CN113765906B - Method, equipment and system for one-key login of terminal application program - Google Patents

Method, equipment and system for one-key login of terminal application program Download PDF

Info

Publication number
CN113765906B
CN113765906B CN202111004282.9A CN202111004282A CN113765906B CN 113765906 B CN113765906 B CN 113765906B CN 202111004282 A CN202111004282 A CN 202111004282A CN 113765906 B CN113765906 B CN 113765906B
Authority
CN
China
Prior art keywords
terminal
information
user
login
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111004282.9A
Other languages
Chinese (zh)
Other versions
CN113765906A (en
Inventor
孙吉平
荆志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Weibai Technology Co ltd
Original Assignee
Shanghai Weibai Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Weibai Technology Co ltd filed Critical Shanghai Weibai Technology Co ltd
Priority to CN202111004282.9A priority Critical patent/CN113765906B/en
Publication of CN113765906A publication Critical patent/CN113765906A/en
Application granted granted Critical
Publication of CN113765906B publication Critical patent/CN113765906B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The disclosure relates to a method, equipment and a system for one-key login of a terminal application program. The method for one-key login of the terminal application program can be applied to the terminal and comprises the following steps: when a first user account of a user of a terminal requests to log in an application program based on a verification code at the terminal, acquiring a first user identifier from a server under the condition that the verification code is successfully verified; generating a first identification code associated with the first subscriber identity and the terminal and an asymmetric key pair associated with the first subscriber identity; storing the asymmetric key pair in a security chip of the terminal, wherein the private key cannot be exported to the outside of the security chip; sending the public key and the first identification code to a server; receiving a second token from the server; and storing the first user account, the first user identification, the first identification code and the second token in an associated manner as login information of the application program. When the first user account requests to log in the application program again at the terminal, the application program can be safely and conveniently logged in by one key based on the login information.

Description

Method, equipment and system for one-key login of terminal application program
Technical Field
The present disclosure relates to the field of application security, and more particularly, to a method, device, and system for one-key login of a terminal application.
Background
The most common way in which a terminal, particularly a mobile terminal user, currently found in the market logs in to an application program includes logging in using a handset authentication code. By using the login mode, an enterprise in charge of application program operation can accurately verify whether the identity of the user is legal or not, the user does not need to input an account and a password every time, and the user experience is improved to a certain extent. However, when a user logs in an application program for multiple times at the same terminal by using the same mobile phone number, if the user can log in the application program after obtaining the verification code each time, the user experience is deteriorated by tedious and time-consuming operations, and even the user may be lost.
Disclosure of Invention
The present disclosure is provided to solve the above-mentioned problems occurring in the prior art, in view of the disadvantages of the prior art.
The method for one-key login of the terminal application program is capable of generating and storing the information of user identity authentication required by subsequent one-key login at the application program client and the application program server when a user logs in the application program based on the verification code at the terminal for the first time, so that the user can realize one-key login in the subsequent login process after successfully logging in the application program based on the verification code at the terminal for the first time, the user identity authentication can be realized without inputting the user account and acquiring and inputting the verification code again, the user experience is greatly improved, and the loss of the user is reduced.
According to a first aspect of the present disclosure, a method for one-key login of a terminal application is provided, which is applied to a terminal. The method comprises the steps that when a first user account of a user of the terminal logs in the application program based on an authentication code request at the terminal, a first user identification is obtained from a server under the condition that the authentication code is successfully authenticated. The method further includes generating a first identification code associated with the first user identity and the terminal, and an asymmetric key pair associated with the first user identity, and storing the generated asymmetric key pair within a secure chip of the terminal, a private key of the asymmetric key pair not being exportable outside the secure chip, and sending a public key of the asymmetric key pair and the first identification code to the server, and receiving a second token associated with the first user identity from the server. The method further includes storing the first user account number, the first user identification, the first identification code, and the second token association as login information for the application. And when the first user account requests to log in the application program again after the terminal successfully logs in based on the verification code, requesting one-key login to the server based on the login information.
According to a second aspect of the present disclosure, a method for one-key login of a terminal application is provided, which is applied to a server. The method comprises the steps that when a first user account of a user of the terminal requests to log in the application program based on a verification code, and the verification code is verified successfully, a first user identification associated with the terminal and the first user account is sent to the terminal. The method also includes receiving a public key of an asymmetric key pair from the terminal and a first identity, wherein the asymmetric key pair is generated by the terminal in association with the first subscriber identity and the first identity is generated by the terminal in association with the first subscriber identity and the terminal, and sending a second token associated with the first subscriber identity to the terminal. The method further includes storing the first user account number, the first user identification, the first identification code, and the public key association in a device key table. And when the first user account requests to log in the application program by one key again after the terminal successfully logs in based on the verification code, determining whether to allow the first user account to log in the application program based on the equipment key table.
According to a third aspect of the present disclosure, there is provided a terminal comprising a memory, a processor, and an application program stored in the memory and configured to be executed by the processor, the application program, when executed by the processor, performing the steps of applying the method of one-touch login of a terminal application program according to various embodiments of the present disclosure to the terminal.
According to a fourth aspect of the present disclosure, there is provided a server comprising a memory, a processor, and an application program stored in the memory and configured to be executed by the processor, the application program, when executed by the processor, performing the steps of applying the method of one-touch login of a terminal application program according to various embodiments of the present disclosure to the server.
According to a fifth aspect of the present disclosure, there is also provided a system for one-key login of an application, the system including at least one terminal performing a step of applying the method for one-key login of a terminal application according to various embodiments of the present disclosure to the terminal, and a server performing a step of applying the method for one-key login of a terminal application according to various embodiments of the present disclosure to the server.
According to the method for one-key login of the terminal application program of each embodiment of the disclosure, a user only needs to login to the application program by using the verification code when logging in an account on a new terminal for the first time, and the application program can be logged in by one key through subsequent login. In the process that a user logs in an application program based on a verification code at a terminal for the first time, the information of user identity authentication required for subsequent one-key login is generated and stored at the application program client and the application program server, so that the subsequent one-key login process can be ensured, the user use experience can be greatly improved under the conditions that the user identity can be authenticated and the system safety performance is enhanced, and the possibility of user loss is reduced.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar parts throughout the different views. The drawings illustrate various embodiments generally by way of example and not by way of limitation, and together with the description and claims serve to explain the disclosed embodiments. The same reference numbers will be used throughout the drawings to refer to the same or like parts, where appropriate. Such embodiments are illustrative and not intended to be exhaustive or exclusive embodiments of the present apparatus or method.
FIG. 1 shows a block diagram of an exemplary composition of a system for one-touch login of an application and its application environment, according to an embodiment of the present disclosure;
FIG. 2 illustrates a flow chart of the operation of a terminal when the terminal requests to log in to an application based on an authentication code in accordance with an embodiment of the disclosure;
FIG. 3 illustrates a flow chart of the operation of the server when the terminal requests to log in to an application based on an authentication code in accordance with an embodiment of the disclosure;
FIG. 4 illustrates a flow chart of the operation of a terminal when the terminal requests a one-touch login application in accordance with an embodiment of the disclosure;
FIG. 5 illustrates a flow chart of the operation of the server when the terminal requests a one-touch login application in accordance with an embodiment of the present disclosure;
FIG. 6 shows a timing diagram of an example of a user logging into an application at a terminal based on an authentication code for the first time, according to an embodiment of the disclosure;
FIG. 7 shows a timing diagram of an example of a user logging into an application at a terminal with one key according to an embodiment of the disclosure; and
fig. 8 illustrates a schematic diagram of an interface of an application client of a terminal according to an embodiment of the present disclosure.
Detailed Description
The following detailed description is provided to enable those skilled in the art to better understand the technical solutions of the present disclosure, with reference to the accompanying drawings and specific embodiments. Embodiments of the present disclosure are described in further detail below with reference to the figures and the detailed description, but the present disclosure is not limited thereto. The order in which the various steps described herein are described as examples should not be construed as a limitation if there is no requirement for a contextual relationship between each other, and one skilled in the art would know that sequential adjustments may be made without destroying the logical relationship between each other, rendering the overall process impractical.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present disclosure, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present disclosure, the meaning of "a plurality" is two or more unless otherwise specified.
Various aspects and features of the disclosure are described below with reference to the drawings.
FIG. 1 shows a block diagram of an exemplary composition of a system 100 for one-touch login of an application and its application environment, according to an embodiment of the present disclosure. As shown in fig. 1, the system for one-key login of an application includes a server 20 and one or more terminals, such as a terminal 10a, a terminal 10b, and the like. In addition, the system operates at certain stages, and needs the participation of the operator server 30, and the specific operation and information interaction thereof will be described in detail later. In some embodiments, the operator server 30 may be any operator server capable of providing an authentication code service such as short message service, telephone service, internet service, etc. for the terminal 10a and the server 20, for example, a mobile phone operator such as mobile, unicom, or telecom, or a radio and television operator providing an internet data transmission service and a communication facility service, which is not limited herein.
In some embodiments, the terminal 10a and the terminal 10b may respectively have installed therein the application clients 11a and 11b for the method for one-touch login of an application according to the embodiments of the present disclosure, wherein the application clients 11a and 11b perform the same or similar functions, but may adopt different program architectures, such as applications based on an android system, a Windows system, an iOS system, and the like, according to differences in platforms, operating systems, and the like of the terminal 10a and the terminal 10b, which is not particularly limited herein.
In some embodiments, the application server 21 for the method for one-touch login of an application according to the embodiment of the present disclosure may be installed in the server 20, and may be deployed locally or in the cloud, as long as it can exchange information with each terminal in the system 100 and the operator server 30.
In the following, the operation of the terminal 10a in the system 100 is described by taking the terminal 10a as an example, but it should be understood that the terminal 10b and other terminals (not shown) have the same or similar operation as the terminal 10a in the system 100 for one-key login of the application. If no operator server is specified, the server referred to hereinafter is the server of the application.
The method for one-touch login of the application according to the embodiment of the present disclosure is implemented by the cooperative work of the terminal 10a, the server 20, and the operator server 30 and the information interaction therebetween when the application client 11a and the application server 21 described above run. In the system 100, the terminal 10a and the operator server 30 may perform one-way information interaction, that is, the terminal 10a receives, from the operator server 30, authentication code information, such as a short message authentication code, required for logging in an application based on the authentication code. The server 20 and the operator server 30 mainly perform information interaction in the process of requesting login of the application program based on the verification code, and may exemplarily include verification code request information, verification code transmission status response information, and the like. The server 20 and the terminal 10a may interact with each other, including but not limited to account information, login request information, login result information, authentication information, and authorization information, so as to implement convenient operations of requesting to log in an application program or a one-touch login application program based on an authentication code on the basis of ensuring security.
In some embodiments, for example, when the terminal 10a is a mobile phone used by a user (not shown), and the application program may be, for example, video playing software, and when the user opens the video software client 11a in the terminal 10a, the user operates, the operator server 30, the application client 11a, and the application server 21 cooperatively implement the method for one-key login of the application program according to the embodiment of the present disclosure, for example, the user uses a mobile phone number as an account to perform an operation of requesting to login the application program based on an authentication code, or in the case that the user has successfully logged in the application program by using the mobile phone number before, the user may directly log in the application program by one key without requesting an authentication code, or the like. In some embodiments, the user account is an account allocated by the operator (or another server distinct from the application server) for the user of the terminal. In other embodiments, the user may use other forms of accounts to log in the application, for example, a user account represented by a user name composed of letters, numbers and the like applied by the user to the server in the application registration process. In other embodiments, the user may use any form of user account that is capable of efficiently receiving (e.g., via text message, telephone, internet web page, etc.) the authentication code required to log in to the application generated and sent by the operator.
Note that the operator server 30 shown in fig. 1, in the system 100 for one-touch login of an application according to the embodiment of the present disclosure, is only responsible for providing a corresponding authentication code service according to an authentication code request of a user account, i.e., participating in the operation of the system 100 only in a process of requesting a login of an application based on an authentication code, and does not necessarily participate in the operation of the system 100 in other operations, e.g., a one-touch login of an application. Therefore, the development and operation costs of the application program and the system can be greatly reduced, including development and operation costs and time costs, and particularly, the process of logging in the application program by one key does not relate to an operator, so that the influence of the fluctuation of the service quality of the operator on the operation of the system 100 can be effectively avoided, and stable user experience is provided for users.
Fig. 2 illustrates a flowchart of the operation of a terminal when the terminal requests to log in an application based on an authentication code according to an embodiment of the present disclosure. The method for one-key login of the terminal application program can be applied to a terminal and a server, and can comprise two different login modes, wherein the first login mode is a mode that a user of the terminal uses a user account to request to login the application program based on an authentication code at the terminal, and the second login mode is a mode that when the user account requests to login the application program again after the user account successfully logs in at the same terminal based on the authentication code, the server requests one-key login based on login information. In different login modes, the terminal and the server respectively execute different operations.
For convenience of distinction and description, in the embodiments of the present disclosure, a user account used by a user of a certain terminal is referred to as a first user account, and this is taken as an example to introduce the present scheme. In the first login manner, a flow of the operation of the terminal when the terminal requests to log in the application program based on the authentication code according to the embodiment of the present disclosure is described below with reference to fig. 2.
First, in step S201, a request for logging in an application on a terminal based on an authentication code is initiated on the terminal by a first user account of a user of the terminal. The authentication code required for logging in the application program may be obtained in various suitable manners, and in some embodiments, the first user account is an account allocated by an operator (or another server different from the application program server) to a user of the terminal, for example, the first user account of the user may be a mobile phone number. In some embodiments, when the first user account is a mobile phone number, or the first user account is associated with a mobile phone number held by a user, the verification code required by the application program on the login terminal may be obtained by acquiring a short message verification code from an operator. However, the verification code is not limited to the short message verification code, and may be a verification code obtained by an operator through a telephone. In other embodiments, the means for obtaining the verification code is not necessarily a short message or a telephone, but may also be other means such as through the internet, for example, presenting on a webpage, etc., which are not listed here. In some embodiments, the obtained verification code is automatically sent to the server by the user of the terminal or the terminal, and the verification code is verified by the server.
In step S202, in the case where the verification of the verification code is successful, the first user identifier is acquired from the server. The first user identifier is an identifier allocated by the server to the user of the terminal, and can uniquely identify a certain user within a certain range.
In some embodiments, the first token associated with the first user identification will also be obtained from the server in case the verification of the passcode is successful. The first token is a temporary token distributed by the server for the first user identifier or the first user account in the login process based on the verification code. In a stage where the terminal-based application requests login based on the authentication code, the terminal may legally exchange information with the server using the first token, such as the public key, the first identification code, and the like of step S205.
In step S203, a first identification code associated with the first subscriber identity and the terminal, and an asymmetric key pair associated with the first subscriber identity are generated. In some embodiments, the first identification code may be generated based on the first subscriber identity and hardware and/or software parameters of the terminal. In some embodiments, a first identification code associated with the first subscriber identity and the terminal may also be generated based on the timestamp information. Illustratively, the first identification code is generated, for example, in combination with information such as the first subscriber identity, hardware parameters of the terminal, and the current time of the terminal. Therefore, the first identification codes generated by the terminal are unique for each request of logging in the application program on the terminal based on the verification code, even if the application program is uninstalled and reinstalled on the same terminal, or different user accounts are used for logging in the same terminal, or the same user account is logged in different terminals, the generated first identification codes are different theoretically, and the terminal or the server cannot have the same first identification code as the current time, so that the state of system safety can be embodied by judging the uniqueness of the first identification codes. Further, even if the first identification code is accidentally revealed or illegally stolen, it is not easily used illegally because it is unique, for example, with time stamp information.
In step S204, the generated asymmetric key pair is stored in a security chip of the terminal, a private key of the asymmetric key pair cannot be exported to the outside of the security chip, and all operations related to the private key can only be performed in the security chip. Illustratively, the secure chip may also be a secure container, such as KeyStore, keyChain, and the like.
Thus, the private key can be ensured not to be illegally copied and used even under the condition that hardware is lost or other information is leaked. In some embodiments, the asymmetric key pair may be an RSA asymmetric key, and alternatively, any suitable asymmetric key algorithm such as an ECC asymmetric key algorithm may be used instead of the RSA asymmetric key algorithm. Compared with a symmetric key algorithm, the asymmetric key is generated locally at the terminal, and the key, particularly a private key, is not transmitted in a channel, so that the security is better. Meanwhile, the problem that the safety of the whole system cannot be guaranteed when the symmetric key is revealed is also solved.
In step S205, the public key and the first identification code in the asymmetric key pair are transmitted to the server. In some embodiments, in addition to the public key and the first identification code, a token to be verified may be sent to the server, where the token is the first token sent by the server and obtained in step S202.
In step S206, a second token associated with the first user identity is received from the server.
Alternatively, the second token associated with the first user identity may be received from the server in case the server verifies the passing of the token to be verified with the first token stored on the server. In other embodiments, since the device key table of the server stores the identification code corresponding to the user account successfully logged into the application program based on the verification code, the second token associated with the first user identifier is received from the server in the case that no identification code matching the first identification code exists in the device key table of the server. The second token may act as a pass for legitimate use of the application, e.g., for subsequent invocation of a business interface associated with the account by the application client, etc. On the contrary, if the identification code matching with the first identification code already exists in the device key table of the server through verification, there is a risk that the data is obtained through an illegal way, and the server will not issue the second token for the terminal, for a specific reason which will be described in detail below.
In step S207, the first user account, the first user identifier, the first identification code, and the second token are stored in association as login information of the application program;
to this end, the first user account of the user of the terminal according to the embodiment of the present disclosure completes the successful login process based on the authentication code at the terminal, and when the first user account requests to login the application program again on the same terminal, the user does not need to login using the authentication code, but may request a one-key login to the server based on the login information already stored in the terminal.
Fig. 3 illustrates a flowchart of the operation of the server when the terminal requests to log in an application based on an authentication code according to an embodiment of the present disclosure. Any of the two login methods described above requires the terminal and the server to cooperatively complete various kinds of authentication and operations. In the first login manner, a flow of an operation of the server when the terminal requests to log in the application program based on the authentication code according to the embodiment of the present disclosure is described below with reference to fig. 3.
In some embodiments, when a user of a terminal requests to log in to an application based on an authentication code using a first user account held by the user, the authentication code it received from, for example, an operator server, will be sent to the server. In step S301, the server receives the verification code sent by the first user account of the user of the terminal when the terminal requests to log in the application program based on the verification code, and in step S302, the server verifies the verification code, and when the verification code fails, the server sends information prompting the login failure to the terminal in step S303.
If the verification code is successfully verified in step S303, the server sends a first user identifier associated with the terminal and the first user account to the terminal in step S304. In some embodiments, in case the verification of the verification code is successful, a first token associated with the first user identity may also be sent to the terminal.
In step S305, a public key and a first identification code of an asymmetric key pair from a terminal are received, wherein the asymmetric key pair is generated by the terminal in association with a first subscriber identity, and the first identification code is generated by the terminal in association with the first subscriber identity and the terminal. In some other embodiments, in addition to receiving the public key and the first identification code in the asymmetric key pair from the terminal, when the first token is sent to the terminal in step S303, the token to be verified may be received from the terminal.
In step S306, a second token associated with the first subscriber identity is sent to the terminal. In particular, in some embodiments, the second token associated with the first user identity may be sent to the terminal in the event that the first token stored on the server is used to verify that the token to be verified passes. Particularly, when the identification code matched with the first identification code is verified to be absent in the device key table of the server, the second token associated with the first user identification is sent to the terminal, otherwise, the possibility that the existing information is illegally stolen is considered to exist, and the second token for proving the legality of the terminal is not issued. The reasons for the above decision criteria are: the first identification code is generated for the terminal in association with the first subscriber identity from the server and the particular terminal. In some embodiments, the first identification code may also be generated based on timestamp information, and the first user identification generated by the server may also be different for each request by the terminal to log in to the application based on the authentication code, and therefore, the first identification code generated by the terminal may also be unique for each login based on the authentication code, and when a first user identifier identical to the history information appears, it may be suspected that information leakage has occurred at the terminal, for example, and therefore, the terminal should not be issued with a second token that is a license to log in to the application and legally operate the application. Through the security verification measures, not only can the security problem caused by the fact that the background of the password is leaked or violently guessed in the traditional account password login mode be avoided, but also the server can timely identify the potential safety hazard caused by the information leakage of other reasons, so that the user loss is avoided, and the user trust is improved.
In step S307, the first user account, the first user identifier, the first identification code, and the public key association are stored in the device key table.
Thus far, under the cooperative operation of the server and the terminal, the first user account of the user of the terminal according to the embodiment of the present disclosure completes the process of successfully logging in the terminal based on the verification code. In some embodiments, the information in the device key table of the application server may correspond to a history of successful login of each user account using the application at each terminal, for example, each record stored therein represents information that a specific first user account successfully logs in at a specific terminal, corresponding public key information in the record, and the like, and is used for verifying user identity and security in a subsequent one-key login process.
Fig. 4 illustrates a flowchart of the operation of a terminal when the terminal requests a one-touch login application according to an embodiment of the present disclosure. When the first user account of the user of the terminal according to the embodiment of the present disclosure completes the successful login process based on the authentication code at the terminal by performing the steps in fig. 2 and fig. 3, in some embodiments, when the application is restarted (which may be manually started by the user or called by other applications, etc., without limitation) at the same terminal, the login process based on the authentication code will not be repeated, but the login process in the second manner, that is, the one-key login process, is performed.
In step S401, the terminal first acquires the first user account and the first identification code in the login information stored when the application program was successfully logged in on the terminal last time.
In step S402, a one-touch login request is sent to the server, where the one-touch login request includes the first user account and the first identification code in the login information stored when the application program was successfully logged in on the terminal last time.
In step S403, in the case where the user account and the identification code matching the first user account and the first identification code exist in the device key table of the server, first verification information is acquired from the server. In some embodiments, the first verification information may comprise encrypted random information.
In step S404, the first check information is processed by using a private key of an asymmetric key pair associated with the first subscriber identity, which is stored in a security chip of the terminal, to obtain second check information.
In some embodiments, in generating the second check-up information, a first type of method may be employed, namely: decrypting the encrypted random information by using a private key of an asymmetric key pair associated with the first user identification, which is stored in a security chip of the terminal, to obtain plaintext random information, and including the plaintext random information in the second check information.
In other embodiments, a second type of method may be employed in generating the second check-up information, namely: the random information may be signed with a private key of an asymmetric key pair stored in a security chip of the terminal and associated with the first subscriber identity, resulting in signature information, which is included in the second check-up information.
In other embodiments, the second check-up information may also include information generated in other manners, which is not limited herein. However, it should be understood that different ways of generating the second verification information correspond to different methods of generating the first verification information implemented by the server, and corresponding verification methods, which will be described in detail below.
In step S405, in case the second check-up information passes the verification of the server, a third token associated with the first user identity is received from the server.
In step S406, the login information is updated to the first user account, the first user identifier, the first identification code, and the third token. The third token functions similarly to the second token described above, and is a unified pass for the application client to verify the validity of all operations based on the same login, for example, a service interface for the application client to call and account. In some embodiments, through an operation of replacing an original token with a new third token in one-key login each time, it can be ensured that only an application client holding a valid third token can perform a legal operation on an application, and for example, an outdated session cannot perform a legal operation because the held token is not the latest token issued by the server, so that authentication of a legal identity of a user is further ensured, and security of the system is improved.
Fig. 5 illustrates a flowchart of the operation of the server when the terminal requests a one-touch login application according to an embodiment of the present disclosure. In conjunction with the operation of the terminal when the terminal requests the one-touch login application as shown in fig. 4, the server performs the steps shown in fig. 5 in this login manner to implement the process of determining whether to allow the first user account to login to the application based on the device key table.
In step S501, a one-touch login request is received from a terminal, where the one-touch login request includes a first user account and a first identification code in login information stored last time an application program was successfully logged in on the terminal.
In step S502, it is determined whether a user account and an identification code that match the first user account and the first identification code exist in the device key table of the server, and if at least one of the two is not matched, in step S503, information prompting that the login fails is sent to the terminal.
When the determination result in step S502 is "yes", that is, when the user account and the identification code matching the first user account and the first identification code are stored in the device key table of the server, the server sends first verification information to the terminal in step S504, where the first verification information is obtained by processing the server by using a public key associated with the first user account and the first identification code in the device key table. In some embodiments, corresponding to the method for generating the second check-up information described above, the generating of the first check-up information may also be performed at least in the following two types, where the corresponding first type includes: the method comprises the steps of firstly obtaining a public key associated with a first user account in a device password table, generating random information such as numbers or character strings, then encrypting the random information by using the public key, generating encrypted random information serving as first check information, and sending the encrypted random information to a terminal. In other embodiments, the first verification information may be generated using a second type of method: first, random information such as a number or a character string is generated, and then the generated random information is transmitted to the terminal as first check information. Optionally, the server may encrypt the random information with a public key of the asymmetric key pair, or another previously negotiated communication key.
Next, in step S505, the server receives the second check-up information from the terminal. In step S506, the server verifies the second verification information. In some embodiments, the server may verify the second verification information using the public key or other information generated based on the public key. In some embodiments, the first verification method may be adopted to correspond to the second verification information generated by the first verification method, that is: and in the case that the plaintext random information in the second check-up information is consistent with the random information stored in the server, determining that the second check-up information passes the verification of the server. In other embodiments, the second type verification method may be adopted to correspond to the second verification information generated by adopting the second type method, and specifically includes: the method comprises the steps of firstly obtaining a public key associated with a first user account in a device password table, then verifying signature information contained in second verification information by using random information and the public key, and determining that the second verification information passes the verification of a server under the condition that the signature information passes the verification. Optionally, when the random information received by the terminal is encrypted by using a public key in the asymmetric key pair or other communication keys negotiated in advance, the terminal may correspondingly decrypt the random information by using a private key in the asymmetric key pair or other communication keys negotiated in advance, and then sign the random information obtained by decrypting the random information by using the private key in the asymmetric key pair to obtain signed information.
If the result of the determination in step S506 is "no", that is, if the authentication is not passed, information indicating that the login failed is transmitted to the terminal in step S507.
When the result of the determination in step S506 is yes, i.e., in case the second check-up information passes the authentication of the server, in step S508, a third token associated with the first user identification may be sent by the server to the terminal to allow the first user account to log in the application on the terminal.
As can be known from the processes described in fig. 4 and 5, when the first user account that has successfully logged in the terminal application based on the authentication code requests to log in the application again on the same terminal, the user does not need to log in using the authentication code, but can request a one-key login from the server based on the login information already stored in the terminal, and when the server receives the request that the first user account performs the one-key login on the application on the same terminal, the server does not need to interact with the operator server, and can determine whether to allow the first user account to log in the application of the terminal based on the device key table in the server, so that the operation processes of the user and the whole system are simplified, the login time is shortened, the experience of the user using the application is greatly improved, and the possibility of losing the client is reduced.
The inventors of the present disclosure also find that the processes of requesting to log in an application program based on an authentication code and logging in the application program one-touch after the application program is successfully logged in based on the authentication code in the terminal according to the embodiments of the present disclosure described in fig. 2 to fig. 5 also have the beneficial effects of shortening the development time and development cost of the application program and reducing the operation cost of the application program compared with the conventional one-touch login scheme. Specifically, when a traditional terminal (for example, a mobile phone terminal) application is developed to realize one-key login, an SDK package provided by a mobile phone operator needs to be accessed, an application developer needs to apply for a developer account number from an operator (for example, a mobile phone operator such as mobile, communication, telecommunication, and the like) and integrate the developer account number into a mobile phone application, so that the development difficulty, the development and testing workload of the developer and the time of product marketing are affected, and in the using process, the operator also charges a service fee and a flow fee to a platform providing an application service, thereby increasing the operation cost of the application. According to the embodiment of the disclosure, only when the user logs in the application program based on the verification code request at the terminal for the first time, the server of the application program requests the operator server to send the verification code, and the terminal only receives the verification code from the operator without other interaction, so that the application program developer does not need to integrate the developer account at the terminal, and therefore, the development difficulty can be greatly reduced, the development time can be shortened, and the development cost can be reduced. In addition, in the subsequent one-key login process, the one-key login can be conveniently realized only by utilizing the login information of the corresponding users stored in the terminal and the application server terminal in the process of logging in the application program based on the verification code for the first time, and the participation of an operator is not needed, so that the operating cost of the application program can be greatly reduced. Meanwhile, the embodiment of the disclosure can also effectively avoid user loss caused by poor service quality of operators, for example, in the traditional one-key login process depending on the verification code, the verification code is difficult to obtain due to poor network signals or excessive traffic pressure of the operators, and further, the waiting time of the user is prolonged, the experience is reduced, and the possibility of loss is increased. In the one-key login process according to the embodiment of the disclosure, interaction and authentication are only performed between the server and the terminal, and are not affected by the operator network and the service, so that the influence of the adverse factors on the use of the application program by the user is effectively avoided.
Fig. 6 shows a timing diagram of an example of a user logging into an application at a terminal based on an authentication code for the first time, according to an embodiment of the disclosure. The operation of each of the user 22, the application client 11a, the application server 21, and the operator server 30 and the information exchanged therebetween when the user 22 first logs in the application client 11a on a terminal (not shown) of the type held by the user 22, such as a mobile phone, a Pad, a notebook computer, etc., will be described below with reference to fig. 6. In some embodiments, the first time may refer to the first login of an application program with a certain user account, and in other embodiments, the first time may also refer to the first login of a user account that has been logged in after the application program on the terminal is uninstalled and reinstalled. In this embodiment, since it is the first login, when the user 22 opens the application client 11a on the terminal (not shown), it is prompted that login based on the authentication code is required. In some embodiments, the verification code may be in any suitable form, and in this example, the short message containing the verification code is obtained by using a mobile phone number as an example for description.
In step S601, the user 22 inputs the mobile phone number as the first user account in the interface of the application client 11a, and informs the application client 11a that it wants to acquire the authentication code, for example, by clicking a button for acquiring the authentication code in step S602. Then, the mobile phone number inputted by the user is used as a means for the application client 11a to acquire the verification code in the subsequent process.
In step S603, the application client 11a obtains the mobile phone number input by the user 22, and in step S604, calls the interface of the application server 21 for obtaining the verification code with the obtained mobile phone number as a parameter, and requests to generate the verification code for the mobile phone number.
In step S605, the application server 21 generates an authentication code for the mobile phone number acquired from the application client 11a, and stores the authentication code in the cache. In some embodiments, the cache may be, for example, a Redis cache. In other embodiments, other cache frameworks, such as Ehcache, etc., may also be used, as long as they are lightweight caches capable of supporting Key and Value, which is not limited herein. Next, in step S605, the application server 21 calls the short message verification code sending interface of the operator server to request that the verification code be sent to the mobile phone number, with the mobile phone number and the generated verification code as parameters.
After receiving the request, the operator server 30 respectively pushes the verification code to the mobile phone number held by the user 22 through the operator network, for example, in a short message manner in step S607; in step S608, information indicating that the transmission of the verification code is successful is returned to the application server 21. After receiving the information of successful verification code transmission from the operator server 30, in step S609, the application server 21 will also return the information of successful verification code transmission to the application client 11a.
After receiving the feedback of the successful sending of the verification code from the application server 21, the application client 11a will prompt the user 22 that the sending of the short message verification code is successful in step S610.
In step S611, the user 22 may input the verification code in the verification code sms received by his mobile phone number in the interface of the application client 11a, and request login by clicking a login button, for example, in step S612.
In step S613, after the application client 11a obtains the verification code input by the user, in step S614, the short message verification code login interface of the application server 21 is called with the mobile phone number and the verification code parameter, and the mobile phone number and the corresponding verification code are sent to the application server 21.
In step S615, the application server 21 obtains the verification code from the cache, compares the verification code with the short message verification code submitted by the application client 11a, determines that the verification of the verification code fails if the comparison result is inconsistent, and proceeds to step S616 to return verification error information to the application client 11a, in step S617, the application client 11a prompts the user 22 that the verification fails, and in step S618, prompts the user 22 of a login result of the failure. In some embodiments, user 22 may be prompted to fail the login, for example, within a specified number of failures, whether to attempt the verification code login again, or any other suitable prompting method may be used, depending on the design of the application program, without limitation. After receiving the login result prompt message, the user 22 ends the login based on the verification code in step S619, for example, the user may successfully enter the home page of the application program.
If the comparison result of the verification code is consistent in step S615, it is determined that the verification of the verification code is successful, and a series of operations and information exchanges performed in the following steps S620 to S630 enable the user 22 to log in the application program at the same terminal in the following process, so that the user does not need to log in the verification code, but can use a more convenient one-key login method.
In step S620, the application server 21 generates a first user identifier and a first token associated with the first user identifier in association with a terminal (not shown) used by the user 22 for the current login and a mobile phone number as a first user account, and in step S621, sends the generated first user identifier and first token to the application client 11a together with a status code including a verification success of the verification code.
In step S622, the application client 11a creates a first identification code associated with the terminal and the first user identifier, and creates an RSA asymmetric key pair associated with the first user identifier and stores it to the security chip in the terminal. In some embodiments, the public key of the asymmetric key pair may be read out, while the private key may not be exported outside the secure chip to secure the login information.
In step S623, the application client 11a obtains the public key in the asymmetric key pair stored in the security chip, and in step S624, calls the storage device key interface of the application server 21 using the public key, the first identifier, and the first token as parameters, so that the application server 21 can verify the above information.
In step S625, the application server 21 verifies the correctness of the first token and the first identification code and the uniqueness of the first identification code by using the received public key information. When the authentication fails, the process may go to some or all of the steps S616 to S619 described above, and end the login.
If the verification is passed in step S625, the application server 21 stores the mobile phone number, the first user identifier, the first identification code, and the public key in the device key table in association with each other in step S626, so as to facilitate verification of related information in the subsequent one-key login. The application server 21 will also generate a second token in step S626, and send the login result with the second token to the application client 11a in step S627.
In step S628, the application client 11a stores the four-tuple of the mobile phone number, the first user identifier, the first identification code and the second token, which is received as the first user account, as login information of the last successful login, and prompts the user 22 to successfully complete the login based on the verification code in step S629.
In step S630, after receiving the login result prompting message, the user 22 ends the login based on the verification code, for example, the user may successfully enter the home page of the application program in the next step. In some embodiments, after successfully logging into the application, the user 22 may also need to perform other operations at the application client 11a, in which case the second token will serve as a unified pass for legitimacy proof of all operations based on the same login, e.g., for application client calls and account-related business interfaces, etc.
Fig. 7 shows a timing diagram of an example of a user logging in an application at a terminal with one key according to an embodiment of the disclosure. Next, with reference to fig. 7, the respective operations of the user 22, the application client 11a, and the application server 21 and information interactive with each other when the user 22 logs in on a terminal (not shown) of a type such as a mobile phone, a Pad, a notebook computer, or the like held by the user, and when the application is logged in by one key in a case where the login is successful based on the authentication code before the login this time will be described. Note that unlike the authentication code based login application shown in fig. 6, in the present example, the login of the application is completed without the involvement of the operator server 30.
In step S701, the user 22 clicks the application icon, and enters the login page of the application client 11a in step S702.
Next, the application client 11a obtains login information of the last successful login in step S703, which includes the mobile phone number, the first user identifier, the first identification code, and the second token, and refreshes the login page in step S704, fills the mobile phone number in the interface, and displays a one-key login button. Specifically, the schematic interface of the application client of the terminal shown in fig. 8 may be combined, for example, a mobile phone number may be automatically filled in the account column 11a1, and the one-key login button 11a2 is displayed. In some other embodiments, the interface of the application client 11a in fig. 8 may further include some other functional areas, for example, a functional area 11a3, where the button 1, the button 2, and the button 3 may provide other required functions for the user, such as switching accounts, newly registering, exiting the application, and the like, for example, and are not described herein. It should be noted that in other embodiments, an interface that requires the user to manually click the "login with one key" button as shown in fig. 8 may not be present, and alternatively, when the user starts the application client 11a, the further functional interface of the application may be directly accessed in the case that the verification of the login with one key passes.
When the user 22 clicks the one-touch login button in step S706, the application client 11a is requested to log in to the application by one touch in step S707, and the application client 11a calls the login random code acquisition interface of the application server 21 in step S708, and transmits the mobile phone number and the first user identification code in the login information of the last successful login acquired before to the application server 21 as interface parameters.
In steps S709 to S711, the application server 21 queries and processes the mobile phone number and the first identification code acquired from the application client 11a using the public key information acquired in each step of fig. 6, such as the public key information in the device key table, to generate information for further authentication. Specifically, in step S709, the application server 21 first queries, according to the mobile phone number as the user account, whether a data record completely matching the mobile phone number and the first identification code exists in the device key table, and if not, prompts a one-touch login error message (not shown) to the application client 11a, and further prompts a message (not shown) that the one-touch login fails to the user 22 by the application client 11a.
If it is determined in step S709 that there is a completely matched data record, the corresponding public key information in the record is further queried, and in step S710, random information is generated and stored in the cache. In step S711, the random information is subjected to encryption processing using the public key acquired from the device key table to obtain encrypted random information. Further, in step S712, a random code containing encrypted random information is returned to the application client 11a.
In step S713, after the application client 11a obtains the random code containing the encrypted random information returned by the application server 21, for example, by calling a private key decryption interface provided by the terminal, and providing the corresponding first user identifier and the encrypted random information to the interface, so as to decrypt the encrypted random information, and obtain a plaintext of the decrypted random information. Subsequently, in step S714, the random code login interface is called, and the decrypted random information is sent to the application server 21.
In step 715, the application server 21 obtains random information from the cache, compares the random information with the decrypted random information obtained from the application client 11a, and prompts a one-key login error message (not shown) to the application client 11a if the comparison result is inconsistent, and further prompts a one-key login failure message (not shown) to the user 22 by the application client 11 a; and if the comparison result is consistent, returning a one-key login result to the application program client 11a with the generated third token.
In step S717, the login information is updated, and the second token in the login information is updated to the third token. In step S718, the application client 11a presents the login result to the user 22, and in step S719, the one-touch login process is ended, for example, the application may be successfully entered into the home page. In some embodiments, after a successful one-touch login to the application, the user 22 may also need to perform other operations at the application client 11a, in which case the third token will serve as a unified pass for legitimacy proof of all operations based on the same login, e.g., for the application client to call a business interface associated with an account, etc.
Embodiments of the present disclosure also provide a terminal, which includes a memory, a processor, and a program stored in the memory and configured to be executed by the processor, and when the program is executed by the processor, the method for performing one-touch login of a terminal application program of the foregoing embodiments is applied to a terminal.
Embodiments of the present disclosure also provide a server, which includes a memory, a processor, and a program stored in the memory and configured to be executed by the processor, and when the program is executed by the processor, the server performs the steps of applying the method for one-touch login of a terminal application program of the foregoing embodiments to the server.
Moreover, although exemplary embodiments have been described herein, the scope thereof includes any and all embodiments based on the disclosure with equivalent elements, modifications, omissions, combinations (e.g., of various embodiments across), adaptations or alterations. The elements of the claims are to be interpreted broadly based on the language employed in the claims and not limited to examples described in the present specification or during the prosecution of the application, which examples are to be construed as non-exclusive. It is intended, therefore, that the specification and examples be considered as exemplary only, with a true scope and spirit being indicated by the following claims and their full scope of equivalents.
The above description is intended to be illustrative and not restrictive. For example, the above-described examples (or one or more versions thereof) may be used in combination with each other. For example, other embodiments may be used by those of ordinary skill in the art upon reading the above description. In addition, in the foregoing detailed description, various features may be grouped together to streamline the disclosure. This should not be interpreted as an intention that a disclosed feature not claimed is essential to any claim. Rather, inventive subject matter may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, with each claim standing on its own as a separate embodiment, and it is contemplated that the embodiments can be combined with each other in various combinations or permutations. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.

Claims (19)

1. A method for one-key login of a terminal application program is applied to a terminal, and is characterized by comprising the following steps:
when a first user account of a user of the terminal requests to log in to the application at the terminal based on an authentication code,
if the verification code is verified successfully, acquiring a first user identifier associated with the first user account from an application server;
generating a first identification code associated with the first subscriber identity and the terminal, and an asymmetric key pair associated with the first subscriber identity;
storing the generated asymmetric key pair in a security chip of the terminal, wherein a private key of the asymmetric key pair cannot be exported to the outside of the security chip;
sending the public key of the asymmetric key pair and the first identification code to the application server;
receiving a second token associated with the first user identification from the application server; wherein the second token is used for allowing the first user account to log in the application program on the terminal;
storing the first user account, the first user identifier, the first identification code and the second token in an associated manner as login information of the application program;
when the first user account requests to log in the application program again after the terminal successfully logs in based on the verification code, requesting one-key login to the application program server based on the login information; which comprises the following steps: sending a one-key login request to the application program server, wherein the one-key login request comprises a first user account and a first identification code in login information stored when the application program is successfully logged in the terminal last time;
acquiring first verification information from the application server under the condition that a user account and an identification code which are matched with the first user account and the first identification code exist in an equipment key table of the application server;
processing the first check information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain second check information;
receiving a third token associated with the first user identity from the application server in case the second verification information passes verification by the application server based on the public key; wherein the third token is used for allowing the first user account to log in the application program on the terminal.
2. The method of claim 1, further comprising:
if the verification code is successfully verified, acquiring a first token associated with the first user identifier from the application server;
when the public key and the first identification code in the asymmetric key pair are sent to the application program server, a token to be verified is sent to the application program server, wherein the token to be verified is the first token;
a step of receiving a second token associated with the first subscriber identity from the application server, comprising:
receiving, from the application server, a second token associated with the first user identification if the application server verifies that the token to be verified passes using a first token stored on the application server.
3. The method of claim 1, wherein receiving the second token associated with the first subscriber identity from the application server comprises:
and receiving a second token associated with the first user identification from the application server under the condition that an identification code matched with the first identification code does not exist in a device key table of the application server, wherein the identification code corresponding to the user account successfully logging in the application program based on the verification code is stored in the device key table.
4. A method according to any of claims 1-3, wherein the step of generating a first identity code associated with the first subscriber identity and the terminal comprises: a first identification code associated with the first user account and the terminal is generated based on timestamp information.
5. The method of any of claims 1-3, wherein the step of requesting a one-touch login from the application server based on the login information further comprises:
and updating the login information into the first user account, the first user identifier, the first identification code and the third token.
6. The method of claim 4, wherein the step of requesting a one-touch login from the application server based on the login information further comprises:
and updating the login information into the first user account, the first user identifier, the first identification code and the third token.
7. The method of claim 5, wherein the first verification information comprises encrypted random information,
processing the first check information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain the second check information, wherein the processing comprises:
and decrypting the encrypted random information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain plaintext random information, wherein the second check information comprises the plaintext random information.
8. The method of claim 6, wherein the first verification information comprises encrypted random information,
processing the first check information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain the second check information, wherein the processing comprises:
and decrypting the encrypted random information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain plaintext random information, wherein the second check information comprises the plaintext random information.
9. The method of claim 5, wherein the first verification information comprises random information;
processing the first check information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain the second check information, wherein the processing comprises:
and signing the random information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain signature information, wherein the second check information comprises the signature information.
10. The method of claim 6, wherein the first check information comprises random information;
processing the first check information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain the second check information, wherein the processing comprises:
and signing the random information by using a private key in an asymmetric key pair which is stored in a security chip of the terminal and is associated with the first user identification to obtain signature information, wherein the second check information comprises the signature information.
11. A method for one-key login of a terminal application program is applied to an application program server, and is characterized by comprising the following steps:
when a first user account of a user of the terminal requests to log in to the application based on an authentication code at the terminal,
under the condition that the verification code is successfully verified, sending a first user identifier associated with the terminal and the first user account to the terminal;
receiving a public key and a first identification code of an asymmetric key pair from the terminal, wherein the asymmetric key pair is generated by the terminal in association with the first subscriber identity, and the first identification code is generated by the terminal in association with the first subscriber identity and the terminal;
sending a second token associated with the first subscriber identity to the terminal; wherein the second token is used for allowing the first user account to log in the application program on the terminal;
storing the first user account number, the first user identifier, the first identification code and the public key association in an equipment key table;
and when the first user account requests to log in the application program again after the terminal successfully logs in based on the verification code, determining whether to allow the first user account to log in the application program based on the device key table.
12. The method of claim 11, further comprising:
under the condition that the verification code is verified successfully, sending a first token associated with the first user identification to the terminal;
when a public key and a first identification code in an asymmetric key pair from the terminal are received, receiving a token to be verified from the terminal;
a step of sending a second token associated with the first subscriber identity to the terminal, comprising:
and in the case that the to-be-verified token is verified to pass by utilizing the first token stored on the application program server, sending a second token associated with the first user identification to the terminal.
13. The method of claim 11, further comprising:
a step of sending a second token associated with the first subscriber identity to the terminal, comprising:
and sending a second token associated with the first user identification to the terminal under the condition that an identification code matched with the first identification code does not exist in the equipment key table.
14. The method of any of claims 11-13, wherein determining whether to allow the first user account to log into the application based on the device key table comprises:
receiving a one-key login request from the terminal, wherein the one-key login request comprises a first user account and a first identification code in login information stored when the application program is successfully logged in the terminal last time;
sending first verification information to the terminal under the condition that a user account and an identification code matched with the first user account and the first identification code are stored in the device key table of the application program server;
receiving second check-up information from the terminal; the second check information is obtained by processing the first check information by the terminal by using a private key in the asymmetric key pair;
in the case of verification of the second verification information by the application server based on the public key, sending a third token associated with the first user identity to the terminal to allow the first user account to log in to the application on the terminal;
the first verification information is obtained by processing, by the application server, a public key associated with the first user account and the first identification code in the device key table, or the application server utilizes the public key when verifying the second verification information.
15. The method of claim 14,
the step of sending first verification information to the terminal includes:
acquiring a public key associated with the first user account in the device password table;
generating random information, wherein the random information is a number or a character string;
encrypting the random information by using the public key to generate encrypted random information as the first verification information;
sending the first verification information to the terminal;
the method further comprises the following steps:
in a case where the second check-up information coincides with the random information, it is determined that the second check-up information passes verification by the application server.
16. The method of claim 14,
the step of sending first verification information to the terminal includes:
generating random information, wherein the random information is a number or a character string;
transmitting the generated random information as the first check information to the terminal;
the method further comprises the following steps:
acquiring a public key associated with the first user account in the device password table;
verifying signature information contained in the second check-up information using the random information and the public key,
in a case where the signature information is verified, determining that the second verification information passes verification by the application server.
17. A terminal comprising a memory, a processor, and a program stored in the memory and configured to be executed by the processor, wherein the program, when executed by the processor, performs the method of claims 1-10.
18. An application server comprising a memory, a processor, and a program stored in the memory and configured to be executed by the processor, wherein the program, when executed by the processor, performs the method of claims 11-16.
19. A system for application one-touch login, comprising: the system comprising at least one terminal according to claim 17 and an application server according to claim 18.
CN202111004282.9A 2021-08-30 2021-08-30 Method, equipment and system for one-key login of terminal application program Active CN113765906B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111004282.9A CN113765906B (en) 2021-08-30 2021-08-30 Method, equipment and system for one-key login of terminal application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111004282.9A CN113765906B (en) 2021-08-30 2021-08-30 Method, equipment and system for one-key login of terminal application program

Publications (2)

Publication Number Publication Date
CN113765906A CN113765906A (en) 2021-12-07
CN113765906B true CN113765906B (en) 2022-11-29

Family

ID=78791951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111004282.9A Active CN113765906B (en) 2021-08-30 2021-08-30 Method, equipment and system for one-key login of terminal application program

Country Status (1)

Country Link
CN (1) CN113765906B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390524B (en) * 2021-12-22 2024-04-23 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN113993127B (en) * 2021-12-28 2022-05-06 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN114158047A (en) * 2021-12-30 2022-03-08 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN114158046B (en) * 2021-12-30 2024-04-23 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN115442809B (en) * 2022-11-08 2023-01-31 北京紫光青藤微系统有限公司 Login method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954383A (en) * 2015-06-24 2015-09-30 深圳市兰丁科技有限公司 Application program login method and system
CN107948204A (en) * 2017-12-29 2018-04-20 咪咕文化科技有限公司 One key login method and system, relevant device and computer-readable recording medium
CN109150910A (en) * 2018-10-11 2019-01-04 平安科技(深圳)有限公司 Log in token generation and verification method, device and storage medium
CN112328321A (en) * 2020-10-26 2021-02-05 北京白龙马云行科技有限公司 Method and device for providing application service

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11190344B2 (en) * 2017-01-25 2021-11-30 Salesforce.Com, Inc. Secure user authentication based on multiple asymmetric cryptography key pairs

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954383A (en) * 2015-06-24 2015-09-30 深圳市兰丁科技有限公司 Application program login method and system
CN107948204A (en) * 2017-12-29 2018-04-20 咪咕文化科技有限公司 One key login method and system, relevant device and computer-readable recording medium
CN109150910A (en) * 2018-10-11 2019-01-04 平安科技(深圳)有限公司 Log in token generation and verification method, device and storage medium
CN112328321A (en) * 2020-10-26 2021-02-05 北京白龙马云行科技有限公司 Method and device for providing application service

Also Published As

Publication number Publication date
CN113765906A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
CN113765906B (en) Method, equipment and system for one-key login of terminal application program
US10223520B2 (en) System and method for integrating two-factor authentication in a device
US11281762B2 (en) Method and apparatus for facilitating the login of an account
CN107249004B (en) Identity authentication method, device and client
CN110365684B (en) Access control method and device for application cluster and electronic equipment
US8191123B2 (en) Provisioning a network appliance
KR20170080669A (en) Establishing communication between mobile terminals
CN112313648A (en) Authentication system, authentication method, application providing device, authentication device, and authentication program
JP2018517367A (en) Service provider certificate management
CN110795174B (en) Application program interface calling method, device, equipment and readable storage medium
CN109861968A (en) Resource access control method, device, computer equipment and storage medium
CN112968892B (en) Information verification method, device, computing equipment and medium
CN114329387A (en) Single sign-on control method, system, electronic equipment and computer readable medium
CN111786996B (en) Cross-domain synchronous login state method and device and cross-domain synchronous login system
CN111259356B (en) Authorization method, auxiliary authorization component, management server and computer readable medium
CN107645474B (en) Method and device for logging in open platform
CN112565239B (en) Authentication method, device, computer equipment and storage medium for integrating multiple operators
CN105471920A (en) Identifying code processing method and device
CN108833105B (en) Electronic signature method and device
CN107241341B (en) Access control method and device
CN111723347B (en) Identity authentication method, identity authentication device, electronic equipment and storage medium
CN112685699B (en) Software registration method and device and software registration code generation method and device
CN108549808B (en) Password management method and device
CN112084485A (en) Data acquisition method, device, equipment and computer storage medium
CN115860745B (en) Secret payment-free signing method, gateway equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Applicant after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Applicant before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20221020

Address after: 201203 room 912, 9 / F, building 1, No. 169 shengxia road and No. 1658 Zhangdong Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai

Applicant after: Shanghai Weibai Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Applicant before: Beijing Shendun Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant