WO2016169410A1 - 登录方法、服务器和登录系统 - Google Patents

登录方法、服务器和登录系统 Download PDF

Info

Publication number
WO2016169410A1
WO2016169410A1 PCT/CN2016/078565 CN2016078565W WO2016169410A1 WO 2016169410 A1 WO2016169410 A1 WO 2016169410A1 CN 2016078565 W CN2016078565 W CN 2016078565W WO 2016169410 A1 WO2016169410 A1 WO 2016169410A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
information
terminal
unique identifier
verification
Prior art date
Application number
PCT/CN2016/078565
Other languages
English (en)
French (fr)
Inventor
刘梦樵
张善友
刘跃波
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2016169410A1 publication Critical patent/WO2016169410A1/zh
Priority to US15/462,521 priority Critical patent/US10270758B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/08Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
    • G06K19/10Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • the present invention relates to the field of computer technologies, and in particular, to a login method, a server, and a login system.
  • the traditional login method is usually that the terminal directly submits the login request to the server, and the terminal invokes the login interface to log in. There is no authentication for the terminal that submitted the login request, and the security is relatively low.
  • a login method including:
  • the first server receives the login request of the first terminal
  • the second server receives the unique identifier obtained by the second terminal scanning the two-dimensional code and the username of the second terminal that has logged in to the application, and sends the unique identifier and the username to the first server;
  • the first server authenticates the second server, and if the identity verification of the second server passes, the first server binds the stored unique identifier to the username to implement Registering the username on the first terminal;
  • the first server rejects the login request.
  • a first server includes a memory and a processor, the memory storing instructions that, when executed by the processor, cause the processor to perform the following steps:
  • the login request is rejected.
  • a login system that includes:
  • a first server configured to receive a login request of the first terminal, generate a unique identifier according to the login request, and store, generate a corresponding two-dimensional code according to the unique identifier, and return to the first terminal, the two-dimensional code
  • the unique identifier is included in
  • a second server configured to receive the unique identifier obtained by the second terminal scanning the two-dimensional code, and a username of the second terminal that has logged in to the application, and send the unique identifier and the username to the first server;
  • the first server is further configured to perform authentication on the second server, and if the identity verification of the second server passes, the first server binds the stored unique identifier to the username Logging in to the first terminal to implement the username;
  • the first server is further configured to reject the login request if the identity verification of the second server fails.
  • 1 is an application environment diagram of a login method running in an embodiment
  • Figure 2 is an internal structural diagram of the terminal - in Figure 1 in an embodiment
  • Figure 3 is a diagram showing the internal structure of the server of Figure 1 in an embodiment
  • FIG. 4 is a flow chart of a login method in an embodiment
  • FIG. 5 is a schematic diagram of an interface of a two-dimensional code displayed by a first terminal in an embodiment
  • FIG. 6 is a flow chart of the first server performing identity verification on the second server in one embodiment
  • FIG. 7 is a flow chart of the first server performing identity verification on the second server according to the verification information and the pre-stored registration information in an embodiment
  • FIG. 8 is a flow chart of generating registration information and generating verification information in one embodiment
  • FIG. 9 is a flowchart of a first server implementing login of a username on a first terminal in an embodiment
  • FIG. 10 is an architectural diagram of a login system in an embodiment
  • Figure 11 is a flow chart of a login method in one embodiment
  • Figure 13 is a block diagram showing the structure of a login system in an embodiment
  • Figure 14 is a block diagram showing the structure of a first server in an embodiment
  • Figure 15 is a block diagram showing the structure of a verification module in an embodiment
  • 16 is a structural block diagram of a first server in another embodiment
  • FIG. 17 is a structural block diagram of a login module in an embodiment
  • Figure 18 is a block diagram showing the structure of a terminal in an embodiment.
  • FIG. 1 is an application environment diagram of a login method running in an embodiment.
  • the application environment includes a terminal 110, a server 120, and a terminal 130. Both the terminal 110 and the terminal 130 can communicate with the server 120 over a network.
  • the terminal 110 can be a smartphone, a tablet, a notebook, a desktop computer, etc., but is not limited thereto.
  • the terminal 130 may be a mobile device such as a smartphone or a tablet computer having a two-dimensional code scanning function, but is not limited thereto.
  • the server 120 includes a first server 122 and a second server 124.
  • the first server 122 may include a plurality of servers, wherein each server separately completes a related step of the login method.
  • the terminal 110 may send a login request to the first server 122, and the first server 122 generates a unique identifier according to the login request and stores it, generates a two-dimensional code including the unique identifier, and returns to the terminal 110.
  • the terminal 130 scans the two-dimensional code displayed by the terminal 110 to obtain a unique identifier, and sends the unique identifier and the username of the logged-in application to the second server 124, and the second server 124 forwards the unique identifier and the username to the first server 122.
  • a server 122 authenticates the second server 124. If the identity verification of the second server 124 passes, the first server 122 binds the stored unique identifier to the username, and when the terminal 110 queries to bind to the unique identifier. When the user name of the relationship is received, the user name sent by the first server 122 is received and the login of the user name is implemented. If the authentication of the second server 124 does not pass, the login request is rejected and the login cannot be made.
  • the terminal 110 includes a processor, a graphics processing unit, a storage medium, a memory, a network interface, a display screen, and an input device connected through a system bus. .
  • the storage medium of the terminal 110 stores an operating system, and further includes computer executable instructions. When the instructions are executed by the CPU, a login method can be implemented.
  • the processor is used to provide computing and control capabilities to support the operation of the entire terminal 110.
  • the graphics processing unit in the terminal 110 is configured to provide at least a rendering capability of the display interface
  • the memory is an operation providing environment for computer executable instructions in the storage medium
  • the network interface is used for network communication with the server 120, such as sending a login request, a query request.
  • the display screen is used to display a webpage interface, etc., such as displaying a two-dimensional code on a webpage interface
  • the input device is configured to receive a command or data input by the user.
  • the display screen and the input device can be a touch screen.
  • the internal structure of server 120 in FIG. 1 is as shown in FIG. 2, which includes a processor, storage medium, memory, and network interface connected by a system bus.
  • the storage medium of the server 120 stores an operating system, a database, and computer executable instructions.
  • the database stores a unique identifier and a user name. When the command is executed by the CPU, a login method suitable for the server 120 can be implemented.
  • the processor of the server 120 is used to provide computing and control capabilities to support the operation of the entire server 120.
  • the memory of the server 120 provides an environment for the operation of computer executable instructions in the storage medium.
  • the network interface of the server 120 is used to communicate with the external terminal 110 and the terminal 130 via a network connection, such as receiving the request sent by the terminal 110 and the terminal 130, and returning data to the terminal 110 and the terminal 130.
  • a login method is provided to be applied to a server in the application environment, and the following steps are included:
  • Step S210 the first server receives the login request of the first terminal.
  • the first terminal needs to log in before accessing the network resource, and the first terminal receives the input web address, generates a login request, and sends a login request to the first server to obtain a two-dimensional code, where the first server receives the first terminal and sends the first terminal. Login request.
  • Step S220 The first server generates a unique identifier according to the login request and stores, generates a corresponding two-dimensional code according to the unique identifier, and returns to the first terminal, where the two-dimensional code includes a unique identifier.
  • the unique identifier also known as the GUID, is globally unique and is used to identify a login process, so that the username can only be bound to a unique login process, thereby ensuring login security.
  • the generated unique identifier is stored in the Redis cache. Redis is a distributed key-value storage system. After encoding the unique identifier, a two-dimensional code containing the unique identifier is generated, and the two-dimensional code is sent to the first terminal.
  • Step S230 The second server receives the unique identifier obtained by the second terminal scanning the two-dimensional code and the username of the second terminal that has logged in, and sends the unique identifier and the username to the first server.
  • the second server displays the two-dimensional code, and the display interface is as shown in FIG. 5.
  • the second terminal can scan the two-dimensional code through a two-dimensional code scanning tool or an application embedded in the two-dimensional code scanning tool, such as an instant messaging application, an enterprise operating application, a game application, and the like.
  • the second terminal logs in on the application by using the username and password before scanning the two-dimensional code, scans the two-dimensional code in the login state, and obtains the unique identifier included in the two-dimensional code by identifying.
  • the second terminal generates a binding request including the unique identifier and the username of the logged-in application, and sends the binding request to the second server.
  • a system for providing a service by interacting with an application on the second terminal is installed on the second server, the application on the second terminal obtains the service by sending a request to the second server, and the second server can also actively send the service to the second terminal.
  • Application push service After receiving the binding request containing the unique identifier and the username of the logged-in application, the second server forwards the binding request to the first server.
  • step S240 the first server performs identity verification on the second server. If the identity verification of the second server passes, the process proceeds to step S250. If the identity verification of the second server fails, the process proceeds to step S260.
  • the first server verifies the identity of the second server according to the verification information.
  • the first server and the second server may agree in advance on the content of the verification information and the verification manner, such as the manner in which the verification information includes a specific character string.
  • Step S250 The first server binds the stored unique identifier to the user name to implement login of the username on the first terminal.
  • the first server after receiving the binding request including the unique identifier and the username, the first server searches for the same unique identifier stored in the Redis cache according to the unique identifier in the binding request, and the user name in the binding request is Uniquely identifies the binding store. Because the unique identifier is used to identify the login process, the login process is logged in when the unique ID is bound to the username.
  • the first terminal queries the first server to query the uniquely identified username by sending the query request including the unique identifier, and logs in according to the username returned by the first server.
  • the first server actively notifies the first terminal after binding the unique identifier to the username, and sends the username to implement the login of the username on the first terminal.
  • step S260 the first server rejects the login request.
  • the login cannot be performed, and only the login request sent by the authenticated server can implement the login, thereby improving the security of the login.
  • the first server receives the login request of the first terminal, and the first server generates a unique identifier according to the login request and stores the corresponding identifier, generates a corresponding two-dimensional code according to the unique identifier, and returns to the first terminal, where the two-dimensional code includes a unique identifier, the second server receives the unique identifier obtained by scanning the two-dimensional code by the second terminal, and the user name of the second terminal that has logged in to the application, and sends the unique identifier and the user name to the first server, where the first server performs the second server Authentication, only the authentication of the second server is passed, the first server binds the stored unique identifier to the username, so that the username is logged in on the first terminal, and if the authentication of the second server fails, can not log in.
  • the second terminal does not directly interact with the first server, but performs information interaction through the second server, and authenticates the second server. Only the login request sent by the second server through the authentication can Implement login to improve login security. And through the second server for information interaction, the server has more computing power than the terminal can perform complex algorithms such as encryption and decryption more quickly, and is more convenient for fault processing, such as logging the log to the server to read the log information to deal with the fault. , as well as testing and debugging on the server, you can also optimize the performance of the server, such as removing bottlenecks through queues or distributed technologies.
  • step S240 includes:
  • Step S241 the first server receives the verification information sent by the second server.
  • the verification information is used to verify the identity of the second server, and the verification information may include calling source information, where the calling source information is the caller information of the login interface, such as the IP address of the second server, etc., it is understandable that The IP address can contain more than one.
  • the verification information further includes registration information, and the registration information is registration information acquired and saved by the second server before sending the verification information, and the registration information may be used by the second server to invoke the login interface multiple times.
  • the registration information may include a system identifier and a corresponding key, the system identifier and the corresponding key are unique, and the key is used to encrypt the string.
  • the verification information may also include an encrypted character string generated by a key in the registration information, and the like.
  • the login interface provided by the first server can only be invoked through the registered second server.
  • the verification information is sent simultaneously with the unique identifier and the username, such as including the unique identifier and the username in http
  • the request body part includes the registration information and the encrypted character string in the verification information in the http request header, and the call source information in the verification information is included in the http request packet.
  • Step S242 the first server performs identity verification on the second server according to the verification information and the pre-stored registration information.
  • the pre-stored registration information is the registration information generated by the first server after receiving the registration request, and is stored in the first server and can be sent to the interface server by using an email or the like.
  • the second server obtains the registration information from the interface server, generates the verification information by using the registration information, and needs to send the verification information each time the service provided by the first server is invoked.
  • the first server authenticates the second server according to the verification information and the pre-stored registration information. It can be understood that, since the verification information can include various information such as an IP address, an encrypted character string, and the like, only each type of information is verified and passed, and the verification is passed. Only when the verification is passed, the user name can be registered on the first terminal. .
  • the verification information is generated by using an algorithm by using the registration information, and the algorithm for generating the verification information may be changed at any time to avoid the direct transmission of the registration information and being repeatedly used by the hacker.
  • the first server and the second server are deployed on the intranet of the enterprise, and the intranet transmission further ensures the security and integrity of the message, and is convenient for the enterprise with higher security requirements to log in.
  • step S242 includes:
  • Step S242a The first server searches for the corresponding key in the registration information according to the system identifier in the verification information.
  • the first server generates registration information according to the registration request, where the registration request includes the calling source information. After the registration information is generated, the registration information is stored corresponding to the call source information for subsequent verification.
  • the registration information includes a system identifier and a corresponding key, wherein the system identifier and the corresponding key are unique.
  • the verification information includes a system identifier, an encrypted string, and corresponding call source information, and the call source information may include an IP address of the server, etc., for identifying the server.
  • the first server searches for the same system identifier in the pre-stored registration information as the system identifier in the verification information, and obtains a corresponding key.
  • Step S242b Decrypt the encrypted character string in the verification information according to the found key.
  • the key corresponding to the encrypted character string can be found, thereby decrypting the encrypted character string in the verification information.
  • Step S242c It is detected whether the calling source information in the verification information is consistent with the calling source information stored corresponding to the registration information.
  • the calling source information corresponding to the system identifier that is the same as the system identifier in the verification information is found in the registration information, and the calling source information in the verification verification information is the same as the calling source information.
  • Step S242d when the decrypted string in the verification information is successfully decrypted according to the found key, and the calling source information in the verification information is consistent with the calling source information stored in the registration information, the identity verification of the second server passes, otherwise The authentication of the second server did not pass.
  • the second server that has passed the registration has the same registration information as that on the first server, and the second server generates an encrypted character string according to the key in the registration information, and encrypts the system identifier in the registration information.
  • the string, call source information is included in the verification information and sent to the first server.
  • the first server has the same registration information pre-stored, so that the corresponding key can be found according to the system identifier in the verification information for decryption. Since the registration information corresponds to the stored source information, the stored source information and the verification information can be compared.
  • the calling source information only the two conditions of the decryption success and the calling source information are met, the authentication of the second server is passed, further increasing the security of the login.
  • the encrypted string generated by the second server includes timestamp information
  • the encrypted string further includes timestamp information after being decrypted
  • the first server stores the unique identifier stored in the first server with the username.
  • the first server decrypts the encrypted string to obtain the timestamp information, and determines whether the preset condition is met according to the timestamp information. If the preset condition is met, the stored unique identifier is bound to the user name. If not, the stored unique ID is not bound to the username.
  • the time interval between the timestamp and the current time is calculated, and if the time interval exceeds the preset value, the preset condition is not met.
  • the validity period of the encrypted string is guaranteed by the timestamp. If the time interval exceeds the preset value, the encrypted string is invalid even if the decryption succeeds, and the stored unique identifier cannot be bound to the user name.
  • Implement login Prevents encrypted strings from being intercepted and used repeatedly, which further improves login security.
  • step S210 further including;
  • Step S410 the first server receives the registration request, and the registration request includes the calling source information.
  • the other information to be registered such as the input source information
  • the webpage receives the registration request
  • a registration request is generated and sent to the first server. It can be understood that this registration request can be generated on other terminals or servers other than the second server.
  • Step S420 the first server generates registration information, and stores the registration information corresponding to the calling source information.
  • the registration information may be customized according to requirements, for example, the registration information includes a system identifier and a corresponding key, and the registration information is stored corresponding to the calling source information, so that when the first server performs verification on the second server, the corresponding information is searched according to the registration information. Call the source information. It can be understood that the registration information can be provided to the second server for reuse when the login interface is called multiple times. The registration information needs to be regenerated only when the source information or the like is changed.
  • Step S430 the second server acquires registration information and call source information
  • the first server may send the registration information to the interface server by using an email, and the second server obtains the registration information from the interface server and saves the information. Only the server that holds the registration information can call the login service provided by the first server.
  • the second server obtains the calling source information by acquiring its own IP address.
  • Step S440 the second server generates and stores the verification information according to the registration information and the call source information.
  • the character string of the customized content may be processed according to the content in the registration information, for example, the registration information includes a system identifier and a corresponding key, and according to the key, the random number random and the timestamp timestamp are used as content, and the content is used.
  • DES Data The Encryption Standard (encryption standard) encryption algorithm obtains an encrypted string, and generates and stores the system identification, the encrypted string, and the verification information of the source information.
  • step S250 includes:
  • Step S251 the first server binds the stored unique identifier with the username.
  • Step S252 receiving a query request that is sent by the first terminal and includes a unique identifier.
  • Step S253 Return the username with the binding relationship to the unique identifier to the first terminal according to the query request.
  • the query request includes a unique identifier.
  • the unique identifier in the query request has a username corresponding to the binding, the username is returned to the first terminal, so that the first terminal logs in according to the username.
  • the unique identifier corresponds to the save valid time interval.
  • the first terminal stops sending the query request, and the unique identifier already stored in the first server is deleted.
  • the two-dimensional code is valid for 5 minutes, if the two-dimensional code is not registered within 5 minutes after the two-dimensional code is loaded on the first terminal login page, the two-dimensional code expires, and the second terminal cannot be registered again, and the first terminal does not Continue to send the query request to query the unique identifier status, which can reduce the number of query requests sent by the first terminal, thereby reducing the working pressure of the first server to respond to the query request, and also avoids the malicious use of the QR code image, and avoids the first server.
  • the amount of storage in the store grows without limit. It can be understood that if the two-dimensional code expires, the first terminal re-receives the new two-dimensional code generated by the first server by sending a login request.
  • the method further includes: the first server generates a ticket according to the user name, and returns the ticket to the first terminal, and receives a login request sent by the first terminal, where the login request includes the ticket, A server verifies the ticket, and if the verification is passed, the username in the ticket is implemented to log in at the first terminal.
  • the ticket is used to save the identity information of the user.
  • the identity information is saved in the ticket, and the ticket is simultaneously saved in the database of the first server and the cookie of the browser of the first terminal user.
  • the ticket is included in the login request.
  • the first server After the first server receives the ticket, the first server performs verification according to the pre-stored ticket, including verifying the term of the ticket or the authority of the user. If the verification is successful, the first terminal may Log in using the username in the ticket. In this embodiment, fast login is implemented by the ticket.
  • a detailed system architecture diagram applied to a login method in a specific embodiment includes a first terminal 510 and a server 520, including a first server 522 and a second server. 524.
  • the second terminal 530, the first server 522 in the system completes the login step by using multiple servers, and completes the login method in the system architecture.
  • the first terminal 510 sends a login request to the login front-end server 522e, and logs in to the front-end server.
  • 522e forwards the login request to the middle tier server 522c via the interface interface server 522b, and the middle tier server 522c generates a unique identifier based on the login request and stores it in the cache server 522d.
  • the middle tier server 522c generates a two-dimensional code containing the unique identifier and returns to the first terminal 510.
  • the second terminal 530 scans the unique identifier obtained by the two-dimensional code displayed on the first terminal 510, acquires the username of the logged-in application, and sends the unique identifier and the username to the second server 524.
  • the second server 524 generates verification information based on the registration information and includes the unique identification, the username, and the verification information in the binding request and sends it to the WebAPI server 522a.
  • the WebAPI server (web interface server) 522a authenticates the second server 524 based on the authentication information and the pre-stored registration information, and the authentication is performed by the middle-tier server 522c to bind the unique identifier stored by the cache server 522d to the user name.
  • the first terminal 510 continuously sends a query request including the unique identifier to the login front-end server 522e, the login front-end server 522e forwards the query request to the middle-tier server 522c through the interface interface server 522b, and the middle-tier server 522c queries the unique identifier stored in the cache server 522d. Whether there is a bound username, if it exists, return this username to the first terminal 510 to log in.
  • a login method including:
  • Step S710 receiving a login request of the first terminal.
  • Step S720 Generate a unique identifier according to the login request and store, generate a corresponding two-dimensional code according to the unique identifier, and return to the first terminal, where the two-dimensional code includes the unique identifier.
  • Step S730 Receive a unique identifier that is sent by the second server and scan the two-dimensional code by the second terminal, and a user name that the second terminal has logged in to the application.
  • Step S740 performing identity verification on the second server, and if the identity verification of the second server passes, binding the stored unique identifier to the username, so that the username is logged in on the first terminal, if the second server If the authentication fails, the login request is rejected.
  • the server receives the login request of the first terminal, generates a unique identifier according to the login request, and stores the unique identifier for identifying the login process. Generating a two-dimensional code including the unique identifier according to the unique identifier and returning to the first terminal, and receiving, by the second terminal, the second terminal scanning the two-dimensional code displayed on the first terminal to obtain the unique identifier and the user name of the logged-in application, The second server performs authentication. If the authentication of the second server is passed, the server binds the stored unique identifier to the username, indicating that the login process is in the login state, and returns the username to the first terminal to implement The username is logged in on the first terminal.
  • step S740 includes: binding the stored unique identifier to the username, and receiving a query request sent by the first terminal, where the query request includes the unique identifier, according to the query request. Returning the username with the binding relationship to the first identifier to the first terminal.
  • a login method including:
  • Step S810 sending a login request to the server.
  • Step S820 the two-dimensional code generated by the server according to the login request is received, and the two-dimensional code includes a unique identifier.
  • Step S830 sending a query request including a unique identifier to the server.
  • Step S840 receiving a user name having a binding relationship with the unique identifier in the query request, and implementing login of the user name.
  • the terminal sends a login request to the server, and the server generates a unique identifier according to the login request, and generates a two-dimensional code including the unique identifier, and returns the terminal to the terminal, and the terminal sends a query request including the unique identifier to the server, and the server responds to the query request.
  • the terminal sends a query request including the unique identifier to the server, and the server responds to the query request.
  • the terminal When the user name with the binding relationship with the unique identifier is queried, the user name is returned to the terminal, and the terminal implements the login of the user name. Only the unique identifier and user name need to be transmitted in the network, which reduces the transmission of important account information on the network, reduces the risk of theft of important account information, and improves the security of login.
  • a login system including: a first server 910 and a second server 920.
  • the first server 910 is configured to receive a login request of the first terminal, generate a unique identifier according to the login request, store the corresponding identifier according to the unique identifier, and return the corresponding two-dimensional code to the first terminal, where the two-dimensional code includes the unique identifier.
  • the second server 920 is configured to receive the unique identifier obtained by scanning the two-dimensional code by the second terminal and the username of the second terminal that has been logged in, and send the unique identifier and the username to the first server 910.
  • the first server 910 is further configured to perform authentication on the second server 920. If the identity verification of the second server 920 passes, the first server 910 binds the stored unique identifier to the username to implement the username in the first Log in on the terminal.
  • the first server 910 is further configured to reject the login request if the identity verification of the second server 920 does not pass.
  • the first server 910 is further configured to receive the verification information sent by the second server 920, and perform identity verification on the second server according to the verification information and the pre-stored registration information.
  • the registration information includes a system identifier and a corresponding key
  • the verification information includes a system identifier, an encrypted character string, and corresponding call source information
  • the first server 910 is further configured to: register information according to the system identifier in the verification information. Find the corresponding key, decrypt the encrypted string in the verification information according to the found key, and check whether the calling source information in the verification information is consistent with the calling source information stored in the registration information, according to the found confidentiality. If the encrypted character string in the key verification information is successfully decrypted and the calling source information in the verification information is consistent with the calling source information stored in the registration information, the identity verification of the second server 920 passes, otherwise the identity verification of the second server 920 is not by.
  • the first server 910 is further configured to receive a registration request, where the registration request includes the source information.
  • the first server 910 is further configured to generate registration information, and store the registration information corresponding to the calling source information.
  • the second server 920 is further configured to acquire registration information and call source information, generate verification information according to the registration information and the call source information, and store the verification information.
  • the first server 910 is further configured to bind the stored unique identifier to the user name, receive a query request that is sent by the first terminal and include the unique identifier, and bind the unique identifier according to the query request.
  • the username of the relationship is returned to the first terminal.
  • a first server including a memory and a processor, wherein the memory stores instructions, and when the instructions are executed by the processor, the first server includes:
  • the first receiving module 1000 is configured to receive a login request of the first terminal.
  • the two-dimensional code generating module 1010 is configured to generate and store a unique identifier according to the login request, generate a corresponding two-dimensional code according to the unique identifier, and return to the first terminal, where the two-dimensional code includes a unique identifier.
  • the second receiving module 1020 is configured to receive, by the second server, a unique identifier obtained by scanning the two-dimensional code by the second terminal, and a username of the second terminal that has been logged in to the application.
  • the verification module 1030 is configured to perform authentication on the second server, and if the identity verification of the second server passes, enter the login module 1040, otherwise reject the login request.
  • the login module 1040 is configured to bind the stored unique identifier to the username to implement login of the username on the first terminal.
  • the verification module 1030 is further configured to receive the verification information sent by the second server, and perform identity verification on the second server according to the verification information and the pre-stored registration information.
  • the registration information includes a system identifier and a corresponding key
  • the verification information includes a system identifier, an encrypted character string, and corresponding call source information.
  • the verification module 1030 includes:
  • the decrypting unit 1031 is configured to search for a corresponding key in the registration information according to the system identifier in the verification information, and decrypt the encrypted string in the verification information according to the found key.
  • the detecting unit 1032 is configured to detect whether the calling source information in the verification information is consistent with the calling source information stored in the registration information.
  • the verification unit 1033 when the decryption of the encrypted character string in the verification information is successful according to the found key, and the call source information in the verification information is consistent with the call source information stored corresponding to the registration information, then the second server Authentication passed, otherwise the authentication of the second server does not pass.
  • the first server further includes:
  • the preparation module 1050 is configured to receive a registration request, where the registration request includes the calling source information, generate registration information, and store the registration information corresponding to the calling source information, so that the second server obtains the registration information and the calling source information, according to the The registration information and the call source information generate verification information and store it.
  • the login module 1040 includes:
  • the binding unit 1041 is configured to bind the stored unique identifier to the username.
  • the query request receiving unit 1042 is configured to receive a query request sent by the first terminal, where the query request includes the unique identifier;
  • the user name returning unit 1043 returns a user name having a binding relationship with the unique identifier to the first terminal according to the query request.
  • a terminal including a memory and a processor, where the memory stores instructions, and when the instructions are executed by the processor, the terminal includes: a login request module 1100. Used to send a login request to the server.
  • the two-dimensional code receiving module 1110 is configured to receive a two-dimensional code generated by the server according to the login request, where the two-dimensional code includes a unique identifier.
  • the query requesting module 1120 is configured to send a query request including a unique identifier to the server.
  • the login implementation module 1130 is configured to receive a username that has a binding relationship with the unique identifier in the query request, and implement login of the username.
  • the storage medium may be a magnetic disk, an optical disk, or a read-only storage memory (Read-Only) Memory, ROM) or Random Access Memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Electromagnetism (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

一种登录方法,包括:第一服务器接收第一终端的登录请求;所述第一服务器根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,所述二维码中包含唯一标识;第二服务器接收第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名,并将唯一标识和用户名发送至所述第一服务器;第一服务器对第二服务器进行身份验证,如果第二服务器的身份验证通过,则第一服务器将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录;如果第二服务器的身份验证不通过,则第一服务器拒绝登录请求。

Description

登录方法、服务器和登录系统
本申请要求于2015年4月21日提交中国专利局、申请号为201510191252.1、发明名称为“登录方法和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
【技术领域】
本发明涉及计算机技术领域,特别是涉及一种登录方法、服务器和登录系统。
【背景技术】
随着互联网技术的发展,通过网络访问各种资源进行娱乐、学习、办公已成为人们生活的一部分。对资源进行访问通常要通过登录,验证权限之后才可以访问。
传统的登录方法往往是终端直接提交登录请求至服务器,由终端调用登录接口进行登录。没有对提交登录请求的终端进行身份验证,安全性比较低。
【发明内容】
基于此,有必要针对上述问题,提供一种登录方法、服务器和登录系统,提高登录的安全性。一种登录方法,包括:
第一服务器接收第一终端的登录请求;
所述第一服务器根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
第二服务器接收第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名,并将所述唯一标识和用户名发送至所述第一服务器;
所述第一服务器对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述第一服务器将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;及
如果所述第二服务器的身份验证不通过,则所述第一服务器拒绝所述登录请求。
一种第一服务器,包括内存和处理器,所述内存中储存有指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:
接收第一终端的登录请求;
根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
接收第二服务器发送的通过第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名;
对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;及
如果所述第二服务器的身份验证不通过,则拒绝所述登录请求。
一种登录系统,包括:
第一服务器,用于接收第一终端的登录请求,根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
第二服务器,用于接收第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名,并将所述唯一标识和用户名发送至所述第一服务器;
所述第一服务器还用于对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述第一服务器将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;
所述第一服务器还用于如果所述第二服务器的身份验证不通过,则拒绝所述登录请求。
本发明的一个或多个实施例的细节在下面的附图和描述中提出。本发明的其它特征、目的和优点将从说明书、附图以及权利要求书变得明显。
【附图说明】
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为一个实施例中登录方法运行的应用环境图;
图2为一个实施例中图1中的终端-的内部结构图;
图3为一个实施例中图1中的服务器-的内部结构图;
图4为一个实施例中登录方法的流程图;
图5为一个实施例中第一终端展示的二维码的界面示意图;
图6为一个实施例中第一服务器对第二服务器进行身份验证的流程图;
图7为一个实施例中第一服务器根据验证信息和预存的注册信息对第二服务器进行身份验证的流程图;
图8为一个实施例中生成注册信息和生成验证信息的流程图;
图9为一个实施例中第一服务器实现用户名在第一终端上登录的流程图;
图10为一个实施例中登录系统的架构图;
图11为一个实施例中登录方法的流程图;
图12为一个实施例中登录方法的流程图;
图13为一个实施例中登录系统的结构框图;
图14为一个实施例中第一服务器的结构框图;
图15为一个实施例中验证模块的结构框图;
图16为另一个实施例中第一服务器的结构框图;
图17为一个实施例中登录模块的结构框图;
图18为一个实施例中终端的结构框图。
【具体实施方式】
图1为一个实施例中登录方法运行的应用环境图。如图1所示,该应用环境包括终端110、服务器120、终端130。终端110、终端130都可以和服务器120通过网络进行通信。
终端110可为智能手机、平板电脑、笔记本电脑、台式计算机等,但并不局限于此。终端130可为具备二维码扫描功能的各种智能手机、平板电脑等移动设备等,但并不局限于此。服务器120包括第一服务器122和第二服务器124。其中第一服务器122可包括多个服务器,其中各个服务器分别完成登录方法的相关步骤。终端110可以向第一服务器122发送登录请求,第一服务器122根据登录请求生成唯一标识并存储,生成包含唯一标识的二维码并返回至终端110。终端130扫描终端110显示的二维码,得到唯一标识,将唯一标识和已登录应用的用户名发送至第二服务器124,第二服务器124将唯一标识和用户名转发至第一服务器122,第一服务器122对第二服务器124进行身份验证,如果第二服务器124的身份验证通过,则第一服务器122将存储的唯一标识与用户名进行绑定,当终端110查询到与唯一标识具有绑定关系的用户名时,接收第一服务器122发送的用户名并实现用户名的登录。如果第二服务器124的身份验证不通过,则拒绝登录请求,无法登录。
在一个实施例中,图1中的终端110的内部结构如图2所示,该终端110包括通过系统总线连接的处理器、图形处理单元、存储介质、内存、网络接口、显示屏幕和输入设备。其中,终端110的存储介质存储有操作系统,还包括计算机可执行指令,当指令被CPU执行时,能够实现一种登录方法。该处理器用于提供计算和控制能力,支撑整个终端110的运行。终端110中的图形处理单元用于至少提供显示界面的绘制能力,内存为存储介质中的计算机可执行指令的运行提供环境,网络接口用于与服务器120进行网络通信,如发送登录请求、查询请求至服务器120,接收服务器120返回的二维码、用户名等。显示屏幕用于显示网页界面等,如显示网页界面上的二维码等,输入设备用于接收用户输入的命令或数据等。对于带触摸屏的终端110,显示屏幕和输入设备可为触摸屏。
在一个实施例中,图1中的服务器120的内部结构如图2所示,该服务器120包括通过系统总线连接的处理器、存储介质、内存和网络接口。其中,该服务器120的存储介质存储有操作系统、数据库和计算机可执行指令,数据库中存储有唯一标识和用户名,当指令被CPU执行时,能够实现一种适用于服务器120的登录方法。该服务器120的处理器用于提供计算和控制能力,支撑整个服务器120的运行。该服务器120的内存为存储介质中的计算机可执行指令的运行提供环境。该服务器120的网络接口用于与外部的终端110和终端130通过网络连接通信,比如接收终端110和终端130发送的请求以及向终端110和终端130返回的数据等。
如图4所示,在一个实施例中,提供了一种登录方法,以应用于上述应用环境中的服务器来举例说明,包括如下步骤:
步骤S210,第一服务器接收第一终端的登录请求。
具体的,第一终端访问网络资源时需要先登录才能访问,第一终端接收输入的网址,生成登录请求,通过向第一服务器发送登录请求以获得二维码,第一服务器接收第一终端发送的登录请求。
步骤S220,第一服务器根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,二维码中包含唯一标识。
具体的,唯一标识也称为GUID,是全球唯一的,用于标识一次登录过程,从而保证用户名只能和唯一的一次登录过程绑定,以此来保证登录安全。生成的唯一标识存储于Redis缓存中,Redis是一种分布式key-value存储系统,将唯一标识进行编码后,生成包含唯一标识的二维码,并将二维码发送至第一终端。
步骤S230,第二服务器接收第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名,并将唯一标识和用户名发送至第一服务器。
具体的,第二服务器接收到包含唯一标识的二维码后,展示二维码,展示界面如图5所示。第二终端可以通过二维码扫描工具,或嵌入二维码扫描工具的应用扫描二维码,如即时通讯应用、企业操作应用、游戏应用等。第二终端在扫描二维码之前通过用户名和密码在应用上进行了登录,在登录状态下扫描二维码,通过识别得到二维码中包含的唯一标识。第二终端生成包含唯一标识和已登录应用的用户名的绑定请求,将绑定请求发送至第二服务器。第二服务器上安装了通过与第二终端上的应用进行交互以提供服务的系统,第二终端上的应用通过向第二服务器发送请求来获得服务,第二服务器也可以主动向第二终端上的应用推送服务。第二服务器收到包含唯一标识和已登录应用的用户名的绑定请求后,将绑定请求转发至第一服务器。
步骤S240,第一服务器对所述第二服务器进行身份验证,如果第二服务器的身份验证通过则进入步骤S250,如果第二服务器的身份验证不通过,则进入步骤S260。
具体的,可以通过第二服务器向第一服务器发送验证信息的方式,第一服务器根据验证信息验证第二服务器的身份。第一服务器和第二服务器可以提前约定验证信息的内容和验证方式,如验证信息包含特定字符串等方式。
步骤S250,第一服务器将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录。
具体的,第一服务器接收到包含唯一标识与用户名的绑定请求之后,根据绑定请求中的唯一标识查找存储于Redis缓存中的相同唯一标识,并将绑定请求中的用户名与此唯一标识绑定存储。由于唯一标识用于标识一次登录过程,当唯一标识与用户名绑定后,此登录过程就处于登录状态。在一个实施例中,第一终端通过发送包含唯一标识的查询请求的方式使第一服务器查询唯一标识绑定的用户名,根据第一服务器返回的用户名登录。在另一个实施例中,第一服务器将唯一标识与用户名绑定后主动通知第一终端,并发送用户名以实现用户名在第一终端上登录。
步骤S260,第一服务器拒绝登录请求。
具体的,如果第二服务器的身份验证不通过,则即使有用户名和唯一标识,也无法登录,只有通过了身份验证的服务器发送的登录请求才能实现登录,提高了登录的安全性。
本实施例中,通过第一服务器接收第一终端的登录请求,第一服务器根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,二维码中包含唯一标识,第二服务器接收第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名,并将唯一标识和用户名发送至第一服务器,第一服务器对第二服务器进行身份验证,只有第二服务器的身份验证通过,第一服务器才将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录,如果第二服务器的身份验证不通过,则无法登录。在登录过程中,第二终端不直接与第一服务器进行信息交互,而是通过第二服务器进行信息交互,对第二服务器进行了身份验证,只有身份验证通过的第二服务器发送的登录请求才能实现登录,从而提高了登录的安全性。且通过第二服务器进行信息交互,服务器比终端具有更强的运算能力可以更快速地执行加密解密等复杂算法,且更方便于故障处理,如将日志记录于服务器以更读取日志信息处理故障,以及在服务器上进行测试和调试,还可以对服务器进行性能优化,如通过队列或者分布式技术去除瓶颈等。
在一个实施例中,如图6所示,步骤S240包括:
步骤S241,第一服务器接收第二服务器发送的验证信息。
具体的,验证信息用于对第二服务器的身份进行验证,验证信息中可以包括调用源信息,调用源信息是调用登录接口的调用方信息,如第二服务器的IP地址等,可以理解的是,IP地址可以包含多个。验证信息中还包括注册信息,注册信息是第二服务器在发送验证信息之前,获取并保存的注册信息,注册信息可以供第二服务器多次调用登录接口。注册信息可以包括系统标识和对应的密钥,系统标识和对应的密钥是唯一的,密钥用于对字符串进行加密。验证信息中还可以包括通过注册信息中的密钥生成的加密字符串等。只有通过注册的第二服务器才能调用第一服务器提供的登录接口。
在一个实施例中,验证信息与唯一标识和用户名同时发送,如将唯一标识与用户名包含在http 请求主体部分,将验证信息中的注册信息和加密字符串包含在http 请求头部,将验证信息中的调用源信息包含在http请求包中。
步骤S242,第一服务器根据验证信息和预存的注册信息对第二服务器进行身份验证。
具体的,预存的注册信息是第一服务器收到注册请求后生成的注册信息,存储于第一服务器并可以通过邮件等方式发送至接口服务器。第二服务器从接口服务器获取此注册信息,利用注册信息生成验证信息,在每次调用第一服务器提供的服务时需要发送验证信息。第一服务器根据验证信息和预存的注册信息对第二服务器进行身份验证。可以理解的是,由于验证信息中可以包含多种信息如IP地址、加密字符串等,只有每种信息都验证通过,才作为验证通过,只有验证通过,才能实现用户名在第一终端上登录。
本实施例中,验证信息是利用注册信息通过算法生成的,生成验证信息的算法可以随时改变,避免直接发送注册信息被黑客截取后反复使用。
在一个实施例中,第一服务器和第二服务器都部署在企业内网,在内网传输进一步保证消息的安全性和完整性,便于对安全性要求更高的企业进行登录。
在一个实施例中,注册信息包括系统标识和对应的密钥,验证信息包含系统标识、加密字符串和对应的调用源信息,如图7所示,步骤S242包括:
步骤S242a,第一服务器根据验证信息中的系统标识在注册信息中查找对应密钥。
具体的,第一服务器根据注册请求生成了注册信息,其中注册请求中包括调用源信息。生成注册信息后,将注册信息与调用源信息对应存储便于后续的验证工作。注册信息中包括系统标识和对应的密钥,其中系统标识和对应的密钥是唯一的。验证信息包含系统标识、加密字符串和对应的调用源信息,调用源信息可以包括服务器的IP地址等,用于标识服务器。第一服务器在预存的注册信息中查找与验证信息中的系统标识相同的系统标识,得到对应的密钥。
步骤S242b,根据查找到的密钥对验证信息中的加密字符串进行解密。
具体的,如果验证信息中的系统标识正确,则可以查找到与加密字符串对应的密钥,从而对验证信息中的加密字符串进行解密。
步骤S242c,检测验证信息中的调用源信息与注册信息对应存储的调用源信息是否一致。
具体的,在注册信息中查找到与验证信息中的系统标识相同的系统标识对应存储的调用源信息,对比验证信息中的调用源信息与其是否相同。
步骤S242d,当根据查找到的密钥对验证信息中的加密字符串进行解密成功和验证信息中的调用源信息与注册信息对应存储的调用源信息一致时,第二服务器的身份验证通过,否则第二服务器的身份验证不通过。
本实施例中,只有通过了注册的第二服务器上才有与第一服务器上相同的注册信息,第二服务器根据注册信息中的密钥生成加密字符串,将注册信息中的系统标识、加密字符串、调用源信息包含在验证信息中发送至第一服务器。第一服务器上由于预存有相同的注册信息,从而能根据验证信息中的系统标识找到对应的密钥进行解密,由于注册信息对应存储有调用源信息,可以对比存储的调用源信息和验证信息中的调用源信息,只有解密成功和调用源信息一致两个条件都满足时,第二服务器的身份验证才通过,进一步增加了登录的安全性。
在一个实施例中,第二服务器生成的加密字符串中包括时间戳信息,加密字符串经过解密后还包括时间戳信息,在第一服务器将存储的所述唯一标识与所述用户名进行绑定之前,第一服务器将加密字符串解密得到时间戳信息,根据时间戳信息判断是否符合预设条件,如果符合预设条件,则将存储的唯一标识与用户名进行绑定。如果不符合,则不将存储的唯一标识与用户名进行绑定。
具体的,计算时间戳与当前时间的时间间隔,如果时间间隔超过预设值,则为不符合预设条件。本实施例中,通过时间戳保证了加密字符串的有效期,如果时间间隔超过预设值,则加密字符串即使解密成功,也失效了,不能将存储的唯一标识与用户名进行绑定,不能实现登录。防止加密字符串被截取反复使用,进一步提高了登录安全。
在一个实施例中,如图8所示,步骤S210之前,还包括;
步骤S410,第一服务器接收注册请求,注册请求中包含调用源信息。具体的,通过网页接收输入的调用源信息等其他待注册信息,生成注册请求,发送至第一服务器。可以理解的是,此注册请求可以在第二服务器之外的其它终端或服务器上生成。
步骤S420,第一服务器生成注册信息,并将注册信息与调用源信息对应存储。
具体的,注册信息可以根据需要自定义内容,如注册信息包括系统标识和对应的密钥,将注册信息与调用源信息对应存储便于第一服务器对第二服务器进行验证时根据注册信息查找对应的调用源信息。可以理解的是,注册信息生成后可以提供给第二服务器在多次调用登录接口时重复使用。只有当调用源信息等发生改变时,才需要重新生成注册信息。
步骤S430,第二服务器获取注册信息和调用源信息;
具体的,第一服务器可以通过邮件的形式发送注册信息至接口服务器,第二服务器从接口服务器获取注册信息并保存。只有保存有注册信息的服务器才能调用第一服务器提供的登录服务。当调用源信息为IP地址时,第二服务器通过获取自身IP地址得到调用源信息。
步骤S440,第二服务器根据注册信息和调用源信息生成验证信息并存储。
具体的,可以根据注册信息中的内容对自定义内容的字符串进行数据处理,如注册信息中包括系统标识和对应的密钥,根据密钥,以随机数random和时间戳timestamp作为内容,使用DES(Data Encryption Standard,数据加密标准)加密算法得到加密的字符串,生成包括系统标识、加密的字符串、调用源信息的验证信息并存储。
在一个实施例中,如图9所示,步骤S250包括:
步骤S251,第一服务器将存储的唯一标识与用户名进行绑定。
步骤S252,接收第一终端发送的包括唯一标识的查询请求。
步骤S253,根据查询请求将与唯一标识具有绑定关系的用户名返回至第一终端。
具体的,查询请求中包括唯一标识,当查询请求中的唯一标识有对应绑定的用户名时,将此用户名返回至第一终端,以使得第一终端根据此用户名登录。
在一个实施例中,唯一标识对应保存有效时间间隔,当有效时间间隔到达时,使第一终端停止发送查询请求,并将第一服务器中已经存储的唯一标识删除。具体的,如二维码有效期为5分钟,在第一终端登录页面加载二维码后如果5分钟内未登录则二维码过期,不能再通过此二维码登录,第一终端也不会继续发送查询请求来查询唯一标识状态,可以减少第一终端发送查询请求数量从而降低第一服务器对查询请求响应的工作压力,也避免了二维码图片被保存恶意使用,还避免了第一服务器中的存储量无限制增长。可以理解的是,如果二维码过期,第一终端通过发送登录请求会重新接收第一服务器生成的新的二维码。
在一个实施例中,在步骤S250之后,还包括:第一服务器根据用户名生成票据,并将票据返回至第一终端,接收第一终端发送的登录请求,登录请求中包括所述票据,第一服务器对票据进行验证,验证通过则实现票据中的用户名在第一终端登录。
具体的,票据用于保存用户的身份信息,当登录成功一次后,身份信息就保存在票据中,票据会同时保存在第一服务器的数据库中和第一终端用户浏览器的cookie中。在下次第一终端需要登录时,在登录请求中包括票据,第一服务器收到票据后,根据预存的票据进行验证,包括验证票据的期限或用户的权限,如果验证成功,则第一终端可以使用票据中的用户名登录。本实施例中,通过票据实现了快速登录。
具体的,在一个实施例中,如图10所示,为一个具体的实施例中登录方法所应用的详细系统架构图,包括第一终端510、服务器520,包括第一服务器522、第二服务器524、第二终端530,此系统中第一服务器522通过多个服务器完成登录步骤,在此系统架构中完成登录方法,具体为:第一终端510向登录前端服务器522e发送登录请求,登录前端服务器522e通过界面接口服务器522b转发此登录请求至中间层服务器522c,中间层服务器522c根据登录请求生成唯一标识并存储于缓存服务器522d。中间层服务器522c根据生成包含唯一标识的二维码并返回至第一终端510。第二终端530扫描第一终端510上显示的二维码得到的唯一标识,并获取已登录应用的用户名,并将唯一标识和用户名发送至第二服务器524。第二服务器524根据注册信息生成验证信息并将唯一标识、用户名、和验证信息包含在绑定请求中发送至WebAPI服务器522a。WebAPI服务器(网页接口服务器)522a根据验证信息和预存的注册信息对第二服务器524进行身份验证,验证通过则中间层服务器522c将缓存服务器522d存储的唯一标识与用户名进行绑定。第一终端510不断发送包括唯一标识的查询请求至登录前端服务器522e,登录前端服务器522e通过界面接口服务器522b转发查询请求至中间层服务器522c,中间层服务器522c查询到缓存服务器522d中存储的唯一标识是否存在已绑定的用户名,如果存在,则返回此用户名至第一终端510上登录。
在一个实施例中,如图11所示,提供了一种登录方法,包括:
步骤S710,接收第一终端的登录请求。
步骤S720,根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,二维码中包含唯一标识。
步骤S730,接收第二服务器发送的通过第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名。
步骤S740,对第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录,如果第二服务器的身份验证不通过,则拒绝登录请求。
本实施例中,服务器接收第一终端的登录请求,根据登录请求生成唯一标识并存储,唯一标识用于标识一次登录过程。根据唯一标识生成包含唯一标识的二维码并返回至第一终端,接收第二服务器发送的通过第二终端扫描第一终端上展示的二维码得到唯一标识和已登录应用的用户名,对第二服务器进行身份验证,如果第二服务器的身份验证通过,则服务器将存储的唯一标识与用户名进行绑定,表明此次登录过程处于登录状态,并返回用户名至第一终端,以实现用户名在第一终端上登录。在网络中只需要传输唯一标识和用户名,减少了重要帐号信息在网络上的传输,降低了重要帐号信息被盗取的风险,提高了登录的安全性,对第二服务器进行了身份验证,只有身份验证通过的第二服务器发送的登录请求才能实现登录,进一步提高了登录的安全性。
在一个实施例中,步骤S740包括:将存储的所述唯一标识与所述用户名进行绑定,接收第一终端发送的查询请求,所述查询请求包含所述唯一标识,根据所述查询请求将与所述唯一标识具有绑定关系的用户名返回至所述第一终端。
在一个实施例中,如图12所示,提供了一种登录方法,包括:
步骤S810,发送登录请求至服务器。
步骤S820,接收服务器返回的根据登录请求生成的二维码,二维码中包含唯一标识。
步骤S830,向服务器发送包含唯一标识的查询请求。
步骤S840,接收与查询请求中的唯一标识具备绑定关系的用户名,实现用户名的登录。
本实施例中,终端发送登录请求至服务器,服务器根据登录请求生成唯一标识,并生成包含唯一标识的二维码,返回至终端,终端向服务器发送包含唯一标识的查询请求,服务器响应查询请求,当查询到与唯一标识具有绑定关系的用户名时,返回用户名至终端,终端实现用户名的登录。在网络中只需要传输唯一标识和用户名,减少了重要帐号信息在网络上的传输,降低了重要帐号信息被盗取的风险,提高了登录的安全性。
在一个实施例中,如图13所示,提供了一种登录系统,包括:第一服务器910、第二服务器920。
第一服务器910用于接收第一终端的登录请求,根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,二维码中包含唯一标识。
第二服务器920用于接收第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名,并将唯一标识和用户名发送至第一服务器910。
第一服务器910还用于对第二服务器920进行身份验证,如果第二服务器920的身份验证通过,则第一服务器910将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录。
所述第一服务器910还用于如果第二服务器920的身份验证不通过,则拒绝登录请求。
在一个实施例中,第一服务器910还用于接收第二服务器920发送的验证信息,根据验证信息和预存的注册信息对第二服务器进行身份验证。
在一个实施例中,注册信息包括系统标识和对应的密钥,验证信息包含系统标识、加密字符串和对应的调用源信息,第一服务器910还用于根据验证信息中的系统标识在注册信息中查找对应的密钥,根据查找到的密钥对验证信息中的加密字符串进行解密,检测验证信息中的调用源信息与注册信息对应存储的调用源信息是否一致,当根据查找到的密钥对验证信息中的加密字符串进行解密成功且验证信息中的调用源信息与注册信息对应存储的调用源信息一致时,第二服务器920的身份验证通过,否则第二服务器920的身份验证不通过。
在一个实施例中,第一服务器910还用于接收注册请求,注册请求中包含调用源信息。第一服务器910还用于生成注册信息,并将注册信息与调用源信息对应存储。第二服务器920还用于获取注册信息和调用源信息,根据注册信息和调用源信息生成验证信息并存储。
在一个实施例中,第一服务器910还用于将存储的唯一标识与用户名进行绑定,接收第一终端发送的包含所述唯一标识的查询请求,根据查询请求将与唯一标识具有绑定关系的用户名返回至第一终端。
在一个实施例中,如图14所示,提供了一种第一服务器,包括内存和处理器,所述内存中储存有指令,所述指令被所述处理器执行时,第一服务器包括:
第一接收模块1000,用于接收第一终端的登录请求。
二维码生成模块1010,用于根据登录请求生成唯一标识并存储,根据唯一标识生成对应的二维码并返回至第一终端,所述二维码中包含唯一标识。
第二接收模块1020,用于接收第二服务器发送的通过第二终端扫描二维码得到的唯一标识和第二终端已登录应用的用户名。
验证模块1030,用于对第二服务器进行身份验证,如果第二服务器的身份验证通过,则进入登录模块1040,否则拒绝登录请求。
登录模块1040,用于将存储的唯一标识与用户名进行绑定,以实现用户名在第一终端上登录。
在一个实施例中,验证模块1030还用于接收第二服务器发送的验证信息,根据验证信息和预存的注册信息对第二服务器进行身份验证。
在一个实施例中,注册信息包括系统标识和对应的密钥,验证信息包含系统标识、加密字符串和对应的调用源信息,如图15所示,验证模块1030包括:
解密单元1031,用于根据验证信息中的系统标识在所述注册信息中查找对应的密钥,根据查找到的密钥对验证信息中的加密字符串进行解密,
检测单元1032,检测验证信息中的调用源信息与所述注册信息对应存储的调用源信息是否一致;
验证单元1033,当根据查找到的密钥对验证信息中的加密字符串进行解密成功,且验证信息中的调用源信息与所述注册信息对应存储的调用源信息一致时,则第二服务器的身份验证通过,否则第二服务器的身份验证不通过。
在一个实施例中,如图16所示,第一服务器还包括:
准备模块1050,用于接收注册请求,注册请求中包含调用源信息,生成注册信息,并将注册信息与调用源信息对应存储,以使第二服务器获取所述注册信息和调用源信息,根据所述注册信息和调用源信息生成验证信息并存储。
在一个实施例中,如图17所示,登录模块1040包括:
绑定单元1041,用于将存储的所述唯一标识与所述用户名进行绑定;
查询请求接收单元1042,用于接收第一终端发送的查询请求,所述查询请求包含所述唯一标识;
用户名返回单元1043,根据所述查询请求将与所述唯一标识具有绑定关系的用户名返回至所述第一终端。
在一个实施例中,如图18所示,提供了一种终端,包括内存和处理器,所述内存中储存有指令,所述指令被所述处理器执行时,终端包括:登录请求模块1100,用于发送登录请求至服务器。
二维码接收模块1110,用于接收服务器返回的根据登录请求生成的二维码,二维码中包含唯一标识。
查询请求模块1120,用于向服务器发送包含唯一标识的查询请求。
登录实现模块1130,用于接收与查询请求中的唯一标识具备绑定关系的用户名,实现用户名的登录。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述程序可存储于一计算机可读取存储介质中,如本发明实施例中,该程序可存储于计算机系统的存储介质中,并被该计算机系统中的至少一个处理器执行,以实现包括如上述各方法的实施例的流程。其中,所述存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。
以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。
以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。

Claims (15)

  1. 一种登录方法,包括:
    第一服务器接收第一终端的登录请求;
    所述第一服务器根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
    第二服务器接收第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名,并将所述唯一标识和用户名发送至所述第一服务器;
    所述第一服务器对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述第一服务器将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;及
    如果所述第二服务器的身份验证不通过,则所述第一服务器拒绝所述登录请求。
  2. 根据权利要求1所述的方法,其特征在于,所述第一服务器对所述第二服务器进行身份验证的步骤包括:
    所述第一服务器接收所述第二服务器发送的验证信息;及
    所述第一服务器根据所述验证信息和预存的注册信息对所述第二服务器进行身份验证。
  3. 根据权利要求2所述的方法,其特征在于,所述注册信息包括系统标识和对应的密钥;所述验证信息包含系统标识、加密字符串和对应的调用源信息;
    所述第一服务器根据所述验证信息和预存的注册信息对所述第二服务器进行身份验证的步骤包括:
    所述第一服务器根据所述验证信息中的系统标识在所述注册信息中查找对应的密钥;
    根据查找到的密钥对所述验证信息中的加密字符串进行解密;
    检测所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息是否一致;及
    当根据查找到的密钥对所述验证信息中的加密字符串进行解密成功,且所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息一致时,则所述第二服务器的身份验证通过,否则所述第二服务器的身份验证不通过。
  4. 根据权利要求1所述的方法,其特征在于,在所述第一服务器接收第一终端的登录请求的步骤之前,所述方法还包括:
    所述第一服务器接收注册请求,所述注册请求中包含调用源信息;
    所述第一服务器生成注册信息,并将所述注册信息与所述调用源信息对应存储;
    所述第二服务器获取所述注册信息和调用源信息;
    所述第二服务器根据所述注册信息和调用源信息生成验证信息并存储。
  5. 根据权利要求1所述的方法,其特征在于,所述第一服务器将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录的步骤包括:
    所述第一服务器将存储的所述唯一标识与所述用户名进行绑定;
    接收所述第一终端发送的包含所述唯一标识的查询请求;
    根据所述查询请求将与所述唯一标识具有绑定关系的用户名返回至所述第一终端。
  6. 一种第一服务器,包括内存和处理器,所述内存中储存有指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:
    接收第一终端的登录请求;
    根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
    接收第二服务器发送的通过第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名;
    对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;及
    如果所述第二服务器的身份验证不通过,则拒绝所述登录请求。
  7. 根据权利要求6所述的服务器,其特征在于,所述处理器所执行的对所述第二服务器进行身份验证的步骤,包括:
    接收所述第二服务器发送的验证信息;
    根据所述验证信息和预存的注册信息对所述第二服务器进行身份验证。
  8. 根据权利要求7所述的服务器,其特征在于,所述注册信息包括系统标识和对应的密钥;所述验证信息包含系统标识、加密字符串和对应的调用源信息;
    所述处理器所执行的根据所述验证信息和预存的注册信息对所述第二服务器进行身份验证的步骤包括:
    根据所述验证信息中的系统标识在所述注册信息中查找对应的密钥;
    根据查找到的密钥对所述验证信息中的加密字符串进行解密;
    检测所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息是否一致;
    当根据查找到的密钥对所述验证信息中的加密字符串进行解密成功,且所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息一致时,则所述第二服务器的身份验证通过,否则所述第二服务器的身份验证不通过。
  9. 根据权利要求6所述的服务器,其特征在于,所述指令被所述处理器执行时,还使得所述处理器执行以下步骤:
    接收注册请求,所述注册请求中包含调用源信息;
    生成注册信息,并将所述注册信息与所述调用源信息对应存储,以使第二服务器获取所述注册信息和调用源信息,根据所述注册信息和调用源信息生成验证信息并存储。
  10. 根据权利要求6所述的服务器,其特征在于,所述处理器所执行的将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录的步骤包括:
    将存储的所述唯一标识与所述用户名进行绑定;
    接收所述第一终端发送的包含所述唯一标识的查询请求;
    根据所述查询请求将与所述唯一标识具有绑定关系的用户名返回至所述第一终端。
  11. 一种登录系统,包括:
    第一服务器,用于接收第一终端的登录请求,根据所述登录请求生成唯一标识并存储,根据所述唯一标识生成对应的二维码并返回至所述第一终端,所述二维码中包含所述唯一标识;
    第二服务器,用于接收第二终端扫描所述二维码得到的所述唯一标识和所述第二终端已登录应用的用户名,并将所述唯一标识和用户名发送至所述第一服务器;
    所述第一服务器还用于对所述第二服务器进行身份验证,如果所述第二服务器的身份验证通过,则所述第一服务器将存储的所述唯一标识与所述用户名进行绑定,以实现所述用户名在所述第一终端上登录;
    所述第一服务器还用于如果所述第二服务器的身份验证不通过,则拒绝所述登录请求。
  12. 根据权利要求11所述的系统,其特征在于,所述第一服务器还用于接收所述第二服务器发送的验证信息,根据所述验证信息和预存的注册信息对所述第二服务器进行身份验证。
  13. 根据权利要求12所述的系统,其特征在于,所述注册信息包括系统标识和对应的密钥;所述验证信息包含系统标识、加密字符串和对应的调用源信息;所述第一服务器还用于根据所述验证信息中的系统标识在所述注册信息中查找对应的密钥,根据查找到的密钥对所述验证信息中的加密字符串进行解密,检测所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息是否一致,当根据查找到的密钥对所述验证信息中的加密字符串进行解密成功且所述验证信息中的调用源信息与所述注册信息对应存储的调用源信息一致时,则所述第二服务器的身份验证通过,否则所述第二服务器的身份验证不通过。
  14. 根据权利要求11所述的系统,其特征在于,所述第一服务器还用于接收注册请求,所述注册请求中包含调用源信息;
    所述第一服务器还用于生成注册信息,并将所述注册信息与所述调用源信息对应存储;
    所述第二服务器还用于获取所述注册信息和调用源信息,根据所述注册信息和调用源信息生成验证信息并存储。
  15. 根据权利要求11所述的系统,其特征在于,所述第一服务器还用于将存储的所述唯一标识与所述用户名进行绑定,接收所述第一终端发送的包含所述唯一标识的查询请求,根据所述查询请求将与所述唯一标识具有绑定关系的用户名返回至所述第一终端。
PCT/CN2016/078565 2015-04-21 2016-04-06 登录方法、服务器和登录系统 WO2016169410A1 (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/462,521 US10270758B2 (en) 2015-04-21 2017-03-17 Login method, server, and login system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510191252.1 2015-04-21
CN201510191252.1A CN104967604B (zh) 2015-04-21 2015-04-21 登录方法和系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/462,521 Continuation US10270758B2 (en) 2015-04-21 2017-03-17 Login method, server, and login system

Publications (1)

Publication Number Publication Date
WO2016169410A1 true WO2016169410A1 (zh) 2016-10-27

Family

ID=54221547

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/078565 WO2016169410A1 (zh) 2015-04-21 2016-04-06 登录方法、服务器和登录系统

Country Status (3)

Country Link
US (1) US10270758B2 (zh)
CN (1) CN104967604B (zh)
WO (1) WO2016169410A1 (zh)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430205A (zh) * 2019-08-09 2019-11-08 深圳前海微众银行股份有限公司 单点登录方法、装置、设备及计算机可读存储介质
CN110472967A (zh) * 2019-07-31 2019-11-19 腾讯科技(深圳)有限公司 一种校验方法、识别端及用户端
CN111757310A (zh) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 健康码的生成方法及服务器、基站
CN111768193A (zh) * 2020-06-19 2020-10-13 中信银行股份有限公司 Atm终端的主密钥灌装方法、服务器、终端及系统
CN111897786A (zh) * 2020-05-27 2020-11-06 深圳市广和通无线股份有限公司 日志读取方法、装置、计算机设备和存储介质
CN113127841A (zh) * 2021-04-23 2021-07-16 上海科华实验系统有限公司 远程管理软件用户的方法、装置、设备及存储介质
CN113949704A (zh) * 2021-10-15 2022-01-18 北京奇艺世纪科技有限公司 一种用户信息处理方法及服务器集群
CN114519176A (zh) * 2020-11-18 2022-05-20 京东方科技集团股份有限公司 交互方法、电子设备及存储介质
CN114915656A (zh) * 2021-12-29 2022-08-16 南京四维智联科技有限公司 一种车联网终端接入方法、装置、存储介质及电子设备

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104967604B (zh) * 2015-04-21 2018-07-20 深圳市腾讯计算机系统有限公司 登录方法和系统
CN105577643A (zh) * 2015-11-23 2016-05-11 清华大学 基于智能眼镜的身份认证方法及身份认证系统
CN107135499A (zh) * 2016-02-26 2017-09-05 华为技术有限公司 数据传输方法、网络设备以及终端
CN105933353B (zh) * 2016-07-05 2019-05-17 北京万维星辰科技有限公司 安全登录的实现方法及系统
CN107689943B (zh) * 2016-08-04 2021-02-05 深信服科技股份有限公司 一种数据加密的方法、用户终端、服务器及系统
CN106339623B (zh) * 2016-08-26 2019-05-10 金蝶软件(中国)有限公司 登录方法和装置
US9965931B2 (en) * 2016-09-14 2018-05-08 The Boeing Company Systems and methods for interfacing with an aircraft cabin control system
CN108320392A (zh) * 2017-01-18 2018-07-24 芜湖美的厨卫电器制造有限公司 租赁设备的解锁方法、系统及其服务器
CN108200085B (zh) * 2018-01-31 2019-03-08 北京深思数盾科技股份有限公司 一种数据分发、转发方法及装置
CN109472121B (zh) * 2018-10-25 2024-06-28 平安科技(深圳)有限公司 用户身份验证的方法、装置、系统及终端设备
CN110210871A (zh) * 2019-02-15 2019-09-06 浙江萨宝信息科技有限公司 一种收银设备的防伪装置及其方法
CN109902472A (zh) * 2019-02-25 2019-06-18 山东浪潮通软信息科技有限公司 一种基于二维码和微信小程序提取个人信息认证的方法
CN109995521A (zh) * 2019-03-06 2019-07-09 湖北省广播电视信息网络股份有限公司 基于图形码的登录方法及网络电视登录系统
CN111813816B (zh) * 2019-04-11 2023-11-14 腾讯科技(深圳)有限公司 数据处理方法、装置、计算机可读存储介质和计算机设备
CN110213248B (zh) * 2019-05-20 2022-02-18 武汉市灯塔互动文化传播有限公司 一种离线环境下授权方法和装置
CN112085900A (zh) * 2019-06-13 2020-12-15 中国民航信息网络股份有限公司 一种自助打印方法、装置和移动设备
CN110336870B (zh) * 2019-06-27 2024-03-05 深圳前海微众银行股份有限公司 远程办公运维通道的建立方法、装置、系统及存储介质
US11288151B2 (en) * 2019-08-13 2022-03-29 Acronis International Gmbh System and method of determining boot status of recovery servers
CN110708320A (zh) * 2019-10-11 2020-01-17 北京弘远博学科技有限公司 一种基于Redis对用户APP登录设备数量控制的方法
CN111078447B (zh) * 2019-11-24 2023-09-19 杭州安恒信息技术股份有限公司 一种微服务架构中的异常定位方法、装置、设备、介质
CN110992022B (zh) * 2019-11-27 2023-09-19 中国银行股份有限公司 一种验证结果的获取方法及装置
CN111865904B (zh) * 2020-06-04 2022-08-23 河南中医药大学 安全的用户在线状态控制方法、装置
CN113922975B (zh) * 2020-06-22 2024-05-24 中移(苏州)软件技术有限公司 一种安全控制方法、服务器、终端、系统和存储介质
CN111585745A (zh) * 2020-07-07 2020-08-25 珠海雷特科技股份有限公司 一种智能家居控制面板入网的方法及智能家居系统
JP6836002B1 (ja) * 2020-07-20 2021-02-24 セイコーソリューションズ株式会社 認証システム、認証システムの制御方法及び認証装置
CN114186214A (zh) * 2020-09-14 2022-03-15 Oppo广东移动通信有限公司 绑定帐号的方法、装置、终端及存储介质
CN112291218B (zh) * 2020-10-22 2022-02-01 四川长虹电器股份有限公司 一种基于二维码双重融合加密算法的设备身份认证方法
CN114971632A (zh) * 2021-02-23 2022-08-30 北京同邦卓益科技有限公司 社交平台绑定系统、方法、装置、电子设备及存储介质
CN113011864B (zh) * 2021-03-22 2022-12-16 支付宝(杭州)信息技术有限公司 一种二维码生成和核验方法、装置、设备和可读介质
CN113407225B (zh) * 2021-06-23 2022-09-23 未鲲(上海)科技服务有限公司 代码清单的生成方法、装置、计算机设备和存储介质
CN113807843B (zh) * 2021-09-06 2023-10-20 中国银联股份有限公司 绑卡方法、用户终端、服务器、系统及存储介质
CN114022966A (zh) * 2021-09-30 2022-02-08 福建数博讯信息科技有限公司 一种实名制平台与人脸识别设备间的校时方法
CN114697074A (zh) * 2022-02-23 2022-07-01 深圳爱捷云科技有限公司 权限校验方法、电子设备及存储介质
CN116938501A (zh) * 2022-04-12 2023-10-24 腾讯科技(深圳)有限公司 身份验证方法、设备、存储介质及程序产品
CN114978724B (zh) * 2022-05-26 2024-02-20 重庆长安汽车股份有限公司 一种车机多模式融合登录系统及方法
CN114938313B (zh) * 2022-07-26 2022-10-04 北京盛邦赛云科技有限公司 一种基于动态令牌的人机识别方法及装置
CN115412347A (zh) * 2022-08-31 2022-11-29 建信金融科技有限责任公司 设备登录方法、装置、设备及存储介质
CN115395662B (zh) * 2022-10-31 2023-03-21 广东承能电力安装有限公司 一种配电房智能监控系统、方法及计算机可读存储介质
CN115834077B (zh) * 2022-11-11 2023-08-01 北京深盾科技股份有限公司 控制方法、控制系统、电子设备及存储介质
CN116094804B (zh) * 2023-01-10 2023-09-08 广东红餐科技有限公司 基于Lvs服务器集群避免用户重复登录的方法
CN116756446B (zh) * 2023-08-23 2023-11-10 北京创新乐知网络技术有限公司 一种基于扫描二维码的登录方法、装置、介质及设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103237034A (zh) * 2013-04-28 2013-08-07 北京小米科技有限责任公司 登录方法及装置
CN103679114A (zh) * 2014-01-06 2014-03-26 武汉瑞普思信息技术有限公司 一种基于二维码的移动信息获取方法及系统
CN103763327A (zh) * 2014-01-28 2014-04-30 宇龙计算机通信科技(深圳)有限公司 一种账号登录方法及系统
CN104967604A (zh) * 2015-04-21 2015-10-07 深圳市腾讯计算机系统有限公司 登录方法和系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
JP4309629B2 (ja) * 2002-09-13 2009-08-05 株式会社日立製作所 ネットワークシステム
US10068220B2 (en) * 2006-10-11 2018-09-04 Visa International Service Association Systems and methods for brokered authentication express seller links
JP4461465B1 (ja) * 2009-03-17 2010-05-12 サイバーステーション株式会社 Webシステム、命令対象システム、及び、コンテンツデータ提供方法
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code
CN103379101A (zh) * 2012-04-20 2013-10-30 腾讯科技(深圳)有限公司 一种水印生成方法、客户端及服务器
CN102769628B (zh) * 2012-07-27 2014-03-26 腾讯科技(深圳)有限公司 页面登录方法及服务器
CN103001974B (zh) * 2012-12-26 2016-11-16 百度在线网络技术(北京)有限公司 基于二维码的登录控制方法、系统和装置
US9479499B2 (en) * 2013-03-21 2016-10-25 Tencent Technology (Shenzhen) Company Limited Method and apparatus for identity authentication via mobile capturing code
US9137245B2 (en) * 2013-04-26 2015-09-15 Tencent Technology (Shenzhen) Company Limited Login method, apparatus, and system
CN104092644B (zh) * 2013-05-30 2018-09-07 腾讯科技(深圳)有限公司 一种交互方法、装置、客户端及服务器

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103237034A (zh) * 2013-04-28 2013-08-07 北京小米科技有限责任公司 登录方法及装置
CN103679114A (zh) * 2014-01-06 2014-03-26 武汉瑞普思信息技术有限公司 一种基于二维码的移动信息获取方法及系统
CN103763327A (zh) * 2014-01-28 2014-04-30 宇龙计算机通信科技(深圳)有限公司 一种账号登录方法及系统
CN104967604A (zh) * 2015-04-21 2015-10-07 深圳市腾讯计算机系统有限公司 登录方法和系统

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472967A (zh) * 2019-07-31 2019-11-19 腾讯科技(深圳)有限公司 一种校验方法、识别端及用户端
CN110472967B (zh) * 2019-07-31 2022-04-29 腾讯科技(深圳)有限公司 一种校验方法、识别端及用户端
CN110430205A (zh) * 2019-08-09 2019-11-08 深圳前海微众银行股份有限公司 单点登录方法、装置、设备及计算机可读存储介质
CN111897786A (zh) * 2020-05-27 2020-11-06 深圳市广和通无线股份有限公司 日志读取方法、装置、计算机设备和存储介质
CN111897786B (zh) * 2020-05-27 2024-03-15 深圳市广和通无线股份有限公司 日志读取方法、装置、计算机设备和存储介质
CN111768193A (zh) * 2020-06-19 2020-10-13 中信银行股份有限公司 Atm终端的主密钥灌装方法、服务器、终端及系统
CN111757310B (zh) * 2020-06-23 2023-06-02 中国联合网络通信集团有限公司 健康码的生成方法及服务器、基站
CN111757310A (zh) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 健康码的生成方法及服务器、基站
CN114519176A (zh) * 2020-11-18 2022-05-20 京东方科技集团股份有限公司 交互方法、电子设备及存储介质
CN113127841A (zh) * 2021-04-23 2021-07-16 上海科华实验系统有限公司 远程管理软件用户的方法、装置、设备及存储介质
CN113949704A (zh) * 2021-10-15 2022-01-18 北京奇艺世纪科技有限公司 一种用户信息处理方法及服务器集群
CN113949704B (zh) * 2021-10-15 2024-03-08 北京奇艺世纪科技有限公司 一种用户信息处理方法及服务器集群
CN114915656A (zh) * 2021-12-29 2022-08-16 南京四维智联科技有限公司 一种车联网终端接入方法、装置、存储介质及电子设备

Also Published As

Publication number Publication date
US20170195311A1 (en) 2017-07-06
CN104967604A (zh) 2015-10-07
US10270758B2 (en) 2019-04-23
CN104967604B (zh) 2018-07-20

Similar Documents

Publication Publication Date Title
WO2016169410A1 (zh) 登录方法、服务器和登录系统
US10382424B2 (en) Secret store for OAuth offline tokens
CN109417553B (zh) 经由内部网络监视来检测使用泄漏证书的攻击
US9479496B2 (en) Communication terminal and secure log-in method acquiring password from server using user ID and sensor data
WO2018157858A1 (zh) 信息存储方法、装置及计算机可读存储介质
WO2019127973A1 (zh) 镜像仓库的权限认证方法、系统、设备及存储介质
KR100615793B1 (ko) 준 신뢰성 웹 서버를 통한 오리진 웹 서버로부터의 정보 액세스 방법과 그 장치 및 컴퓨터 판독 가능 기록 매체
US8850219B2 (en) Secure communications
KR101720160B1 (ko) 인간의 개입이 없는 어플리케이션들을 위한 인증 데이터베이스 커넥티비티
WO2014008858A1 (zh) 实现跨域跳转的方法以及浏览器、域名服务器
US7549048B2 (en) Efficient and secure authentication of computing systems
KR101302135B1 (ko) 위탁 서비스를 위한 데이터의 부분 암복호화 방법 및 그 장치
WO2021072881A1 (zh) 基于对象存储的请求处理方法、装置、设备及存储介质
WO2020220413A1 (zh) 个人信息的零知识证明方法、系统及存储介质
WO2020164280A1 (zh) 数据传输加密方法、装置及存储介质、服务器
WO2013191325A1 (ko) 트러스티드 플랫폼 기반의 개방형 아이디 인증 방법, 이를 위한 장치 및 시스템
WO2020253120A1 (zh) 网页注册方法、系统、设备和计算机存储介质
WO2015101332A1 (zh) 密码分级管理方法和系统
WO2020062644A1 (zh) Json劫持漏洞的检测方法、装置、设备及存储介质
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
WO2019205288A1 (zh) 连接建立方法、系统、设备及计算机可读存储介质
WO2020032351A1 (ko) 익명 디지털 아이덴티티 수립 방법
WO2018043832A1 (ko) 보안 웹브라우저 동작 방법
WO2020206899A1 (zh) 基于时间戳的身份验证方法、装置、设备及存储介质
JP2002189646A (ja) 中継装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16782557

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/04/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16782557

Country of ref document: EP

Kind code of ref document: A1