CN114158047B - Method and device for realizing one-key login service - Google Patents
Method and device for realizing one-key login service Download PDFInfo
- Publication number
- CN114158047B CN114158047B CN202111655695.3A CN202111655695A CN114158047B CN 114158047 B CN114158047 B CN 114158047B CN 202111655695 A CN202111655695 A CN 202111655695A CN 114158047 B CN114158047 B CN 114158047B
- Authority
- CN
- China
- Prior art keywords
- application client
- token
- key
- application
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000013475 authorization Methods 0.000 claims abstract description 31
- 238000012795 verification Methods 0.000 claims description 133
- 238000012545 processing Methods 0.000 claims description 33
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 230000003190 augmentative effect Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- WQZGKKKJIJFFOK-GASJEMHNSA-N Glucose Natural products OC[C@H]1OC(O)[C@H](O)[C@@H](O)[C@@H]1O WQZGKKKJIJFFOK-GASJEMHNSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 239000008280 blood Substances 0.000 description 1
- 210000004369 blood Anatomy 0.000 description 1
- 230000036772 blood pressure Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000008103 glucose Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the specification provides a method and a device for realizing one-key login service. In the method, a public-private key pair is generated; carrying the public key in the public-private key pair in a login request and sending the login request to an application server; receiving a pre-login interface issued by an application server; obtaining a token issued by an operator server; generating signature information by using a private key in the public-private key pair, and sending the token and the signature information to an application server; if the login authorization sent by the application server is received, the one-key login is successful. According to the embodiment of the specification, the safety of the one-key login service can be improved, and the disclosure of private data of a user can be avoided.
Description
Technical Field
One or more embodiments of the present disclosure relate to network information technology, and in particular, to a method and apparatus for implementing a push-to-talk service.
Background
With the rapid development of networks, various business applications are generated based on the networks. The user can enjoy the corresponding business application, such as watching a movie or purchasing goods, by only downloading an application client, i.e., an application program (APP), of the corresponding business application in the terminal device and registering and logging in through the application client.
In order to facilitate the use of users, a new method for logging in the APP, namely a one-key login method, is currently presented. In the one-key login method, an application client, usually a mobile phone, is embedded with an authentication SDK in advance, when a user requests to login, the user communicates with an operator server through the SDK so as to collect a mobile phone number of the user, after the user agrees to authorization, the application client obtains a token (token) called by an interface, the token is transmitted to the application server, and the application server obtains information such as a mobile phone number of the current authorized user by using the token, so that the login of the APP is completed.
Referring to fig. 1, in the one-key login service, the user only needs to click the related key of one-key login, and does not need to input a mobile phone number, a user name, a password, a short message verification code and the like, so that the user can complete the login and login process more conveniently and rapidly, the process which may need about 20 seconds originally is shortened to about 2 seconds, and great convenience is brought to the user.
However, the security of the current one-key login service is relatively low, which easily causes disclosure of private data of the user, so a safer implementation method of the one-key login service is needed.
Disclosure of Invention
One or more embodiments of the present disclosure describe a method and an apparatus for implementing a one-touch login service, which can improve the security of the one-touch login service.
According to a first aspect, a method for implementing a push-to-login service is provided, including:
Generating a public-private key pair; sending the public key in the public-private key pair to an application server; receiving a pre-login interface issued by an application server; obtaining a token issued by an operator server; generating signature information by using a private key in the public-private key pair, and sending the token and the signature information to an application server; if the login authorization sent by the application server is received, the one-key login is successful.
After the receiving the pre-login interface issued by the application server and before the obtaining the token issued by the operator server, the method further comprises:
And carrying the public key in the public-private key pair in the verification request and sending the verification request to the operator server.
Wherein the verification request includes at least one of the following:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
Wherein when the verification request includes a login verification request carrying an APP ID, an APP sign, a KEY ID, a timestamp, and the public KEY,
After sending the verification request to the operator server and before acquiring the token issued by the operator server, the method further comprises:
receiving a symmetric key encrypted by a public key sent by an operator server;
Decrypting the symmetric key by using the private key in the public-private key pair; and
Encrypting the mobile phone identity verification request by using the symmetric key, and then sending the encrypted mobile phone identity verification request to an operator server so as to enable the operator server to carry out identity verification on terminal equipment where an application client is located;
Correspondingly, the obtaining the token issued by the operator server includes:
and decrypting the encrypted token sent by the operator server by using the symmetric key to obtain the token.
The sending the public key of the public-private key pair to the application server includes: carrying the public key in the public-private key pair in a login request and sending the login request to an application server; and/or the number of the groups of groups,
The generating signature information by using the private key in the public-private key pair comprises: and signing the fingerprint information of the terminal equipment where the application client is located by utilizing the private key in the public-private key pair to obtain signature information.
According to a second aspect, there is provided a method for implementing a push-to-login service, including:
Receiving a public key in a public-private key pair sent by an application client;
Issuing a pre-login interface to an application client;
receiving token and signature information sent by an application client;
Verifying the validity of the signature information by using the obtained public key,
If the received token is legal, carrying the received token in a number acquisition request and sending the number acquisition request to an operator server;
Receiving a mobile phone number of a terminal device where an application client is located, which is sent by an operator server;
and carrying out login authorization on the application client according to the mobile phone number.
Wherein the signature information includes: fingerprint information of the terminal equipment where the application client signed by the private key is located.
The receiving the public key of the public-private key pair sent by the application client comprises: receiving a login request carrying the public key sent by an application client, and obtaining the public key from the login request;
And/or the number of the groups of groups,
When the validity of the signature information is verified by using the obtained public key, the method further comprises: if not, sending login failure notification to the application client, and ending the current flow.
The step of sending the received token carried in the number acquisition request to the operator server further comprises the steps of:
And carrying the signature information in the number acquisition request and sending the number acquisition request to an operator server.
According to a third aspect, there is provided a method for implementing a push-to-login service, including:
receiving a verification request sent by an application client, and acquiring a public key of a public-private key pair generated by the application client from the verification request;
issuing a token to the application client;
receiving a number acquisition request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key;
And verifying the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, acquiring the mobile phone number of the terminal equipment where the application client is located according to the token carried in the number acquisition request, and sending the mobile phone number to the application server, and if the mobile phone numbers are different, refusing to send the mobile phone number of the terminal equipment to the application server.
The verification request includes at least one of the following:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
Wherein when the verification request includes a login verification request carrying an APP ID, an APP sign, a KEY ID, a timestamp, and the public KEY,
After the obtaining of the public key in the public-private key pair generated by the application client and before the issuing of the token to the application client, the method further comprises:
Generating a symmetric key;
encrypting the symmetric key by using the public key and then sending the encrypted symmetric key to an application client;
Receiving a mobile phone identity verification request encrypted by using a symmetric key from an application client; and
Decrypting the mobile phone identity verification request by using the symmetric key, carrying out identity verification according to the mobile phone identity verification request, and executing the step of issuing a token to the application client after the identity verification is successful;
Accordingly, the issuing the token to the application client includes: encrypting the token by using the symmetric key, and issuing the encrypted token to the application client.
According to a fourth aspect, there is provided an implementation apparatus of a push-to-login service, including:
The public-private key generation module is configured to generate a public-private key pair;
The pre-login processing module is used for sending the public key in the public-private key pair to the application server; receiving a pre-login interface issued by an application server;
the token acquisition module is configured to acquire a token issued by the operator server;
the signature processing module is configured to generate signature information by utilizing a private key in the public-private key pair, and send the token and the signature information to the application server;
And the login execution module is configured to successfully log in by one key if login authorization sent by the application server is received.
According to a fifth aspect, there is provided an implementation apparatus of a push-to-login service, including:
The pre-login authorization module is configured to receive a public key in a public-private key pair sent by the application client and send a pre-login interface to the application client;
the network factor acquisition module is configured to receive a token and signature information sent by an application client;
the number acquisition module is configured to verify the validity of the signature information by using the acquired public key, and if the signature information is legal, the received token is carried in a number acquisition request and is sent to an operator server;
and the authorization execution module is configured to perform login authorization processing according to the mobile phone number when receiving the mobile phone number of the terminal equipment where the application client is located from the operator server.
According to a sixth aspect, there is provided an implementation apparatus of a push-to-login service, including:
the public key acquisition module is configured to receive a verification request sent by the application client and acquire a public key in a public-private key pair generated by the application client from the verification request;
the token issuing module is configured to issue a token to the application client;
The signature information acquisition module is configured to receive a number acquisition request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key;
the login authorization processing module is configured to verify the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, the mobile phone number of the terminal equipment where the application client is located is acquired according to the token carried in the number acquisition request and is sent to the application server, and if the mobile phone numbers are different, the mobile phone number of the terminal equipment is refused to be sent to the application server.
According to a seventh aspect, there is provided a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements a method as described in any of the embodiments of the present specification.
The implementation method and the device for the one-key login service avoid that the application server provides corresponding application service for the terminal equipment of an attacker, and improve safety.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present description, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an operation of a push-to-login service.
Fig. 2 is a schematic diagram of a system architecture to which an embodiment of the present specification applies.
Fig. 3 is a flow chart of a method of implementing a push-to-login service in an application client according to one embodiment of the present description.
Fig. 4 is a flowchart of a method for implementing a push-to-login service in an application server according to one embodiment of the present description.
Fig. 5 is a flow chart of a method of implementing a push to login service in an operator server according to one embodiment of the present description.
Fig. 6 is a flowchart of a method for implementing a one-touch login service in cooperation with an operator server, an application client, and an application server according to one embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of an apparatus for one-touch login service in one embodiment of the present specification.
Fig. 8 is a schematic structural diagram of an apparatus for one-touch login service according to another embodiment of the present disclosure.
Fig. 9 is a schematic structural diagram of an apparatus for one-touch login service according to still another embodiment of the present disclosure.
Detailed Description
The following describes the scheme provided in the present specification with reference to the drawings.
For ease of understanding the methods provided in this specification, a description of the system architecture to which this specification relates and applies is first provided. As shown in fig. 2, the system architecture mainly includes three network nodes: application clients, application servers and operator servers.
Wherein the application client is installed and running in a terminal device, which may include, but is not limited to, such as: intelligent mobile terminals, intelligent home devices, network devices, wearable devices, intelligent medical devices, PCs (personal computers), etc. The smart mobile terminal may include, for example, a mobile phone, a tablet computer, a notebook computer, a PDA (personal digital assistant), an internet car, etc. The smart home devices may include smart home devices such as smart televisions, smart air conditioners, smart water heaters, smart refrigerators, smart air cleaners, etc., and may also include smart door locks, smart sockets, smart lights, smart cameras, etc. The network devices may include, for example, switches, wireless APs, servers, etc. Wearable devices may include devices such as smart watches, smart glasses, smart bracelets, virtual reality devices, augmented reality devices, mixed reality devices (i.e., devices that can support virtual reality and augmented reality), and so forth. Smart medical devices may include devices such as smart thermometers, smart blood pressure meters, smart blood glucose meters, and the like.
The application client may be various types of applications including, but not limited to, applications such as payment type applications, multimedia play type applications, map type applications, text editing type applications, financial type applications, browser type applications, instant messaging type applications, and the like.
The operator server refers to a service end device of a provider providing network services, and may be a single server or a server group formed by a plurality of servers. The operator server is responsible for providing network services for various applications, such as security authentication, providing a one-touch login to a mobile phone number, etc.
An application server is a server of a specific application, and is specially used for providing corresponding application services for application clients, for example, for application clients such as payment treasures, and is a server for providing payment treasures services.
It should be understood that the number of application clients, application servers, operator servers in fig. 2 is merely illustrative. Any number may be selected and deployed as desired for implementation.
Referring to fig. 2, an application client, an application server, and an operator server interact through a network. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
Because the implementation method of the one-touch login service provided in the present specification relates to 3 network nodes shown in fig. 2, the following describes the processing of the operator server, the application client, and the application server in the one-touch login service respectively through different embodiments.
First, a process of the application client in the one-touch login service is explained.
Fig. 3 is a flow chart of a method of implementing a push-to-login service in an application client according to one embodiment of the present description. Referring to fig. 3, the method includes:
step 301: the application client generates a public-private key pair.
Step 303: the application client sends the public key of the public-private key pair to the application server.
Step 305: and the application client receives a pre-login interface issued by the application server and logs in.
Step 307: the application client acquires a token issued by the operator server.
Step 309: the application client generates signature information by using the private key in the public-private key pair, and sends the token and the signature information to the application server.
Step 311: and if the application client receives the login authorization sent by the application server, the one-key login is successful.
In existing one-touch login services, situations such as: an attacker steals a token issued to an application client by using own terminal equipment X, then the attacker sends the token to an application server by using the terminal equipment X to impersonate the terminal equipment Y where the application client is located, and because the utilized token is correct, the application server can take the mobile phone number of the terminal equipment Y where the application client is located from an operator server, thereby causing the application server to mistakenly think that the terminal equipment X from which the token is sent is the terminal equipment Y where the application client is located, namely think that the attacker is a legal user of the application client, thereby providing corresponding application services for the attacker, such as playing video data which the legal user has authority to watch or completing transfer, and the like, thereby bringing security problems to the use of the user and possibly causing the leakage of private data of the user.
As can be seen from the process shown in fig. 3, before sending the token to the application server, the application client sends the generated public key to the application server, and when the token needs to be sent, the application client sends the signature information signed by the private key to the application server together with the token, so that the application server obtains the signature information signed by the public key and the private key from the terminal device where the application client is located twice. If the obtained public key can verify the validity of the signature information, the application server can consider that the obtained public key and the private key used by the signature information form a public-private key pair generated by the same terminal device as the terminal device Y, that is, the terminal device which is currently used for carrying out one-key login service with the application server (namely the terminal device which sends the token to the application server) is the terminal device Y used by a legal user, the issued token is not stolen by an attacker, no attack action occurs, so that the application server can execute subsequent normal processing, and acquire the mobile phone number of the terminal device Y where the application client is located from the operator server, thereby enabling the application server to provide corresponding application service for the terminal device Y which is currently connected with the application server; in contrast, if the obtained public key cannot verify the validity of the signature information, the application server may consider that the public key obtained by itself and the private key used by the signature information are not the public-private key pair generated by the terminal device Y, that is, the terminal device currently performing the one-key login service with the application server (i.e., the terminal device sending the token to the application server) is not the terminal device Y used by the legal user, but is the terminal device X used by an attacker stealing the token, and an attack has occurred, so the application server will not send a number obtaining request to the operator server, and will not let the operator server provide the mobile phone number of the terminal device Y where the application client is located, so that the application server will not provide the corresponding application service for the terminal device X of the attacker currently connected with the application server. Therefore, the method of the embodiment of the specification avoids the application server providing the application service corresponding to the application client for the terminal equipment of the attacker, and improves the safety.
The processing procedure of the application client shown in fig. 3 will be described below with reference to specific embodiments, processing of the operator server, and processing of the application server.
First for step 301:
the application client generates a public-private key pair.
The application client is an application program (APP) installed in the terminal device. Here, the application client may generate a public-private key pair before sending a login request to the application server.
Next for step 303:
The application client sends the public key of the public-private key pair to the application server.
In this step 303, the application client may send the public key to the application server carried in a newly defined message.
In the one-key login industry, an application client sends a login request to an application server, so that the application server is triggered to perform login pre-authorization processing. To further simplify the implementation, in this step 303, the application client may also send the public key to the application server, carried in the existing login request.
A proprietary link may be provided between the application client and the application server, so that a login request carrying a public key may be sent over the proprietary link instead of the public network.
After step 303 is performed, the application server may then receive the public key sent by the application client. After receiving a login request sent by an application client, an application server performs login pre-authorization, including sending a pre-login interface to the application client through a proprietary link.
Next, for step 305:
and the application client receives the pre-login interface issued by the application server.
The pre-login processing between the application client and the application server is completed, and the application client enables the application server to acquire the public key of the public-private key pair generated by the application client through the pre-login processing process, so that the subsequent application server can verify the one-key login service.
Next, for step 307:
The application client acquires a token issued by the operator server.
The method for the application client to obtain the token issued by the operator server at least comprises the following two modes:
in the first mode, the operator server does not need to acquire the public key, so that the legitimacy of the one-key login service does not need to be further verified.
In this manner, the application client is enabled to obtain the token issued by the operator server through each process of steps 307A1 to 307A7 described below, which specifically includes:
Step 307A1: the application client sends a login verification request carrying an application identification (APP ID), an application signature (APP sign), a KEY identifier (KEY ID) and a time stamp to the operator server.
Here, the application client may send a login authentication request to the carrier service over the https link. Wherein the https link is an encrypted link through which the login authentication request is sent to further enhance security.
And then, the operator server authenticates the identity of the application client according to the received login verification request, generates a session key after successful authentication, and then transmits the session key to the application client through an https link.
Here, key is a symmetric key.
Step 307A3: the application client receives the symmetric key.
Step 307A5: the application client generates a mobile phone identity verification request carrying an APP ID, an IP address of the terminal equipment and a time stamp, encrypts the mobile phone identity verification request by using a symmetric key and sends the mobile phone identity verification request to the operator server.
Here, the IP address carried in the mobile phone identity verification request may include an IPv4 address and an IPv6 address.
After that, the operator server decrypts the mobile phone identity verification request by using the key, performs identity verification, encrypts the token by using the symmetric key after the identity verification is successful, and issues the encrypted token to the application client.
Step 307A7: the application client receives the encrypted token sent by the operator server and decrypts the token by using the symmetric key.
The second mode and the operator server also need to acquire the public key, so that the operator server further verifies the legitimacy of the one-key login service.
In this second mode, after step 305 (i.e. the application client receives the pre-login interface issued by the application server) and before step 307 (i.e. the application client obtains the token issued by the operator server), the method further includes: the application client carries the public key in the public-private key pair in the verification request and sends the verification request to the operator server, so that the operator server also obtains the public key and can also carry out subsequent verification work.
In the embodiment of the present specification, the verification request carrying the public key sent by the application client may include at least one of the following requests:
Check request 1: carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
Check request 2: a mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
Check request 3: a verification request carrying a new definition of the APP ID and the public key.
In this second mode, when the application client sends the public KEY to the operator server by checking the request 1, that is, the login verification request carrying the APP ID, APP sign, KEY ID, timestamp and the public KEY, in one embodiment of the present disclosure, the application client obtains the token issued by the operator server through each process of steps 307B1 to 307B7 as described below, which specifically includes:
step 307B1: the application client sends a login authentication request carrying an application identification (APP ID), an application signature (APP sign), a KEY identifier (KEY ID), a timestamp and a public KEY to the operator server.
Here, the application client may send a login authentication request to the carrier service over the https link. Wherein the https link is an encrypted link through which the login authentication request is sent to further enhance security.
Thereafter, the operator server obtains the public key from the login authentication request.
The operator server authenticates the identity of the application client according to the received login verification request, and a session key is generated after the authentication is successful, wherein the key is a symmetric key. The operator server encrypts the key by using the public key and issues the encrypted symmetric key to the application client.
Step 307B3: and the application client receives the encrypted symmetric key, decrypts the symmetric key by using the private key, and obtains the symmetric key.
Step 307B5: the application client generates a mobile phone identity verification request carrying an APP ID, an IP address of the terminal equipment, a time stamp and a public key, encrypts the mobile phone identity verification request by using a symmetric key and sends the mobile phone identity verification request to the operator server.
After that, the operator server decrypts the mobile phone identity verification request by using the key, performs identity verification, encrypts the token by using the symmetric key after the identity verification is successful, and issues the encrypted token to the application client.
Step 307B7: the application client receives the encrypted token sent by the operator server and decrypts the token by using the symmetric key.
Next for step 309: the application client generates signature information by using the private key in the public-private key pair, and sends the token and the signature information to the application server.
One implementation of generating signature information in this step 309 includes: the application client signs the device fingerprint information of the terminal device where the application client is located by using the private key in the public-private key pair to obtain signature information. Because the fingerprint information of each terminal device is different, signing the device fingerprint information can further improve security.
The terminal device of the application client displays a page of one-touch login of a mobile phone number in a mask form such as shown in fig. 1, and after the user of the application client confirms the use of the one-touch login function, the application client transmits a one-touch login confirmation request to the application server. Thus, in step 309, the application client may send the token and signature information to the application server with the one-touch login confirmation request.
After step 309 is performed, the following processing from step 30101 to step 301015 is performed by the application server in cooperation with the operator server:
Step 30101: the application server receives the token and signature information sent by the application client.
If the token is not stolen by an attacker, the terminal device that sends the token to the application server in step 30101 and the terminal device that sends the public key to the application server in step 303 are the same terminal device, e.g. denoted as terminal device Y, and the signature information received by the application server is the signature information associated with this terminal device Y.
In contrast, if the token is stolen by the attacker, the terminal device sending the token to the application server in step 30101 is not the same terminal device as the terminal device Y sending the public key to the application server in step 303, for example, the terminal device sending the token to the application server is denoted as terminal device X, and the application server cannot receive signature information related to the terminal device Y, for example, the signature information related to the terminal device X is received.
Step 30103: and the application server verifies the validity of the signature information by using the obtained public key, if the signature information is legal, the step 303105 is executed, if the signature information is illegal, a login failure notification is sent to the application client, and the current flow of the one-key login service is ended.
Step 30105: the application server carries the received token in a number acquisition request and sends the number acquisition request to the operator server.
Here, if the above-mentioned second mode is adopted, that is, the operator server needs to acquire the public key, so as to further verify the validity of the one-key login service, in step 30105, the application server further carries the received signature information in the number acquisition request to send to the operator server. The following steps 30107 through 301015 illustrate the processing of the carrier server by taking the carrier server also requiring verification of a one-touch login.
In this step, the application server may send the number acquisition request to the operator server through an https link.
Step 30107: the operator server receives a number acquisition request carrying token and signature information sent by an application server; the signature information is information signed by a private key in the public-private key pair.
Step 30109: the operator server verifies the validity of the signature information in the number acquisition request with the public key, if it is valid, step 301011 is performed, otherwise step 301013 is performed.
Step 301011: and the operator server acquires the mobile phone number of the terminal equipment where the application client is located according to the token carried in the number acquisition request and sends the mobile phone number to the application server.
Step 301013: the operator server refuses to send the mobile phone number of the terminal equipment to the application server, and the current flow of the one-key login service is ended.
Step 301015: and if the application server receives the mobile phone number of the terminal equipment where the application client is located, which is sent by the operator server, the application server performs login authorization processing according to the mobile phone number.
Next for step 311:
the application client side succeeds in one-key login if receiving the login authorization sent by the application server, and fails in one-key login if not receiving the login authorization sent by the application server.
Next, the processing of the application server in the one-touch registration service will be described.
Fig. 4 is a flowchart of a method for implementing a push-to-login service in an application client according to one embodiment of the present description. Referring to fig. 4, the method includes:
Step 401: the application server receives the public key in the public-private key pair sent by the application client.
The description of this step 401 can be found in all of the above-mentioned descriptions of step 303.
Step 403: the application server issues a pre-login interface to the application client.
After this step 403, the application client and the operator server cooperate to perform a series of processes, so that the application client obtains the token, and the process of obtaining the token by the application client may be referred to as all the relevant descriptions of the step 307.
Step 405: the application server receives the token and signature information sent by the application client.
The description of this step 405 may be found in the description of step 309 above.
Step 407: the application server verifies the validity of the signature information by using the obtained public key, if the signature information is legal, step 409 is executed, otherwise step 411 is executed.
Step 409: the application server sends the received token carried in the number acquisition request to the operator server.
Here, if the second mode is adopted, that is, the operator server needs to acquire the public key, so as to further verify the validity of the one-key login service, in step 409, the application server further carries the received signature information in the number acquisition request to send to the operator server.
In step 409, the application server may send the number acquisition request to the operator server via an https link.
After step 409, the operator server performs processing such as acquiring the mobile phone number of the terminal device where the application client is located according to the token carried in the number acquisition request, and transmitting the mobile phone number to the application server. When the second mode is adopted in the embodiment of the present disclosure, that is, the operator server also needs to verify the validity, the processing of the operator server may refer to the steps 30107 up to the relevant description of the step 301011 or the step 301013.
Step 411: the application server sends login failure notification to the application client, and the current flow is ended.
Step 413: and if the application server receives the mobile phone number of the terminal equipment where the application client is located, which is sent by the operator server, the application server carries out login authorization on the application client according to the mobile phone number.
Next, the processing of the carrier server in the one-touch registration service will be described.
Fig. 5 is a flow chart of a method of implementing a push to login service in an operator server according to one embodiment of the present description. Referring to fig. 5, the premise of the method is that the application client and the application server both adopt the processing corresponding to the second mode, that is, the operator server is required to perform validity verification, and the method includes:
step 501: and the operator server receives a verification request sent by the application client and acquires a public key in a public-private key pair generated by the application client from the verification request.
As previously described, the verification request received by the operator server includes at least one of the following:
Check request 1: carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
Check request 2: a mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
Check request 3: a verification request carrying a new definition of the APP ID and the public key.
Step 503: and the operator server issues a token to the application client.
As described above, when the verification request is verification request 1, that is, includes a login verification request carrying an APP ID, an APP sign, a KEY ID, a timestamp, and the public KEY, steps 501 and 503 further include:
the operator server generates a symmetric key;
The operator server encrypts the symmetric key by using the public key and then sends the encrypted symmetric key to the application client;
The operator server receives a mobile phone identity verification request encrypted by using a symmetric key from an application client; and
The operator server decrypts the mobile phone identity verification request by using the symmetric key, performs identity verification according to the mobile phone identity verification request, and executes the processing of the step 503 after the identity verification is successful;
Accordingly, the process of step 503 may include: and the operator server encrypts the token by using the symmetric key and transmits the encrypted token to the application client.
Step 505: the operator server receives a number acquisition request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key.
Step 507: the operator server verifies the validity of the signature information in the number acquisition request using the public key, and if it is valid, step 509 is performed, otherwise step 511 is performed.
Step 509: and the operator server acquires the mobile phone number of the terminal equipment where the application client is located according to the token carried in the number acquisition request and sends the mobile phone number to the application server.
Step 511: the operator server refuses to send the mobile phone number of the terminal equipment to the application server.
The implementation method of the one-key login service is described below in combination with the cooperation of the application client, the application server and the operator server. In this method, the second mode is based on the description that the application server and the operator server need to perform validity verification, and before the operator server issues the token, the application client will be described by taking the verification request 1 as an example, that is, the login verification request carries the public key, see fig. 6, including:
step 601: the application client sends a login request carrying a public key to an application server to which the application client belongs through a special link.
Step 603: after receiving the login request, the application server acquires the public key from the login request, and performs login pre-authorization, including sending a pre-login interface to the application client through a proprietary link.
Step 605: the application client sends a login verification request carrying an application identifier (APP ID), an application signature (APP sign), a KEY identifier (KEY ID), a timestamp and a public KEY to the operator server over an https link.
Step 607: the operator server authenticates the identity of the application client according to the received login verification request, generates a session key after the authentication is successful, encrypts the key by using a public key obtained from the login verification request, and then transmits the key to the application client through an https link.
Here, key is a symmetric key.
Step 609: the application client generates a mobile phone identity verification request carrying an APP ID, an IP address of the terminal equipment and a time stamp, encrypts the mobile phone identity verification request by using a symmetric key and sends the mobile phone identity verification request to the operator server through an http link.
Here, the IP address of the terminal device where the application client is located, which is carried in the mobile phone identity verification request, may include an IPv4 address and an IPv6 address.
Step 611: the operator server decrypts the mobile phone identity verification request by using the key, performs identity verification, encrypts the token by using the symmetric key after the identity verification is successful, and transmits the encrypted token to the application client.
Step 613: the application client decrypts the token by using the symmetric key, generates signature information by using the private key, and sends the token and the signature information to the application server through the private link.
Step 615: the application server verifies the validity of the signature information by using the obtained public key, if the signature information is legal, the APP ID, the received token and the signature information are carried in a number obtaining request and are sent to an operator server through an https link, otherwise, the one-key login is failed.
Step 617: the operator server verifies the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, the mobile phone number of the terminal equipment inquired from the gateway is sent to the application server through the https link, otherwise, the one-key login is failed.
For example, when the one-key login fails, the operator server returns a number failure message to the application server.
Step 619: and if the application server receives the mobile phone number of the terminal equipment where the application client is located, which is sent by the operator server, the application server carries out login success authorization processing to the application client according to the mobile phone number and through a special link.
In one embodiment of the present disclosure, there is provided an implementation apparatus of a one-touch login service, which is provided in an application client, referring to fig. 7, the apparatus provided in the application client includes:
a public-private key generation module 701 configured to generate a public-private key pair;
The pre-login processing module 702 sends the public key in the public-private key pair to the application server; receiving a pre-login interface issued by an application server;
a token acquisition module 703 configured to acquire a token issued by the operator server;
A signature processing module 704 configured to generate signature information using a private key in the public-private key pair, and send the token and the signature information to the application server;
The login execution module 705 is configured to succeed in one-touch login if a login authorization sent from the application server is received.
In an embodiment of the present disclosure, in the apparatus disposed at the application client shown in fig. 7, the method may further include:
And the verification request sending module is configured to send the public key in the public-private key pair carried in the verification request to the operator server.
In one embodiment of the present disclosure, in the apparatus provided at the application client shown in fig. 7, the verification request processed includes at least one of the following requests:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
In one embodiment of the present disclosure, in the device shown in fig. 7 and disposed on the application client, the verification request sending module is configured to send the public key in the public-private key pair to the operator server in the login verification request;
Accordingly, the token acquisition module 703 is further configured to perform:
receiving a symmetric key encrypted by a public key sent by an operator server;
Decrypting the symmetric key by using the private key in the public-private key pair; and
Encrypting the mobile phone identity verification request by using the symmetric key, and then sending the encrypted mobile phone identity verification request to an operator server so as to enable the operator server to carry out identity verification on terminal equipment where an application client is located;
and decrypting the encrypted token sent by the operator server by using the symmetric key to obtain the token.
In one embodiment of the present disclosure, in the device shown in fig. 7 and disposed on the application client, the pre-login processing module 702 is configured to send the public key in the public-private key pair to the application server in a login request.
In one embodiment of the present disclosure, in the apparatus shown in fig. 7 and disposed at the application client, the signature processing module 704 is configured to sign fingerprint information of the terminal device where the application client is located by using a private key in a public-private key pair, to obtain signature information.
In one embodiment of the present disclosure, there is provided an implementation apparatus of a one-touch login service, which is provided in an application server, referring to fig. 8, the apparatus provided in the application server includes:
A pre-login authorization module 801 configured to receive a public key in a public-private key pair sent from an application client, and send a pre-login interface to the application client;
a network factor obtaining module 802 configured to receive a token and signature information sent from an application client;
a number obtaining module 803 configured to verify the validity of the signature information by using the obtained public key, and if the signature information is legal, send the received token carried in a number obtaining request to an operator server;
and the authorization execution module 804 is configured to perform login authorization processing according to the mobile phone number when receiving the mobile phone number of the terminal device where the application client is located from the operator server.
In one embodiment of the present disclosure, in the apparatus provided in the application server shown in fig. 8, as described above, the signature information includes: fingerprint information of the terminal equipment where the application client signed by the private key is located.
In one embodiment of the present disclosure, in the device set in the application server shown in fig. 8, the pre-login authorization module 801 is configured to receive a login request carrying the public key sent by the application client, and obtain the public key from the login request.
In one embodiment of the present disclosure, in the device set in the application server shown in fig. 8, the number obtaining module 803 is configured to send a login failure notification to the application client when the obtained public key is not legal for verifying the signature information.
In one embodiment of the present disclosure, in the apparatus disposed at the application server shown in fig. 8, the number acquisition module 803 is further configured to send the signature information to the operator server with the number acquisition request.
In one embodiment of the present disclosure, there is provided an implementation apparatus of a one-touch login service, which is provided in an operator server, referring to fig. 9, the apparatus provided in the operator server includes:
The public key obtaining module 901 is configured to receive a verification request sent by an application client, and obtain a public key in a public-private key pair generated by the application client from the verification request;
A token issuing module 902 configured to issue a token to the application client;
The signature information obtaining module 903 is configured to receive a number obtaining request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key;
The login authorization processing module 904 is configured to verify the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, acquire the mobile phone number of the terminal device where the application client is located according to the token carried in the number acquisition request, and send the mobile phone number to the application server, and if the mobile phone numbers are different, reject to send the mobile phone number of the terminal device to the application server.
In one embodiment of the present disclosure, in the apparatus disposed on the operator server shown in fig. 9, the verification request includes at least one of the following requests:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
In one embodiment of the present disclosure, in the apparatus disposed on the operator server shown in fig. 9, when the verification request includes a login verification request carrying an APP ID, an APP sign, a KEY ID, a timestamp, and the public KEY, the apparatus further includes:
a symmetric key processing module configured to generate a symmetric key; encrypting the symmetric key by using the public key and then sending the encrypted symmetric key to an application client;
The mobile phone identity verification module is configured to receive a mobile phone identity verification request encrypted by using a symmetric key sent by an application client; and decrypting the mobile phone identity verification request by using the symmetric key, performing identity verification according to the mobile phone identity verification request, and triggering a token issuing module 902 after the identity verification is successful;
the token issuing module 902 is configured to perform: encrypting the token by using the symmetric key, and issuing the encrypted token to the application client.
An embodiment of the present specification provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the specification.
An embodiment of the present specification provides a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, performs a method of any of the embodiments of the present specification.
It should be understood that the structures illustrated in the embodiments of the present specification do not constitute a particular limitation on the apparatus of the embodiments of the present specification. In other embodiments of the specification, the apparatus may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction and execution process between the modules in the device and the system is based on the same concept as the method embodiment of the present specification, and specific content can be referred to the description in the method embodiment of the present specification, which is not repeated herein.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, a pendant, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.
Claims (16)
1. The implementation method of the one-key login service comprises the following steps:
the application client generates a public and private key pair before acquiring a token;
The application client sends the public key in the public-private key pair to the application server;
the application client receives a pre-login interface issued by an application server;
the application client acquires a token issued by an operator server;
The application client generates signature information by using a private key in the public-private key pair, and sends the token and the signature information to the application server, so that the application server acquires the public key from the application client before receiving the token and acquires the signature information signed by the private key from the application client when receiving the token;
If the login authorization sent by the application server is received, the one-key login is successful.
2. The method of claim 1, after the application client receives the pre-login interface issued by the application server and before the application client obtains the token issued by the carrier server, further comprising:
and the application client carries the public key in the public-private key pair in a verification request and sends the verification request to the operator server.
3. The method of claim 2, wherein the verification request comprises at least one of:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
4. The method of claim 3, wherein,
When the verification request includes a login verification request carrying an APP ID, APP sign, KEY ID, timestamp and the public KEY,
After sending the verification request to the operator server and before acquiring the token issued by the operator server, the method further comprises:
The application client receives a symmetric key encrypted by a public key from an operator server;
The application client decrypts the symmetric key by using the private key in the public-private key pair; and
The application client encrypts the mobile phone identity verification request by using the symmetric key, and then sends the encrypted mobile phone identity verification request to the operator server so that the operator server performs identity verification on the terminal equipment where the application client is located;
Correspondingly, the application client acquires a token issued by the operator server, including:
The application client decrypts the encrypted token sent by the operator server by using the symmetric key to obtain the token.
5. The method of claim 1, wherein,
The application client sends the public key in the public-private key pair to an application server, and the method comprises the following steps: the application client carries the public key in the public-private key pair in a login request and sends the login request to the application server;
And/or the number of the groups of groups,
The generating signature information by the application client using the private key in the public-private key pair comprises: the application client signs fingerprint information of the terminal equipment where the application client is located by using a private key in the public-private key pair to obtain signature information.
6. The implementation method of the one-key login service comprises the following steps:
The application server receives a public key in a public-private key pair sent by an application client before receiving a token sent by the application client;
The application server transmits a pre-login interface to the application client;
The application server receives the token and signature information sent by the application client, so that the application server obtains a public key from the application client before receiving the token and obtains signature information signed by a private key from the application client when receiving the token;
the application server verifies the validity of the signature information acquired at the time of receipt of the token using the public key acquired before receipt of the token,
If the received token is legal, the application server carries the received token in a number acquisition request and sends the number acquisition request to an operator server;
the application server receives a mobile phone number of a terminal device where an application client is located, which is sent by an operator server;
and the application server carries out login authorization on the application client according to the mobile phone number.
7. The method of claim 6, wherein the signature information comprises: fingerprint information of the terminal equipment where the application client signed by the private key is located.
8. The method according to claim 6, wherein the method comprises,
The application server receives a public key in a public-private key pair sent by an application client, and the method comprises the following steps: the application server receives a login request carrying the public key sent by an application client, and obtains the public key from the login request;
And/or the number of the groups of groups,
When the application server verifies the validity of the signature information by using the obtained public key, the method further comprises: if not, the application server sends login failure notification to the application client, and the current flow is ended.
9. The method of claim 6, the application server sending the received token bearer in a number acquisition request to an operator server, further comprising:
and the application server carries the signature information in the number acquisition request and sends the number acquisition request to an operator server.
10. The implementation method of the one-key login service comprises the following steps:
the operator server receives a verification request sent by an application client, and acquires a public key in a public-private key pair generated by the application client from the verification request;
The operator server issues a token to the application client;
The operator server receives a number acquisition request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key;
And the operator server verifies the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, the operator server acquires the mobile phone number of the terminal equipment where the application client is located according to the token carried in the number acquisition request and sends the mobile phone number to the application server, and if the signature information is illegal, the operator server refuses to send the mobile phone number of the terminal equipment to the application server.
11. The method of claim 10, wherein the verification request comprises at least one of:
Carrying an APP ID, an APP sign, a KEY ID, a time stamp and a login verification request of the public KEY;
A mobile phone identity verification request carrying an APP ID, the public key and a time stamp;
A verification request carrying a new definition of the APP ID and the public key.
12. The method of claim 11, wherein,
When the verification request includes a login verification request carrying an APP ID, APP sign, KEY ID, timestamp and the public KEY,
After the operator server obtains the public key of the public-private key pair generated by the application client and before the operator server issues the token to the application client, the method further comprises:
the operator server generates a symmetric key;
The operator server encrypts the symmetric key by using the public key and then sends the encrypted symmetric key to the application client;
The operator server receives a mobile phone identity verification request encrypted by using a symmetric key from an application client; and
The operator server decrypts the mobile phone identity verification request by using the symmetric key, performs identity verification according to the mobile phone identity verification request, and executes the step of issuing a token to the application client after the identity verification is successful;
Accordingly, the operator server issues a token to the application client, including: and the operator server encrypts the token by using the symmetric key and transmits the encrypted token to the application client.
13. The implementation device of the one-key login service is applied to an application client and comprises:
The public-private key generation module is configured to generate a public-private key pair before the application client acquires the token;
The pre-login processing module is used for sending the public key in the public-private key pair to the application server; receiving a pre-login interface issued by an application server;
the token acquisition module is configured to acquire a token issued by the operator server;
the signature processing module is configured to generate signature information by utilizing a private key in the public-private key pair, and send the token and the signature information to the application server, so that the application server acquires the public key from the application client before receiving the token and acquires the signature information signed by the private key from the application client when receiving the token;
And the login execution module is configured to successfully log in by one key if login authorization sent by the application server is received.
14. The implementation device of the one-key login service is applied to an application server and comprises:
The pre-login authorization module is configured to receive a public key in a public-private key pair sent by the application client before the application server receives a token sent by the application client, and send a pre-login interface to the application client;
the network factor acquisition module is configured to receive the token and signature information sent by the application client, so that the application server acquires a public key from the application client before receiving the token and acquires signature information signed by a private key from the application client when receiving the token;
A number acquisition module configured to verify the validity of the signature information acquired when the token is received by using the public key acquired before the token is received, and if the signature information is legal, carrying the received token in a number acquisition request and sending the number acquisition request to an operator server;
and the authorization execution module is configured to perform login authorization processing according to the mobile phone number when receiving the mobile phone number of the terminal equipment where the application client is located from the operator server.
15. The implementation device of the one-key login service is applied to an operator server and comprises:
the public key acquisition module is configured to receive a verification request sent by the application client and acquire a public key in a public-private key pair generated by the application client from the verification request;
the token issuing module is configured to issue a token to the application client;
The signature information acquisition module is configured to receive a number acquisition request carrying token and signature information sent by an application server; the signature information is the information signed by the private key in the public-private key pair; the number acquisition request is sent to an operator server after the application server verifies that the signature information is legal by using the acquired public key;
the login authorization processing module is configured to verify the validity of the signature information in the number acquisition request by using the public key, if the signature information is legal, the mobile phone number of the terminal equipment where the application client is located is acquired according to the token carried in the number acquisition request and is sent to the application server, and if the signature information is not legal, the mobile phone number of the terminal equipment is refused to be sent to the application server.
16. A computing device comprising a memory having executable code stored therein and a processor, which when executing the executable code, implements the method of any of claims 1-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111655695.3A CN114158047B (en) | 2021-12-30 | 2021-12-30 | Method and device for realizing one-key login service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111655695.3A CN114158047B (en) | 2021-12-30 | 2021-12-30 | Method and device for realizing one-key login service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114158047A CN114158047A (en) | 2022-03-08 |
| CN114158047B true CN114158047B (en) | 2024-06-11 |
Family
ID=80449533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111655695.3A Active CN114158047B (en) | 2021-12-30 | 2021-12-30 | Method and device for realizing one-key login service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114158047B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104902028A (en) * | 2015-06-19 | 2015-09-09 | 赛肯(北京)科技有限公司 | Onekey registration authentication method, device and system |
| JP2017139026A (en) * | 2017-05-10 | 2017-08-10 | インターデイジタル パテント ホールディングス インコーポレイテッド | Method and apparatus for reliable authentication and logon |
| CN107809317A (en) * | 2017-11-09 | 2018-03-16 | 郑州云海信息技术有限公司 | A kind of identity identifying method and system based on token digital signature |
| CN108667791A (en) * | 2017-12-18 | 2018-10-16 | 中国石油天然气股份有限公司 | Identity authentication method |
| CN109688147A (en) * | 2018-12-29 | 2019-04-26 | 北京达佳互联信息技术有限公司 | Using login method, device, terminal, server, system and storage medium |
| CN111212095A (en) * | 2020-04-20 | 2020-05-29 | 国网电子商务有限公司 | Authentication method, server, client and system for identity information |
| CN112738046A (en) * | 2020-12-24 | 2021-04-30 | 中国银联股份有限公司 | One-key login method, terminal and system server |
| CN113765906A (en) * | 2021-08-30 | 2021-12-07 | 北京深思数盾科技股份有限公司 | Method, equipment and system for one-key login of terminal application program |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471833B (en) * | 2015-05-14 | 2019-04-16 | 瑞数信息技术(上海)有限公司 | A kind of safe communication method and device |
| US10637658B2 (en) * | 2017-01-25 | 2020-04-28 | Salesforce.Com, Inc. | Secure internal user authentication leveraging public key cryptography and key splitting |
| US10505916B2 (en) * | 2017-10-19 | 2019-12-10 | T-Mobile Usa, Inc. | Authentication token with client key |
-
2021
- 2021-12-30 CN CN202111655695.3A patent/CN114158047B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104902028A (en) * | 2015-06-19 | 2015-09-09 | 赛肯(北京)科技有限公司 | Onekey registration authentication method, device and system |
| JP2017139026A (en) * | 2017-05-10 | 2017-08-10 | インターデイジタル パテント ホールディングス インコーポレイテッド | Method and apparatus for reliable authentication and logon |
| CN107809317A (en) * | 2017-11-09 | 2018-03-16 | 郑州云海信息技术有限公司 | A kind of identity identifying method and system based on token digital signature |
| CN108667791A (en) * | 2017-12-18 | 2018-10-16 | 中国石油天然气股份有限公司 | Identity authentication method |
| CN109688147A (en) * | 2018-12-29 | 2019-04-26 | 北京达佳互联信息技术有限公司 | Using login method, device, terminal, server, system and storage medium |
| CN111212095A (en) * | 2020-04-20 | 2020-05-29 | 国网电子商务有限公司 | Authentication method, server, client and system for identity information |
| CN112738046A (en) * | 2020-12-24 | 2021-04-30 | 中国银联股份有限公司 | One-key login method, terminal and system server |
| CN113765906A (en) * | 2021-08-30 | 2021-12-07 | 北京深思数盾科技股份有限公司 | Method, equipment and system for one-key login of terminal application program |
Non-Patent Citations (2)
| Title |
|---|
| 一种通用的一键登录方法设计;李茹;张骏;智永锋;;微型电脑应用;20130820(第08期);全文 * |
| 基于令牌的单点登录协议及其形式化分析;申婷;李晖;于明喆;;西安电子科技大学学报;20061025(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114158047A (en) | 2022-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| FI115098B (en) | Authentication in data communication | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN101414909B (en) | Network application user authentication system, method and mobile communication terminal | |
| CN112039918B (en) | Internet of things credible authentication method based on identification cryptographic algorithm | |
| CN113993127B (en) | Method and device for realizing one-key login service | |
| CN110930147B (en) | Offline payment method and device, electronic equipment and computer-readable storage medium | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN103906052B (en) | A kind of mobile terminal authentication method, Operational Visit method and apparatus | |
| CN111783068A (en) | Device authentication method, system, electronic device and storage medium | |
| CN103685139A (en) | Authentication and authorization processing method and device | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| US20200196143A1 (en) | Public key-based service authentication method and system | |
| CN101662458A (en) | Authentication method | |
| CN103765843A (en) | Method and apparatus for authenticating users of a hybrid terminal | |
| CN111404695B (en) | Token request verification method and device | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN109583154A (en) | A kind of system and method based on Web middleware access intelligent code key | |
| WO2024139616A1 (en) | Signature authentication method and apparatus | |
| CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
| CN114158047B (en) | Method and device for realizing one-key login service | |
| CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN116582338A (en) | Face authentication method and device | |
| CN117411647A (en) | Satellite communication authentication method and system and satellite communication encryption method | |
| CN114090996A (en) | Multi-party system mutual trust authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |