and the device information in the step and the association relationship between the device information and the first device token in the step S220, the device information is taken as a bridge, and a first mapping relationship between the device identifier and the first device token is established. It should be noted that, in the embodiment of the present disclosure, since the client reports the device information to the server every time the client is started, the server correspondingly generates the device token associated with the device information in response to each reporting action. Based on this, according to a specific embodiment, establishing the first mapping relationship may include: the existing device token stored in association with the device identity is updated with the first device token.
Above, a first mapping relationship of the device identity and the first device token may be established.
In step S240, the server sends the first device token to the client.
Specifically, the server transmits the first device token generated in step S220 to the client.
After step S220 is performed, step S230 and step S240 may be performed simultaneously, or step S230 may be performed first or step S240 may be performed first, which is not limited.
Step S250, the client sends a login verification request to the server, where the login verification request includes at least the first device token, the user name and the password.
In one embodiment, before step S250, it may further include: the client receives a user name and a password input by a user. In another embodiment, before step S250, it may further include: the client acquires a prestored user name and password. For example, the client may store a user name and password entered by the user in response to a user's previous check operation of a "remember password" option at the client interface.
In one embodiment, the login verification request may further include a client identifier, where the client identifier is generated when the client is first started. In one example, the client identification may be a random number generated when the client first boots up.
Step S260, the server acquires the equipment identifier corresponding to the first equipment token according to the first mapping relation and acquires the user identifier corresponding to the user name under the condition that the user name and the password pass verification; wherein the user identification is correspondingly generated based on the user name of the successful registration.
In step S270, the server sends the user identifier to the client.
In one embodiment, this step may include: and the server side sends a verification success notification to the client side, wherein the notification comprises the user identification.
After the client obtains the user identification, a log-free record may be generated based on the user identification, step 280. The registration-free record is used to show that the client has been authenticated and successfully logged in, after which an automatic login may be initiated accordingly. That is, after receiving the start instruction, the client may first find whether there is a registration-free record, and when confirming that there is a registration-free record, may attempt to automatically log in.
In one embodiment, the client stores the received user identification as a log-free record. In another embodiment, the verification success notification is regarded as a log-free record. In other embodiments, the no-entry may also include other information, such as the client identification described above.
On the other hand, in step S290, the server generates an authorization record for the server to record the information of successful login of the client, where the authorization record includes at least the device identifier and the user identifier.
In one embodiment, generating the authorization record may include: and storing the device identification and the user identification as the authorization record.
In another embodiment, in step S250, the login verification request sent by the client to the server further includes a client identifier, and accordingly, generating the authorization record may include: and storing the equipment identifier, the user identifier and the client identifier in an associated mode as the authorization record.
After step S260 is performed, the server may perform step S270 and step S290 simultaneously, or may perform step S270 first or step S290 first, which is not limited.
The first login verification of the client is finished, and meanwhile, under the condition that the verification is successful, the server side returns a user identifier corresponding to the user name to the client, and the client generates a login-free record according to the user identifier, so that an automatic login request can be initiated according to the login-free record when the client is started subsequently; meanwhile, an authorization record at least comprising the equipment identifier and the user identifier is generated in the server, and when the automatic login request initiated by the client is subsequently received, the automatic login request can be processed according to the generated authorization record.
Next, a verification method of automatic login disclosed in the embodiment of the present description will be described. FIG. 3 illustrates a schematic diagram of the interaction of a client with a server during an automatic login process according to one embodiment. As shown in fig. 3, the interaction process may include the steps of:
In step S310, the client sends device information of the device where the client is located to the server in response to the start command.
It should be noted that, the description of the present step may be referred to the description of step S210 in the above embodiment, which is not repeated herein.
In step S320, the server generates a second device token for the device information.
It should be noted that, the description of the present step may be referred to the description of step S220 in the above embodiment, and will not be repeated here.
Step S330, the server determines the equipment identifier corresponding to the equipment information according to a second mapping relation between the pre-established equipment information and the equipment identifier, and establishes a third mapping relation between the equipment identifier and the second equipment token.
In one embodiment, the second mapping relationship is established by the server in response to the first reporting of the device information by the client, and the device identification in the second mapping relationship is generated by the server for the first reporting of the device information by the client.
In one embodiment, establishing a third mapping relationship of the device identity and the second device token includes: the existing device token stored in association with the device identity is updated with the second device token.
It should be noted that, the description of the step S330 may also refer to the description of the step S230 in the above embodiment, which is not repeated herein.
In step S340, the server sends the second device token to the client.
It should be noted that, the description of step S340 may be referred to the description of step S240 in the above embodiment, and will not be repeated here.
Step S350, in the case of no-registration record, the user identification is acquired based on no-registration record. Wherein the log-free record is generated in case of a successful log-in according to the log-in verification method of fig. 2. Thus, a log-free record may show that the client has a record of successful log-ins, from which automatic log-ins may be initiated. As previously described, the log-free record may include a user identification, and thus, in this step, the user identification may be obtained based on the log-free record for initiating the automatic login.
In step S360, the client sends an automatic login request to the server, where the automatic login request includes at least the second device token and the user identifier.
In one embodiment, the automatic login request may further include a client identifier, which is generated when the client is first started.
It should be noted that, for the introduction of the user identifier, reference may be made to the description of the user identifier in step S260 and step S270 in the above embodiment, which is not repeated herein.
In step S370, the server obtains the device identifier corresponding to the second device token based on the third mapping relationship.
Specifically, based on the third mapping relationship between the device identifier and the second device token established in step S330, the device identifier corresponding to the second device token received in step S360 is acquired.
In step S380, the service terminal verifies the obtained device identifier and user identifier based on the pre-generated authorization record.
It should be noted that the authorization record may be generated based on the method shown in fig. 2, and specifically, the description of the authorization record may be referred to step S290 in the above-described embodiment. As known from step S290, in one embodiment, the authorization record includes the device identifier and the user identifier. In another embodiment, the authorization record includes a device identification, a user identification, and a client identification.
In one embodiment, the service end verifies the obtained device identifier and the user identifier based on the pre-generated authorization record, which may include: the server determines whether a corresponding authorization record exists according to the user identifier acquired in step S360 and the device identifier acquired in step S370. Specifically, if present, the verification passes; if not, the verification fails.
In another embodiment, in step S360, the automatic login request may further include a client identifier, and accordingly, this step may further be: and the server judges whether a corresponding authorization record exists or not according to the acquired client identifier, the user identifier and the equipment identifier.
It should be noted that, after step S380, step S390 may further be included: and the server side sends a verification result notice to the client side. Therefore, the client successfully realizes automatic login according to the verified message; alternatively, the user may be prompted based on a message that the authentication failed.
In the method for verifying the automatic login disclosed in the embodiments of the present disclosure, the automatic login request sent by the client includes the device token returned by the server, where the device token is dynamically generated by the server for the device information reported by the client when the client is started each time, and after receiving the automatic login request, the server does not verify the device token directly, but verifies the device identifier corresponding to the device token based on the pre-generated authorization record, so that the security of the automatic login is greatly improved, and the information and property security of the user can be better ensured.
Next, in connection with fig. 4, a login verification method and an automatic login verification method disclosed in the embodiments of the present specification will be further described according to a specific example. The interaction step shown in fig. 4 involves an application scenario where the client successfully logs in by a user name and password when logging in for the first time, and implements automatic login when restarting. As shown in fig. 4, the method specifically comprises the following steps:
in step S411, the client starts for the first time, and sends device information of the device where the client is located to the server.
In step S412, the client generates a client identifier.
In step S413, the server generates a device identifier and a device token a for the received device information.
In step S414, a mapping relationship among the device information, the device identifier and the device token a is established.
In step S415, the server sends the device token a to the client.
In step S416, the client receives the user name and password input by the user.
In step S417, the client logs in for the first time, and sends a verification request, where the verification request includes the device token a, the client identifier, the user name and the password.
In step S418, the server verifies the user name and the password, and obtains the user identifier corresponding to the user name after verification.
In step S419, the server stores the device identifier, the client identifier, and the user identifier as corresponding authorization records.
In step S420, the server sends a verification success notification to the client, where the notification includes the user identifier.
In step S421, the client records the user identifier as a log-free record.
In step S422, the client starts again and sends the device information to the server.
In step S423, the server generates a device token B for the device information.
In step S424, the server replaces the device token a stored in association with the device identifier with the device token B.
In step S425, the server sends the device token B to the client.
In step S426, the client reads the user identifier in the log-free record.
In step S427, the client initiates an automatic login, and sends a verification request to the server, where the request carries the user identifier, the client identifier and the device token B.
In step S428, the server obtains the device identifier stored in association with the device token B.
In step S429, the service terminal verifies the acquired device identifier, user identifier, and client identifier based on the authorization record generated in step S419.
In step S430, the server sends a verification result notification to the client.
Based on the above, the security of automatic login can be greatly improved, so that the information and property security of the user can be better ensured.
According to another embodiment, a server is further provided corresponding to the login verification method. Fig. 5 shows a schematic structural diagram of a server according to an embodiment. As shown in fig. 5, the server 500 includes:
a receiving unit 510, configured to receive device information of a device where the client is located, where the device is sent by responding to a start instruction;
a first generation unit 520 for generating a first device token for the device information;
a determining unit 530, configured to determine a device identifier corresponding to the device information;
a building unit 540, configured to build a first mapping relationship between the device identifier and the first device token;
a sending unit 550, configured to send the first device token to the client;
the receiving unit 510 is further configured to receive a login verification request sent by the client, where the login verification request includes at least a first device token, a user name, and a password;
an obtaining unit 560, configured to obtain, according to the first mapping relationship, a device identifier corresponding to the first device token, and obtain a user identifier corresponding to the user name, where the user name and the password pass verification; the user identification is correspondingly generated based on the user name successfully registered;
a sending unit 550, configured to return the user identifier to the client;
A second generating unit 570 is configured to generate an authorization record, where the authorization record includes at least a device identifier and a user identifier.
According to one embodiment, the determining unit 530 is specifically configured to: a device identification is generated based on the device information.
According to one embodiment, the determining unit 530 is specifically configured to: determining the equipment identification corresponding to the equipment information based on a second mapping relation between the pre-established equipment information and the equipment identification; the second mapping relation is established in response to the first reporting of the device information by the client, and the device identification in the second mapping relation is generated based on the first reporting of the device information by the client.
According to one embodiment, the login authentication request further comprises a client identifier, the client identifier being generated when the client is first started; the second generating unit 570 specifically is configured to: the device identity, the user identity, and the client identity are stored in association as an authorization record.
According to an embodiment of another aspect, a client is further provided, corresponding to the login verification method. Fig. 6 shows a schematic diagram of a structure of a client according to one embodiment. As shown in fig. 6, the client 600 includes:
a sending unit 610, configured to send, in response to the start instruction, device information of a device where the client is located to the server;
A receiving unit 620, configured to receive a first device token from a server, where the first device token is generated by the server for device information;
the sending unit 610 is further configured to send a login verification request to the server, where the login verification request includes at least a first device token, a user name, and a password;
the receiving unit 620 is further configured to receive, from the server, a user identifier, where the user identifier is correspondingly generated by the server based on the user name that is successfully registered if the user name and the password pass verification;
the generating unit 630 is configured to generate a log-free record based on the user identifier.
According to one embodiment, the login authentication request further comprises a client identification, the client identification being generated when the client is first started.
According to an embodiment of the further aspect, a server is further provided corresponding to the foregoing automatic login verification method. Fig. 7 shows a schematic structural diagram of a server according to an embodiment. As shown in fig. 7, the server 700 includes:
a receiving unit 710, configured to receive device information of a device where the client is located, where the device is sent by responding to the start-up instruction;
a generating unit 720 for generating a second device token for the device information;
a determining unit 730, configured to determine, according to a second mapping relationship between pre-established device information and device identifiers, a device identifier corresponding to the device information;
An establishing unit 740, configured to establish a third mapping relationship between the device identifier and the second device token;
a transmitting unit 750, configured to transmit the second device token to the client;
the receiving unit 710 is further configured to receive an automatic login request sent by the client, where the automatic login request includes at least the second device token and a user identifier returned to the client by the server if the previous login is successful;
an obtaining unit 760, configured to obtain, based on the third mapping relationship, a device identifier corresponding to the second device token;
the verification unit 770 is configured to verify the obtained device identifier and user identifier based on the authorization record generated according to the server 500.
According to one embodiment, the second mapping relationship is established by the server in response to the first reporting of the device information by the client, and the device identification in the second mapping relationship is generated by the server for the first reporting of the device information by the client.
According to one embodiment, the establishing unit 740 is specifically configured to:
the existing device token stored in association with the device identity is updated with the second device token.
According to one embodiment, the automatic login request further comprises a client identifier, wherein the client identifier is generated when the client is started for the first time; the authorization record also includes a client identification received from the client when the previous login was successful.
According to an embodiment of the further aspect, a client is further provided, corresponding to the foregoing verification method of automatic login. Fig. 8 shows a schematic structural diagram of a client according to one embodiment. As shown in fig. 8, the client 800 includes:
a sending unit 810, configured to send, in response to the start instruction, device information of a device where the client is located to the server;
a receiving unit 820, configured to receive a second device token from the server, where the second device token is generated by the server for the device information;
an acquisition unit 830 that acquires a user identification based on the log-free record generated according to the client 600;
the sending unit 810 is further configured to send an automatic login request to the server, where the automatic login request includes at least the second device token and the user identifier.
According to one embodiment, the automatic login request further includes a client identifier, and the client identifier is generated when the client is started for the first time.
As above, according to an embodiment of a further aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2, or fig. 3, or fig. 4.
According to an embodiment of yet another aspect, there is also provided a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, implements the method described in connection with fig. 2, or 3, or 4.
Those of skill in the art will appreciate that in one or more of the above examples, the functions described in the various embodiments disclosed herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
While the foregoing detailed description has described the objects, aspects and advantages of the embodiments disclosed herein in further detail, it should be understood that the foregoing detailed description is merely illustrative of the embodiments disclosed herein and is not intended to limit the scope of the embodiments disclosed herein, but rather any modifications, equivalents, improvements or the like that may be made to the embodiments disclosed herein are intended to be included within the scope of the embodiments disclosed herein.
Claims (15)
1. A login verification method, the executive body is the server, the method includes:
receiving equipment information of equipment where the equipment is located, wherein the equipment information is sent by a client;
generating a device identifier and a first device token aiming at the device information, and establishing a mapping relation among the device information, the device identifier and the first device token;
transmitting the first device token to the client;
receiving a login verification request sent by the client, wherein the login verification request at least comprises the first equipment token and identity verification information;
under the condition that the authentication information passes authentication, acquiring the equipment identifier according to the first equipment token and the mapping relation, and acquiring a user identifier corresponding to the authentication information;
generating an authorization record for log-free verification, wherein the authorization record comprises the equipment identifier and the user identifier; and returning the user identification to the client for generating the log-free record of the client.
2. The method of claim 1, wherein the mapping relationship comprises: a second mapping relationship between the device information and the device identifier, and a first mapping relationship between the device identifier and the first device token.
3. The method of claim 1, wherein the login authentication request further comprises a client identification;
the generating an authorization record includes: and storing the equipment identifier, the user identifier and the client identifier in an associated mode as the authorization record.
4. An automatic login verification method, an execution subject is a server, the method includes:
receiving equipment information of equipment where the equipment is located, which is sent by a client, and generating a second equipment token aiming at the equipment information;
determining a device identifier corresponding to the device information according to a second mapping relation between the device information and the device identifier, and replacing an original device token stored in association with the device identifier by using a second device token;
sending the second device token to the client;
receiving an automatic login request sent by the client, wherein the automatic login request at least comprises the second equipment token and a user identifier returned to the client by the server under the condition that the previous login is successful;
acquiring the equipment identifier stored in association with the second equipment token;
acquiring a previously generated authorization record, wherein the authorization record comprises a verified equipment identifier and a verified user identifier;
And verifying the acquired equipment identifier and the received user identifier according to the authorization record.
5. The method of claim 4, wherein the automatic login request further includes a client identification; the authorization record also comprises the client identification received from the client when the previous login is successful.
6. A login authentication method, an execution subject is a client, the method comprising:
responding to a starting instruction, and sending equipment information of equipment where the client is located to a server;
receiving a first device token from the server, the first device token generated by the server for the device information;
sending a login verification request to the server, wherein the login verification request at least comprises the first equipment token and identity verification information;
receiving a user identifier from a server, wherein the user identifier is the user identifier corresponding to the identity verification information obtained by the server under the condition that the identity verification information passes verification;
and generating a log-free record based on the user identification.
7. The method of claim 6, wherein the login authentication request further comprises a client identification, the client identification generated when the client is first started.
8. An automatic login verification method, wherein an execution subject is a client, the method comprises the following steps:
responding to a starting instruction, and sending equipment information of equipment where the client is located to a server;
receiving a second device token from the server, the second device token generated by the server for the device information;
obtaining a log-free record generated according to the method of claim 6, wherein the log-free record comprises a user identifier returned by a server;
and sending an automatic login request to the server, wherein the automatic login request at least comprises the second equipment token and the user identifier, so that the server can perform automatic login verification.
9. The method of claim 8, wherein the automatic login request further includes a client identification, the client identification being generated when the client is first started.
10. A server, comprising:
the receiving unit is used for receiving the equipment information of the equipment where the receiving unit is located, which is sent by the client;
the establishing unit is used for generating a device identifier and a first device token aiming at the device information and establishing a mapping relation among the device information, the device identifier and the first device token;
A sending unit, configured to send the first device token to the client;
the receiving unit is further configured to receive a login verification request sent by the client, where the login verification request at least includes the first device token and identity verification information;
the generating unit is used for acquiring the equipment identifier according to the first equipment token and the mapping relation and acquiring a user identifier corresponding to the identity verification information under the condition that the identity verification information passes verification; generating an authorization record for sign-on-free verification, wherein the authorization record comprises the equipment identifier and the user identifier, and returning the user identifier to the client for generating the sign-on-free record of the client.
11. A server, comprising:
the receiving unit is used for receiving the equipment information of the equipment where the receiving unit is located, which is sent by the client;
a generation unit configured to generate a second device token for the device information;
the determining unit is used for determining the equipment identifier corresponding to the equipment information according to a second mapping relation between the equipment information and the equipment identifier, which is pre-established, and replacing the original equipment token stored in association with the equipment identifier by using a second equipment token;
A sending unit, configured to send the second device token to the client;
the receiving unit is further configured to receive an automatic login request sent by the client, where the automatic login request at least includes the second device token and a user identifier returned to the client by the server if the previous login is successful;
a first obtaining unit, configured to obtain the device identifier stored in association with the second device token;
a second obtaining unit, configured to obtain a previously generated authorization record, where the authorization record includes a device identifier and a user identifier that pass verification;
and the verification unit is used for verifying the acquired equipment identifier and the received user identifier according to the authorization record.
12. A client, comprising:
the sending unit is used for responding to the starting instruction and sending equipment information of equipment where the client is located to the server;
a receiving unit, configured to receive a first device token from the server, where the first device token is generated by the server for the device information;
the sending unit is further configured to send a login verification request to the server, where the login verification request at least includes the first device token and authentication information;
The receiving unit is further configured to receive a user identifier from a server, where the user identifier is a user identifier corresponding to the authentication information obtained by the server when the authentication information passes through the authentication;
and the generation unit is used for generating a log-free record based on the user identification.
13. A client, comprising:
the sending unit is used for responding to the starting instruction and sending equipment information of equipment where the client is located to the server;
a receiving unit, configured to receive a second device token from the server, where the second device token is generated by the server for the device information;
the acquisition unit is used for acquiring the log-free record generated by the client in advance according to claim 12, wherein the log-free record comprises a user identifier returned by the server;
the sending unit is further configured to send an automatic login request to the server, where the automatic login request at least includes the second device token and the user identifier, so that the server performs verification of automatic login.
14. A computer readable storage medium having stored thereon a computer program which, when executed in a computer processor, causes the computer processor to perform the method of any of claims 1-9.
15. A computing device comprising a memory and a processor, wherein the memory has executable code stored therein, which when executed by the processor, implements the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110344525.7A CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110344525.7A CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
| CN201810664036.8A CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810664036.8A Division CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112822222A CN112822222A (en) | 2021-05-18 |
| CN112822222B true CN112822222B (en) | 2023-04-25 |
Family
ID=64538159
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110344525.7A Active CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
| CN201810664036.8A Active CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810664036.8A Active CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN112822222B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112087411B (en) * | 2019-06-12 | 2022-11-29 | 阿里巴巴集团控股有限公司 | System, method and device for authorization processing and electronic equipment |
| CN110516429A (en) * | 2019-09-04 | 2019-11-29 | 贵阳动视云科技有限公司 | A kind of cloud computer control method, managing device and storage medium |
| CN110601852B (en) * | 2019-09-16 | 2022-02-18 | 思必驰科技股份有限公司 | Authentication and authorization method and system for electronic equipment of voice conversation platform |
| CN111898101A (en) * | 2020-06-23 | 2020-11-06 | 海南新软软件有限公司 | Application security equipment verification method and device |
| CN111898110A (en) * | 2020-08-05 | 2020-11-06 | 苏州朗动网络科技有限公司 | Method, device, server and storage medium for acquiring user identity information |
| CN112187465B (en) * | 2020-08-21 | 2023-09-01 | 招联消费金融有限公司 | Non-inductive login method, device, computer equipment and storage medium |
| CN112788061B (en) * | 2021-01-29 | 2023-09-01 | 百度在线网络技术(北京)有限公司 | Authentication method, authentication device, authentication apparatus, authentication storage medium, and authentication program product |
| CN113746857B (en) * | 2021-09-09 | 2023-04-18 | 深圳市腾讯网域计算机网络有限公司 | Login method, device, equipment and computer readable storage medium |
| CN114500090A (en) * | 2022-02-24 | 2022-05-13 | 特赞(上海)信息科技有限公司 | Information processing method and device for secret-free login |
| CN114978675B (en) * | 2022-05-20 | 2023-06-20 | 辽宁华盾安全技术有限责任公司 | Access authentication method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013073780A1 (en) * | 2011-11-18 | 2013-05-23 | 주식회사 네오위즈인터넷 | Method and server for providing automatic login function |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN106105091A (en) * | 2013-12-13 | 2016-11-09 | T移动美国公司 | Identification and Access Management Access |
| CN106888202A (en) * | 2016-12-08 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Authorize login method and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8185938B2 (en) * | 2001-03-29 | 2012-05-22 | International Business Machines Corporation | Method and system for network single-sign-on using a public key certificate and an associated attribute certificate |
| CN102790674B (en) * | 2011-05-20 | 2016-03-16 | 阿里巴巴集团控股有限公司 | Auth method, equipment and system |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
| US9736131B2 (en) * | 2013-09-24 | 2017-08-15 | Cellco Partnership | Secure login for subscriber devices |
| CN105323222B (en) * | 2014-07-11 | 2018-08-24 | 博雅网络游戏开发(深圳)有限公司 | Login validation method and system |
| CN104113552B (en) * | 2014-07-28 | 2017-06-16 | 百度在线网络技术(北京)有限公司 | A kind of platform authorization method, platform service end and applications client and system |
-
2018
- 2018-06-25 CN CN202110344525.7A patent/CN112822222B/en active Active
- 2018-06-25 CN CN201810664036.8A patent/CN108989291B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013073780A1 (en) * | 2011-11-18 | 2013-05-23 | 주식회사 네오위즈인터넷 | Method and server for providing automatic login function |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN106105091A (en) * | 2013-12-13 | 2016-11-09 | T移动美国公司 | Identification and Access Management Access |
| CN106888202A (en) * | 2016-12-08 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Authorize login method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112822222A (en) | 2021-05-18 |
| CN108989291B (en) | 2021-02-05 |
| CN108989291A (en) | 2018-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112822222B (en) | Login verification method, automatic login verification method, server and client | |
| US10223520B2 (en) | System and method for integrating two-factor authentication in a device | |
| CN107948204B (en) | One-key login method and system, related equipment and computer readable storage medium | |
| JP6386069B2 (en) | Connection management method, apparatus, electronic equipment, program, and recording medium | |
| US9246897B2 (en) | Method and system of login authentication | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN110365483B (en) | Cloud platform authentication method, client, middleware and system | |
| CN107241336B (en) | Identity verification method and device | |
| CN110336870B (en) | Method, device and system for establishing remote office operation and maintenance channel and storage medium | |
| US11429802B2 (en) | Obtaining device posture of a third party managed device | |
| WO2015024261A1 (en) | Internet account number management method, manager, server and system | |
| TW201638822A (en) | Method and device for identity authentication of process | |
| CN107294910B (en) | Login method and server | |
| KR20200003162A (en) | Identity authentication methods and devices, electronic devices | |
| US20180039771A1 (en) | Method of and server for authorizing execution of an application on an electronic device | |
| CN109379388B (en) | Identity recognition method, terminal and wearable device | |
| CN109714363B (en) | Method and system for modifying switch password | |
| CN110264602A (en) | A kind of unlocking system, method, terminal device and door lock service device | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| JP2023553593A (en) | Device management method using blockchain network, related devices and computer programs | |
| CN116707844A (en) | Behavior tracking method and device based on public account number, electronic equipment and medium | |
| CN114338224A (en) | Intelligent hardware cross-platform control method and system | |
| CN109379325B (en) | Backup client delivery method without user configuration | |
| WO2017035758A1 (en) | Sms processing method, apparatus and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230403 Address after: 801-10, Section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Applicant after: Ant financial (Hangzhou) Network Technology Co.,Ltd. Address before: 27 Hospital Road, George Town, Grand Cayman ky1-9008 Applicant before: Innovative advanced technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |