WO2014183526A1

WO2014183526A1 - Identity recognition method, device and system

Info

Publication number: WO2014183526A1
Application number: PCT/CN2014/075513
Authority: WO
Inventors: 夏潘斌
Original assignee: 华为技术有限公司
Priority date: 2013-05-13
Filing date: 2014-04-16
Publication date: 2014-11-20
Also published as: CN103249045A; CN103249045B

Abstract

An identity recognition method, device and system, which can solve the problem that a user name and a password are required to be remembered when a user logs in an application on a terminal device and improve the security for the user to log in the application on the terminal device at the same time. The method comprises: terminal middleware acquiring terminal identification information about a terminal device, wherein the terminal identification information at least contains first terminal identification information; and opening the first terminal identification information to an application client, so as to enable the application client to acquire and store the terminal identification information and perform a login authentication according to the first terminal identification information after receiving an access request message. The present invention is applicable to the field of communications.

Description

Method, device and system for identification

The present invention relates to the field of communications, and in particular, to a method, device and system for identity recognition. Background technique

With the popularity of mobile smart terminals (smart phones, pads), more and more Web App (network applications) or Native App (local applications) are installed on the terminal devices.

At present, basically all applications that require user login authentication are user name + password, such as WeChat, Renren, Taobao, etc., but each application has a corresponding username and password, resulting in a variety of memory users need to remember. The username and password, and because the password may be deciphered, stolen or compromised, security is not guaranteed.

In the prior art, there are two solutions to solve the above problems:

First, OpenID (Open Identity) business: OpenID is a user-centric open, decentralized digital identity framework. The framework is based on the OpenID service website. The OpenID service website stores a certain The same password corresponding to multiple applications in the terminal device. When the user logs in to a website that supports OpenID, he only needs to input the OpenID username and password registered on the OpenID service website, and then the pre-login website will jump to the OpenID service website. After the password is verified by the OpenID service website, it directly returns to the pre-registered website and the login is successful.

Second, an OAuth-based method, the OAuth allows a user to have a third-party application access information stored by the user on a website without providing a username and password to a third-party application. Before a third-party application accesses information stored on a website, it must first obtain authorization from the website, obtain an access license, and then exchange the access license for the access pass, and finally access the resource card of the website to present the access pass. The information stored on the website. In the above technical scenario, the user only needs to input the username and password of the resource server on the terminal device to achieve the purpose of logging in to the third-party application.

Although the above two methods can reduce the number of user names and passwords memorized by the user, the user still needs to memorize some user names and passwords, and in the first method, related applications and websites must It must be developed in accordance with the OpenlD standard. In the second method, related websites and applications follow the standard specification of OAuth2.0, which makes the application of these two methods have certain limitations, and OAuth is a license agreement and not authentication. Therefore, there are some problems in terms of security. . Summary of the invention

The embodiments of the present invention provide a method, an apparatus, and a system for identifying an identity, which are required to memorize a user name and a password when the user logs in to the application on the terminal device, and improve the security of the application on the user to log in to the terminal device.

In order to achieve the above object, embodiments of the present invention use the following technical solutions:

In a first aspect, a method for identifying an identity is provided, the method comprising:

The terminal middleware acquires the terminal identification information of the terminal device, where the terminal identification information at least includes the first terminal identification information;

Opening the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and after receiving the access request message, logs in according to the first terminal identification information. Certification.

According to the first aspect, after the terminal middleware acquires the terminal identification information of the terminal device, and after the first terminal identification information is opened to the application client, the method is Also includes:

And receiving the first request message sent by the application client, where the first request message requests to acquire the first terminal identifier information.

In a second possible implementation, the first request message carries the first application name of the application client, according to the first possible implementation manner;

After the receiving the first request message sent by the application client, the method further includes:

Determining whether the application is legal according to the first application name;

If the application is legal, the step of opening the first terminal identification information to the application client is performed.

In a third possible implementation, the first request message carries the first application name of the application client, according to the first possible implementation manner; After the receiving the first request message sent by the application client, the method further includes:

If the application is legal, determining, according to the first application name, whether the application first invokes the first terminal identification information;

If the application first invokes the first terminal identifier information, requesting the user right to open the first terminal identifier information to the application client;

Receiving, by the user, an authorization to open the first terminal identification information to the application client;

Saving a correspondence between the first application name and the first terminal identifier information;

The step of opening the first terminal identification information to the application client is performed.

In a fourth possible implementation, the requesting, by the requesting user, the opening of the first terminal identifier information to the application client includes:

Sending an authentication short message, requesting the user to authorize by inputting the content of the authentication short message; or

Provide an authorization interface and request the user to authorize on the authorization interface.

In a fifth possible implementation manner, according to the third or fourth possible implementation manner, the method further includes:

And receiving, by the application client, a second request message for requesting authentication, where the second request message carries a first application name of the application client and first terminal identification information stored by the application client;

Checking whether a correspondence between the first application name and the first terminal identification information stored by the application client is stored;

If the storage is sent, the indication message that the authentication succeeds is sent to the application client, so that the application client opens the application of the application client according to the first terminal identifier information stored by the application client.

In a sixth possible implementation, according to the fifth possible implementation, before the sending, sending the indication message that the authentication succeeds to the application client, the method further includes: Sending a pre-stored indication information of whether a login password is required to log in to the application client to the application client;

And the storing, sending the indication message that the authentication is successful to the application client, so that the application client opens the application of the application client according to the first terminal identifier information stored by the application client, specifically:

If the storage is sent, the indication message that the authentication succeeds is sent to the application client, so that the application client opens the application according to the first terminal identification information stored by the application client and the indication information of whether the login password is required. Client application.

In a seventh possible implementation manner, according to the third possible implementation manner to the sixth possible implementation manner, the receiving, by the receiving user, opening the first terminal identifier information to the application client After the response, the method further includes:

And generating, according to the first application name and the first terminal identifier information, the encrypted first terminal identifier information corresponding to the first application name by using an advanced encryption standard AES;

The corresponding relationship between the saving the first application name and the first terminal identification information includes:

Saving the correspondence between the encrypted first terminal identifier information and the first application name; the opening the first terminal identifier information to the application client specifically includes: the encrypted first terminal identifier The information is opened to the application client, so that the application client obtains and stores the encrypted first terminal identifier information, so that the first terminal identifier information stored by the application client is specifically an encrypted first terminal. Identification information.

In an eighth possible implementation manner, according to the second possible implementation manner to the seventh possible implementation manner, determining, according to the first application name, whether the application is legal or not specifically includes: reading a local database Information

Determining whether the first application name is included in the local database information;

If the local database information includes the first application name, determining that the application is legal; if the first application name is not included in the local database information, requesting the capability open platform/app store to obtain the first Application name

If the first application name sent by the capability open platform/app store is received, determining that the application is legal; Storing the first application name;

If the first application name sent by the capability open platform/app store is not received, it is determined that the application is illegal.

In a ninth possible implementation, the terminal identifier information specifically includes:

User identification module in the terminal device, the international mobile subscriber identity of the SIM card IMSI;

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

In a second aspect, a method for identifying an identity is provided, the method comprising:

The application client receives an access request message, and the access request message requests to open an application of the application client;

Performing login authentication according to the stored first terminal identification information to open the application of the application client.

In a first possible implementation manner, after the application client receives the access request message, the method further includes:

Determining whether to store the first terminal identification information of the terminal device;

If the first terminal identifier information of the terminal device is not stored, the first request message is sent to the terminal middleware, and the first request message requests to acquire the first terminal identifier information;

Obtaining the first terminal identification information that is open by the terminal middleware;

And storing the first terminal identification information.

In a second possible implementation manner, the first request message carries a first application name of the application client, so that the terminal middleware is configured according to the first application name, according to the first possible implementation manner. And determining whether the application is legal, and the first terminal identification information is opened to the application client when the application is legal.

In a third possible implementation manner, the first request message carries the first application name of the application client, so that the terminal middleware is configured according to the first application name, according to the first possible implementation manner. Determining whether the application is legal, and when the application is legal, according to the first application Determining whether the application first invokes the first terminal identification information, and after determining that the application is the first time to invoke the first terminal identification information, requesting the user to authorize opening the first terminal identification information to the application client, After receiving the authorization response that the user returns to the application client to open the first terminal identifier information, the first terminal identifier information is opened to the application client.

In a fourth possible implementation, according to the second aspect to the third possible implementation, the application for performing the login authentication according to the stored first terminal identifier information to open the application client includes:

Sending a second request message requesting authentication to the terminal middleware, where the second request message carries a first application name of the application client and the stored first terminal identification information, so that the terminal middleware is opposite The first application name and the stored first terminal identification information are authenticated; if the indication message of successful authentication sent by the terminal middleware is received, the application of the application client is opened.

In a fifth possible implementation manner, according to the fourth possible implementation manner, the method further includes:

Receiving, by the terminal middleware, an indication information of whether a login password is required when logging in to the application, and storing the indication information;

If the receiving the indication message of the authentication success sent by the terminal middleware, the application for opening the application client includes:

And receiving an indication message that the authentication succeeded by the terminal middleware, and determining whether a login password is required according to whether the indication information of the login password is required;

If the login password is not required, the application of the application client is opened according to the stored first terminal identifier information;

If the login password is required, the application of the application client is opened according to the stored first terminal identification information and the input login password.

In a sixth possible implementation manner, the obtaining, by the third possible implementation manner to the fifth possible implementation manner, the acquiring the first terminal identifier information that is open by the terminal middleware, specifically: acquiring the terminal middleware Encrypted first terminal identification information, wherein the encrypted first terminal identification information is generated by the terminal middleware according to the first application name and the first terminal identification information, using an advanced encryption standard AES ; The storing the first terminal identifier information specifically includes:

And storing the encrypted first terminal identifier information, so that the stored first terminal identifier information is specifically the encrypted first terminal identifier information.

In a seventh possible implementation manner, according to the second to sixth possible implementation manners, the terminal identifier information specifically includes:

The international mobile subscriber identity of the SIM card in the terminal device IMSI;

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

In a third aspect, a terminal middleware is provided, where the terminal middleware includes an acquiring unit and an opening unit;

The acquiring unit is configured to acquire terminal identification information of the terminal device, where the terminal identification information includes at least first terminal identification information;

The opening unit is configured to open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and after receiving the access request message, according to the The first terminal identification information is used for login authentication.

In a first possible implementation manner, according to the third aspect, the terminal middleware further includes a receiving unit;

The receiving unit is configured to: after the acquiring unit acquires the terminal identifier information of the terminal device, the open unit receives the first terminal identifier information to the application client, and receives the application client And sending the first request message, where the first request message requests to acquire the first terminal identifier information.

In a second possible implementation manner, the terminal middleware further includes a determining unit and an executing unit, according to the first possible implementation manner;

The first request message carries a first application name of the application client;

The determining unit is configured to determine, according to the first application name, whether the application is legal after the receiving unit receives the first request message sent by the application client; The executing unit is further configured to: when the application is legal, perform the step of opening the first terminal identification information to an application client.

In a third possible implementation manner, the terminal middleware further includes a determining unit, a requesting unit, a storage unit, and an executing unit, according to the first possible implementation manner;

The determining unit is configured to determine, according to the first application name, whether the application is legal after the receiving unit receives the first request message sent by the application client;

The determining unit is further configured to: determine, according to the first application name, whether the application first invokes the first terminal identification information according to the first application name;

The requesting unit is configured to: if the application first invokes the first terminal identification information, request the user to authorize opening the first terminal identification information to the application client;

The receiving unit is further configured to receive a response to the user that opens the first terminal identification information to the application client.

The storage unit is configured to save a correspondence between the first application name and the first terminal identification information;

The executing unit is configured to perform the step of opening the first terminal identification information to an application client.

In a fourth possible implementation, according to the third possible implementation, the requesting unit, requesting the user to authorize the opening of the first terminal identification information to the application client, specifically includes: sending an authentication short message, requesting the user to pass Entering the content of the authentication short message for authorization; or

In a fifth possible implementation manner, the terminal middleware further includes an checking unit and a sending unit, according to the third possible implementation manner or the fourth possible implementation manner;

The receiving unit is further configured to receive a second request message that is sent by the application client to request authentication, where the second request message carries a first application name of the application client and a first terminal that is stored by the application client. Identification information;

The checking unit is configured to check whether a correspondence between the first application name and the first terminal identification information stored by the application client is stored; The sending unit is further configured to: if stored, send an indication message that the authentication succeeds to the application client, so that the application client opens the application client according to the first terminal identifier information stored by the application client. application.

In a sixth possible implementation manner, according to the fifth possible implementation manner,

The sending unit is further configured to send, before the sending, sending the indication message that the authentication succeeds to the application client, the pre-stored indication information of whether the login password is required to log in to the application client;

If the storage unit sends the indication message that the authentication succeeds to the application client, the application client opens the application of the application client according to the first terminal identifier information stored by the application client, and specifically includes:

In a seventh possible implementation manner, the terminal middleware further includes a generating unit, according to the third possible implementation manner to the sixth possible implementation manner;

The generating unit, configured to: after receiving, by the receiving unit, an authorization response that is opened by the user to open the first terminal identifier information to the application client, according to the first application name and the first terminal identifier information, Generating the encrypted first terminal identification information corresponding to the first application name by using the advanced encryption standard AES;

The storing, by the storage unit, the corresponding relationship between the first application name and the first terminal identification information includes:

And the corresponding relationship between the encrypted first terminal identifier information and the first application name is saved; the opening, by the open unit, the opening the first terminal identifier information to the application client, specifically includes:

Opening the encrypted first terminal identifier information to the application client, so that the application client obtains and stores the encrypted first terminal identifier information, so that the first terminal stored by the application client is used. The identification information is specifically the encrypted first terminal identification information. In an eighth possible implementation manner, according to the second possible implementation manner to the seventh possible implementation manner, the determining, by the determining unit, whether the application is legal according to the first application name, specifically includes:

Read local database information;

If the first application name sent by the capability open platform/app store is received, determining that the application is legal;

Storing the first application name;

In a ninth possible implementation manner, according to the third aspect to the eighth possible implementation, the terminal identifier information specifically includes:

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

The fourth aspect provides an application client, where the application client includes a receiving unit and a login authentication unit.

The receiving unit is configured to receive an access request message, where the access request message requests to open an application of the application client;

The login authentication unit is configured to perform login authentication according to the stored first terminal identifier information to open an application of the application client.

In a first possible implementation manner, according to the fourth aspect, the application client further includes a determining unit, a sending unit, an obtaining unit, and a first storage unit; The determining unit is configured to determine, after the receiving unit receives the access request message, whether to store the first terminal identification information of the terminal device;

The sending unit is configured to: if the first terminal identifier information of the terminal device is not stored, send a first request message to the terminal middleware, where the first request message requests to acquire the first terminal identifier information;

The acquiring unit is configured to acquire the first terminal identifier information that is open by the terminal middleware, and the first storage unit is configured to store the first terminal identifier information.

In a second possible implementation manner, the first request message carries a first application name of the application client, so that the terminal middleware is configured according to the first application, according to the first possible implementation manner. And determining whether the application is legal, and the first terminal identification information is opened to the application client when the application is legal.

In a third possible implementation manner, the first request message carries the first application name of the application client, so that the terminal middleware is configured according to the first application name, according to the first possible implementation manner. Determining whether the application is legal, and determining whether the application first invokes the first terminal identification information according to the first application name, and determining that the application is the first call to the first terminal After the information is identified, the user is requested to open the first terminal identification information to the application client, and after receiving the authorization response returned by the user to open the first terminal identification information to the application client, the first The terminal identification information is sent to the application client.

In a fourth possible implementation manner, the login authentication unit performs login authentication according to the stored first terminal identifier information, to open the application of the application client, specifically, according to the fourth aspect to the third possible implementation manner. :

In a fifth possible implementation, the application client further includes a second storage unit according to the fourth possible implementation manner; The receiving unit is further configured to receive, by the terminal middleware, indication information about whether a login password is required when logging in to the application;

The second storage unit is configured to store the indication information of whether the password is required to be logged in. If the indication message of the authentication success is sent by the terminal middleware, the application of the application client is specifically:

In a sixth possible implementation manner, the obtaining, by the acquiring unit, the first terminal identifier information that is open by the terminal middleware, according to the third possible implementation manner to the fifth possible implementation manner, specifically includes:

Acquiring the encrypted first terminal identifier information that is open to the terminal middleware, where the encrypted first terminal identifier information is that the terminal middleware is used according to the first application name and the first terminal identifier information. Generated by the advanced encryption standard AES;

The storing, by the storage unit, the first terminal identifier information specifically includes:

In a seventh possible implementation manner, according to the fourth to sixth possible implementation manners, the terminal identifier information specifically includes:

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

In a fifth aspect, a system for identifying an identity, the system terminal terminal middleware and an application client; The terminal middleware is configured to acquire terminal identification information of the terminal device, where the terminal identification information includes at least first terminal identification information;

The terminal middleware is further configured to: open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information;

The application client is configured to receive an access request message, where the access request message requests to open an application of the application client;

The application client is further configured to perform login authentication according to the stored first terminal identification information to open an application of the application client.

An embodiment of the present invention provides a method, an apparatus, and a system for identifying an identity, where the method includes acquiring, by a terminal middleware, terminal identification information of a terminal device, where the terminal identification information includes at least the first terminal identification information, The first terminal identifier information is opened to the application client. After receiving the access request message, the application client performs login authentication according to the stored first terminal identifier information to open the application of the application client.

Based on the description of the foregoing embodiment, when the application of the terminal device is logged in, the method for authenticating the first terminal identification information is used to solve the problem that the user needs to memorize the user name and password when logging in to the application on the terminal device. The first terminal identification information is used as a unique identifier of the application that the user logs in to the terminal device, which improves the security of the application that the user logs in to the terminal device. DRAWINGS

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.

FIG. 1 is a schematic diagram of an identity recognition method according to an embodiment of the present invention;

2 is another method for identity recognition according to an embodiment of the present invention;

FIG. 3 is still another method for identity recognition according to an embodiment of the present invention;

FIG. 4 is still another method for identity recognition according to an embodiment of the present invention;

FIG. 5 is still another method for identity recognition according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of an authorization interface according to an embodiment of the present invention;

FIG. 7 is still another method for identity recognition according to an embodiment of the present invention; FIG. 8 is still another method for identity recognition according to an embodiment of the present invention;

FIG. 9 is a terminal middleware according to an embodiment of the present invention;

FIG. 10 is another terminal middleware according to an embodiment of the present invention;

FIG. 11 is still another terminal middleware according to an embodiment of the present invention;

FIG. 12 is still another terminal middleware according to an embodiment of the present invention;

FIG. 13 is still another terminal middleware according to an embodiment of the present invention;

FIG. 14 is still another terminal middleware according to an embodiment of the present invention;

FIG. 15 is an application client according to an embodiment of the present invention;

FIG. 16 is an application client according to an embodiment of the present invention;

FIG. 17 is an application client according to an embodiment of the present invention;

FIG. 18 is a terminal middleware according to an embodiment of the present invention;

FIG. 19 is another terminal middleware according to an embodiment of the present invention;

FIG. 20 is still another terminal middleware according to an embodiment of the present invention;

FIG. 21 is still another terminal middleware according to an embodiment of the present invention;

FIG. 22 is an identification system according to an embodiment of the present invention.

detailed description

The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

Embodiment 1

An embodiment of the present invention provides a method for identity identification, where the method is applied to a terminal middleware, as shown in FIG. 1 , the method includes:

101. Obtain terminal identification information of the terminal device, where the terminal identification information includes at least first terminal identification information.

Specifically, the terminal identifier information of the terminal device may be an IMSI (International Mobile Subscriber Identification Number) and/or a terminal design of a SIM (Subscriber Identity Module) card in the terminal device. The IMEI (International Mobile Equipment Identity) and/or the MAC (Media Access Control) address of the terminal device are not specifically limited in this embodiment of the present invention.

The terminal identifier information includes at least first terminal identifier information.

It should be noted that the terminal middleware may acquire multiple terminal identification information, and the “first” in the first terminal identification information does not have any special meaning, and only refers to the terminal identification information acquired by the terminal middleware. A terminal identification information.

102. The first terminal identifier information is opened to the application client, so that the application client obtains and stores the first terminal identifier information, and after receiving the access request message, according to the first terminal identifier information. Perform login authentication.

Specifically, opening the first terminal identifier information to the application client may be determined by the configuration of the terminal device. For example, the configuration of the first terminal identification information in the following two scenarios:

In scenario 1, if the user uses the same SIM card on different terminal devices, the international mobile subscriber identity code IMSI can be configured as the first terminal identifier information.

Scene 2,

If the user changes the SIM card without changing the terminal device, or a terminal device without a SIM card (for example, iPad), the international mobile terminal identification code IMEI or the medium access control MAC address may be used as the first terminal identification information.

Of course, after obtaining the terminal identification information, the terminal middleware may open the first terminal identification information to the application client according to the configuration of the terminal device, or the application client may determine when the user triggers the application client. After the first terminal identifier information of the terminal device is not stored, the first request message is sent to the terminal middleware, and the first terminal identifier information is requested to be obtained, so that the terminal middleware opens the first terminal identifier. Information to the application client. In this case, the terminal middleware may directly open the first terminal identification information to the application client; or the terminal middleware may determine whether the application is legal, and determine that the application is legal. Opening the first terminal identification information to the application client; or the terminal middleware is configured to open the first terminal identification information to the application client after determining whether the application is legal, determining that the application is legal and authorized by the user end. The embodiment of the present invention does not specifically limit this, and only describes that the terminal middleware opens the first terminal identification information to the application client after acquiring the terminal identification information. The client, so that the application client obtains and stores the first terminal identifier information, and after receiving the access request message, may perform login authentication according to the first terminal identifier information. Therefore, the security of the application that the user logs in to the terminal device is improved, and the problem that the user name and password need to be memorized when the user logs in to the application on the terminal device is avoided.

The embodiment of the present invention further provides a method for the identity identification, where the method is applied to an application client, as shown in FIG. 2, the method includes:

201. Receive an access request message, where the access request message requests to open an application of the application client.

Specifically, after the user triggers the application client, the application client receives an access request message, and the access request message requests to open an application of the application client.

202. Perform login authentication according to the stored first terminal identifier information to open an application of the application client.

Specifically, the first terminal identifier information may be stored in the application client before receiving the access request message, or the application client may determine, after receiving the access request message, the first terminal identifier of the terminal device not stored. After the information is obtained, the first terminal identifier information is obtained from the terminal middleware, and then stored in the application client, which is not specifically limited in this embodiment of the present invention.

Considering that the terminal device may have multiple application clients, in order to distinguish the different terminal identification information corresponding to each application client, the terminal middleware may use the advanced encryption standard AES according to the first application name and the first terminal identification information of the application client. And generating the encrypted first terminal identifier information corresponding to the first application name, so the stored first terminal identifier information may be the encrypted first terminal identifier information, or may be the unencrypted first terminal identifier information. The embodiment of the present invention does not specifically limit this, and only depends on actual conditions.

The application for performing the login authentication according to the stored first terminal identifier information to open the application client may include:

Sending a second request message requesting authentication to the terminal middleware, where the second request message carries a first application name of the application client and the stored first terminal identification information, so that the terminal middleware is opposite The first application name and the stored first terminal identification information are authenticated; if the indication message of successful authentication sent by the terminal middleware is received, the application of the application client is opened. Specifically, the application client may receive the indication information of whether the login password is required to log in to the application, and the method for opening the application of the application client may be determined according to the indication information, including:

Determining whether a login password is required according to the indication information;

Of course, the foregoing is merely illustrative of a method for opening an application of the application client, and may also store other methods for opening an application of the application client, which is not specifically limited in the embodiment of the present invention.

An embodiment of the present invention provides a method for identity identification, where the method includes: acquiring terminal identification information of a terminal device in a terminal middleware, where the terminal identification information includes at least first terminal identification information, and the first The terminal identifier information is opened to the application client. After receiving the access request message, the application client performs login authentication according to the stored first terminal identifier information to open the application of the application client.

Based on the description of the foregoing embodiment, when the application of the terminal device is logged in, the method for authenticating the first terminal identification information is used to solve the problem that the user needs to memorize the user name and password when the user logs in to the application on the terminal device. The security of the application that the user logs in to the terminal device.

Embodiment 2

An embodiment of the present invention provides a method for identity identification, where the method is based on a terminal middleware and an application client, where the application client does not store the first terminal identification information of the terminal device, as shown in FIG. 3 The method includes: after the terminal middleware acquires the terminal identifier information of the terminal device, the method includes:

301. The application client receives an access request message, where the access request message requests to open an application of the application client.

Specifically, after the user triggers the application client, the application client receives an access request message, and the access request message requests to open an application of the application client. 302. The application client determines whether to store the first terminal identifier information of the terminal device. Specifically, after the application client receives the access request message, it first determines whether the first terminal identifier information of the terminal device has been stored.

If the application client has stored the first terminal identification information of the terminal device, step 308 is performed;

If the application client does not store the first terminal identifier information of the terminal device, perform the step

303.

303. If the first terminal identifier information of the terminal device is not stored, send a first request message to the terminal middleware, where the first request message requests to acquire the first terminal identifier information.

Specifically, the first request message requests to acquire the first terminal identification information.

304. The terminal middleware receives the first request message sent by the application client.

305. The terminal middleware opens the first terminal identification information to the application client.

Specifically, in consideration of the diversity of the application client on the terminal device, when an application client receives the access request message and determines that the terminal identifier information of the terminal device is not stored, the first request message is sent to the terminal middleware, and the triggering device is triggered. The terminal middleware opens the first terminal identification information to the application client.

After the first terminal identification information is requested by the application client, after the first terminal information is opened to the application client, the application client acquires the first terminal identification information, and receives After the request message is accessed, the login authentication is performed according to the first terminal identifier information, which prevents the terminal middleware from opening the problem that the terminal identifier information of the application client does not match the terminal identifier information required by the application client.

306. The application client acquires the first terminal identifier information that is open by the terminal middleware.

307. The application client stores the first terminal identifier information.

Specifically, the application client stores the first terminal identifier information, so that the application client opens the application of the application client after performing login authentication according to the first terminal identifier information.

Specifically, in consideration of the fact that the terminal device may have multiple application clients, in order to distinguish different application terminal identification information, the terminal middleware may use the first application name and the first terminal identification information of the application client to use advanced Encrypting standard AES, generating the first application name corresponding The encrypted first terminal identifier information, so the stored first terminal identifier information may be the encrypted first terminal identifier information, or may be the unencrypted first terminal identifier information, which is not specifically described in this embodiment of the present invention. Limited, only based on actual conditions.

308. The application client performs login authentication according to the first terminal identifier information to open an application of the application client.

Specifically, the application for performing the login authentication according to the stored first terminal identifier information to open the application client may include:

Specifically, the application client may receive the indication information of the login password that is sent by the terminal middleware, and the method for opening the application of the application client may be determined according to the indication information, including:

Further, the embodiment of the present invention further provides a method for identity identification, where the method is based on the terminal middleware and the application client, to determine that the application is legal, the terminal device sends the first terminal identification information for description. Specifically, as shown in FIG. 4, after the terminal middleware acquires the terminal identifier information of the terminal device, the method includes:

401. The application client receives an access request message, where the access request message requests to open an application of the application client. Specifically, after the user triggers the application client, the application client receives an access request message, and the access request message requests to open an application of the application client.

402. The application client determines whether to store the first terminal identifier information of the terminal device. Specifically, after the application client receives the access request message, it first determines whether the first terminal identification information of the terminal device has been stored.

If the application client has stored the first terminal identifier information of the terminal device, perform the step

409;

403.

403. If the first terminal identifier information of the terminal device is not stored, send a first request message to the terminal middleware, and the first request message requests to acquire the first terminal identifier information, where the first The request message carries the first application name of the application client.

Specifically, when the application client is loaded on the terminal device, the first application name is obtained by registering on an application platform, where the first application name does not have any special The meaning of the application only refers to the application name of the application client that currently receives the access request message.

404. The terminal middleware receives the first request message sent by the application client.

405. The terminal middleware determines, according to the first application name, whether the application is legal.

Specifically, determining, according to the first application name, whether the application is legal or not may include:

Read this database information;

If the first application name is included in the local database information, determining that the application is legal; if the first application name is not included in the first database information, requesting the capability open platform/app store to obtain the first An application name;

Storing the first application name;

If the first application name sent by the capability open platform/app store is not received, it is determined that the application is illegal. It should be noted that if the application of the SP (Service Provider) / CP (Content Provider Content Provider) is registered in the capability open platform/app store, the application is legal. Therefore, if the first application name is not included in the first database information, and the capability open platform/app store requests to obtain the first application name, if the application is legal, the capability open platform/app store It should contain the unique identifying information assigned to the app when it is registered, ie the app name.

Therefore, if the first application name sent by the capability open platform/app store is received, the application is determined to be legal; if the first application name sent by the capability open platform/app store is not received, the The application is not registered with the capability open platform/app store, and the application is determined to be illegal. No specific limitation.

406. If the application is legal, the terminal middleware opens the first terminal identification information to the application client. The information is opened to the application client, which increases the security of accessing the application.

407. The application client acquires the first terminal identifier information that is open by the terminal middleware.

408. The application client stores the first terminal identifier information.

Specifically, in consideration of the fact that the terminal device may have multiple application clients, in order to distinguish different application terminal identification information, the terminal middleware may use the first application name and the first terminal identification information of the application client to use advanced The encryption standard AES is configured to generate the encrypted first terminal identifier information corresponding to the first application name, so the stored first terminal identifier information may be the encrypted first terminal identifier information, or may be the first unencrypted information. The terminal identification information is not specifically limited in this embodiment of the present invention, and is determined only according to actual conditions.

409. The application client performs login authentication according to the first terminal identifier information to open an application of the application client. Specifically, the application for performing the login authentication according to the stored first terminal identifier information to open the application client may include:

Specifically, the application client may receive the indication information of whether the login password is required to be sent by the terminal middleware, and the method for opening the application of the application client may be determined according to the indication information, including:

Optionally, the embodiment of the present invention further provides a method for identity identification, where the method is based on the terminal middleware and the application client, and specifically, after determining that the application is legal and the user authorizes, the terminal device sends the first terminal. The identification information is described. Specifically, as shown in FIG. 5, after the terminal middleware acquires terminal identification information of the terminal device, the method includes:

501. The application client receives an access request message, where the access request message requests to open an application of the application client.

502. The application client determines whether to store the first terminal identifier information of the terminal device. Specifically, after the application client receives the access request message, it first determines whether the first terminal identifier information of the terminal device has been stored. If the application client has stored the first terminal identifier information of the terminal device, perform the step

514;

503.

503. If the first terminal identifier information of the terminal device is not stored, send a first request message to the terminal middleware, and the first request message requests to acquire the first terminal identifier information, where the first The request message carries the first application name of the application client.

504. The terminal middleware receives the first request message sent by the application client.

505. The terminal middleware determines, according to the first application name, whether the application is legal.

Specifically, the method for the terminal middleware to determine whether the application is legal according to the first application name may refer to the description of step 405, which is not repeatedly described in the embodiment of the present invention.

506. If the application is legal, the terminal middleware determines, according to the first application name, whether the application first invokes the first terminal identification information.

Specifically, the terminal middleware may store the correspondence between the application name and the number of times the application corresponding to the terminal identifier information is called by the application name, so it may be determined, according to the first application name, whether the application first invokes the first terminal. Identification information.

If the application is to call the first terminal identification information for the first time, go to step 507;

If the application does not invoke the first terminal identification information for the first time, step 511 is performed.

507. If the application first invokes the first terminal identifier information, the terminal middleware requests the user to authorize opening the first terminal identifier information to the application client.

Specifically, the terminal middleware requesting the user to authorize the opening of the first terminal identifier information to the application client may include:

Sending an authentication short message, requesting the application to authorize by inputting the content of the authentication short message; or

Provide an authorization interface and request the application to authorize on the authorization interface.

Of course, the terminal middleware requests the user to authorize opening the first terminal to the application client. There may be a plurality of methods for identifying information at the end, which is not specifically limited in the embodiment of the present invention.

508. The user performs the first terminal identification information right.

Specifically, the terminal middleware can provide a 4 authorized interface as shown in FIG. 6, and the user can authorize the user information by setting the content of the authorization interface.

It should be noted that in order to provide differentiated services to applications of different security levels, a service-level agreement (SLA) can be provided to different types of application clients. For example, you can set the content of the authorization interface so that the authorization interface contains the option of whether the user needs to log in to the password when logging in. For an application client with low security, the user can authorize the password without login, and only the first terminal identifier is required. If the information is successfully authenticated, you can log in to the application, such as news and other tools. For a small number of application clients with very high security requirements, the user can authorize the password input at login. The first terminal identification information and password must be authenticated before logging in to the application. Similar to the bank's USB key and terminal identification information. Account number, the user needs to enter a password to log in correctly, such as bank/securities client, Alipay client, etc. Certainly, the option of the login password is not necessarily included in the authorization interface. The embodiment of the present invention only provides an illustration of the authorization interface, and the specific content of the authorization interface is not specifically limited. Authorization of terminal identification information.

On the other hand, for some application clients, if the user has multiple accounts and need to change the login account information, you can unbind the application name and terminal identification information in the terminal middleware "My authorization settings", and apply the client next time. When the interface is called, the authorization is re-authorized, so that the application client will also update to the new account.

Of course, to solve the problem that the user has multiple accounts and need to change the login account information, in addition to setting the authorization interface, it can also be implemented by other methods, for example, on the login interface provided by the application client, the terminal identification information and the new account. Make association bindings. This embodiment of the present invention does not specifically limit this.

509. The user returns a 4 authorized response that opens the first terminal identification information to the application client.

510. Receive an authorization response returned by the user to open the first terminal identifier information to the application client.

511. The terminal middleware opens the first terminal identification information to the application client. Specifically, in the embodiment of the present invention, when it is determined that the application is legal, and the user is authorized to send the first terminal identification information to the application client, the first terminal identification information is opened to the application client, The user's authorization further increases the security of the access application.

512. The application client acquires the first terminal identifier information that is open by the terminal middleware.

513. The application client stores the first terminal identifier information.

Specifically, after being authorized by the user, the terminal middleware also saves the following configuration information of the application client:

514. The application client performs login authentication according to the first terminal identifier information to open an application of the application client.

Further, after the user authorization terminal middleware opens the first terminal identification information to the application client, the application client stores the first terminal identification information, and the application client logs in according to the stored first terminal identification information. During authentication, the interaction between the terminal middleware and the application client is as shown in FIG. 7, and includes:

701. The application client sends a second request message requesting authentication to the terminal middleware, where the second request message carries a first application name of the application client and the stored first terminal identifier information.

Specifically, the first application name of the application client and the stored first terminal identifier information carried by the second request message are used for login authentication.

702. The terminal middleware receives the second request message that is sent by the application client to request authentication.

703. The terminal middleware checks whether a correspondence between the first application name and the first terminal identifier information stored by the application client is stored.

Specifically, if the terminal middleware stores the first application name and the application client Corresponding relationship of the stored first terminal identification information, indicating that the authentication is successful, and performing step 704;

If the terminal middleware does not store the correspondence between the first application name and the first terminal identification information stored by the application client, indicating that the authentication fails, the login fails.

704. If stored, send an indication message that the authentication succeeds to the application client.

705. The application client receives an indication message that the terminal middleware sends the authentication success.

706. The application client opens an application of the application client according to the stored first terminal identifier information.

Specifically, after the authentication succeeds, the application client opens the application of the application client according to the stored first terminal identifier information. The user is not required to memorize the username and password, and the security of the application on the user's login terminal device is improved.

Further, the indication information of whether the login password is required when logging in to the application may be pre-configured in the terminal middleware.

Specifically, the authorization interface shown in FIG. 6 may include an option of whether a login password is required to log in to the application, that is, whether the login password is required to log in to the application is pre-configured in the terminal middleware.

The method further includes: before the sending, sending the indication message that the authentication succeeds to the application client, the method further includes:

The terminal middleware sends a pre-stored indication information of whether the login password is required to log in to the application client to the application client;

The application client receives the indication information of whether the password is required to be logged in when the login is sent by the terminal middleware and stores the information.

In this case, when the application client performs login authentication according to the stored first terminal identification information, the interaction between the terminal middleware and the application client is specifically as shown in FIG. 8, and includes: 801, The application client sends a second request message for requesting authentication to the terminal middleware, where the second request message carries the first application name of the application client and the stored first terminal identification information.

802. The terminal middleware receives the second request message that is sent by the application client and requests authentication. -twenty one-

803. The terminal middleware checks whether a correspondence between the first application name and the first terminal identifier information stored by the application client is stored.

Specifically, if the terminal middleware stores the correspondence between the first application name and the first terminal identification information stored by the application client, indicating that the authentication is successful, step 804 is performed;

804. If stored, send an indication message that the authentication succeeds to the application client.

805. Receive an indication message that the terminal middleware sends the authentication success.

806. Determine, according to the stored indication information that the login password is required to log in to the application, whether the login password is required.

Specifically, because the application client stores indication information about whether a login password is required when logging in to the application, it may be determined at this time whether a login password is required.

807. If the login password is not required, open the application of the application client according to the stored first terminal identifier information.

808. If a login password is required, open the application of the application client according to the stored first terminal identification information and the input login password.

Specifically, the embodiment of the present invention provides a solution for different security levels to the user according to the stored indication information of whether the login password is required. For an application client with low security, the user can log in without using a password. Only the first terminal identification information can be successfully authenticated to log in to the application, such as news and other tools. For a small number of application clients with very high security requirements, users can enter a password when logging in. The first terminal identification information and password must be authenticated before they can log in to the application. Similar to the bank's USB key and terminal identification information as an account. Users need to enter a password to log in correctly, such as bank/securities client, Alipay client, etc. Through the above methods, the diversified needs of users are met.

Further, after the terminal middleware receives the response from the user that provides the terminal identification information to the application client, the terminal middleware further includes:

The terminal middleware generates the encrypted first terminal identification information corresponding to the first application name by using the advanced encryption standard AES according to the first application name and the first terminal identification information.

And storing the corresponding relationship between the first application name and the first terminal identifier information Includes:

Saving the correspondence between the encrypted first terminal identifier information and the first application name; the opening the first terminal identifier information to the application client specifically includes: the encrypted first terminal identifier The information is open to the application client.

Correspondingly, the application client obtains the encrypted first terminal identification information that is open by the terminal middleware;

The storing, by the application client, the first terminal identifier information specifically includes:

And storing the encrypted first terminal identification information.

Specifically, in consideration of the fact that the terminal device may have multiple application clients, in order to distinguish different application terminal identification information, the terminal middleware may use the first application name and the first terminal identification information of the application client to use advanced The encryption standard AES generates the encrypted first terminal identification information corresponding to the first application name. In addition, the application client stores the encrypted first terminal identification information, so that in the subsequent identity identification process, the application client and the terminal middleware communicate with each other through the encrypted first terminal identification information, thereby ensuring the terminal. The physical information of the device and the security of the user's personal information.

Based on the description of the foregoing embodiment, the first terminal identifier information in the terminal identifier information is opened to the application client by acquiring the terminal identifier information of the terminal device, so that the application client obtains and stores the first terminal identifier. The information, and after receiving the access request message, the technical solution for performing login authentication according to the first terminal identification information, which solves the problem that the user needs to memorize the user name and password when logging in to the application on the terminal device, and the first The terminal identification information is used as the unique identifier of the application that the user logs in to the terminal device, which improves the security of the application that the user logs in to the terminal device.

Embodiment 3

The embodiment of the present invention provides a terminal middleware 900. Specifically, as shown in FIG. 9, the terminal middleware 900 includes an obtaining unit 901 and an opening unit 902.

The obtaining unit 901 is configured to acquire terminal identification information of the terminal device, where the terminal identifier information includes at least first terminal identifier information.

The opening unit 902 is configured to open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and receives the access request. After the message is obtained, login authentication is performed according to the first terminal identification information.

Further, as shown in FIG. 10, the terminal middleware 900 further includes a receiving unit 903. The receiving unit 903 is configured to: after the acquiring unit 901 acquires the terminal identifier information of the terminal device, the opening unit 902 receives the first terminal identifier information before the application client is opened, and receives the The first request message sent by the client is requested, and the first request message requests to acquire the first terminal identifier information.

Further, as shown in FIG. 11, the terminal middleware 900 further includes a determining unit 904 and an executing unit 905.

The first request message carries a first application name of the application client.

The determining unit 904 is configured to determine, according to the first application name, whether the application is legal after the receiving unit 903 receives the first request message sent by the application client;

The executing unit 905 is further configured to: if the application is legal, perform the step of opening the first terminal identification information to an application client.

Optionally, as shown in FIG. 12, the terminal middleware 900 further includes a determining unit 904, a requesting unit 906, a storage unit 907, and an executing unit 905.

The determining unit 904 is configured to determine, according to the first application name, whether the application is legal after the receiving unit 903 receives the first request message sent by the application client.

The determining unit 904 is further configured to: determine, according to the first application name, whether the application first invokes the first terminal identification information according to the first application name.

The requesting unit 906 is configured to request the user to open the first terminal identification information to the application client if the application first invokes the first terminal identification information.

The receiving unit 903 is configured to receive, by the user, a response to the application of the first terminal identifier information to the application client.

The storage unit 907 is configured to save a correspondence between the first application name and the first terminal identifier information.

The executing unit 905 is configured to perform the step of opening the first terminal identification information to an application client.

Further, the requesting unit 906 requests the user to authorize the opening of the application to the application client. The first terminal identification information specifically includes:

Further, as shown in FIG. 13, the terminal middleware further includes an checking unit 908 and a sending unit 909.

The receiving unit 903 is further configured to receive a second request message that is sent by the application client to request authentication, where the second request message carries a first application name of the application client and a first stored by the application client. Terminal identification information;

The checking unit 908 is configured to check whether a correspondence between the first application name and the first terminal identification information stored by the application client is stored.

The sending unit 909 is further configured to: if stored, send an indication message that the authentication succeeds to the application client, so that the application client opens the application client according to the first terminal identifier information stored by the application client. End application.

Further, the sending unit 909 is further configured to send, before the sending, sending the indication message that the authentication succeeds to the application client, the pre-stored indication information of whether the login password is required to log in to the application to the Application client.

If the information is sent, the sending unit 909 sends an indication message that the authentication succeeds to the application client, so that the application client opens the application of the application client according to the first terminal identifier information stored by the application client, including :

Further, as shown in FIG. 14, the terminal middleware further includes a generating unit 910.

The generating unit 910 is configured to: after receiving, by the receiving unit 903, an authorization response that is opened by the user to open the first terminal identifier information to the application client, according to the first application name and the first terminal identifier The information is generated by using the advanced encryption standard AES to generate the encrypted first terminal identification information corresponding to the first application name.

The storage unit 907 stores the correspondence between the first application name and the first terminal identification information. The relationship specifically includes:

And the corresponding relationship between the first terminal identifier information and the first application name is saved; the opening, the 902, the opening, the 902, the

Opening the encrypted first terminal identifier information to the application client, so that the application client obtains and stores the encrypted first terminal identifier information, so that the first terminal stored by the application client is used. The identification information is specifically the encrypted first terminal identification information.

Further, the determining unit 904, according to the first application name, determining whether the application is legal or not specifically includes:

Read local database information.

Determining whether the first application name is included in the local database information.

If the first application name is included in the local database information, it is determined that the application is legal. If the first application name is not included in the local database information, the capability open platform/app store is requested to acquire the first application name.

If the first application name sent by the capability open platform/app store is received, it is determined that the application is legal.

The first application name is stored.

Further, the terminal identifier information specifically includes:

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

Specifically, the method for performing identity identification by using the terminal middleware can refer to the descriptions of the first embodiment and the second embodiment, and details are not described herein again.

Based on the description of the above embodiments, the terminal middleware provided by the present invention includes an acquisition unit and an open unit. The acquiring unit is configured to acquire terminal identification information of the terminal device, where the terminal identifier The information includes at least the first terminal identification information, where the open unit is configured to open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and After receiving the access request message, performing login authentication according to the first terminal identifier information, the terminal middleware provided by the embodiment of the present invention solves the problem that the user name and password need to be memorized when the user logs in to the application on the terminal device, and the user is improved at the same time. Log in to the security of the app on the terminal device.

Embodiment 4

The embodiment of the present invention provides an application client 1500. Specifically, as shown in FIG. 15, the application client 1500 includes a receiving unit 1501 and a login authentication unit 1502.

The receiving unit 1501 is configured to receive an access request message, where the access request message requests to open an application of the application client.

The login authentication unit 1502 is configured to perform login authentication according to the stored first terminal identification information to open an application of the application client.

Specifically, the first terminal identifier information may be stored in the application client before the receiving unit 1501 receives the access request message, or may be determined by the receiving unit 1501 not to store after receiving the access request message. After the first terminal identifier information of the terminal device is obtained, the first terminal identifier information is obtained from the terminal middleware, and then stored in the application client, which is not specifically limited in this embodiment of the present invention.

Further, as shown in FIG. 16, the application client further includes a determining unit 1503, a sending unit 1504, an obtaining unit 1505, and a first storage unit 1506.

The determining unit 1503 is configured to determine, after the receiving unit 1501 receives the access request message, whether to store the first terminal identification information of the terminal device.

The sending unit 1504 is configured to: if the first terminal identifier information of the terminal device is not stored, send a first request message to the terminal middleware, where the first request message requests to acquire the first terminal identifier information.

The obtaining unit 1505 is configured to acquire the first terminal identification information that is open by the terminal middleware.

The first storage unit 1505 is configured to store the first terminal identification information.

Further, the first request message carries a first application name of the application client, so that The terminal middleware determines whether the application is legal according to the first application name, and the first terminal identification information is opened to the application client when the application is legal.

Optionally, the first request message carries the first application name of the application client, so that the terminal middleware determines whether the application is legal according to the first application name, and the application is legal according to the The first application name determines whether the application first invokes the first terminal identification information, and after determining that the application is the first time to invoke the first terminal identification information, requesting the user to authorize opening the first to the application client. The terminal identification information is: after receiving the authorization response returned by the user to open the first terminal identification information to the application client, the first terminal identification information is opened to the application client.

Further, the login authentication unit 1502 performs login authentication according to the stored first terminal identifier information, to open the application of the application client, specifically:

Sending a second request message requesting authentication to the terminal middleware, where the second request message carries a first application name of the application client and the stored first terminal identification information, so that the terminal middleware is opposite The first application name and the stored first terminal identification information are authenticated.

If the indication message of successful authentication sent by the terminal middleware is received, the application of the application client is opened.

Further, as shown in FIG. 17, the application client further includes a second storage unit 1507. The receiving unit 1501 is further configured to receive, by the terminal middleware, indication information that a login password is required when logging in to the application.

The second storage unit 1507 is configured to store the indication information of whether the password is required to be used for the login. If the indication message that the authentication succeeds is sent by the terminal middleware, the application of the application client is specifically:

Further, the acquiring unit 1505 acquires a first terminal identification letter that is open by the terminal middleware. The specific information includes:

Acquiring the encrypted first terminal identifier information that is open to the terminal middleware, where the encrypted first terminal identifier information is that the terminal middleware is used according to the first application name and the first terminal identifier information. Generated by the advanced encryption standard AES.

The storing, by the first storage unit 1506, the first terminal identification information includes: storing the encrypted first terminal identification information, so that the stored first terminal identification information is specifically the encrypted first terminal identification information.

Further, the terminal identifier information specifically includes:

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

For example, the method for performing the identification by the application client may refer to the descriptions of the first embodiment and the second embodiment, and details are not described herein again.

Based on the description of the foregoing embodiment, the application client provided by the embodiment of the present invention includes a receiving unit and a login authentication unit. The receiving unit is configured to receive an access request message, where the access request message requests to open an application of the application client, and the login authentication unit is configured to perform login authentication according to the stored first terminal identifier information, to open the The application application client. The application client provided by the embodiment of the present invention solves the problem that the user needs to memorize the user name and password when logging in to the application on the terminal device, and improves the security of the application that the user logs in to the terminal device.

Embodiment 5

The embodiment of the present invention provides a terminal middleware 1800. Specifically, as shown in FIG. 18, the terminal middleware includes a processor 1801.

The processor 1801 is configured to acquire terminal identifier information of the terminal device, where the terminal identifier information includes at least first terminal identifier information.

The processor 1801 is further configured to: open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and after receiving the access request message, according to the The first terminal identification information is used for login authentication. Further, as shown in FIG. 19, the terminal middleware 1800 further includes an input interface 1802. The input interface 1802 is configured to: after the processor 1801 acquires terminal identification information of the terminal device, Before the terminal identifier information is opened to the application client, the first request message sent by the application client is received, and the first request message requests to acquire the first terminal identifier information.

Further, the first request message carries a first application name of the application client.

The processor 1801 is further configured to: after the input interface 1802 receives the first request message sent by the application client, determine, according to the first application name, whether the application is legal.

The processor 1801 is further configured to: when the application is legal, perform the step of opening the first terminal identification information to an application client.

Optionally, as shown in FIG. 20, the terminal middleware 1800 further includes a memory 1803. The first request message carries a first application name of the application client.

The processor 1801 is further configured to determine, according to the first application name, whether the application first invokes the first terminal identification information according to the first application name.

The processor 1801 is further configured to: if the application first invokes the first terminal identifier information, request the user to authorize opening the first terminal identifier information to the application client.

The input interface 1802 is further configured to receive a response from the user that opens the first terminal identification information to the application client.

The memory 1803 is configured to save a correspondence between the first application name and the first terminal identification information.

The processor 1801 is configured to perform the step of opening the first terminal identification information to an application client.

Further, the requesting, by the processor 1801, the user to open the first terminal identification information to the application client includes:

Provide an authorization interface and request the user to authorize on the authorization interface. Further, as shown in FIG. 21, the terminal middleware 1800 further includes an output interface 1804. The input interface 1802 is further configured to receive a second request message that is sent by the application client to request authentication, where the second request message carries a first application name of the application client and a first stored by the application client. Terminal identification information.

The processor 1801 is further configured to check whether a correspondence between the first application name and the first terminal identification information stored by the application client is stored.

The output interface 1804 is further configured to: if stored, send an indication message that the authentication succeeds to the application client, so that the application client opens the application client according to the first terminal identifier information stored by the application client. End application.

Further, the output interface 1804 is further configured to send, before the sending, sending an indication message that the authentication succeeds to the application client, a pre-stored indication information of whether a login password is required to log in to the application, to the Application client.

If the storage interface is sent, the output interface 1804 sends an indication that the authentication succeeds to the application client, so that the application client opens the application of the application client according to the first terminal identifier information stored by the application client, including :

Further, the processor 1801 is further configured to: after receiving, by the input interface 1802, an authorization response returned by the user to open the first terminal identification information to the application client, according to the first application name and the The first terminal identification information is generated by using the advanced encryption standard AES to generate the encrypted first terminal identification information corresponding to the first application name.

The storing, by the memory 1803, the correspondence between the first application name and the first terminal identifier information specifically includes:

And storing a correspondence between the encrypted first terminal identification information and the first application name.

The opening, by the processor 1801, the first terminal identification information to the application client includes:

Opening the encrypted first terminal identifier information to the application client, so that the application client obtains and stores the encrypted first terminal identifier information, so that the application client The stored first terminal identification information is specifically the encrypted first terminal identification information.

Further, the determining, by the processor 1801, whether the application is legal according to the first application name specifically includes:

Read local database information;

Storing the first application name;

Further, the terminal identifier information specifically includes:

and / or

International mobile terminal identification code of terminal equipment IMEI;

and / or

The media access control MAC address of the terminal device.

Based on the description of the above embodiments, the terminal middleware provided by the present invention includes a processor. The processor is configured to obtain the terminal identifier information of the terminal device, where the terminal identifier information includes at least the first terminal identifier information, and the processor is further configured to: open the first terminal identifier information to the application client, so that The application client obtains and stores the first terminal identification information, and after receiving the access request message, performs login authentication according to the first terminal identification information. The terminal middleware provided by the embodiment of the present invention solves the problem that the user needs to memorize the user name and the password when logging in to the application on the terminal device, and improves the security of the application of the user logging in to the terminal device.

Embodiment 6 The embodiment of the present invention provides an identity recognition system 2200. As shown in FIG. 22, the identity recognition system 2200 includes a terminal middleware 900 and an application client 1500.

The terminal middleware 900 is configured to acquire terminal identification information of the terminal device, where the terminal identification information includes at least first terminal identification information.

The terminal middleware 900 is further configured to open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information.

The application client 1500 is configured to receive an access request message, and perform login authentication according to the stored first terminal identification information to open an application of the application client.

Specifically, the method for the identity identification system to perform the identity identification by the terminal middleware and the application client may refer to the descriptions of the first embodiment and the second embodiment, and details are not described herein again.

The terminal identifier information of the terminal device is obtained by the terminal middleware, and the first terminal identifier information in the terminal identifier information is opened to the application client, so that the application client obtains and stores the first a terminal identification information, and after receiving the access request message, performing a login authentication according to the first terminal identification information, which solves the problem that the user needs to memorize the user name and password when logging in to the application on the terminal device, and at the same time The first terminal identifier information is used as the unique identifier of the application that the user logs in to the terminal device, which improves the security of the application that the user logs in to the terminal device.

It should be noted that, in an actual implementation, in the embodiment of the present invention, it should be understood that, in an implementation manner, the terminal middleware may be a software module on the terminal device; The terminal middleware may also be an independent device having the function of the terminal middleware, that is, the terminal middleware can be connected with the terminal device, or can be built in the terminal device, for example, by means of card insertion or software integration, the present invention The embodiment does not specifically limit this.

The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

Rights request

1. An identity recognition method, characterized in that the method includes:

The terminal middleware obtains terminal identification information of the terminal device, wherein the terminal identification information at least includes first terminal identification information;

Open the first terminal identification information to the application client, so that the application client obtains and stores the first terminal identification information, and after receiving the access request message, logs in according to the first terminal identification information Certification.

2. The method according to claim 1, characterized in that, after the terminal middleware obtains the terminal identification information of the terminal device and before opening the first terminal identification information to the application client, the method further includes: :

Receive a first request message sent by the application client, where the first request message requests acquisition of the first terminal identification information.

3. The method according to claim 2, characterized in that the first request message carries the first application name of the application client;

After receiving the first request message sent by the application client, the method further includes:

According to the first application name, determine whether the application is legal;

If the application is legal, perform the step of opening the first terminal identification information to the application client.

4. The method according to claim 2, characterized in that the first request message carries the first application name of the application client;

If the application is legal, determine whether the application calls the first terminal identification information for the first time based on the first application name;

If the application calls the first terminal identification information for the first time, request the user's right to open the first terminal identification information to the application client;

Receive authorization returned by the user to open the first terminal identification information to the application client respond to;

Save the corresponding relationship between the first application name and the first terminal identification information;

Execute the step of opening the first terminal identification information to an application client.

5. The method according to claim 4, wherein the requesting the user to authorize opening the first terminal identification information to the application client specifically includes:

Send an authentication text message and request the user to authorize by entering the content of the authentication text message; or

Provide an authorization interface and request users to authorize on the authorization interface.

6. The method according to claim 4 or 5, characterized in that, the method further includes: receiving a second request message requesting authentication sent by the application client, the second request message carrying the application client The first application name of the client and the first terminal identification information stored by the application client;

Check whether the corresponding relationship between the first application name and the first terminal identification information stored by the application client is stored;

If stored, send an authentication success indication message to the application client, so that the application client opens the application of the application client according to the first terminal identification information stored in the application client.

7. The method according to claim 6, characterized in that, before storing and sending an authentication success indication message to the application client, the method further includes:

Send pre-stored indication information to the application client indicating whether a login password is required when logging in to the application;

If stored, sending an authentication success indication message to the application client, so that the application client opens the application of the application client according to the first terminal identification information stored in the application client specifically includes:

If stored, send an authentication success indication message to the application client, so that the application client opens the application according to the first terminal identification information stored by the application client and the indication information of whether a login password is required. Client application.

8. The method according to any one of claims 4 to 7, characterized in that, after receiving the authorization response returned by the user to open the first terminal identification information to the application client, the Methods also include:

According to the first application name and the first terminal identification information, use the Advanced Encryption Standard AES to generate encrypted first terminal identification information corresponding to the first application name;

The storing of the corresponding relationship between the first application name and the first terminal identification information specifically includes:

Saving the corresponding relationship between the encrypted first terminal identification information and the first application name; The opening of the first terminal identification information to the application client specifically includes: The information is opened to the application client, so that the application client obtains and stores the encrypted first terminal identification information, so that the first terminal identification information stored by the application client is specifically the encrypted first terminal. Identification information.

9. The method according to any one of claims 3 to 8, characterized in that, judging whether the application is legal based on the first application name specifically includes:

Read local database information;

Determine whether the local database information contains the first application name;

If the local database information contains the first application name, determine that the application is legal; if the local database information does not contain the first application name, request the capability opening platform/application store to obtain the first application name. application name;

If the first application name sent by the capability opening platform/application store is received, determine that the application is legal;

Store the first application name;

If the first application name sent by the capability opening platform/application store is not received, it is determined that the application is illegal.

10. The method according to any one of claims 1 to 9, characterized in that the terminal identification information specifically includes:

The International Mobile Subscriber Identity IMSI of the SIM card of the subscriber identification module in the terminal device;

and / or

The International Mobile Terminal Identity IMEI of the terminal device;

and / or

The media access control MAC address of the end device.

11. An identity recognition method, characterized in that the method includes: the application client receives an access request message, and the access request message requests to open an application of the application client;

Login authentication is performed according to the stored first terminal identification information to open the application of the application client.

12. The method according to claim 11, characterized in that, after the application client receives the access request message, the method further includes:

Determine whether to store the first terminal identification information of the terminal device;

If the first terminal identification information of the terminal device is not stored, send a first request message to the terminal middleware, where the first request message requests acquisition of the first terminal identification information;

Obtain the first terminal identification information opened by the terminal middleware;

Store the first terminal identification information.

13. The method according to claim 12, wherein the first request message carries the first application name of the application client, so that the terminal middleware determines the first application name based on the first application name. Whether the application is legal, and when the application is legal, the first terminal identification information is opened to the application client.

14. The method according to claim 12, characterized in that the first request message carries the first application name of the application client, so that the terminal middleware determines the first application name based on the first application name. Whether the application is legal, and when the application is legal, it is determined based on the first application name whether the application calls the first terminal identification information for the first time, and after determining that the application calls the first terminal identification information for the first time, Request the user's authorization to open the first terminal identification information to the application client, and after receiving the authorization response returned by the user to open the first terminal identification information to the application client, open the first terminal identification information to the application client. The application client.

15. The method according to any one of claims 11 to 14, wherein the login authentication based on the stored first terminal identification information to open the application of the application client specifically includes:

Send a second request message requesting authentication to the terminal middleware, where the second request message carries the first application name of the application client and the stored first terminal identification information, so that the terminal middleware can Perform authentication using the first application name and the stored first terminal identification information; If the authentication success indication message sent by the terminal middleware is received, the application of the application client is opened.

16. The method according to claim 15, characterized in that the method further includes: receiving and storing the indication information sent by the terminal middleware indicating whether a login password is required when logging in to the application;

If the authentication success indication message sent by the terminal middleware is received, opening the application client application specifically includes:

If the authentication success indication message sent by the terminal middleware is received, determine whether a login password is required based on the indication information of whether a login password is required;

If a login password is not required, open the application of the application client according to the stored first terminal identification information;

If a login password is required, open the application client application according to the stored first terminal identification information and the entered login password.

17. The method according to any one of claims 14 to 16, wherein the obtaining the first terminal identification information opened by the terminal middleware specifically includes:

Obtain the encrypted first terminal identification information opened by the terminal middleware, wherein the encrypted first terminal identification information is used by the terminal middleware according to the first application name and the first terminal identification information. Generated by Advanced Encryption Standard AES;

The storing of the first terminal identification information specifically includes:

The encrypted first terminal identification information is stored, so that the stored first terminal identification information is specifically encrypted first terminal identification information.

18. The method according to any one of claims 11 to 17, characterized in that the terminal identification information specifically includes:

International Mobile Subscriber Identity IMSI of the SIM card in the terminal device;

and / or

The International Mobile Terminal Identity IMEI of the terminal device;

and / or

The media access control MAC address of the end device.

19. A terminal middleware, characterized in that the terminal middleware includes an acquisition unit, an opening unit put unit;

The obtaining unit is used to obtain terminal identification information of a terminal device, wherein the terminal identification information at least includes first terminal identification information;

The opening unit is configured to open the first terminal identification information to an application client, so that the application client obtains and stores the first terminal identification information, and after receiving the access request message, according to the The first terminal identification information is used for login authentication.

20. The terminal middleware according to claim 19, characterized in that the terminal middleware further includes a receiving unit;

The receiving unit is configured to receive the application client after the obtaining unit obtains the terminal identification information of the terminal device and before the opening unit opens the first terminal identification information to the application client. The first request message sent, the first request message requests to obtain the first terminal identification information.

21. The terminal middleware according to claim 20, characterized in that the terminal middleware further includes a judgment unit and an execution unit;

The first request message carries the first application name of the application client;

The judging unit is configured to judge whether the application is legal based on the first application name after the receiving unit receives the first request message sent by the application client;

The execution unit is also configured to execute the step of opening the first terminal identification information to the application client if the application is legal.

22. The terminal middleware according to claim 20, characterized in that the terminal middleware also includes a judgment unit, a request unit, a storage unit, and an execution unit;

The determination unit is also configured to determine whether the application calls the first terminal identification information for the first time according to the first application name if the application is legal;

The requesting unit is configured to request user authorization to open the first terminal identification information to the application client if the application calls the first terminal identification information for the first time;

The receiving unit is also configured to receive a request returned by the user to open the first application client. 4 official response of terminal identification information;

The storage unit is used to store the corresponding relationship between the first application name and the first terminal identification information;

The execution unit is configured to execute the step of opening the first terminal identification information to an application client.

23. The terminal middleware according to claim 22, wherein the requesting unit requests the user to authorize opening the first terminal identification information to the application client specifically includes: sending an authentication text message, and requesting the user to input the required information. authorize the content of the above authentication SMS; or

24. The terminal middleware according to claim 22 or 23, characterized in that the terminal middleware also includes a checking unit and a sending unit;

The receiving unit is also configured to receive a second request message requesting authentication sent by the application client. The second request message carries the first application name of the application client and the first terminal stored in the application client. identification information;

The checking unit is configured to check whether the corresponding relationship between the first application name and the first terminal identification information stored by the application client is stored;

The sending unit is further configured to, if stored, send an authentication success indication message to the application client, so that the application client opens the application client according to the first terminal identification information stored in the application client. application.

25. The terminal middleware according to claim 24, characterized in that,

The sending unit is further configured to send the pre-stored indication information of whether a login password is required when logging in to the application to the application client before sending the authentication success indication message to the application client if stored;

If stored, the sending unit sends an authentication success indication message to the application client, so that the application client opens the application of the application client according to the first terminal identification information stored in the application client. The specific steps include:

If stored, send an authentication success indication message to the application client, so that the application client determines whether to log in based on the first terminal identification information stored in the application client and whether login is required. Password instructions open the application client application.

26. The terminal middleware according to any one of claims 22 to 25, characterized in that the terminal middleware further includes a generation unit;

The generating unit is configured to, after the receiving unit receives the authorization response returned by the user for opening the first terminal identification information to the application client, based on the first application name and the first terminal identification information, Using Advanced Encryption Standard AES, generate encrypted first terminal identification information corresponding to the first application name;

The storage unit storing the corresponding relationship between the first application name and the first terminal identification information specifically includes:

Saving the corresponding relationship between the encrypted first terminal identification information and the first application name; The opening unit opening the first terminal identification information to the application client specifically includes:

Open the encrypted first terminal identification information to the application client, so that the application client obtains and stores the encrypted first terminal identification information, so that the first terminal stored by the application client The identification information is specifically encrypted first terminal identification information.

27. The terminal middleware according to any one of claims 21 to 26, characterized in that the determination unit determines whether the application is legal based on the first application name specifically includes:

Read local database information;

Store the first application name;

28. The terminal middleware according to any one of claims 19 to 27, characterized in that the terminal identification information specifically includes: The International Mobile Subscriber Identity IMSI of the SIM card of the subscriber identification module in the terminal device;

and / or

The International Mobile Terminal Identity IMEI of the terminal device;

and / or

The media access control MAC address of the end device.

29. An application client, characterized in that the application client includes a receiving unit and a login authentication unit;

The receiving unit is configured to receive an access request message requesting to open an application of the application client;

The login authentication unit is configured to perform login authentication according to the stored first terminal identification information to open the application of the application client.

30. The application client according to claim 29, characterized in that the application client also includes a judgment unit, a sending unit, an acquisition unit, and a first storage unit;

The judging unit is configured to judge whether to store the first terminal identification information of the terminal device after the receiving unit receives the access request message;

The sending unit is configured to send a first request message to the terminal middleware if the first terminal identification information of the terminal device is not stored, and the first request message requests acquisition of the first terminal identification information;

The obtaining unit is used to obtain the first terminal identification information opened by the terminal middleware; the first storage unit is used to store the first terminal identification information.

31. The application client according to claim 30, wherein the first request message carries the first application name of the application client, so that the terminal middleware determines based on the first application name. Whether the application is legal, and when the application is legal, the first terminal identification information is opened to the application client.

32. The application client according to claim 30, wherein the first request message carries the first application name of the application client, so that the terminal middleware determines based on the first application name. Whether the application is legal, and when the application is legal, it is determined according to the first application name whether the application calls the first terminal identification information for the first time, and when it is determined that the application calls the first terminal identification information for the first time Finally, request user authorization to open the first The terminal identification information is: after receiving the authorization response returned by the user for opening the first terminal identification information to the application client, opening the first terminal identification information to the application client.

33. The application client according to any one of claims 29 to 32, wherein the login authentication unit performs login authentication according to the stored first terminal identification information to open the application of the application client, which specifically includes:

Send a second request message requesting authentication to the terminal middleware, where the second request message carries the first application name of the application client and the stored first terminal identification information, so that the terminal middleware can The first application name and the stored first terminal identification information are used for authentication; if an authentication success indication message sent by the terminal middleware is received, the application of the application client is opened.

34. The application client according to claim 33, characterized in that, the application client further includes a second storage unit;

The receiving unit is also used to receive indication information sent by the terminal middleware indicating whether a login password is required when logging in to the application;

The second storage unit is used to store the indication information of whether a login password is required; if the authentication success indication message sent by the terminal middleware is received, opening the application client application specifically includes:

35. The application client according to any one of claims 32 to 34, characterized in that, the obtaining unit obtaining the first terminal identification information opened by the terminal middleware specifically includes: obtaining the encrypted information opened by the terminal middleware. First terminal identification information, wherein the encrypted first terminal identification information is generated by the terminal middleware using the Advanced Encryption Standard AES based on the first application name and the first terminal identification information;

The first storage unit storing the first terminal identification information specifically includes: The encrypted first terminal identification information is stored, so that the stored first terminal identification information is specifically encrypted first terminal identification information.

36. The application client according to any one of claims 29 to 35, characterized in that the terminal identification information specifically includes:

and / or

The International Mobile Terminal Identity IMEI of the terminal device;

and / or

The media access control MAC address of the end device.

37. An identity recognition system, characterized in that the identity recognition system includes terminal middleware and application client;

The terminal middleware is used to obtain terminal identification information of a terminal device, wherein the terminal identification information at least includes first terminal identification information;

The terminal middleware is also configured to open the first terminal identification information to an application client, so that the application client obtains and stores the first terminal identification information;

The application client is used to receive an access request message, and the access request message requests to open the application of the application client;

The application client is also configured to perform login authentication according to the stored first terminal identification information to open the application of the application client.