CN113946811A - Authentication method and device - Google Patents
Authentication method and device Download PDFInfo
- Publication number
- CN113946811A CN113946811A CN202111219165.4A CN202111219165A CN113946811A CN 113946811 A CN113946811 A CN 113946811A CN 202111219165 A CN202111219165 A CN 202111219165A CN 113946811 A CN113946811 A CN 113946811A
- Authority
- CN
- China
- Prior art keywords
- token
- user
- authentication
- user equipment
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000013475 authorization Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 description 25
- 238000004891 communication Methods 0.000 description 23
- 230000014759 maintenance of location Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 6
- 239000000872 buffer Substances 0.000 description 4
- 230000002688 persistence Effects 0.000 description 4
- 230000001939 inductive effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application provides an authentication method and device, which can be used in the financial field or other fields, and the method comprises the following steps: receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp; judging whether the first token exists at the server side and the first token is in the validity period or not according to preset token valid duration, the first token and a token timestamp; and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed. According to the method and the device, the efficiency and the automation degree of authentication can be improved, and further the user experience can be improved.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to an authentication method and an authentication device.
Background
With the rapid development of mobile communication network technology, the application of small programs is more and more popular; a user may enter a page of the applet by searching the applet, scanning the two-dimensional code, or clicking a link shared by others, usually applying an authentication mechanism to verify whether the user has the right to access the applet.
At present, a common applet authentication mode is to authenticate through a login mode such as account password or mobile phone dynamic code verification, and the authentication mode is complicated, low in efficiency and capable of influencing user experience.
Disclosure of Invention
Aiming at the problems in the prior art, the application provides an authentication method and an authentication device, which can improve the efficiency and the automation degree of authentication, and further improve the user experience.
In order to solve the technical problem, the present application provides the following technical solutions:
receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp;
judging whether the first token exists at the server side and the first token is in the validity period or not according to preset token valid duration, the first token and a token timestamp;
and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed.
Further, after the determining whether the first token exists at the server and the first token is within the validity period, the method further includes:
if the first token does not exist in the server or the first token is not in the validity period, receiving a temporary login credential sent by the user equipment;
judging whether a user unique identifier corresponding to the temporary login credential exists in a preset user information table, if so, acquiring a second token corresponding to the user unique identifier;
and sending the user unique identifier and the second token to the user equipment so that the user equipment updates the first token according to the user unique identifier and the second token.
Further, the authentication method further includes:
if the unique user identifier does not exist in a preset user information table, generating a session key corresponding to the unique user identifier;
and sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
Further, the authentication method further includes:
and if the unique user identifier does not exist in the preset user information table, updating the preset user information table according to the unique user identifier.
Further, the authentication method further includes:
and when a user exit request is received, deleting the user unique identification in the user information table.
In a second aspect, the present application provides an authentication device, including:
a request module, configured to receive an authentication and authorization request sent by a user equipment, where the authentication and authorization request includes: a first token and a token timestamp;
the judging module is used for judging whether the first token exists at the server side and the first token is in the validity period according to the preset token valid duration, the first token and the token timestamp;
and the determining module is used for determining that the authentication of the user equipment passes if the first token exists and the first token is in the valid period.
Further, the authentication device further includes:
a login request sending module, configured to receive a temporary login credential sent by the user equipment if the first token does not exist at the server or the first token is not within the validity period;
the receiving module is used for judging whether a user unique identifier corresponding to the temporary login credential exists in a preset user information table or not, and if so, acquiring a second token corresponding to the user unique identifier;
and the updating module is used for sending the user unique identifier and the second token to the user equipment so as to enable the user equipment to update the first token according to the user unique identifier and the second token.
Further, the authentication device further includes:
the acquisition module is used for generating a session key corresponding to the unique user identifier if the unique user identifier does not exist in a preset user information table;
and the sending module is used for sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
In a third aspect, the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the authentication method when executing the program.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon computer instructions that, when executed, implement the authentication method.
According to the technical scheme, the application provides an authentication method and device. Wherein, the method comprises the following steps: receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp; judging whether the first token exists at the server side and the first token is in the validity period or not according to preset token valid duration, the first token and a token timestamp; if the first token exists and the first token is in the validity period, the authentication of the user equipment is determined to pass, so that the efficiency and the automation degree of the authentication can be improved, and further the user experience can be improved; specifically, the security of user information can be improved, the flexibility of authentication can be improved, and the convenience of the application applet can be further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of an authentication method in an embodiment of the present application;
FIG. 2 is a flow chart of an authentication method in another embodiment of the present application;
FIG. 3 is a schematic flow chart of an authentication method in another embodiment of the present application;
fig. 4 is a schematic flowchart of an authentication method in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an authentication device in an embodiment of the present application;
fig. 6 is a schematic block diagram of a system configuration of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
To facilitate understanding of the present solution, first, technical contents related to the present solution will be described.
Permanent login: for the user side, after login is successful, login is not required to be carried out again, and for the implementation logic, the non-inductive login is actually completed.
Authentication and authentication: it is verified whether the user has the right to access the system.
openId: and the unique user identifier is used for defining the login state according to the unique user identifier and identifying the user identity when the front end and the back end interact in the subsequent service logic.
Retention state: the method comprises the steps of representing the login state of a user in the applet, representing that the user is in the login state when the retention state exists, and representing that the user does not log in the system when the retention relationship does not exist. There may be two situations without logging into the system: firstly, the new user and secondly, the user operates the function of quitting the small program.
High-level components: the method is a high-level technology for reusing components in act, specifically, a high-level component is a function, and the function accepts a component as a parameter and returns a new component.
At present, the common authentication method further includes:
1. when the applet page is opened, the login function provided by the communication social software applet official is matched with the back-end service, and the non-inductive login is realized through the openId returned by the communication social software interface service. 2. When the browsed page needs to log in authentication, the state of the current user is judged in a page jump function of the applet, then the user is prompted to log in a popup window mode or directly jumps to a login page to guide the user to log in, after the user finishes logging in, information such as Token and the like is stored in a local cache, and each subsequent visit carries Token information read from the local cache. 3. The authentication is generally realized by comparing the routing white list with a skipping method of the applet per se and giving a corresponding prompt or skipping to a page of the corresponding authentication.
Although the existing authentication and authentication mode can realize permanent login, the login is realized only by the front end part of the applet, on one hand, a user does not exit the entrance of the applet, belongs to permanent binding and has poor user experience, and on the other hand, the problem of unauthorized access possibly causes the problems of sensitive information and safe operability; the method comprises the following steps that the method is limited to the size of a local cache, and operations such as deleting the applet and clearing the local cache of communication social software by a user cause the problems that Token in the cache is deleted and the Token invalidation strategy is difficult to effectively store authentication information in the local cache, so that the user needs to frequently log in the applet under the condition that the user does not operate to log out the applet; the processing in the skipping method of the communication social software needs active judgment before skipping every time, and when the related roles and the authorities are verified too much, judgment logic redundancy can be caused, and judgment can be missed.
In order to improve the efficiency and the degree of automation of authentication and further improve user experience, an embodiment of the present application provides an authentication and authentication apparatus, where the apparatus may be a server or a client device, and the client device may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), a vehicle-mounted device, an intelligent wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch and intelligent bracelet etc..
In practical applications, the authentication part may be performed on the server side as described above, or all operations may be performed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. The client device may further include a processor if all operations are performed in the client device.
The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.
The server and the client device may communicate using any suitable network protocol, including network protocols not yet developed at the filing date of this application. The network protocol may include, for example, a TCP/IP protocol, a UDP/IP protocol, an HTTP protocol, an HTTPS protocol, or the like. Of course, the network Protocol may also include, for example, an RPC Protocol (Remote Procedure Call Protocol), a REST Protocol (Representational State Transfer Protocol), and the like used above the above Protocol.
It should be noted that the authentication method and apparatus disclosed in the present application can be used in the field of financial technology, and can also be used in any field other than the field of financial technology.
The following examples are intended to illustrate the details.
In order to improve the efficiency and automation degree of authentication and further improve the user experience, the present embodiment provides an authentication method in which the execution subject is an authentication device, the authentication device includes but is not limited to a server, as shown in fig. 1, and the method specifically includes the following contents:
step 100: receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp.
Specifically, when a user enters a page of the applet requiring authentication through code scanning or click connection, the user equipment sends an authentication request to the server; the first token and the token timestamp are locally cached tokens and token timestamps of the user equipment; the user device may represent a client, such as a mobile phone or a tablet computer.
Step 200: and judging whether the first token exists at the server side and the first token is in the validity period or not according to the preset token valid duration, the first token and the token timestamp.
Specifically, whether the first token exists in the tokens cached by the server or not can be judged, if yes, and if the time range from the token timestamp to the current system time of the server is less than or equal to the preset token valid duration, it is determined that the first token exists in the server and the first token is within the valid period; the preset token valid duration can be set according to actual needs, which is not limited in the present application; the server may represent a servlet of an applet.
Step 300: and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed.
In order to further improve the efficiency of authentication, referring to fig. 2, in an embodiment of the present application, after step 200, the method further includes:
step 400: and if the first token does not exist in the server or the first token is not in the validity period, receiving a temporary login credential sent by the user equipment.
Specifically, if the first token does not exist in the server or the first token is not within the validity period, a user login operation may be triggered; the user equipment can obtain a temporary login credential code from a server of the communication social software by applying a wx.
Step 500: and judging whether a user unique identifier corresponding to the temporary login certificate exists in a preset user information table, and if so, acquiring a second token corresponding to the user unique identifier.
Specifically, the preset user information table may be pre-configured locally in the authentication and authorization apparatus; the unique user identifier can be obtained from a server of the communication social software according to the temporary login certificate; judging whether the unique user identification exists in a preset user information table or not, and if so, acquiring a second token corresponding to the unique user identification; the second token can be a token locally cached by a server; the token cached locally at the server side is updated regularly, and after the token cached locally at the server side is updated, the tokens cached respectively at the server side and the user equipment may be inconsistent, so that the unique user identifier and the locally updated token at the server side can be sent to the user equipment, and the locally cached first token of the user equipment can be updated.
Step 600: and sending the user unique identifier and the second token to the user equipment so that the user equipment updates the first token according to the user unique identifier and the second token.
In order to further improve the efficiency of authentication, referring to fig. 3, in an embodiment of the present application, after step 400, the method further includes:
step 700: and if the user unique identifier does not exist in a preset user information table, generating a session key corresponding to the user unique identifier.
Step 800: and sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
In order to improve the reliability of the user information table and further improve the reliability of the authentication, in an embodiment of the present application, after step 300, the method further includes:
step 900: and if the unique user identifier does not exist in the preset user information table, updating the preset user information table according to the unique user identifier.
In order to save storage space and avoid permanent binding between a user and an applet, in an embodiment of the present application, the authentication method further includes:
and when a user exit request is received, deleting the user unique identification in the user information table.
To further illustrate the present solution, the present application provides an application example of an authentication method, which is specifically described as follows:
s01: and calling a login method provided by communication social software, such as wx.
S02: and taking the temporary login voucher code as a parameter, calling an interface for inquiring the user retention state by the server, and returning the user retention state and other contents by the server.
S03: when the user persistence state is the 'existence persistence state', the unique user identifier openId, the Token and other necessary information are returned at the same time, and the returned information is stored locally, so that the Token in the local cache is replaced, and the purpose of non-inductive login is achieved.
S04: when the user persistence state is 'no persistence state', simultaneously returning a unique user identifier openId and a session key sessionKey, and locally storing returned information so as to be used as a parameter when the user performs mobile phone number authorization login, wherein the login is specifically realized as follows:
s041: and after the user clicks an authorized mobile phone number login button on a page, a popup window for authorizing and binding the mobile phone number is called up, and after operation is allowed or rejected, a callback function of the bindgetphonenumber event is applied for processing.
S042: the method for acquiring the data returned by the server of the communication social software from the returned information of the callback comprises the following steps: the operating state errMsg, the encrypted data encryptedData of the complete user information including sensitive data and the initial vector iv field of the encryption algorithm.
S043: and judging whether the value of the errMsg is equal to getPhoneNumber ok, if so, indicating that the user allows the authorization of the mobile phone number, and processing in a conditional branch of the user allowing the authorization.
S044: and acquiring the openId and sessionKey in a local cache.
S045: taking encrypted data, iv, openId, clientId and sessionKey as access parameters, calling a login interface of a server, decrypting the mobile phone number and maintaining the retention relationship of the mobile phone number and the openId by the server, simultaneously returning a Token field, locally storing by the applet terminal, carrying the Token field by the subsequent interface request, realizing authentication, and simultaneously maintaining a timestamp field of the Token in a local cache for verifying the effectiveness of the Token.
S05: for the case of user operation quitting, except that the back-end service deletes the corresponding relationship between the mobile phone number and the openId in the database table, the front-end also needs to clear the local cache for the next authentication.
Specifically, when a user logs in through an authorized mobile phone number in an applet page, the back-end service maintains the corresponding relation between the mobile phone number and the openId in a database table, and when the user exits, the back-end service deletes the corresponding relation between the mobile phone number and the openId in the database table, so that the retention state of the user can be judged through the corresponding relation between the mobile phone number and the openId, and the user with the retention state needs to realize the sensorless login.
S06: and after receiving the authentication request, acquiring a Token timestamp field and a Token field in the local cache, comparing the Token timestamp field and the Token field with Token effective duration set by a server side, and judging the effectiveness of the Token.
S07: when Token exists and is in the validity period, no processing is needed, the server pressure is reduced, and the performance is improved.
S08: when the Token timestamp and the Token field do not exist or the Token field has failed, the execution returns to step S01.
Specifically, the public logic for judging authentication and authentication can be abstracted into a high-order component, code multiplexing can be realized, rendering hijacking can also be realized, the key is that the page can execute corresponding operation in any required life cycle, and Token in a local cache is updated in time, so that the problem of authentication and authentication of any page entered by a user through code scanning or click connection is solved, and meanwhile, the authentication logic can be independent of the page logic. Possible lifecycle array variables may be defined in the high-level components to match the incoming lifecycle; matching the incoming life cycle in the related life cycle functions in the high-order component, and calling the packaged authentication function in a synchronous calling mode if the incoming life cycle is matched; in the authentication function, obtaining a Token time stamp field and a Token field in a local cache; steps S01 through S05 may be implemented using an authentication function encapsulated in high-level components.
By introducing a high-order component into a page needing authentication and authorization, the high-order component participates in a life cycle needing authentication and authorization, and the high-order function is executed before the life cycle corresponding to the page is executed to judge whether a user has a reserve or not and perform subsequent operations.
In order to further improve the efficiency and the automation degree of the authentication and certification and further improve the user experience, the application example of the authentication and certification method is further provided in the present application, which is described in detail below with reference to fig. 4:
the user opens any page needing authentication; judging whether a token exists in the local cache, if so, judging whether the token is effective; if the token is invalid, calling a login method wx.login () provided by the communication social software official to obtain a temporary login credential code; calling an interface of a server for inquiring the user retention state, and returning information such as the user retention state, Token and the like to the server; judging whether the user has the retention; if the user has the retention, storing the token and other information to a local cache; executing page logic; if the token does not exist in the local cache or the user does not exist in the retention, jumping to the login page; after login is successful, the user can open any page needing authentication again; if token is valid, the page logic executes.
In terms of software, in order to improve the efficiency and automation degree of authentication and further improve the user experience, the present application provides an embodiment of an authentication and authentication apparatus for implementing all or part of the contents in the authentication and authentication method, and referring to fig. 5, the authentication and authentication apparatus specifically includes the following contents:
a request module 10, configured to receive an authentication and authorization request sent by a user equipment, where the authentication and authorization request includes: a first token and a token timestamp.
The first determining module 20 is configured to determine whether the first token exists at the server and the first token is within the validity period according to a preset token valid duration, the first token and a token timestamp.
A determining module 30, configured to determine that the authentication of the user equipment passes if the first token exists and the first token is within the validity period.
In an embodiment of the present application, the authentication and authorization apparatus further includes:
and the login request sending module is used for receiving the temporary login credential sent by the user equipment if the first token does not exist in the server or the first token is not in the validity period.
And the receiving module is used for judging whether the unique user identifier corresponding to the temporary login certificate exists in a preset user information table or not, and if so, acquiring a second token corresponding to the unique user identifier.
And the updating module is used for sending the user unique identifier and the second token to the user equipment so as to enable the user equipment to update the first token according to the user unique identifier and the second token.
In an embodiment of the present application, the authentication and authorization apparatus further includes:
and the obtaining module is used for generating a session key corresponding to the unique user identifier if the unique user identifier does not exist in a preset user information table.
And the sending module is used for sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
The embodiments of the authentication and authorization apparatus provided in this specification may be specifically used for executing the processing flow of the embodiments of the authentication and authorization method, and the functions thereof are not described herein again, and reference may be made to the detailed description of the embodiments of the authentication and authorization method.
As can be seen from the above description, the authentication method and apparatus provided by the present application can improve the efficiency and the degree of automation of authentication, and thus can improve the user experience; specifically, the security of user information can be improved, the flexibility of authentication can be improved, and the convenience of the application applet can be further improved.
In terms of hardware, in order to improve the efficiency and the automation degree of authentication and further improve the user experience, the present application provides an embodiment of an electronic device for implementing all or part of the content in the authentication and authentication method, where the electronic device specifically includes the following content:
a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between the authentication device, the user terminal and other related equipment; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the electronic device may be implemented with reference to the embodiment for implementing the authentication method and the embodiment for implementing the authentication device in the embodiments, and the contents thereof are incorporated herein, and repeated details are not repeated herein.
Fig. 6 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 6, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this FIG. 6 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.
In one or more embodiments of the present application, the authentication and authorization function may be integrated into the central processor 9100. The central processor 9100 may be configured to control as follows:
step 100: receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp.
Step 200: and judging whether the first token exists at the server side and the first token is in the validity period or not according to the preset token valid duration, the first token and the token timestamp.
Step 300: and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed.
As can be seen from the above description, the electronic device provided in the embodiment of the present application can improve the efficiency and the automation degree of authentication, so as to improve the user experience.
In another embodiment, the authentication device may be configured separately from the central processor 9100, for example, the authentication device may be configured as a chip connected to the central processor 9100, and the authentication function is realized under the control of the central processor.
As shown in fig. 6, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 6; further, the electronic device 9600 may further include components not shown in fig. 6, which may be referred to in the art.
As shown in fig. 6, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.
The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.
The memory 9140 can be a solid state memory, e.g., Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.
The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.
As can be seen from the above description, the electronic device provided in the embodiment of the present application can improve the efficiency and the automation degree of authentication, so as to improve the user experience.
An embodiment of the present application further provides a computer-readable storage medium capable of implementing all the steps in the authentication and authorization method in the foregoing embodiment, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps in the authentication and authorization method in the foregoing embodiment, for example, when the processor executes the computer program, the processor implements the following steps:
step 100: receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp.
Step 200: and judging whether the first token exists at the server side and the first token is in the validity period or not according to the preset token valid duration, the first token and the token timestamp.
Step 300: and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed.
As can be seen from the above description, the computer-readable storage medium provided in the embodiment of the present application can improve the efficiency and the automation degree of authentication, thereby improving the user experience.
In the present application, each embodiment of the method is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. Reference is made to the description of the method embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the present application are explained by applying specific embodiments in the present application, and the description of the above embodiments is only used to help understanding the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. An authentication method, comprising:
receiving an authentication request sent by user equipment, wherein the authentication request comprises: a first token and a token timestamp;
judging whether the first token exists at the server side and the first token is in the validity period or not according to preset token valid duration, the first token and a token timestamp;
and if the first token exists and the first token is within the validity period, determining that the authentication of the user equipment is passed.
2. The authentication method according to claim 1, wherein after the determining whether the first token exists at the server and the first token is within the validity period, the method further comprises:
if the first token does not exist in the server or the first token is not in the validity period, receiving a temporary login credential sent by the user equipment;
judging whether a user unique identifier corresponding to the temporary login credential exists in a preset user information table, if so, acquiring a second token corresponding to the user unique identifier;
and sending the user unique identifier and the second token to the user equipment so that the user equipment updates the first token according to the user unique identifier and the second token.
3. The authentication method according to claim 2, further comprising:
if the unique user identifier does not exist in a preset user information table, generating a session key corresponding to the unique user identifier;
and sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
4. The authentication method according to claim 3, further comprising:
and if the unique user identifier does not exist in the preset user information table, updating the preset user information table according to the unique user identifier.
5. The authentication method according to claim 2, further comprising:
and when a user exit request is received, deleting the user unique identification in the user information table.
6. An authentication device, comprising:
a request module, configured to receive an authentication and authorization request sent by a user equipment, where the authentication and authorization request includes: a first token and a token timestamp;
the judging module is used for judging whether the first token exists at the server side and the first token is in the validity period according to the preset token valid duration, the first token and the token timestamp;
and the determining module is used for determining that the authentication of the user equipment passes if the first token exists and the first token is in the valid period.
7. The authentication device according to claim 6, further comprising:
a login request sending module, configured to receive a temporary login credential sent by the user equipment if the first token does not exist at the server or the first token is not within the validity period;
the receiving module is used for judging whether a user unique identifier corresponding to the temporary login credential exists in a preset user information table or not, and if so, acquiring a second token corresponding to the user unique identifier;
and the updating module is used for sending the user unique identifier and the second token to the user equipment so as to enable the user equipment to update the first token according to the user unique identifier and the second token.
8. The authentication device according to claim 7, further comprising:
the acquisition module is used for generating a session key corresponding to the unique user identifier if the unique user identifier does not exist in a preset user information table;
and the sending module is used for sending the user unique identifier and the session key to the user equipment so that the user equipment updates the first token according to the user unique identifier and the session key.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the authentication method according to any one of claims 1 to 5 when executing the program.
10. A computer readable storage medium having computer instructions stored thereon, wherein the instructions, when executed, implement the authentication method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111219165.4A CN113946811A (en) | 2021-10-20 | 2021-10-20 | Authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111219165.4A CN113946811A (en) | 2021-10-20 | 2021-10-20 | Authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113946811A true CN113946811A (en) | 2022-01-18 |
Family
ID=79331665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111219165.4A Pending CN113946811A (en) | 2021-10-20 | 2021-10-20 | Authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113946811A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114938352A (en) * | 2022-05-19 | 2022-08-23 | 中国银行股份有限公司 | Picture uploading method, server, client and system |
| CN115174618A (en) * | 2022-06-30 | 2022-10-11 | 重庆长安汽车股份有限公司 | Internet of vehicles module, internet of vehicles access method, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302346A (en) * | 2015-05-27 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The safety certifying method of API Calls, device, system |
| CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
| CN111431920A (en) * | 2020-03-31 | 2020-07-17 | 中国建设银行股份有限公司 | Security control method and system based on dynamic token |
| CN113271296A (en) * | 2021-04-28 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Login authority management method and device |
-
2021
- 2021-10-20 CN CN202111219165.4A patent/CN113946811A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302346A (en) * | 2015-05-27 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The safety certifying method of API Calls, device, system |
| CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
| CN111431920A (en) * | 2020-03-31 | 2020-07-17 | 中国建设银行股份有限公司 | Security control method and system based on dynamic token |
| CN113271296A (en) * | 2021-04-28 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Login authority management method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114938352A (en) * | 2022-05-19 | 2022-08-23 | 中国银行股份有限公司 | Picture uploading method, server, client and system |
| CN115174618A (en) * | 2022-06-30 | 2022-10-11 | 重庆长安汽车股份有限公司 | Internet of vehicles module, internet of vehicles access method, equipment and medium |
| CN115174618B (en) * | 2022-06-30 | 2023-05-26 | 重庆长安汽车股份有限公司 | Internet of vehicles module, internet of vehicles access method, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9344896B2 (en) | Method and system for delivering a command to a mobile device | |
| CN111030812A (en) | Token verification method, device, storage medium and server | |
| CN113946811A (en) | Authentication method and device | |
| CN107484152B (en) | Management method and device for terminal application | |
| CN110933109B (en) | Dynamic small program authentication method and device | |
| CN105656627A (en) | Identity verification method, device and system | |
| CN111404695B (en) | Token request verification method and device | |
| CN111431920A (en) | Security control method and system based on dynamic token | |
| EP3308564B1 (en) | Procédé de chargement d'une clé virtuelle et terminal utilisateur associé | |
| CN111931209B (en) | Contract information verification method and device based on zero knowledge proof | |
| CN110166453A (en) | A kind of interface authentication method, system and storage medium based on SE chip | |
| CN105577619B (en) | Client login method, client and system | |
| CN112329071A (en) | Privacy data processing method, system, device and equipment | |
| CN111199037A (en) | Login method, system and device | |
| CN110266641B (en) | Information reading method, system, device and computer readable storage medium | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN113987062A (en) | Data uplink storage method, system, device and storage medium | |
| CN116916310B (en) | Verification code generation and verification method and device and electronic equipment | |
| CN117375986A (en) | Application access method, device and server | |
| CN115567297A (en) | Cross-site request data processing method and device | |
| CN111695098A (en) | Multi-distributed cluster access method and device | |
| CN114285657B (en) | Firewall security policy change verification method and device | |
| CN115099930A (en) | Financial business data processing method and device | |
| CN111178893B (en) | Anti-theft safety authentication method and device | |
| CN114090996A (en) | Multi-party system mutual trust authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |