WO2014206199A1 - 账号登陆的方法、设备及系统 - Google Patents
账号登陆的方法、设备及系统 Download PDFInfo
- Publication number
- WO2014206199A1 WO2014206199A1 PCT/CN2014/079702 CN2014079702W WO2014206199A1 WO 2014206199 A1 WO2014206199 A1 WO 2014206199A1 CN 2014079702 W CN2014079702 W CN 2014079702W WO 2014206199 A1 WO2014206199 A1 WO 2014206199A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- terminal device
- account
- authentication information
- access
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 105
- 238000012423 maintenance Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 14
- 230000000717 retained effect Effects 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims 2
- 238000012790 confirmation Methods 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000014759 maintenance of location Effects 0.000 description 3
- 235000014510 cooky Nutrition 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- API Application Protocol Interface
- QQ an instant messaging tool
- SNS Social Networking Service
- small and medium-sized websites generally maintain the user's login status by default after the user logs in once, so that the user can use the same small and medium-sized website every time.
- you are in a hurry you can stay logged in without having to log in multiple times.
- Embodiments of the present invention provide a method, device, and system for account login, which can improve the security of account landing.
- an embodiment of the present invention provides a method for logging in an account, including:
- the authentication information is obtained by the integrated data service platform according to the account login request.
- the method further includes:
- the stored authentication information corresponding to the first access identifier is found, the stored authentication information is sent to the integrated data service platform, so that the integrated data service platform determines whether the authentication information is legal;
- the service access information is configured for the user.
- the method further includes:
- the method further includes: Obtaining user information of the user, where the user information has a one-to-one correspondence with the user;
- the method further includes:
- the method further includes:
- the account logout request carries a second access identifier of the second terminal device allocated to the user, where the second access identifier is The access target i allocated to the second terminal device when the user uses the second terminal device to log in for the first time;
- the access identifier corresponding to the user information includes the second access identifier, and an access identifier assigned to the other device when the user uses a device other than the second terminal device to log in for the first time;
- the determined authentication information is deleted to complete the account logout operation of the user on the second terminal device and the other device.
- the method further includes:
- the account logout request carries a second access identifier of the second terminal device allocated to the user, where the second access identifier is The access target i allocated to the second terminal device when the user uses the second terminal device to log in for the first time;
- the determined authentication information is deleted to complete the account logout operation of the user on the second terminal device and the other device.
- the method further includes:
- an account login configuration is performed for the user.
- an embodiment of the present invention provides a method for logging in an account, where the method includes: sending a user account login request to a third-party server, where the account login request is used to indicate Using the account authentication process of the integrated data service platform, the account login request carries a reserved login status identifier;
- the integrated data service platform Receiving the authentication information sent by the integrated data service platform, where the authentication information is that the integrated data service platform acquires the account login identifier of the user according to the account login request forwarded by the third-party server, and according to the account Log in the authentication information assigned by the logo;
- the access identifier sent by the third-party server is received and stored to implement an account login operation of the user, where the access identifier is used to carry when the service access request is sent.
- an embodiment of the present invention provides a method for logging in an account, including:
- a receiving unit configured to receive an account login request sent by the first terminal device operated by the user, and send the account login request to the integrated data service platform, where the account login request is used to indicate the account authentication using the integrated data service platform Process
- a detecting unit configured to detect whether the account login request received by the receiving unit carries a reserved login status identifier
- An obtaining unit configured to acquire and store the authentication information of the first terminal device when the detecting unit detects that the account login request carries the reserved login status identifier, where the authentication information is the integrated data service platform Obtaining, according to the account login request, an account login identifier of the user, and acquiring, according to the account login identifier, authentication information allocated by the first terminal device;
- An allocating unit configured to allocate a first access identifier to the first terminal device
- a sending unit configured to send the first access identifier allocated by the allocating unit to the first terminal device, so that the first terminal device is carried when sending a service access request;
- An information maintenance unit configured to establish and store, between the first access identifier allocated by the allocation unit for the first terminal device, and the authentication information allocated by the integrated data service platform to the first terminal device Corresponding relationship, in order to implement the login status of the user on the first terminal device, and complete the account login operation of the user in the first terminal device.
- the device further includes a searching unit, where the receiving unit is further configured to receive a service access request sent by the first terminal device that is operated by a user, where the service is The access request carries the first access identifier allocated to the first terminal device;
- the searching unit is configured to search, according to the first access identifier received by the receiving unit, the stored authentication information corresponding to the first access identifier;
- the sending unit is further configured to: when the searching unit finds the stored authentication information corresponding to the first access identifier, send the stored authentication information to the integrated data service platform, so that the comprehensive The data service platform determines whether the authentication information is legal;
- the information maintenance unit is further configured to configure service access information for the user when receiving the message that the integrated data service platform determines that the authentication information is legal.
- the device further includes a first determining unit
- the receiving unit is further configured to receive an account logout request sent by the first terminal device operated by the user, where the account logout request carries the first access identifier allocated to the first terminal device;
- the first determining unit is configured to determine, according to the first access identifier received by the receiving unit, the stored authentication information corresponding to the access identifier;
- the information maintenance unit is further configured to delete the authentication information that is determined by the first determining unit, to complete an account logout operation of the user on the first terminal device.
- the acquiring unit is further configured to acquire user information of the user, where the user information has a one-to-one correspondence with the user;
- the maintenance unit is further configured to establish and store a correspondence between the first access identifier allocated to the first terminal device and the user information.
- the acquiring unit is further configured to acquire user information of the user, where the user information has a one-to-one correspondence with the user;
- a maintenance unit configured to establish and store a first access identifier allocated to the first terminal device, authentication information corresponding to the first access identifier, and a correspondence relationship between the user information acquired by the acquiring unit.
- the device further includes a second determining unit
- the receiving unit is further configured to receive an account logout request sent by the second terminal device operated by the user, where the account logout request carries a second access identifier of the second terminal device allocated to the user, where The second access identifier is an access identifier allocated to the second terminal device when the user uses the second terminal device to log in for the first time;
- the second determining unit is configured to determine, according to the second access identifier and the corresponding relationship between the stored access identifier and the user information, the user information corresponding to the second access identifier, and determine the user information Corresponding access identifier, where the access identifier corresponding to the user information includes the second access identifier, and when the user uses the other device except the second terminal device to log in for the first time An access identifier assigned by the other device; according to the determined information about the user Determining, by the corresponding access identifier, the correspondence between the stored access identifier and the authentication information, and determining the authentication information corresponding to the access identifier;
- the information maintenance unit is further configured to delete the authentication information determined by the second determining unit, to complete an account logout operation of the user on the second terminal device and the other device.
- the device further includes a third determining unit
- the receiving unit is configured to receive an account logout request sent by a second terminal device operated by a user, where the account logout request carries a second access identifier of the second terminal device allocated to the user,
- the second access identifier is an access identifier allocated to the second terminal device when the user uses the second terminal device to log in for the first time;
- the third determining unit is configured to determine, according to the second access identifier received by the receiving unit, and the corresponding relationship between the stored access identifier, the authentication information, and the user information, the user information corresponding to the second access identifier is determined. Corresponding authentication information;
- the information maintenance unit is configured to delete the authentication information determined by the third determining unit, to complete an account logout operation of the user on the second terminal device and the other device.
- the sending unit is further configured to: when the searching unit does not find the stored authentication information corresponding to the access identifier And forwarding the re-login request to the integrated data service platform, so that the integrated data service platform acquires the account login identifier of the user according to the account login request, and according to the account login identifier, The first terminal device allocates authentication information;
- the information maintenance unit is further configured to perform account login configuration for the user.
- an embodiment of the present invention provides a device for logging in an account, where the device includes: a sending unit, configured to send a user account login request to the third-party server, where the account login request is used to indicate an account authentication process using the integrated data service platform, where the account login request carries a reserved login status identifier;
- a receiving unit configured to receive the authentication information sent by the integrated data service platform, where the authentication information is that the integrated data service platform acquires an account login identifier of the user according to the account login request forwarded by the third-party server, And sending, according to the account login identifier, authentication information; the sending unit is further configured to send the authentication information received by the receiving unit to the third-party server, so that the third-party server logs in according to the account
- the retained login status identifier acquires and stores the authentication information
- the receiving unit is further configured to receive an access identifier sent by the third-party server, and a storage unit, configured to store an access identifier sent by the third-party server received by the receiving unit, to implement an account login operation of the user,
- the access identifier is used to carry when sending a service access request.
- an embodiment of the present invention provides a system for logging in an account, where the system includes a user equipment, a third-party server, and an integrated data service platform server, where
- the user equipment is configured to send a user account login request to the third-party server, where the account login request indicates an account authentication process using the integrated data service platform;
- the third-party server is configured to receive an account login request sent by the user equipment, and send the account login request to the integrated data service platform, where the account login request is used to indicate an account authentication process using the integrated data service platform; Detecting whether the account login request carries the reserved login status identifier; and when detecting that the account login request carries the reserved login status identifier, acquiring and storing the authentication information of the user equipment, where the authentication information is Integrated data service platform
- the account login request acquires the account login identifier of the user, and the authentication information that is assigned to the user equipment according to the account login identifier; assigns a first access identifier to the user equipment, and sends the first access identifier to the user equipment.
- a first access identifier so that the user equipment is carried when sending a service access request; establishing and storing the first access identifier allocated to the user equipment and a location allocated by the integrated data service platform to the user equipment Determining a correspondence between the authentication information to complete the login status of the user on the user equipment, and completing an account login operation of the user equipment;
- the integrated data service platform server is configured to receive the account login request forwarded by the third-party server, acquire an account login identifier of the user according to the account login request, and allocate the account according to the account login identifier. Authentication information; transmitting the authentication information to the user equipment.
- the method, device, and system for logging in an account determine that the user decides to reserve the login state by carrying the reserved login status identifier in the account login request of the detecting user, and the account login request is used to indicate the use.
- the account authentication process of the integrated data service platform and when the user determines that the third-party application or the website is required to retain the login status, the integrated data service platform stores the authentication information allocated by the integrated data service platform, so that the user can be subsequently accessed by the third party.
- the application or the website uses the authentication information to automatically perform authentication and login to the integrated data service platform, which can effectively reduce the possibility that the user account identity is fraudulently compared to the prior art that the user login status is directly retained without asking the user. , thereby improving the security of user account login.
- FIG. 1 is a flowchart of a method for logging in an account according to an embodiment of the present invention
- FIG. 2 is a flowchart of another method for logging in an account according to an embodiment of the present invention.
- FIG. 3 is a flowchart of another method for logging in an account according to an embodiment of the present invention.
- FIG. 4 is a schematic flowchart of another method for logging in to an account according to an embodiment of the present invention
- FIG. 5 is a schematic flowchart of another method for logging in to an account according to an embodiment of the present invention
- FIG. 7 is a schematic flowchart of another method for logging in to an account according to an embodiment of the present invention
- FIG. 8 is a schematic flowchart of another method for logging in an account according to an embodiment of the present invention
- FIG. 10 is a schematic structural diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 11 is a schematic diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 10 is a schematic structural diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 11 is a schematic diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 12 is a schematic structural diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 13 is a schematic structural diagram of another device for logging in to an account according to an embodiment of the present invention
- FIG. 15 is another schematic diagram of an account provided by an embodiment of the present invention
- a schematic structural diagram of the apparatus
- FIG. 16 is a schematic diagram of another structure of the login account provided an apparatus embodiment of the invention
- Fig. 17 a schematic structure of a login account system according to an embodiment of the present invention.
- the embodiment of the present invention provides a method for logging in an account, which is mainly applied to an application scenario in which a user logs in to a third-party application or a website by using an integrated data service platform account (for example, a QQ account, a microblog account, an SNS account, etc.)
- an integrated data service platform account for example, a QQ account, a microblog account, an SNS account, etc.
- the three-party application or website is implemented, as shown in Figure 1, including:
- each third-party application or website involved in the embodiment of the present invention generally provides an independent authentication process based on itself and an authentication process using an integrated data service platform for the terminal device operated by the user.
- the account login request sent by the user-operated terminal device described herein refers to an account login request using the authentication process of the integrated data service platform. For example, in the login interface of a website, the user name and password registered on this website are not directly input, but "use" is selected.
- the reserved login status identifier is used to indicate that the user is logged in on the terminal device, so that the user can log in again by using the terminal device without logging in a username and/or password, for example, an account can be implemented.
- the reserved login status identifier is generally triggered when the user selects the option of "remember login status", "next automatic login”, "remember me”, and the reserved login status identifier is carried in the above account login request.
- the third-party application or the website can provide the user with the corresponding "remember login status" and the next automatic login in the login interface using the indication button of the integrated data service platform login.
- Optional function buttons such as “Remember me”, for example, when the user clicks "Login with QQ", click a "Remember me” button.
- the authentication information is that the integrated data service platform acquires the account login identifier of the user according to the account login request, and the authentication information allocated to the user according to the account login identifier.
- the account login identifier may be a username and a password.
- the user confirms the identity in the integrated data service platform by using the user name and password login, and the integrated data service platform assigns the corresponding authentication information to the user and delivers the authentication information to the user.
- the user sends the authentication information to the third-party application or website. , to illustrate the successful certification of its integrated data service platform.
- the third party application or website can store the authentication information of the received user.
- the third-party application or website provided by the embodiment of the present invention selects a session to store the user's authentication information.
- the access identifier may be in accordance with the method for generating the session id in the prior art; if other storage methods are used, the corresponding identification manner may be correspondingly set.
- the third-party application or website assigns different access identifiers for each login of the user.
- the service access request described herein is different from the account login request described above, and is generally used to start a business function on a page, such as a picture browsing, a message reply, and the like.
- the correspondence between the first access identifier allocated to the first terminal device and the authentication information allocated by the integrated data service platform to the first terminal device refers to a correspondence between a session id and a session. Relationship, or the correspondence between other storage methods and corresponding identification methods, to achieve the retention user's login status;
- the method for retaining the login status of the user on the first terminal device and completing the account login operation of the user on the first terminal device is to perform account login configuration for the user. For example, prepare and display some basic information about the user's third-party website or application, log in to the configuration of the home page, and so on.
- the user can store the access identifier in the corresponding cookie; it can also access the identity source locator) parameter; or the access identifier can be stored in the local storage of HTML (Hypertext Markup Language) 5 (Local Storage) Medium, so that it can be used when re-login.
- HTML Hypertext Markup Language
- 5 Local Storage
- the method for logging in to an account is to detect the account of the user.
- the login request carries a reserved login status identifier to determine whether the user decides to reserve the login status, and when the user determines that the third-party application or the website is required to retain the login status, the authentication information stored by the integrated data service platform for the user is stored, so that the user In the subsequent login process, the third-party application or the website can use the user's authentication information to automatically perform authentication and login to the integrated data service platform, which can effectively reduce the user's login status without asking the user in the prior art. The possibility that the user account identity is fraudulently appears, providing the security of the user account login.
- the embodiment of the present invention provides a method flow as shown in FIG. 2, including:
- the user obtains the access identifier when logging in for the first time, so the access identifier can be sent when not the first time to log in.
- step 203 is performed; otherwise, step 205 is performed.
- the integrated data service platform is a comprehensive data service platform for which the user is assigned authentication information when logging in for the first time.
- the configuration service access information described herein includes obtaining account login configuration information and starting The business function that the user requests to start in the business access request.
- the A terminal device allocates authentication information. After obtaining the authentication information, an account login configuration is performed for the user.
- the third-party application or website searches for the authentication information of the user by using the access identifier previously assigned to the user, and if found, it can be determined that the user has requested to record the login status, and therefore, the third-party application or website
- the authentication information can be directly used to authenticate the integrated data service platform, and the third-party application or website can be used instead of the user to perform identity authentication, thereby realizing automatic login and reducing the user's use of the integrated data service platform account to log in to the third-party application. Or the course of the website.
- the user can immediately re-enter the user to log in to the account, thereby ensuring the timeliness of the user login.
- the embodiment of the present invention provides a method flow as shown in FIG. 3, which may be performed after step 105, and includes:
- the user information has a one-to-one correspondence with the user.
- the user information may include information such as a user identity (e.g., username or ID number), user rights, and the like.
- a first access identifier allocated to the first terminal device Establish and store a first access identifier allocated to the first terminal device, authentication information corresponding to the first access identifier, and a correspondence between the user information.
- the user information that uniquely identifies the user is associated with the access identifier, so that the access identifier and the authentication information also have a corresponding relationship.
- These two relationships can be stored in a unified manner, for example, a table is used to store the correspondence between the three; or they can be stored in different tables.
- Unified storage facilitates third-party applications or website management and query, providing system operational efficiency.
- the third-party application or the website can search for the other two items according to any one of the three, and provide a search. effectiveness.
- the embodiment of the present invention provides two implementation manners as shown in FIG. 4 and FIG. 5.
- the method flow shown in Figure 4 includes:
- the correspondence between the access identifier and the authentication information is the content of the authentication information instead of the identifier
- the correspondence between the access identifier determined in step 401 and the authentication information determined in step 402 may be deleted.
- the access identifier and the authentication information may each have their own identifiers, and the corresponding relationship between the two stores only the identifier information, and then only the authentication information determined in step 402 is deleted.
- the content can be, because the subsequent re-login
- the corresponding authentication identifier cannot find the deleted authentication information.
- the corresponding relationship can also be deleted.
- the third-party application or the website can delete the corresponding authentication information by determining the access identifier carried in the account log-out request, so as to delete the login status of the user, and ensure that other unauthorized users use the same.
- the same device logs into the third-party application or website to obtain some confidential information.
- Figure 5 provides another method of account logout based on the method shown in Figure 3. As shown in FIG. 5, after step 302a, the method includes:
- A501 Receive an account logout request sent by a second terminal device operated by a user, where the account logout request carries a second access identifier of the second terminal device allocated to the user, where the second access identifier is An access identifier assigned to the second terminal device when the user first logs in using the second terminal device.
- the access identifier is established for the session between the terminal device and the third-party application or the website, and the access identifier of the terminal device is allocated in multiple sessions between the same terminal device and the same third-party application or website. Differently, in a single session between different terminal devices and the same third-party application or website, the access identifier assigned to each terminal device is also different.
- A502. Determine, according to the second access identifier and the correspondence between the stored access identifier and the user information, the user information corresponding to the second access identifier, and determine an access target corresponding to the user information.
- the access identifier corresponding to the user information includes the second access identifier, and is allocated to the other device when the user uses a device other than the second terminal device to log in for the first time. Access ID. Since the user information of the same user is unique, the user obtains the unique user information of the user according to the second access identifier on the terminal device that the user operates.
- A503. Determine, according to the determined access identifier corresponding to the user information, and the correspondence between the stored access identifier and the authentication information, the authentication information corresponding to the access identifier.
- the user logs in for the first time on the other devices (may be one or more) and on the currently operating device, and they respectively assign different access identifiers to the users. Due to the uniqueness of the user information, according to step 302, the different access identifiers are associated with the same user information. Therefore, all of these access identities can be found by the user information.
- A504. Delete the determined authentication information to complete an account logout operation of the user on the second terminal device and the other device.
- the authentication information corresponding to the access identifiers may be determined according to the correspondence between the access identifiers and the authentication information that are established when the first login is performed, and the authentication information may be the same or may be different for different devices. .
- the user can delete all the authentication information, that is, delete the login status of all the devices that have logged in to the third-party application or service through the local device; the user can also selectively delete some of the authentication information, for example, the user can select to retain The login status of the local device, but delete the login status of other devices.
- the third-party application or the website can find all the authentication information of the user through the one-time account logout request of the user, so that the user can delete the login status on all or some other devices, so that the user can conveniently perform the account. management.
- Figure 6 provides another method of account logout based on the method shown in Figure 3.
- the method includes: B501, receiving an account logout request sent by a second terminal device operated by a user, where the account logout request carries a second access identifier of the second terminal device allocated to the user, where the second access identifier is An access identifier assigned to the second terminal device when the user first logs in using the second terminal device.
- the method flow operation as shown in B501 to B503 is simpler, because the stored correspondence is the first access identifier assigned to the first terminal device.
- Corresponding relationship between the authentication information corresponding to the first access identifier and the user information, which is a three-person correspondence relationship, and the two-level correspondence relationship is used in the method flow as shown in A501 to A504. .
- the embodiment of the present invention will specifically describe the account login method provided by the present invention in combination with the process interaction between the user equipment, the third-party website, and the integrated data service platform.
- the method includes:
- the user selects to use the integrated data service platform to log in to the third-party website, and sends an account login request to the third-party website through the user equipment, and requests to record the login status, that is, the account login request needs to carry the reserved login status identifier.
- the third-party website determines that the user is the first time to log in, and sends the account login request to the integrated data service platform. For example, if the user sends an account login request, it is determined that the user is the first login; if the request sent by the user is the page access url information, that is, the service access request, and the access identifier is included, it is determined that the user is not the first login.
- the integrated data service platform responds to the user's account login request, and requests the user to provide the username and password required for the authentication.
- the user provides a username and password to the integrated data service platform.
- the integrated data service platform authenticates the user name and password provided by the user.
- the integrated data service platform sends the authentication information to the user after confirming that the user identity is legal.
- the user sends the received authentication information to a third-party website.
- the third-party website stores the authentication information sent by the user in the session of the current visit when the user requests to record the login status.
- the third party website sends the generated session id to the user.
- the user stores the session id in a cookie.
- the user initiates an account login request to the third-party website, and the account login request carries the session id stored at the previous login.
- the third-party website searches for the corresponding session according to the session id, and extracts the authentication information therein.
- the third-party website directly authenticates the integrated data service platform according to the extracted authentication information.
- the integrated data service platform After confirming that the user identity is legal, the integrated data service platform sends an authentication pass message to the third-party website.
- the third-party website sets the login for the user. It can be seen that the method for logging in to an account provided by the embodiment of the present invention determines whether the user decides to keep the login state by carrying the retained login status identifier in the account login request of the detecting user, and determines that the third party application or website reservation is required by the user.
- the integrated data service platform is configured to allocate authentication information to the user, so that the third-party application or the website can use the user's authentication information to automatically authenticate to the integrated data service platform during the subsequent login process of the user.
- the user login status is not directly asked without asking the user, the possibility that the user account identity is fraudulently generated can be effectively reduced, and the security of the user account login is provided.
- the account login method provided by the embodiment of the present invention is as shown in FIG. 8, and includes:
- the account login request is used to indicate an account authentication process using an integrated data service platform, where the account login request carries a reserved login status identifier;
- the account login method provided by the embodiment of the present invention allows the user to select whether to retain the login status by using the user equipment to log in to the third-party application or service during the authentication process using the integrated data service platform, thereby effectively reducing the user account identity.
- the embodiment of the present invention further provides a device for logging in to an account, which is used to implement a process of processing a third-party application or a website as shown in any one of FIG. 1 to FIG. Website server.
- the device that the account is logged into includes:
- the receiving unit 81 is configured to receive an account login request sent by the first terminal device operated by the user, and send the account login request to the integrated data service platform, where the account login request is used to indicate an account using the integrated data service platform. Certification process.
- the detecting unit 82 is configured to detect whether the account login request received by the receiving unit 81 carries a reserved login status identifier.
- the obtaining unit 83 is configured to acquire and store the authentication information of the first terminal device when the detecting unit 82 detects that the account login request carries the reserved login status identifier, where the authentication information is the comprehensive data.
- the service platform acquires the account login identifier of the user according to the account login request, and obtains the authentication information allocated by the first terminal device according to the account login identifier.
- the allocating unit 84 is configured to allocate a first access identifier to the first terminal device.
- the sending unit 85 is configured to send the first access identifier allocated by the allocating unit 84 to the first terminal device, so that the first terminal device is carried when sending a service access request.
- the information maintenance unit 86 is configured to establish and store the first access identifier allocated by the allocating unit 84 for the first terminal device and the authentication information that is allocated to the first terminal device by the integrated data service platform. Corresponding relationship between the users to complete the login status of the user on the first terminal device, and completing the account login operation of the user at the first terminal device.
- the device may further include a searching unit.
- the receiving unit 81 is further configured to receive a service access request sent by the first terminal device that is operated by a user, where the service access request carries the first access identifier that is allocated to the first terminal device.
- the searching unit 87 is configured to search, according to the first access identifier received by the receiving unit 81, the stored authentication information corresponding to the first access identifier;
- the sending unit 84 is configured to: when the searching unit 87 finds the stored authentication information corresponding to the first access identifier, send the stored authentication information to the integrated data service platform, so that the The integrated data service platform determines whether the authentication information is legal;
- the information maintenance unit 86 is further configured to configure service access information for the user when receiving the message that the integrated data service platform determines that the authentication information is legal.
- the device may further include a first determining unit 88.
- the receiving unit 81 is further configured to receive an account logout request sent by the first terminal device operated by a user, where the account logout request carries the first access identifier allocated to the first terminal device.
- the first determining unit 88 is configured to determine, according to the first access identifier received by the receiving unit 81, the stored authentication information corresponding to the access identifier.
- the information maintenance unit 86 is further configured to delete the authentication information determined by the first determining unit 88 to complete an account logout operation of the user on the first terminal device.
- the acquiring unit 83 is further configured to acquire user information of the user, where the user information has a one-to-one correspondence with the user.
- the information maintenance unit 76 is further configured to establish and store a correspondence between the first access identifier and the user information that are allocated by the first terminal device.
- the device may further include a second determining unit 89.
- the receiving unit 81 is further configured to receive an account logout request sent by the second terminal device operated by the user, where the account logout request carries a second access identifier of the second terminal device allocated to the user,
- the second access identifier is an access identifier assigned to the second terminal device when the user uses the second terminal device to log in for the first time.
- the second determining unit 89 is configured to determine, according to the second access identifier and the stored correspondence between the access identifier and the user information, the user information corresponding to the second access identifier, and determine the user An access identifier corresponding to the information, where the access identifier corresponding to the user information includes the second access identifier, and when the user uses the device other than the second terminal device to log in for the first time
- the access identifier assigned to the other device is determined according to the determined access identifier corresponding to the user information and the correspondence between the stored access identifier and the authentication information, and the authentication information corresponding to the access identifier is determined.
- the information maintenance unit 86 is further configured to delete the authentication information determined by the second determining unit 89 to complete the account logout operation of the user on the second terminal device and the other device.
- the acquiring unit 83 is further configured to acquire user information of the user, where the user information has a one-to-one correspondence with the user.
- the information maintenance unit 86 is configured to establish and store a first access identifier allocated to the first terminal device, authentication information corresponding to the first access identifier, and user information acquired by the acquiring unit 83. Correspondence.
- the apparatus may further include a third determining unit 90.
- the receiving unit 81 is configured to receive an account logout sent by the second terminal device operated by the user. Determining that the account logout request carries a second access identifier of the second terminal device allocated to the user, and the second access identifier is that the user uses the second terminal device to log in for the first time. The access identifier assigned to the second terminal device.
- the third determining unit 90 is configured to determine, according to the second access identifier received by the receiving unit 81, the stored access identifier, the correspondence between the authentication information and the user information, and determine the user corresponding to the second access identifier.
- the authentication information corresponding to the information.
- the information maintenance unit 86 is configured to delete the authentication information determined by the third determining unit 90 to complete an account logout operation of the user on the second terminal device and the other device.
- the sending unit 84 is further configured to: when the searching unit 88 does not find the stored authentication information corresponding to the access identifier, The integrated data service platform forwards the re-login request, so that the integrated data service platform acquires the account login identifier of the user according to the account login request, and allocates the first terminal device according to the account login identifier. Certification Information.
- the information maintenance unit 86 is further configured to perform account login configuration for the user.
- the device for logging in to the account determines whether the user decides to keep the login state by carrying the reserved login status identifier in the account login request of the detecting user, and determines that the third party application or website reservation is required by the user.
- the integrated data service platform is configured to allocate authentication information to the user, so that the third-party application or the website can use the user's authentication information to automatically authenticate to the integrated data service platform during the subsequent login process of the user.
- the user login status is not directly asked without asking the user, the possibility that the user account identity is fraudulently generated can be effectively reduced, and the security of the user account login is provided.
- the embodiment of the present invention further provides a device for logging in an account, as shown in FIG. 14, including a processor. 91.
- the memory 92 stores the program code, and the processor 91 can call the program code stored in the memory 92 to implement the method flow as shown in any of the foregoing method embodiments.
- the processor 91, the memory 92, and the communication interface 93 can communicate via a bus.
- the processor 91 calls the program code stored in the memory 92 to receive an account login request sent by the first terminal device operated by the user through the communication interface 93, and through the communication interface 93 to the integrated data service platform.
- Sending the account login request the account login request is used to indicate an account authentication process using the integrated data service platform; detecting whether the account login request carries a reserved login status identifier; and when the account login request is detected Acquiring and storing the authentication information of the first terminal device when the resident login status identifier is carried, the authentication information is that the integrated data service platform acquires the account login identifier of the user according to the account login request, and according to
- the account login identifier is the authentication information that is allocated by the first terminal device; the first terminal device is assigned a first access identifier, and the first access identifier is sent to the first terminal device, so as to facilitate the
- the first terminal device carries when sending a service access request; establishing and coexisting Corresponding relationship between the first access identifier assigned to the first terminal device
- the communication interface 93 is for transmitting or receiving data under the instruction of the processor 91.
- the data exchange between the processor 92 and other devices other than the device, such as the integrated data service platform or the user equipment, in the following embodiments are all through the communication interface 93, and will not be described again.
- the memory 92 may be further configured to store authentication information of the user, and an access identifier allocated to the user and authentication information allocated to the user by the integrated data service platform.
- the data information generated in the process flow such as the correspondence relationship.
- the processor 91 is further configured to: receive, by using the communication interface 93, a service access request sent by the first terminal device that is operated by a user, where the service access request carries the first terminal device
- the first access identifier is configured to: search for the stored authentication information corresponding to the first access identifier according to the first access identifier; and when the stored authentication information corresponding to the first access identifier is found, Sending the stored authentication information to the integrated data service platform, so that the integrated data service platform determines whether the authentication information is legal; when receiving the comprehensive data service platform to determine that the authentication information is legitimate, Configure service access information for the user.
- the processor 91 is further configured to receive, by using the communication interface 93, an account logout request sent by the first terminal device operated by a user, where the account logout request is carried as the Determining the first access identifier that is allocated by the terminal device; determining, according to the first access identifier, the stored authentication information corresponding to the access identifier; deleting the determined authentication information, to complete the The account logout operation on the first terminal device.
- the processor 91 is further configured to acquire user information of the user, where the user information has a one-to-one correspondence with the user, and is established and stored as the first terminal device. Correspondence between the assigned first access identifier and the user information. Data such as the correspondence and user information can be stored in the memory 93.
- the user login status of the multiple devices is deleted on a user equipment
- the processor 91 is further configured to: receive an account logout request sent by the second terminal device operated by the user, where the account is The request carries a second access identifier of the second terminal device allocated to the user, where the second access identifier is the second when the user uses the second terminal device to log in for the first time.
- An access identifier assigned by the terminal device Corresponding to the user information, determining the user information corresponding to the second access identifier, and determining an access identifier corresponding to the user information, where the access identifier corresponding to the user information includes the a second access identifier, and an access identifier assigned to the other device when the user uses the device other than the second terminal device to log in for the first time; according to the determined access identifier corresponding to the user information Corresponding relationship between the stored access identifier and the authentication information, determining the authentication information corresponding to the access identifier, and deleting the determined authentication information, to complete the user on the second terminal device and the other device Account logout operation.
- the processor 91 is further configured to: acquire user information of the user, where the user information has a one-to-one correspondence with the user; establish and store the first terminal as the first terminal. Corresponding relationship between the first access identifier assigned by the device, the authentication information corresponding to the first access identifier, and the user information.
- the processor 91 is further configured to receive, by using the communication interface 93, an account logout request sent by a second terminal device operated by a user, where the account logout request carries the a second access identifier of the second terminal device, where the second access identifier is an access identifier allocated to the second terminal device when the user uses the second terminal device to log in for the first time; according to the second Determining, by the access identifier, the correspondence between the stored access identifier, the authentication information, and the user information, determining the authentication information corresponding to the user information corresponding to the second access identifier; deleting the determined authentication information, to complete the user The second terminal device and the account logout operation on the other device.
- the processor 91 is further configured to: when the stored authentication information corresponding to the first access identifier is not found, forward the re-login request to the integrated data service platform, so as to facilitate the The integrated data service platform acquires the account login identifier of the user according to the account login request, And assigning the authentication information to the first terminal device according to the account login identifier; and after obtaining the authentication information, performing account login configuration for the user.
- the device for logging in to the account determines whether the user decides to keep the login state by detecting that the user's account login request carries the reserved login status identifier, and when the user determines that the third-party application or the website needs to remain in the login state. And storing the authentication information allocated by the integrated data service platform for the user, so that the third-party application or the website can use the user's authentication information to automatically authenticate and log in to the integrated data service platform during the subsequent login process of the user, compared to the existing In the technology, without directly asking the user to retain the user login status, the possibility that the user account identity is fraudulently generated can be effectively reduced, and the security of the user account login is provided.
- the embodiment of the present invention further provides a device for logging in to an account, and the device can be applied to the user device.
- the user device can be a mobile phone, a desktop computer, a notebook, a personal digital assistant, etc. As shown in FIG. 15, the device includes:
- the sending unit 1001 is configured to send a user account login request to the third-party server, where the account login request is used to indicate an account authentication process using the integrated data service platform, where the account login request carries a reserved login status identifier.
- the receiving unit 1002 is configured to receive the authentication information sent by the integrated data service platform, where the authentication information is that the integrated data service platform acquires the account login identifier of the user according to the account login request forwarded by the third-party server. And according to the account login identity information assigned by the account login.
- the sending unit 1001 is further configured to send the authentication information received by the receiving unit 1002 to the third-party server, so that the third-party server obtains and stores the saved login status identifier according to the account login request. Describe the authentication information.
- the receiving unit 1002 is further configured to receive an access identifier sent by the third-party server.
- the storage unit 1003 is configured to store an access identifier sent by the third-party server that is received by the receiving unit, to implement an account login operation of the user, where the access identifier is used to be carried when the service access request is sent.
- Another embodiment of the present invention provides an account login device applicable to a user equipment. As shown in Figure 16, the device includes:
- a processor 1101, a memory 1102, and a communication interface 1103 are included.
- the memory 1102 stores program code, and the processor 1101 can call the program code stored in the memory 1102 to implement the method flow as shown in any of the foregoing method embodiments.
- the processor 1101, the memory 1102, and the communication interface 1103 can communicate over a bus.
- the processor 1101 executes the following instructions by calling the application in the memory 1102: a sending unit, configured to send a user account login request to the third-party server, where the account login request is used to indicate the account authentication using the integrated data service platform.
- the account login request carries a reserved login status identifier;
- the receiving unit is configured to receive the authentication information sent by the integrated data service platform, where the authentication information is forwarded by the third-party server according to the integrated data service platform.
- the sending unit is further configured to send the authentication information to the third-party server, so as to facilitate the
- the third-party server acquires and stores the authentication information according to the reserved login status identifier in the account login request.
- the receiving unit is further configured to receive the access identifier sent by the third-party server.
- the storage 1102 is configured to store an access identifier sent by the third-party server, to implement an account login operation of the user, where the access identifier is used to carry when sending a service access request.
- the account login device provided by the embodiment of the present invention allows the user to select whether to retain the login status by using the user equipment to log in to the third-party application or service during the authentication process using the integrated data service platform, thereby effectively reducing the user account identity. The possibility of using it appears, providing the security of the user account login.
- the embodiment of the present invention further provides a system for logging in an account.
- the third embodiment includes a third party server 1001, a user equipment 1002, and an integrated data service platform server 1003.
- the user equipment 1002 is configured to send an account login request of the user to the third-party server 1001, where the account login request indicates an account authentication process using the integrated data service platform.
- the third-party server 1001 is configured to receive an account login request sent by the user equipment 1002, and send the account login request to the integrated data service platform, where the account login request is used to indicate the account authentication using the integrated data service platform. And detecting, by the account login request, a retention login status identifier; and when detecting that the account login request carries the reserved login status identifier, acquiring and storing the authentication information of the user equipment 1002, the authentication information Obtaining, for the integrated data service platform, the account login identifier of the user according to the account login request, and assigning the authentication information to the user equipment 1002 according to the account login identifier; assigning the user equipment 1002 a first Accessing the identifier, sending the first access identifier to the user equipment 1002, so that the user equipment 1002 is carried when sending a service access request; establishing and storing the first access identifier allocated to the user equipment 1002
- the integrated data service platform is assigned to the user The correspondence between the authentication apparatus information 1002, and retains the user to enable the user device 100
- the integrated data service platform server 1003 is configured to receive the account login request forwarded by the third-party server 1001, and obtain an account login target of the user according to the account login request. Identifying the user with the authentication information according to the account login identifier; and transmitting the authentication information to the user device 1002.
- the device and system for logging in to an account determine whether the user decides to keep the login state by carrying a reserved login status identifier in the login request of the user account, and determining that the user needs to
- the integrated data service platform stores the authentication information allocated by the integrated data service platform, so that the third-party application or the website can use the user's authentication information to automatically perform the comprehensive data service platform.
- the authentication login can effectively reduce the possibility that the user account identity is fraudulently compared to the prior art without directly asking the user to log in, and provide the security of the user account login.
- the device embodiments described above are merely illustrative, and the components may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the embodiments of the present invention. Further, in the drawings of the apparatus embodiments provided by the present invention, the connection relationship between the modules indicates that there is a communication connection therebetween, and specifically, one or more communication buses or signal lines can be realized. Those of ordinary skill in the art can understand and implement without any creative effort.
- the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
- a readable storage medium such as a floppy disk of a computer.
- U disk mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), disk or optical disk, etc., including a number of instructions to make a computer device (may be a personal computer, server, or network device, etc.) performs the methods described in various embodiments of the present invention.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016522211A JP6280641B2 (ja) | 2013-06-25 | 2014-06-12 | アカウントログイン方法、デバイス及びシステム |
EP14817243.0A EP3001600B1 (en) | 2013-06-25 | 2014-06-12 | Account login method, equipment and system |
US14/978,994 US10021098B2 (en) | 2013-06-25 | 2015-12-22 | Account login method, device, and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310256031.9 | 2013-06-25 | ||
CN201310256031.9A CN104253686B (zh) | 2013-06-25 | 2013-06-25 | 账号登录的方法、设备及系统 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/978,994 Continuation US10021098B2 (en) | 2013-06-25 | 2015-12-22 | Account login method, device, and system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014206199A1 true WO2014206199A1 (zh) | 2014-12-31 |
Family
ID=52141021
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/079702 WO2014206199A1 (zh) | 2013-06-25 | 2014-06-12 | 账号登陆的方法、设备及系统 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10021098B2 (zh) |
EP (1) | EP3001600B1 (zh) |
JP (1) | JP6280641B2 (zh) |
CN (1) | CN104253686B (zh) |
WO (1) | WO2014206199A1 (zh) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209744B (zh) * | 2015-05-07 | 2019-08-06 | 阿里巴巴集团控股有限公司 | 用户登录会话管控方法、装置及服务器 |
CN106878252B (zh) * | 2016-08-25 | 2020-04-24 | 阿里巴巴集团控股有限公司 | 建立免密登录关系的方法、清除账号的方法及其装置 |
CN107528830B (zh) * | 2017-08-03 | 2020-04-10 | 携程旅游信息技术(上海)有限公司 | 账号登陆方法、系统及存储介质 |
CN107682397B (zh) * | 2017-08-28 | 2019-02-26 | 平安科技(深圳)有限公司 | 客户资源获取方法、装置、终端设备及存储介质 |
CN109587183B (zh) * | 2017-09-28 | 2021-06-29 | 北京国双科技有限公司 | 请求处理方法及装置 |
CN109104400A (zh) * | 2018-03-09 | 2018-12-28 | 深圳市智子云守护科技有限公司 | 一种高效率物联网自动注册账号和自动登录方式 |
KR102216285B1 (ko) * | 2018-03-30 | 2021-02-18 | 주식회사 코인플러그 | 블록체인 기반의 통합 로그인 방법, 단말 및 이를 이용한 서버 |
KR102216305B1 (ko) * | 2018-03-30 | 2021-02-18 | 주식회사 코인플러그 | 블록체인 기반의 통합 로그인 방법, 단말 및 이를 이용한 서버 |
CN110855598A (zh) * | 2018-08-20 | 2020-02-28 | 北京场景互娱传媒科技有限公司 | 终端应用的管理方法、终端设备、云端服务器及存储介质 |
CN111327573B (zh) * | 2018-12-14 | 2022-12-02 | 英业达科技有限公司 | 维护登入状态记录以转送数据的装置及方法 |
CN109361714B (zh) * | 2018-12-18 | 2021-11-16 | 中国移动通信集团江苏有限公司 | 用户登录鉴权方法、装置、设备及计算机存储介质 |
US10389708B1 (en) * | 2019-01-03 | 2019-08-20 | Capital One Services, Llc | Secure authentication of a user associated with communication with a service representative |
CN111817999A (zh) * | 2019-04-11 | 2020-10-23 | 天津五八到家科技有限公司 | 用户登录的方法及装置 |
US11206249B2 (en) * | 2019-07-26 | 2021-12-21 | International Business Machines Corporation | Enterprise workspaces |
CN110392059B (zh) * | 2019-08-02 | 2022-05-27 | 中国工商银行股份有限公司 | 一种会话管理方法、装置及存储介质 |
CN110704776B (zh) * | 2019-09-12 | 2022-05-10 | 北京百度网讯科技有限公司 | 账号类型的识别方法、装置和电子设备 |
CN114173341A (zh) * | 2021-09-03 | 2022-03-11 | 王恩惠 | 一种一键安全登录的方法、系统及第三方平台 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100071046A1 (en) * | 2008-09-17 | 2010-03-18 | Yahoo! Inc. | Method and System for Enabling Access to a Web Service Provider Through Login Based Badges Embedded in a Third Party Site |
CN102638473A (zh) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | 一种用户数据授权方法、装置及系统 |
CN102821085A (zh) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | 第三方授权登录方法、开放平台及系统 |
CN102916933A (zh) * | 2011-08-03 | 2013-02-06 | 腾讯科技(深圳)有限公司 | 通过第三方网站进行注册或登陆的方法和系统 |
CN103036851A (zh) * | 2011-09-30 | 2013-04-10 | 腾讯科技(深圳)有限公司 | 使用共享帐号登录第三方网站的处理方法、系统及服务器 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030110266A1 (en) * | 2001-12-10 | 2003-06-12 | Cysive, Inc. | Apparatus and method of using session state data across sessions |
JP2004062876A (ja) * | 2002-06-05 | 2004-02-26 | Hitachi Ltd | 従業員向けトータルサービス支援システム及びその支援方法 |
US7747856B2 (en) | 2002-07-26 | 2010-06-29 | Computer Associates Think, Inc. | Session ticket authentication scheme |
JP2006031064A (ja) * | 2004-07-12 | 2006-02-02 | Hitachi Ltd | セッション管理システム及び管理方法 |
US7941544B2 (en) | 2005-03-18 | 2011-05-10 | Sap Ag | Session manager for web-based applications |
EP1806902B1 (en) * | 2006-01-10 | 2008-06-25 | Alcatel Lucent | Method and login server for providing a user with a centralised login procedure |
US8719572B2 (en) * | 2008-07-16 | 2014-05-06 | Disney Enterprises, Inc. | System and method for managing authentication cookie encryption keys |
TW201015940A (en) | 2008-10-01 | 2010-04-16 | Avermedia Tech Inc | Network authorization method and application thereof |
US8869256B2 (en) * | 2008-10-21 | 2014-10-21 | Yahoo! Inc. | Network aggregator |
US8256664B1 (en) | 2010-04-09 | 2012-09-04 | Google Inc. | Out-of band authentication of browser sessions |
JP5693051B2 (ja) * | 2010-06-09 | 2015-04-01 | キヤノン株式会社 | 情報処理装置、情報処理装置のユーザ認証方法 |
CN102857484B (zh) * | 2011-07-01 | 2015-11-25 | 阿里巴巴集团控股有限公司 | 一种实现单点登录的方法、系统及装置 |
US8844013B2 (en) * | 2011-10-04 | 2014-09-23 | Salesforce.Com, Inc. | Providing third party authentication in an on-demand service environment |
CN103051647B (zh) * | 2011-10-13 | 2016-03-30 | 阿里巴巴集团控股有限公司 | 一种会话实现的方法、设备及系统 |
US8898751B2 (en) * | 2011-10-24 | 2014-11-25 | Verizon Patent And Licensing Inc. | Systems and methods for authorizing third-party authentication to a service |
WO2013075661A1 (zh) | 2011-11-23 | 2013-05-30 | 腾讯科技(深圳)有限公司 | 登录及开放平台标识方法、开放平台及系统 |
CN103067381B (zh) * | 2012-12-26 | 2015-11-25 | 百度在线网络技术(北京)有限公司 | 使用平台方账号登录第三方服务的方法、系统和装置 |
-
2013
- 2013-06-25 CN CN201310256031.9A patent/CN104253686B/zh active Active
-
2014
- 2014-06-12 WO PCT/CN2014/079702 patent/WO2014206199A1/zh active Application Filing
- 2014-06-12 JP JP2016522211A patent/JP6280641B2/ja active Active
- 2014-06-12 EP EP14817243.0A patent/EP3001600B1/en active Active
-
2015
- 2015-12-22 US US14/978,994 patent/US10021098B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100071046A1 (en) * | 2008-09-17 | 2010-03-18 | Yahoo! Inc. | Method and System for Enabling Access to a Web Service Provider Through Login Based Badges Embedded in a Third Party Site |
CN102916933A (zh) * | 2011-08-03 | 2013-02-06 | 腾讯科技(深圳)有限公司 | 通过第三方网站进行注册或登陆的方法和系统 |
CN103036851A (zh) * | 2011-09-30 | 2013-04-10 | 腾讯科技(深圳)有限公司 | 使用共享帐号登录第三方网站的处理方法、系统及服务器 |
CN102821085A (zh) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | 第三方授权登录方法、开放平台及系统 |
CN102638473A (zh) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | 一种用户数据授权方法、装置及系统 |
Also Published As
Publication number | Publication date |
---|---|
JP6280641B2 (ja) | 2018-02-14 |
US20160112419A1 (en) | 2016-04-21 |
JP2016523416A (ja) | 2016-08-08 |
CN104253686A (zh) | 2014-12-31 |
EP3001600A1 (en) | 2016-03-30 |
CN104253686B (zh) | 2017-12-29 |
EP3001600B1 (en) | 2017-09-06 |
EP3001600A4 (en) | 2016-06-08 |
US10021098B2 (en) | 2018-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014206199A1 (zh) | 账号登陆的方法、设备及系统 | |
US8363658B1 (en) | Dynamic firewall and dynamic host configuration protocol configuration | |
JP6001807B2 (ja) | 認可認証の方法および装置 | |
RU2707717C2 (ru) | Мобильная аутентификация в мобильной виртуальной сети | |
US9059958B2 (en) | User registration method, interaction method and related devices | |
US8646057B2 (en) | Authentication and authorization of user and access to network resources using openid | |
US8195819B1 (en) | Application single sign on leveraging virtual local area network identifier | |
WO2017024842A1 (zh) | 一种上网认证方法及客户端、计算机存储介质 | |
US11601429B2 (en) | Network service control for access to wireless radio networks | |
US20100122327A1 (en) | Secure authentication for accessing remote resources | |
WO2017084290A1 (zh) | 公众账号二维码生成方法和服务器、公众账号关注方法、服务器和终端 | |
WO2015051674A1 (zh) | 基于无密码或任意密码的网络授权的方法、系统和装置 | |
US11811750B2 (en) | Mobile device enabled desktop tethered and tetherless authentication | |
EP2512087B1 (en) | Method and system for accessing network through public device | |
US10951616B2 (en) | Proximity-based device authentication | |
US9729483B2 (en) | Anonymous calling and/or texting via content provider web sites and applications | |
CN112352411B (zh) | 利用不同的云服务网络的相同域的注册 | |
JP2017523508A (ja) | セキュアな統合型クラウドストレージ | |
WO2023069854A1 (en) | Limiting discovery of a protected resource in a zero trust access model | |
RU2701041C1 (ru) | Способ автоматизированной регистрации | |
WO2016154813A1 (zh) | 用户认证方法、装置及系统 | |
CA3235696A1 (en) | Limiting discovery of a protected resource in a zero trust access model | |
JP5728880B2 (ja) | 認証プログラム、認証装置、及び認証方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14817243 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2014817243 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014817243 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2016522211 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |