WO2016177342A1 - Account login processing method, server and system therefor, and computer storage medium - Google Patents

Account login processing method, server and system therefor, and computer storage medium Download PDF

Info

Publication number
WO2016177342A1
WO2016177342A1 PCT/CN2016/081189 CN2016081189W WO2016177342A1 WO 2016177342 A1 WO2016177342 A1 WO 2016177342A1 CN 2016081189 W CN2016081189 W CN 2016081189W WO 2016177342 A1 WO2016177342 A1 WO 2016177342A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
account
application
security level
mobile terminal
Prior art date
Application number
PCT/CN2016/081189
Other languages
French (fr)
Chinese (zh)
Inventor
申世安
张立海
Original Assignee
努比亚技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 努比亚技术有限公司 filed Critical 努比亚技术有限公司
Publication of WO2016177342A1 publication Critical patent/WO2016177342A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates to an account management technology in the field of communications, and in particular, to an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card.
  • the user needs to log in to each of the various mobile Internet-based applications currently used by the mobile terminal (including the user name and password).
  • the naming rules of the account are also different.
  • the main purpose of the embodiments of the present invention is to provide an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card, which are convenient, efficient, and secure for registering accounts of different applications.
  • an embodiment of the present invention provides an account login processing method, including:
  • Controlling according to the judgment result, the user, after logging in to the application based on the account, to the application Access rights.
  • each unified login account corresponds to one security control policy and one access control policy
  • the security control policy is used to control at least one of the following:
  • the manner of verification using the manner of verification by the user of the mobile terminal includes: a password verification method and a biometric verification method;
  • a trigger condition for re-authentication of a user using the mobile terminal including a change in a biometric of a user of the mobile terminal
  • the prompting method for re-verifying the user of the mobile terminal includes a reminder and a limited number of reminders
  • the access control policy is used for a security level of an account based on an application requested by the user, and an access authority of the application of the security level corresponding to the application;
  • the security levels include: read-only security level, general security level, advanced security level, and highest security level.
  • mapping relationship between the unified login account of the user and the account of the different application of the user is included, including:
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the determining, according to the mapping relationship, the unified login account used by the user, the application that is used by the user login request includes:
  • mapping relationship determining, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the security level of the account corresponding to the application used based on the user request is the application requested by the user to log in.
  • the security level of the account corresponding to the application that is used by the user request is an application that is requested to be used by the user to log in, including:
  • the user allocates a random account of the application through the resource pool to log in to the application for the user based on the allocated random account;
  • the user uses the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application.
  • the user logs in to the application once; when the biometric of the user of the mobile terminal is detected to be changed, a reminder is performed, and the user is re-verified;
  • the account of the application requested by the user is an advanced security level account
  • the account of the application set by the user in advance or the account corresponding to the application input when the user requests to use the application is The user logs in to the application in one time; when detecting that the biometric of the user of the mobile terminal changes, performs a preset number of reminders greater than one time, and re-verifies the user;
  • the user When the account of the application requested by the user is the highest security level account, the user is authenticated based on the password authentication method and the biometric verification mode, and the account or the application of the application preset by the user is verified when the user passes the verification. Determining, by the user, an account corresponding to the application that is input when the user uses the application, logging in to the application for the user; and detecting the user of the mobile terminal when the biometric of the user of the mobile terminal is changed. Unregister the app.
  • controlling, by the determining, the access rights of the user to the application after logging in to the application based on the account includes:
  • the user has the access right or the lowest priority authority assigned to the anonymous visitor of the application:
  • the user When the judgment result indicates that the account of the application requested by the user is the highest security level account, and the user logs in to the mobile terminal by using the unified login account based on the password login and the biometric authentication mode, the user is assigned to the mobile terminal. The user's full usage rights for the application.
  • an embodiment of the present invention provides a server, including:
  • mapping unit configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the mapping unit is further configured to indicate different users according to the user a security level of the account, a mapping relationship between an account of a different security level of the user and a unified login account of the user;
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication unit is further configured to perform verification on at least one of a password verification manner and a biometric verification manner by a user using the mobile terminal;
  • the authentication unit is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the authentication unit is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the authentication unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated A random account is used to log in to the application for the user;
  • the access control unit is further configured to use, when the account of the application requested by the user is an ordinary security level account, input by using the account of the application set by the user or the user requesting to use the application. Corresponding to the account of the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the user inputs the request when using the application Corresponding to the account of the application, logging in to the application for the user; performing a preset number of reminders greater than once when detecting that the biometric of the user of the mobile terminal changes, and re-performing the user Verification
  • the access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the user when the verification is passed. Pre-set the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting the biometric of the user of the mobile terminal When the change occurs, the user of the mobile terminal is released from the login for the application.
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated to the anonymous visitor of the application. Permission or lowest priority authority;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account.
  • the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
  • an embodiment of the present invention provides an account login processing system, including: a server and a mobile terminal provided with a virtual subscriber identity card;
  • the server configured to set the virtual subscriber identity card in the mobile terminal a unified login account of the user of the mobile terminal, and a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request by the user;
  • the server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the server is further configured to: according to the security level of the user indicating different accounts of the user, construct a mapping relationship between an account of a different security level of the user and a unified login account of the user;
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the server is further configured to control, by the mobile terminal, at least one of a password verification manner and a biometric verification manner to be used by a user using the mobile terminal;
  • the server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated random account. Logging in to the application for the user;
  • the server is further configured to: the account of the application requested by the user is normal security, etc.
  • the account is a level
  • the user is logged in to the application for the user by using the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application; Performing a reminder when the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application Applying an account for the user to log in to the application for one time; when detecting that the biometric of the user of the mobile terminal changes, performing a preset number of reminders greater than one time, and re-authenticating the user;
  • the server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the pre-set by the user when the verification is passed.
  • the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting that the biometric of the user of the mobile terminal changes The login for the application is released for the user of the mobile terminal.
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access rights of the anonymous visitors to the application or Minimum priority permissions:
  • the server is further configured to: when the determining result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated read-only permission for the application;
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the server is further configured to allocate, to the user, all uses of the application when the determination result indicates that the account of the application requested by the user is an advanced security level account. Permission
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user logs in with the unified login account based on the password login and the biometric authentication mode.
  • the mobile terminal When the mobile terminal is described, all the usage rights of the user for the application are assigned.
  • an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores executable instructions, and the executable instructions are used to execute an account login processing method provided by an embodiment of the present invention.
  • the embodiment of the present invention provides a unified account login processing method based on a virtual user identification card.
  • the present invention constructs a unified system for processing an account login by using a virtual user identification card as a center, and after setting the mapping relationship, the user does not need to Each time you enter your account information, you can log in to a common Internet application, which improves the convenience, efficiency, and security of automatic account login.
  • FIG. 1 is a schematic structural diagram of hardware of a mobile terminal that implements various embodiments of the present invention
  • FIG. 2 is a schematic diagram of a wireless communication system of the mobile terminal shown in FIG. 1;
  • FIG. 3 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a unified account login method based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 7 is a unified account login process based on a virtual subscriber identity card according to an embodiment of the present invention.
  • the mobile terminal can be implemented in various forms.
  • the terminals described in the present invention may include, for example, mobile phones, smart phones, notebook computers, digital broadcast receivers, personal digital assistants (PDAs), tablet computers (PADs), portable multimedia players (PMPs), navigation devices, and the like.
  • Mobile terminals and fixed terminals such as digital TVs, desktop computers, and the like.
  • the terminal is a mobile terminal.
  • PDAs personal digital assistants
  • PADs tablet computers
  • PMPs portable multimedia players
  • Mobile terminals and fixed terminals such as digital TVs, desktop computers, and the like.
  • the terminal is a mobile terminal.
  • configurations in accordance with embodiments of the present invention can be applied to fixed type terminals in addition to components that are specifically for mobile purposes.
  • FIG. 1 is a schematic diagram showing the hardware structure of a mobile terminal 100 that implements various embodiments of the present invention.
  • the mobile terminal 100 may include a wireless communication unit 110, an audio/video (A/V) input unit 120, and a user input unit 130.
  • FIG. 1 illustrates a mobile terminal 100 having various components, but it should be understood that not all illustrated components are required to be implemented. More or fewer components can be implemented instead. The elements of the mobile terminal 100 will be described in detail below.
  • Wireless communication unit 110 typically includes one or more components that permit radio communication between mobile terminal 100 and a wireless communication system or network.
  • the wireless communication unit 110 may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.
  • the broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel.
  • the broadcast channel can include a satellite channel and/or a terrestrial channel.
  • the broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to the terminal.
  • the broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like.
  • the broadcast signal may further include a broadcast signal combined with a TV or radio broadcast signal.
  • the broadcast associated information may also be provided via a mobile communication network, and in this case, the broadcast associated information may be received by the mobile communication module 112.
  • the broadcast signal may exist in various forms, for example, it may exist in the form of Digital Multimedia Broadcasting (DMB) Electronic Program Guide (EPG), Digital Video Broadcasting Handheld (DVB-H) Electronic Service Guide (ESG), and the like.
  • the broadcast receiving module 111 can receive a signal broadcast by using various types of broadcast systems.
  • the broadcast receiving module 111 can use forward link media (MediaFLO) by using, for example, multimedia broadcast-terrestrial (DMB-T), digital multimedia broadcast-satellite (DMB-S), digital video broadcast-handheld (DVB-H)
  • MediaFLO forward link media
  • the digital broadcasting system of the @ ) data broadcasting system, the terrestrial digital broadcasting integrated service (ISDB-T), and the like receives digital broadcasting.
  • the broadcast receiving module 111 can be constructed as various broadcast systems suitable for providing broadcast signals as well as the above-described digital broadcast system.
  • the broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of
  • the mobile communication module 112 transmits the radio signals to and/or receives radio signals from at least one of a base station (e.g., an access point, a Node B, etc.), an external terminal, and a server.
  • a base station e.g., an access point, a Node B, etc.
  • Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received in accordance with text and/or multimedia messages.
  • the wireless internet module 113 supports wireless internet access of the mobile terminal 100.
  • the wireless internet module 113 can be internally or externally coupled to the terminal.
  • the wireless internet access technologies involved in the wireless internet module 113 may include wireless local area network (WLAN), wireless compatibility authentication (Wi-Fi), wireless broadband (Wibro), global microwave interconnection access (Wimax), and high-speed downlink. Road Packet Access (HSDPA) and more.
  • the short range communication module 114 is a module for supporting short range communication.
  • Some examples of short-range communication technology include Bluetooth TM, a radio frequency identification (RFID), infrared data association (IrDA), ultra wideband (UWB), ZigBee, etc. TM.
  • the location information module 115 is a module for checking or acquiring location information of the mobile terminal 100.
  • a typical example of location information module 115 is Global Positioning System (GPS) module 115.
  • GPS Global Positioning System
  • the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information to accurately calculate three-dimensional current position information based on longitude, latitude, and altitude.
  • the method for calculating position and time information uses three satellites and corrects the calculated position and time information errors by using another satellite.
  • the GPS module 115 is capable of calculating speed information by continuously calculating current position information in real time.
  • the A/V input unit 120 is for receiving an audio or video signal.
  • the A/V input unit 120 may include a camera 121 and a microphone 122 that processes image data of still pictures or video obtained by the image capturing device in a video capturing mode or an image capturing mode.
  • the processed image frame can be displayed on the display unit 151.
  • the image frames processed by the camera 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 121 may be provided according to the configuration of the mobile terminal 100.
  • the microphone 122 can receive sound (audio data) via a microphone in an operation mode of a telephone call mode, a recording mode, a voice recognition mode, and the like, and can process such sound as audio data.
  • the processed audio (voice) data can be converted to a format output that can be transmitted to the mobile communication base station via the mobile communication module 112 in the case of a telephone call mode.
  • the microphone 122 can implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated during the process of receiving and transmitting audio signals.
  • the user input unit 130 can generate key input data according to a command input by the user to control the shift. Various operations of the mobile terminal 100.
  • the user input unit 130 allows the user to input various types of information, and may include a keyboard, a pot, a touch pad (eg, a touch sensitive component that detects changes in resistance, pressure, capacitance, etc. due to contact), a scroll wheel , rocker, etc.
  • a touch screen can be formed.
  • the sensing unit 140 detects the current state of the mobile terminal 100 (eg, the open or closed state of the mobile terminal 100), the location of the mobile terminal 100, the presence or absence of contact (ie, touch input) by the user with the mobile terminal 100, and the mobile terminal.
  • the sensing unit 140 can sense whether the slide type phone is turned on or off.
  • the sensing unit 140 can detect whether the power supply unit 190 provides power or whether the interface unit 170 is coupled to an external device.
  • the interface unit 170 serves as an interface through which at least one external device can connect with the mobile terminal 100.
  • the external device may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port (a typical example is a universal serial bus USB port), for connection having The port of the device that identifies the module, the audio input/output (I/O) port, the video I/O port, the headphone port, and so on.
  • the identification module may be stored to verify various information used by the user using the mobile terminal 100 and may include a User Identification Module (UIM), a Customer Identification Module (SIM), a Universal Customer Identity Module (USIM), and the like.
  • the device having the identification module (hereinafter referred to as "identification device”) may take the form of a smart card, and thus the identification device may be connected to the mobile terminal 100 via a port or other connection device.
  • the interface unit 170 can be configured to receive input (eg, data information, power, etc.) from an external device and transmit the received input to one or more components within the mobile terminal 100 or can be used at the mobile terminal 100 and externally Data is transferred between devices.
  • input eg, data information, power, etc.
  • the interface unit 170 may function as a path through which power is supplied from the base to the mobile terminal 100 or may be used as a bottom allowing The various command signals input by the cradle are transmitted to the path of the mobile terminal 100 therethrough.
  • Various command signals or power input from the base can be used as signals for identifying whether the mobile terminal 100 is accurately mounted on the base.
  • Output unit 150 is configured to provide an output signal (eg, an audio signal, a video signal, an alarm signal, a vibration signal, etc.) in a visual, audio, and/or tactile manner.
  • the output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.
  • the display unit 151 can display information processed in the mobile terminal 100. For example, when the mobile terminal 100 is in a phone call mode, the display unit 151 can display a user interface (UI) or a graphical user interface (GUI) related to a call or other communication (eg, text messaging, multimedia file download, etc.). When the mobile terminal 100 is in a video call mode or an image capturing mode, the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or image and related functions, and the like.
  • UI user interface
  • GUI graphical user interface
  • the display unit 151 can function as an input device and an output device.
  • the display unit 151 may include at least one of a liquid crystal display (LCD), a thin film transistor LCD (TFT-LCD), an organic light emitting diode (OLED) display, a flexible display, a three-dimensional (3D) display, and the like.
  • LCD liquid crystal display
  • TFT-LCD thin film transistor LCD
  • OLED organic light emitting diode
  • a flexible display a three-dimensional (3D) display, and the like.
  • 3D three-dimensional
  • Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as a transparent display, and a typical transparent display may be, for example, a TOLED (Transparent Organic Light Emitting Diode) display or the like.
  • TOLED Transparent Organic Light Emitting Diode
  • the mobile terminal 100 may include two or more display units (or other display devices), for example, the mobile terminal 100 may include an external display unit (not shown) and an internal display unit (not shown) ).
  • the touch screen can be used to detect touch input pressure as well as touch input position and touch input area.
  • the audio output module 152 may output audio data received by the wireless communication unit 110 or stored in the memory 160 when the mobile terminal 100 is in a call signal receiving mode, a call mode, a recording mode, a voice recognition mode, a broadcast receiving mode, and the like. Convert audio signals and The output is sound. Moreover, the audio output module 152 can provide audio output (eg, call signal reception sound, message reception sound, etc.) associated with a particular function performed by the mobile terminal 100.
  • the audio output module 152 can include a speaker, a buzzer, and the like.
  • the alarm unit 153 can provide an output to notify the mobile terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alert unit 153 can provide an output in a different manner to notify of the occurrence of an event. For example, the alarm unit 153 can provide an output in the form of vibrations, and when a call, message, or some other incoming communication is received, the alarm unit 153 can provide a tactile output (ie, vibration) to notify the user of it. By providing such a tactile output, the user is able to recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 can also provide an output of the notification event occurrence via the display unit 151 or the audio output module 152.
  • the memory 160 may store a software program or the like that performs processing and control operations performed by the controller 180, or may temporarily store data (for example, a phone book, a message, a still image, a video, and the like) that has been output or is to be output. Moreover, the memory 160 can store data regarding vibrations and audio signals of various manners that are output when a touch is applied to the touch screen.
  • the memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a random access memory (RAM), a static random access memory ( SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like.
  • the mobile terminal 100 can cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
  • the controller 180 typically controls the overall operation of the mobile terminal 100.
  • the controller 180 performs the control and processing associated with voice calls, data communications, video calls, and the like.
  • the controller 180 may include a multimedia module 181 for reproducing or playing back multimedia data, a multimedia module 181 may be constructed within controller 180 or may be configured to be separate from controller 180.
  • the controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
  • the power supply unit 190 receives external power or internal power under the control of the controller 180 and provides appropriate power required to operate the various components and components.
  • the various embodiments described herein can be implemented in a computer readable medium using, for example, computer software, hardware, or any combination thereof.
  • the embodiments described herein may be through the use of application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays ( An FPGA, a processor, a controller, a microcontroller, a microprocessor, at least one of the electronic units designed to perform the functions described herein, in some cases, such an embodiment may be at the controller 180 Implemented in the middle.
  • implementations such as procedures or functions may be implemented with separate software modules that permit the execution of at least one function or operation.
  • the software code can be implemented by a software application (or program) written in any suitable programming language, which can be stored in memory 160 and executed by
  • the mobile terminal 100 has been described in terms of its function.
  • the slide type mobile terminal 100 in various types of mobile terminals 100 such as a folding type, a bar type, a swing type, a slide type mobile terminal 100, and the like will be described as an example. Therefore, the present invention can be applied to any type of mobile terminal 100, and is not limited to the slide type mobile terminal 100.
  • the mobile terminal 100 as shown in FIG. 1 may be configured to operate using a communication system such as a wired and wireless communication system and a satellite-based communication system that transmits data via frames or packets.
  • a communication system such as a wired and wireless communication system and a satellite-based communication system that transmits data via frames or packets.
  • a communication system in which the mobile terminal 100 according to the present invention can operate will now be described with reference to FIG.
  • Such communication systems may use different air interfaces and/or physical layers.
  • the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), code. Divisional Multiple Access (CDMA) and Universal Mobile Telecommunications System (UMTS) (particularly, Long Term Evolution (LTE)), Global System for Mobile Communications (GSM), and the like.
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • CDMA Code Divisional Multiple Access
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • GSM Global System for Mobile Communications
  • the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
  • a CDMA wireless communication system can include a plurality of mobile terminals 100, a plurality of base stations (BS) 270, a base station controller (BSC) 275, and a mobile switching center (MSC) 280.
  • the MSC 280 is configured to interface with a public switched telephone network (PSTN) 290.
  • PSTN public switched telephone network
  • the MSC 280 is also configured to interface with a BSC 275 that can be coupled to the base station 270 via a backhaul line.
  • the backhaul line can be constructed in accordance with any of a number of known interfaces including, for example, E1/T1, ATM, IP, PPP, Frame Relay, HDSL, ADSL, or xDSL. It will be appreciated that the system as shown in FIG. 2 may include multiple BSCs 2750.
  • Each BS 270 can serve one or more partitions (or regions), with each partition covered by a multi-directional antenna or an antenna pointing in a particular direction radially away from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS 270 can be configured to support multiple frequency allocations, and each frequency allocation has a particular frequency spectrum (eg, 1.25 MHz, 5 MHz, etc.).
  • BS 270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology.
  • BTS Base Transceiver Subsystem
  • the term "base station” can be used to generally mean a single BSC 275 and at least one BS 270.
  • a base station can also be referred to as a "cell station.”
  • each partition of a particular BS 270 may be referred to as multiple cellular stations.
  • a broadcast transmitter (BT) 295 transmits a broadcast signal to the mobile terminal 100 operating within the system.
  • a broadcast receiving module 111 as shown in FIG. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295.
  • several satellites 300 are shown, for example, a Global Positioning System (GPS) satellite 300 can be employed.
  • GPS Global Positioning System
  • the satellite 300 helps locate at least one of the plurality of mobile terminals 100.
  • a plurality of satellites 300 are depicted, but it is understood that any number of The satellite gets useful positioning information.
  • the GPS module 115 as shown in Figure 1 is typically configured to cooperate with the satellite 300 to obtain desired positioning information. Instead of GPS tracking techniques or in addition to GPS tracking techniques, other techniques that can track the location of the mobile terminal 100 can be used. Additionally, at least one GPS satellite 300 can selectively or additionally process satellite DMB transmissions.
  • BS 270 receives reverse link signals from various mobile terminals 100.
  • Mobile terminal 100 typically participates in calls, messaging, and other types of communications.
  • Each reverse link signal received by a particular base station 270 is processed within a particular BS 270.
  • the obtained data is forwarded to the relevant BSC 275.
  • the BSC provides call resource allocation and coordinated mobility management functions including a soft handoff procedure between the BSs 270.
  • the BSC 275 also routes the received data to the MSC 280, which provides additional routing services for interfacing with the PSTN 290.
  • PSTN 290 interfaces with MSC 280, which forms an interface with BSC 275, and BSC 275 controls BS 270 accordingly to transmit forward link signals to mobile terminal 100.
  • FIG. 3 is a flowchart of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 1 of the present invention.
  • FIG. 3 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention.
  • the processing method as shown in FIG. 3, is a unified account login processing method based on a virtual subscriber identity card, including:
  • Step 101 The server sets a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and constructs a mapping relationship between the unified login account of the user and an account of a different application of the user.
  • the virtual subscriber identity card refers to the authentication information in the mobile terminal that is configured in the software mode to support the mobile terminal to access the communication network of the operator, and the mobile terminal does not set the entity identification of the entity.
  • the module can access the communication network using voice or data communication functions. Since the virtual subscriber identity card stores the authentication information configured to uniquely identify the user, setting the user's unified login account based on the virtual subscriber identity card may be implemented to set the authentication information in the virtual subscriber identity card to the user's unified login.
  • the account number or in the case where the authentication information has a security requirement, is implemented as a unified login account obtained by encrypting the authentication information by using a one-way irreversible encryption algorithm. Of course, in practical applications, The user can also re-transform the authentication information or the encrypted information into a unified login account (including a user name, optionally, a password) that is convenient for the user to recognize and memorize.
  • the server can be implemented as a single server or collection of servers (such as an authentication server and an access control server).
  • each application has a contradiction
  • the account number (including the user name, optionally, including the password) is based on the unified account number of the user set by the virtual user identification card in the user's mobile terminal, and is associated with the account of the various applications installed by the user on the mobile terminal. Mapping relations.
  • the accounts of different applications corresponding to the unified login account of the user have different security levels, and the security levels of different application accounts may be manually set by the user, or may be automatically set by the server.
  • the security levels include: a read-only security level, a general security level, an advanced security level, and a highest security level.
  • Step 102 The server performs judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user.
  • the server determines the account corresponding to the application requested by the user based on the mapping relationship and the unified login account used by the user, and determines whether the authenticated user can log in to the server by using the corresponding account.
  • Each account corresponds to a security control policy, and exemplary, accounts with different security levels
  • the security control strategy adopted is different.
  • Step 103 The server determines, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application.
  • the account of each application of the user corresponds to an access control policy.
  • the access control policies adopted by the accounts of different security levels are different.
  • the access control policy is configured to be based on a security level of an account of an application requested by the user, and an access authority of the application of the security level corresponding to the application; the security level includes: a read-only security level , general security level, advanced security level and highest security level.
  • the type of access rights may include: all access rights of the application (ie, any operation can be performed on the application) and read-only permissions of the application (that is, only read permissions in the application).
  • Step 104 The server controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the servers described in this embodiment and subsequent embodiments may be implemented in the form of a single server, multiple servers, or server clusters.
  • the server for example, forming a mapping relationship and authenticating the user.
  • the control access rights can be implemented as a mapping relationship server, an authentication server, and an access authority controller.
  • the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different.
  • the account with the lower security level such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
  • FIG. 4 is a schematic diagram of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 2 of the present invention; as shown in FIG. 4, a unified login account of a user is set.
  • the server After the number is mapped to the account of the user's various applications, if the user needs to use the mobile terminal to request to use an account of an application, for example, using an account of the game application or using an account of the electronic bank, the server authenticates the user via the mobile terminal.
  • the user is authenticated by using a password verification method and/or a biometric authentication input method, and the password and biometrics of the legitimate user have been previously collected and maintained at least one of the server and the mobile terminal.
  • the security control policy is configured to control at least one of the following:
  • the manner of verification includes: a password verification method and a verification method of biometrics (eg, biometrics such as fingerprint, iris, voiceprint, palm print, etc.).
  • biometrics eg, biometrics such as fingerprint, iris, voiceprint, palm print, etc.
  • a trigger condition for re-authentication of a user using the mobile terminal including a change in the biometrics of the user of the mobile terminal, that is, re-authentication of the user when the biometric of the user using the mobile terminal changes.
  • the prompting manner for re-verifying the user of the mobile terminal includes a reminder and a limited number of times (greater than one time).
  • the user logs in to the application server corresponding to the requested application, so that the user can use the application based on the account; if the verification fails, the user is not logged in to the requested application.
  • the user before the user uses the mobile terminal, the user is authenticated by using at least one of the password verification mode and the biometric verification mode, and the user corresponding to the application requested by the user is logged in according to the account corresponding to the application requested by the user.
  • the application server improves the efficiency and convenience of account login for the application server that does not log in to the user when the authentication is not passed.
  • FIG. 5 is a schematic diagram of a mapping relationship between a unified login account of a built-in user and an account of a different application of the user in the unified account login method of the virtual subscriber identity card according to the third embodiment of the present invention.
  • the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account.
  • the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
  • step 102 to step 104 of the first embodiment the following situations are included:
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is normal.
  • the user logs in to the application server for the application by using the account set in advance for the application, or when the user inputs the corresponding account when requesting to log in to the application, so that the user does not need to input the account again during the subsequent use of the user.
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and when the account of the application requested by the user is an advanced security level account, the user presets for the application.
  • the account number, or the user inputting the corresponding account when requesting to log in to the application is a one-time login for the user in the application server of the application, so that the user does not need to input the account information again during the subsequent use, and allocate all the use for the application for the user.
  • the server reminds the mobile terminal to change the user of the mobile terminal at least twice, and causes the mobile terminal to verify the user, and the biometric and mobile terminal that will pass the verification when the verification passes
  • the unified login account is bound and maintained on at least one of the mobile terminal and the server, configured for subsequent user authentication.
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is advanced.
  • the server determines the authentication mode adopted by the mobile terminal for the current user, and allocates all the usage rights for the application to the user when the current user simultaneously passes the password verification and biometric verification;
  • the user For the user permission to use the application by password authentication or biometric authentication, the user is not assigned the usage right for the application;
  • the server reminds the user of the mobile terminal to change through the mobile terminal, and cancels the login made for the current user for the current user of the mobile terminal; in order to ensure security, the account with the security level
  • the processing method is different.
  • the server directly cancels the login status of the application, does not verify the current user, and does not add authorization verification for the new biometric feature of the current user. Other users cannot use the login maximum security level account.
  • mappings correspond to different security control policies and access control policies.
  • the unified login account formed by the virtual user identification card is used to construct a mapping relationship with the account of different security levels. After the user is set, the user can log in to the commonly used Internet application without entering the user name and password every time, thereby improving the automatic account. Convenience, efficiency and security of login.
  • the read-only security level account includes: an account of a forum that is accidentally logged in;
  • the general security level account includes: a video game account, an online music account;
  • the advanced security level account including: Email account, instant messaging account;
  • the highest security level account including: electronic banking application account, third-party payment application account, and the like.
  • the virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed.
  • the virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input.
  • an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account.
  • the server determines based on the mapping relationship. Apply the corresponding account and log in to the application according to the security level. You do not need to enter the user name and password to log in every time, which improves the convenience, efficiency and security of the automatic login of the account.
  • FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to Embodiment 4 of the present invention
  • FIG. 6 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • the processing server 400 includes:
  • the mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different.
  • the account with the lower security level such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
  • a unified account login processing server based on a virtual subscriber identity card includes:
  • the mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request, and control the user to log in based on the account according to the determination result.
  • the access authority to the application after the application.
  • the mapping unit constructs a mapping relationship according to the security level of the different accounts of the user, and constructs a mapping relationship between the account of different security levels of the user and the unified login account of the user; Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication unit performs verification by using a user of the mobile terminal by using at least one of a password verification mode and a biometric verification mode; and when the verification is passed, based on the mapping relationship
  • the unified login account used by the user determines the security level of the account corresponding to the application requested by the user in the mapping relationship; the security level of the account corresponding to the application used by the user request is the user login The application requested to use.
  • the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account.
  • the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
  • the authentication unit is based on the security level of the account corresponding to the application that the user requests to use, and the application is used by the user to log in, including the following methods:
  • the access control unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random The account is logged in to the application for the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an ordinary security level account, use the user to use the application by using an account of the application set in advance or the user requests And inputting the account corresponding to the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, when the account of the application preset by the user or the user requests to use the application Entering an account corresponding to the application, logging the application to the user at one time; performing a preset number of reminders greater than one time when detecting that the biometric of the user of the mobile terminal changes, and re-writing the User verification;
  • the access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the verification An account of the application preset by the user or an account corresponding to the application that is input when the user requests to use the application, logging in to the application for the user; when detecting the user of the mobile terminal The user of the mobile terminal releases the login for the application when the biometric changes.
  • the access control unit controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account, including the following manner,
  • an access control unit configured to: when the result of the determination indicates that the account of the application requested by the user is a read-only security level account, the user is assigned to the application Visitor access or minimum priority authority;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a normal security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric verification mode. When the login account is logged into the mobile terminal, all the usage rights of the user for the application are assigned.
  • the read-only security level account includes: an account of a forum that is accidentally logged in;
  • the general security level account includes: a video game account, an online music account;
  • the advanced security level account including: Email account, instant messaging account;
  • the highest security level account including: electronic banking application account, third-party payment application account, and the like.
  • the virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed.
  • the virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input.
  • an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account.
  • the server determines the account corresponding to the application based on the mapping relationship, and logs the application for the user according to the security level, and does not need to input the user name each time.
  • the password is logged in, which improves the convenience, efficiency and security of the automatic login of the account.
  • FIG. 7 is a block diagram showing an exemplary structure of a unified account login system based on a virtual subscriber identity card according to Embodiment 7 of the present invention.
  • a unified account registration system based on a virtual subscriber identity card according to the present invention includes: a mobile terminal 100 provided with a virtual subscriber identity card, an authentication server 500, and an access control server 600.
  • An authentication server configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user ;
  • the authentication server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the access control server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the authentication server is further configured to: according to the security level of the user indicating the different accounts of the user, construct a mapping relationship between the account of different security levels of the user and the unified login account of the user; or, automatically The mapping relationship between the read-only security level account of the different users and the unified login account of the corresponding user is constructed, and the mapping relationship between the common security level account of different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication server is further configured to control, by the mobile terminal, at least one of a password verification mode and a biometric verification mode by using a user of the mobile terminal;
  • the authentication server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the authentication server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the authentication server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random account. The user logs in to the application;
  • the authentication server is further configured to use, when the account of the application requested by the user is an ordinary security level account, use the account of the application set by the user or the corresponding input when the user requests to use the application.
  • the account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a reminder is performed, and the user is re-verified;
  • the authentication server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application The account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a preset number of reminders greater than one time is performed, and the user is re-verified;
  • the authentication server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the user is preset by the user when the verification is passed.
  • the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when the biometric of the user of the mobile terminal is detected to change The login for the application is released for the user of the mobile terminal.
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access authority or the lowest priority assigned to the anonymous visitor of the application for the application Level permissions:
  • the access control server is further configured to: when the determination result indicates that the user requests to make When the account of the used application is a read-only security level account, the user is assigned read-only permission for the application;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account.
  • the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
  • the user's unified account login information is set by the virtual user identification card, and the unified account login information and the different application accounts, such as the mapping relationship between the social application and the email mailbox, are constructed, when logging in to an application of the terminal or logging in to a website.
  • the authentication server authenticates the unified login account obtained by the login server. If the authentication is passed, the user or the website is directly logged into the application, and the access control server defines the content of the access control according to the security level.
  • the authentication server records accounts of different security levels in different security levels. To ensure security, the authentication server can consider distributed deployment. It is best to record the account with the required security level in the encrypted form locally on the mobile terminal.
  • the embodiment provides a computer storage medium, where the computer storage medium stores The executable instruction is used to execute the account login processing method provided by the embodiment of the present invention.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed are an account login processing method, a server and a system therefor, and a computer storage medium. The method comprises: setting a unified login account of a subscriber of a mobile terminal through a virtual subscriber identity module card in the mobile terminal, and constructing a mapping relationship between the unified login account of the subscriber and accounts of different applications of the subscriber; performing judgement certification on an application required by the subscriber through logging in based on the mapping relationship and the unified login account used by the subscriber; judging the security grade of the account corresponding to the application required by the subscriber based on the mapping relationship and the unified login account of the subscriber; and controlling an access authority of the subscriber to the application according to a judgement result after the subscriber logs in the application based on the account. By implementing the present invention, the effectiveness, security and convenience of logging in through different accounts can be improved.

Description

账号登录处理方法、服务器及系统、计算机存储介质Account login processing method, server and system, computer storage medium 技术领域Technical field
本发明涉及通信领域的账号管理技术,尤其涉及一种基于虚拟用户识别卡的账号登录处理方法、服务器及系统、计算机存储介质。The present invention relates to an account management technology in the field of communications, and in particular, to an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card.
背景技术Background technique
用户通过移动终端当前的各种基于移动互联网的应用的登录都需要各自账号(包括用户名和密码),通常情况账号的命名规则也不尽相同,每次登录应用都要输入账号,给用户带来额外的记忆负担,使用上也相当不便。The user needs to log in to each of the various mobile Internet-based applications currently used by the mobile terminal (including the user name and password). Generally, the naming rules of the account are also different. Each time the application is logged in, the account is required to be added to the user. The extra memory burden is also quite inconvenient to use.
发明内容Summary of the invention
本发明实施例的主要目的在于提出一种基于虚拟用户识别卡的账号登录处理方法、服务器及系统、计算机存储介质,提高登录不同应用的账号的便捷性、高效性和安全性。The main purpose of the embodiments of the present invention is to provide an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card, which are convenient, efficient, and secure for registering accounts of different applications.
本发明实施例解决上述技术问题的技术方案如下:The technical solution for solving the above technical problem in the embodiment of the present invention is as follows:
第一方面,本发明实施例提供一种账号登录处理方法,包括:In a first aspect, an embodiment of the present invention provides an account login processing method, including:
通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;Setting a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and constructing a mapping relationship between the unified login account of the user and an account of a different application of the user;
基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;Determining and authenticating the application used by the user login request based on the mapping relationship and the unified login account used by the user;
基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;Determining, by the user, the security level of the account corresponding to the application, based on the mapping relationship and the unified login account of the user;
根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用 的访问权限。Controlling, according to the judgment result, the user, after logging in to the application based on the account, to the application Access rights.
可选地,所述每一个统一登录账号对应一个安全控制策略和一个访问控制策略;Optionally, each unified login account corresponds to one security control policy and one access control policy;
所述安全控制策略用于控制以下至少之一:The security control policy is used to control at least one of the following:
使用所述移动终端的用户的验证的方式,验证的方式包括:口令验证方式和生物特征验证方式;The manner of verification using the manner of verification by the user of the mobile terminal includes: a password verification method and a biometric verification method;
对使用所述移动终端的用户的重新验证的触发条件,包括所述移动终端的用户的生物特征发生变更;a trigger condition for re-authentication of a user using the mobile terminal, including a change in a biometric of a user of the mobile terminal;
对所述移动终端的用户的重新进行验证的提示方式,包括一次提醒和有限次数提醒;The prompting method for re-verifying the user of the mobile terminal includes a reminder and a limited number of reminders;
所述访问控制策略用于基于所述用户请求使用的应用的账号的安全等级、以及所述安全等级的应用的账号具有的对应所述应用的访问权限;The access control policy is used for a security level of an account based on an application requested by the user, and an access authority of the application of the security level corresponding to the application;
所述安全等级包括:只读安全等级、普通安全等级、高级安全等级及最高安全等级。The security levels include: read-only security level, general security level, advanced security level, and highest security level.
可选地,所述构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系,包括:Optionally, the mapping relationship between the unified login account of the user and the account of the different application of the user is included, including:
根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;And establishing, according to the security level of the different accounts of the user, the mapping relationship between the account of different security levels of the user and the unified login account of the user;
或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
可选地,所述基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证,包括:Optionally, the determining, according to the mapping relationship, the unified login account used by the user, the application that is used by the user login request, includes:
对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证; Performing verification on at least one of a password verification method and a biometric verification method for a user using the mobile terminal;
验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;And determining, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The security level of the account corresponding to the application used based on the user request is the application requested by the user to log in.
可选地,所述基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用,包括:Optionally, the security level of the account corresponding to the application that is used by the user request is an application that is requested to be used by the user to log in, including:
所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号,以基于所分配的随机账号为所述用户登录所述应用;When the account of the application requested by the user is a read-only security level account, the user allocates a random account of the application through the resource pool to log in to the application for the user based on the allocated random account;
所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;When the account of the application requested by the user is a normal security level account, the user uses the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application. The user logs in to the application once; when the biometric of the user of the mobile terminal is detected to be changed, a reminder is performed, and the user is re-verified;
所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;When the account of the application requested by the user is an advanced security level account, the account of the application set by the user in advance or the account corresponding to the application input when the user requests to use the application is The user logs in to the application in one time; when detecting that the biometric of the user of the mobile terminal changes, performs a preset number of reminders greater than one time, and re-verifies the user;
所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。 When the account of the application requested by the user is the highest security level account, the user is authenticated based on the password authentication method and the biometric verification mode, and the account or the application of the application preset by the user is verified when the user passes the verification. Determining, by the user, an account corresponding to the application that is input when the user uses the application, logging in to the application for the user; and detecting the user of the mobile terminal when the biometric of the user of the mobile terminal is changed. Unregister the app.
可选地,所述根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限,包括:Optionally, the controlling, by the determining, the access rights of the user to the application after logging in to the application based on the account, includes:
所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限:When the judgment result indicates that the account of the application requested by the user is a read-only security level account, the user has the access right or the lowest priority authority assigned to the anonymous visitor of the application:
所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;When the judgment result indicates that the account of the application requested by the user is a read-only security level account, the user is assigned read-only permission for the application;
所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;When the judgment result indicates that the account of the application requested by the user is a normal security level account, all the usage rights of the user for the application are allocated;
所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;When the judgment result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。When the judgment result indicates that the account of the application requested by the user is the highest security level account, and the user logs in to the mobile terminal by using the unified login account based on the password login and the biometric authentication mode, the user is assigned to the mobile terminal. The user's full usage rights for the application.
第二方面,本发明实施例提供一种服务器,包括:In a second aspect, an embodiment of the present invention provides a server, including:
映射单元,配置为通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;a mapping unit, configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
认证单元,配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The authentication unit is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
访问控制单元,配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The access control unit is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。And controlling, according to the judgment result, the access authority of the user to the application after logging in to the application based on the account.
可选地,所述映射单元,还配置为根据所述用户指示所述用户的不同 账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;Optionally, the mapping unit is further configured to indicate different users according to the user a security level of the account, a mapping relationship between an account of a different security level of the user and a unified login account of the user;
或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
可选地,所述认证单元,还配置为对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;Optionally, the authentication unit is further configured to perform verification on at least one of a password verification manner and a biometric verification manner by a user using the mobile terminal;
所述认证单元,还配置为验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;The authentication unit is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
所述认证单元,还配置为基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The authentication unit is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
可选地,所述认证单元,还配置为当所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;Optionally, the authentication unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated A random account is used to log in to the application for the user;
所述访问控制单元,还配置为当所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;The access control unit is further configured to use, when the account of the application requested by the user is an ordinary security level account, input by using the account of the application set by the user or the user requesting to use the application. Corresponding to the account of the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
所述访问控制单元,还配置为当所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证; The access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the user inputs the request when using the application Corresponding to the account of the application, logging in to the application for the user; performing a preset number of reminders greater than once when detecting that the biometric of the user of the mobile terminal changes, and re-performing the user Verification
所述访问控制单元,还配置为当所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。The access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the user when the verification is passed. Pre-set the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting the biometric of the user of the mobile terminal When the change occurs, the user of the mobile terminal is released from the login for the application.
可选地,所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限;Optionally, the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated to the anonymous visitor of the application. Permission or lowest priority authority;
所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account. When the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
第三方面,本发明实施例提供一种账号登录处理系统,包括:服务器和设置有虚拟用户识别卡的移动终端;In a third aspect, an embodiment of the present invention provides an account login processing system, including: a server and a mobile terminal provided with a virtual subscriber identity card;
所述服务器,配置为通过所述移动终端中的虚拟用户识别卡设置所述 移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;The server configured to set the virtual subscriber identity card in the mobile terminal a unified login account of the user of the mobile terminal, and a mapping relationship between the unified login account of the user and an account of a different application of the user;
所述服务器,还配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
所述服务器,还配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request by the user;
所述服务器,还配置为根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。The server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
可选地,所述服务器,还配置为根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;Optionally, the server is further configured to: according to the security level of the user indicating different accounts of the user, construct a mapping relationship between an account of a different security level of the user and a unified login account of the user;
或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
可选地,所述服务器,还配置为控制所述移动终端对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;Optionally, the server is further configured to control, by the mobile terminal, at least one of a password verification manner and a biometric verification manner to be used by a user using the mobile terminal;
所述服务器,还配置为验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;The server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
所述服务器,还配置为基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
可选地,所述服务器,还配置为所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;Optionally, the server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated random account. Logging in to the application for the user;
所述服务器,还配置为所述用户请求使用的应用的账号为普通安全等 级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;The server is further configured to: the account of the application requested by the user is normal security, etc. When the account is a level, the user is logged in to the application for the user by using the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application; Performing a reminder when the biometric of the user of the mobile terminal changes, and re-authenticating the user;
所述服务器,还配置为所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;The server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application Applying an account for the user to log in to the application for one time; when detecting that the biometric of the user of the mobile terminal changes, performing a preset number of reminders greater than one time, and re-authenticating the user;
所述服务器,还配置为所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。The server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the pre-set by the user when the verification is passed. The account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting that the biometric of the user of the mobile terminal changes The login for the application is released for the user of the mobile terminal.
可选地,所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限:Optionally, the server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access rights of the anonymous visitors to the application or Minimum priority permissions:
所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;The server is further configured to: when the determining result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated read-only permission for the application;
所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用 权限;The server is further configured to allocate, to the user, all uses of the application when the determination result indicates that the account of the application requested by the user is an advanced security level account. Permission
所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user logs in with the unified login account based on the password login and the biometric authentication mode. When the mobile terminal is described, all the usage rights of the user for the application are assigned.
第四方面,本发明实施例提供一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行本发明实施例提供的账号登录处理方法。In a fourth aspect, an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores executable instructions, and the executable instructions are used to execute an account login processing method provided by an embodiment of the present invention.
本发明实施例提供了一种基于虚拟用户识别卡统一账号登录处理方法,本发明通过以虚拟用户识别卡为中心构建一个统一的对账号登录进行处理的系统,设置完成映射关系之后,用户不需每次都输入账号信息即可登录常用的互联网应用,从而提高了账号的自动登录的便捷性、高效性和安全性。The embodiment of the present invention provides a unified account login processing method based on a virtual user identification card. The present invention constructs a unified system for processing an account login by using a virtual user identification card as a center, and after setting the mapping relationship, the user does not need to Each time you enter your account information, you can log in to a common Internet application, which improves the convenience, efficiency, and security of automatic account login.
附图说明DRAWINGS
图1为实现本发明各个实施例的移动终端的硬件结构示意图;1 is a schematic structural diagram of hardware of a mobile terminal that implements various embodiments of the present invention;
图2为如图1所示的移动终端的无线通信系统示意图;2 is a schematic diagram of a wireless communication system of the mobile terminal shown in FIG. 1;
图3为本发明的实施例的一种基于虚拟用户识别卡统一账号登录处理方法的流程图;3 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention;
图4为本发明的实施例的一种基于虚拟用户识别卡统一账号登录处理方法的流程图;4 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention;
图5为本发明的实施例的一种基于虚拟用户识别卡统一账号登录方法的流程图;FIG. 5 is a flowchart of a unified account login method based on a virtual subscriber identity card according to an embodiment of the present invention; FIG.
图6为本发明的实施例的一种基于虚拟用户识别卡统一账号登录处理服务器的示范性结构框图;FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to an embodiment of the present invention; FIG.
图7为本发明的实施例的一种基于虚拟用户识别卡统一账号登录处理 系统的示范性结构框图。FIG. 7 is a unified account login process based on a virtual subscriber identity card according to an embodiment of the present invention; An exemplary block diagram of the system.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本发明的技术方案,并不用于限定本发明的保护范围。It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the scope of the invention.
现在将参考附图描述实现本发明各个实施例的移动终端。在后续的描述中,使用用于表示元件的诸如“模块”、“部件”或“单元”的后缀仅为了有利于本发明的说明,其本身并没有特定的意义。因此,“模块”与“部件”可以混合地使用。A mobile terminal embodying various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, the use of suffixes such as "module", "component" or "unit" for indicating an element is merely an explanation for facilitating the present invention, and does not have a specific meaning per se. Therefore, "module" and "component" can be used in combination.
移动终端可以以各种形式来实施。例如,本发明中描述的终端可以包括诸如移动电话、智能电话、笔记本电脑、数字广播接收器、个人数字助理(PDA)、平板电脑(PAD)、便携式多媒体播放器(PMP)、导航装置等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。下面,假设终端是移动终端。然而,本领域技术人员将理解的是,除了特别用于移动目的的元件之外,根据本发明的实施方式的构造也能够应用于固定类型的终端。The mobile terminal can be implemented in various forms. For example, the terminals described in the present invention may include, for example, mobile phones, smart phones, notebook computers, digital broadcast receivers, personal digital assistants (PDAs), tablet computers (PADs), portable multimedia players (PMPs), navigation devices, and the like. Mobile terminals and fixed terminals such as digital TVs, desktop computers, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, those skilled in the art will appreciate that configurations in accordance with embodiments of the present invention can be applied to fixed type terminals in addition to components that are specifically for mobile purposes.
图1为实现本发明各个实施例的移动终端100的硬件结构示意,如图1所示,移动终端100可以包括无线通信单元110、音频/视频(A/V)输入单元120、用户输入单元130、感测单元140、输出单元150、存储器160、接口单元170、控制器180和电源单元190等等。图1示出了具有各种组件的移动终端100,但是应理解的是,并不要求实施所有示出的组件。可以替代地实施更多或更少的组件。将在下面详细描述移动终端100的元件。1 is a schematic diagram showing the hardware structure of a mobile terminal 100 that implements various embodiments of the present invention. As shown in FIG. 1, the mobile terminal 100 may include a wireless communication unit 110, an audio/video (A/V) input unit 120, and a user input unit 130. The sensing unit 140, the output unit 150, the memory 160, the interface unit 170, the controller 180, the power supply unit 190, and the like. FIG. 1 illustrates a mobile terminal 100 having various components, but it should be understood that not all illustrated components are required to be implemented. More or fewer components can be implemented instead. The elements of the mobile terminal 100 will be described in detail below.
无线通信单元110通常包括一个或多个组件,其允许移动终端100与无线通信系统或网络之间的无线电通信。例如,无线通信单元110可以包括广播接收模块111、移动通信模块112、无线互联网模块113、短程通信模块114和位置信息模块115中的至少一个。 Wireless communication unit 110 typically includes one or more components that permit radio communication between mobile terminal 100 and a wireless communication system or network. For example, the wireless communication unit 110 may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.
广播接收模块111经由广播信道从外部广播管理服务器接收广播信号和/或广播相关信息。广播信道可以包括卫星信道和/或地面信道。广播管理服务器可以是生成并发送广播信号和/或广播相关信息的服务器或者接收之前生成的广播信号和/或广播相关信息并且将其发送给终端的服务器。广播信号可以包括TV广播信号、无线电广播信号、数据广播信号等等。而且,广播信号可以进一步包括与TV或无线电广播信号组合的广播信号。广播相关信息也可以经由移动通信网络提供,并且在该情况下,广播相关信息可以由移动通信模块112来接收。广播信号可以以各种形式存在,例如,其可以以数字多媒体广播(DMB)的电子节目指南(EPG)、数字视频广播手持(DVB-H)的电子服务指南(ESG)等等的形式而存在。广播接收模块111可以通过使用各种类型的广播系统接收信号广播。特别地,广播接收模块111可以通过使用诸如多媒体广播-地面(DMB-T)、数字多媒体广播-卫星(DMB-S)、数字视频广播-手持(DVB-H),前向链路媒体(MediaFLO@)的数据广播系统、地面数字广播综合服务(ISDB-T)等等的数字广播系统接收数字广播。广播接收模块111可以被构造为适合提供广播信号的各种广播系统以及上述数字广播系统。经由广播接收模块111接收的广播信号和/或广播相关信息可以存储在存储器160(或者其它类型的存储介质)中。The broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel. The broadcast channel can include a satellite channel and/or a terrestrial channel. The broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to the terminal. The broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like. Moreover, the broadcast signal may further include a broadcast signal combined with a TV or radio broadcast signal. The broadcast associated information may also be provided via a mobile communication network, and in this case, the broadcast associated information may be received by the mobile communication module 112. The broadcast signal may exist in various forms, for example, it may exist in the form of Digital Multimedia Broadcasting (DMB) Electronic Program Guide (EPG), Digital Video Broadcasting Handheld (DVB-H) Electronic Service Guide (ESG), and the like. . The broadcast receiving module 111 can receive a signal broadcast by using various types of broadcast systems. In particular, the broadcast receiving module 111 can use forward link media (MediaFLO) by using, for example, multimedia broadcast-terrestrial (DMB-T), digital multimedia broadcast-satellite (DMB-S), digital video broadcast-handheld (DVB-H) The digital broadcasting system of the @ ) data broadcasting system, the terrestrial digital broadcasting integrated service (ISDB-T), and the like receives digital broadcasting. The broadcast receiving module 111 can be constructed as various broadcast systems suitable for providing broadcast signals as well as the above-described digital broadcast system. The broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of storage medium).
移动通信模块112将无线电信号发送到基站(例如,接入点、节点B等等)、外部终端以及服务器中的至少一个和/或从其接收无线电信号。这样的无线电信号可以包括语音通话信号、视频通话信号、或者根据文本和/或多媒体消息发送和/或接收的各种类型的数据。The mobile communication module 112 transmits the radio signals to and/or receives radio signals from at least one of a base station (e.g., an access point, a Node B, etc.), an external terminal, and a server. Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received in accordance with text and/or multimedia messages.
无线互联网模块113支持移动终端100的无线互联网接入。无线互联网模块113可以内部或外部地耦接到终端。无线互联网模块113所涉及的无线互联网接入技术可以包括无线局域网(WLAN)、无线相容性认证(Wi-Fi)、无线宽带(Wibro)、全球微波互联接入(Wimax)、高速下行链 路分组接入(HSDPA)等等。The wireless internet module 113 supports wireless internet access of the mobile terminal 100. The wireless internet module 113 can be internally or externally coupled to the terminal. The wireless internet access technologies involved in the wireless internet module 113 may include wireless local area network (WLAN), wireless compatibility authentication (Wi-Fi), wireless broadband (Wibro), global microwave interconnection access (Wimax), and high-speed downlink. Road Packet Access (HSDPA) and more.
短程通信模块114是用于支持短程通信的模块。短程通信技术的一些示例包括蓝牙TM、射频识别(RFID)、红外数据协会(IrDA)、超宽带(UWB)、紫蜂TM等等。The short range communication module 114 is a module for supporting short range communication. Some examples of short-range communication technology include Bluetooth TM, a radio frequency identification (RFID), infrared data association (IrDA), ultra wideband (UWB), ZigBee, etc. TM.
位置信息模块115是用于检查或获取移动终端100的位置信息的模块。位置信息模块115的典型示例是全球定位系统(GPS)模块115。根据当前的技术,GPS模块115计算来自三个或更多卫星的距离信息和准确的时间信息并且对于计算的信息应用三角测量法,从而根据经度、纬度和高度准确地计算三维当前位置信息。当前,用于计算位置和时间信息的方法使用三颗卫星并且通过使用另外的一颗卫星校正计算出的位置和时间信息的误差。此外,GPS模块115能够通过实时地连续计算当前位置信息来计算速度信息。The location information module 115 is a module for checking or acquiring location information of the mobile terminal 100. A typical example of location information module 115 is Global Positioning System (GPS) module 115. According to the current technology, the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information to accurately calculate three-dimensional current position information based on longitude, latitude, and altitude. Currently, the method for calculating position and time information uses three satellites and corrects the calculated position and time information errors by using another satellite. Further, the GPS module 115 is capable of calculating speed information by continuously calculating current position information in real time.
A/V输入单元120用于接收音频或视频信号。A/V输入单元120可以包括相机121和麦克风122,相机121对在视频捕获模式或图像捕获模式中由图像捕获装置获得的静态图片或视频的图像数据进行处理。处理后的图像帧可以显示在显示单元151上。经相机121处理后的图像帧可以存储在存储器160(或其它存储介质)中或者经由无线通信单元110进行发送,可以根据移动终端100的构造提供两个或更多相机121。麦克风122可以在电话通话模式、记录模式、语音识别模式等等运行模式中经由麦克风接收声音(音频数据),并且能够将这样的声音处理为音频数据。处理后的音频(语音)数据可以在电话通话模式的情况下转换为可经由移动通信模块112发送到移动通信基站的格式输出。麦克风122可以实施各种类型的噪声消除(或抑制)算法以消除(或抑制)在接收和发送音频信号的过程中产生的噪声或者干扰。The A/V input unit 120 is for receiving an audio or video signal. The A/V input unit 120 may include a camera 121 and a microphone 122 that processes image data of still pictures or video obtained by the image capturing device in a video capturing mode or an image capturing mode. The processed image frame can be displayed on the display unit 151. The image frames processed by the camera 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 121 may be provided according to the configuration of the mobile terminal 100. The microphone 122 can receive sound (audio data) via a microphone in an operation mode of a telephone call mode, a recording mode, a voice recognition mode, and the like, and can process such sound as audio data. The processed audio (voice) data can be converted to a format output that can be transmitted to the mobile communication base station via the mobile communication module 112 in the case of a telephone call mode. The microphone 122 can implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated during the process of receiving and transmitting audio signals.
用户输入单元130可以根据用户输入的命令生成键输入数据以控制移 动终端100的各种操作。用户输入单元130允许用户输入各种类型的信息,并且可以包括键盘、锅仔片、触摸板(例如,检测由于被接触而导致的电阻、压力、电容等等的变化的触敏组件)、滚轮、摇杆等等。特别地,当触摸板以层的形式叠加在显示单元151上时,可以形成触摸屏。The user input unit 130 can generate key input data according to a command input by the user to control the shift. Various operations of the mobile terminal 100. The user input unit 130 allows the user to input various types of information, and may include a keyboard, a pot, a touch pad (eg, a touch sensitive component that detects changes in resistance, pressure, capacitance, etc. due to contact), a scroll wheel , rocker, etc. In particular, when the touch panel is superimposed on the display unit 151 in the form of a layer, a touch screen can be formed.
感测单元140检测移动终端100的当前状态,(例如,移动终端100的打开或关闭状态)、移动终端100的位置、用户对于移动终端100的接触(即,触摸输入)的有无、移动终端100的取向、移动终端100的加速或减速移动和方向等等,并且生成用于控制移动终端100的操作的命令或信号。例如,当移动终端100实施为滑动型移动电话时,感测单元140可以感测该滑动型电话是打开还是关闭。另外,感测单元140能够检测电源单元190是否提供电力或者接口单元170是否与外部装置耦接。The sensing unit 140 detects the current state of the mobile terminal 100 (eg, the open or closed state of the mobile terminal 100), the location of the mobile terminal 100, the presence or absence of contact (ie, touch input) by the user with the mobile terminal 100, and the mobile terminal. The orientation of 100, the acceleration or deceleration movement and direction of the mobile terminal 100, and the like, and generates a command or signal for controlling the operation of the mobile terminal 100. For example, when the mobile terminal 100 is implemented as a slide type mobile phone, the sensing unit 140 can sense whether the slide type phone is turned on or off. In addition, the sensing unit 140 can detect whether the power supply unit 190 provides power or whether the interface unit 170 is coupled to an external device.
接口单元170用作至少一个外部装置与移动终端100连接可以通过的接口。例如,外部装置可以包括有线或无线头戴式耳机端口、外部电源(或电池充电器)端口、有线或无线数据端口、存储卡端口(典型示例是通用串行总线USB端口)、用于连接具有识别模块的装置的端口、音频输入/输出(I/O)端口、视频I/O端口、耳机端口等等。识别模块可以是存储用于验证用户使用移动终端100的各种信息并且可以包括用户识别模块(UIM)、客户识别模块(SIM)、通用客户识别模块(USIM)等等。另外,具有识别模块的装置(下面称为“识别装置”)可以采取智能卡的形式,因此,识别装置可以经由端口或其它连接装置与移动终端100连接。The interface unit 170 serves as an interface through which at least one external device can connect with the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port (a typical example is a universal serial bus USB port), for connection having The port of the device that identifies the module, the audio input/output (I/O) port, the video I/O port, the headphone port, and so on. The identification module may be stored to verify various information used by the user using the mobile terminal 100 and may include a User Identification Module (UIM), a Customer Identification Module (SIM), a Universal Customer Identity Module (USIM), and the like. In addition, the device having the identification module (hereinafter referred to as "identification device") may take the form of a smart card, and thus the identification device may be connected to the mobile terminal 100 via a port or other connection device.
接口单元170可以用于接收来自外部装置的输入(例如,数据信息、电力等等)并且将接收到的输入传输到移动终端100内的一个或多个元件或者可以用于在移动终端100和外部装置之间传输数据。The interface unit 170 can be configured to receive input (eg, data information, power, etc.) from an external device and transmit the received input to one or more components within the mobile terminal 100 or can be used at the mobile terminal 100 and externally Data is transferred between devices.
另外,当移动终端100与外部底座连接时,接口单元170可以用作允许通过其将电力从底座提供到移动终端100的路径或者可以用作允许从底 座输入的各种命令信号通过其传输到移动终端100的路径。从底座输入的各种命令信号或电力可以用作用于识别移动终端100是否准确地安装在底座上的信号。In addition, when the mobile terminal 100 is connected to the external base, the interface unit 170 may function as a path through which power is supplied from the base to the mobile terminal 100 or may be used as a bottom allowing The various command signals input by the cradle are transmitted to the path of the mobile terminal 100 therethrough. Various command signals or power input from the base can be used as signals for identifying whether the mobile terminal 100 is accurately mounted on the base.
输出单元150被构造为以视觉、音频和/或触觉方式提供输出信号(例如,音频信号、视频信号、警报信号、振动信号等等)。输出单元150可以包括显示单元151、音频输出模块152、警报单元153等等。 Output unit 150 is configured to provide an output signal (eg, an audio signal, a video signal, an alarm signal, a vibration signal, etc.) in a visual, audio, and/or tactile manner. The output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.
显示单元151可以显示在移动终端100中处理的信息。例如,当移动终端100处于电话通话模式时,显示单元151可以显示与通话或其它通信(例如,文本消息收发、多媒体文件下载等等)相关的用户界面(UI)或图形用户界面(GUI)。当移动终端100处于视频通话模式或者图像捕获模式时,显示单元151可以显示捕获的图像和/或接收的图像、示出视频或图像以及相关功能的UI或GUI等等。The display unit 151 can display information processed in the mobile terminal 100. For example, when the mobile terminal 100 is in a phone call mode, the display unit 151 can display a user interface (UI) or a graphical user interface (GUI) related to a call or other communication (eg, text messaging, multimedia file download, etc.). When the mobile terminal 100 is in a video call mode or an image capturing mode, the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or image and related functions, and the like.
同时,当显示单元151和触摸板以层的形式彼此叠加以形成触摸屏时,显示单元151可以用作输入装置和输出装置。显示单元151可以包括液晶显示器(LCD)、薄膜晶体管LCD(TFT-LCD)、有机发光二极管(OLED)显示器、柔性显示器、三维(3D)显示器等等中的至少一种。这些显示器中的一些可以被构造为透明状以允许用户从外部观看,这可以称为透明显示器,典型的透明显示器可以例如为TOLED(透明有机发光二极管)显示器等等。根据特定想要的实施方式,移动终端100可以包括两个或更多显示单元(或其它显示装置),例如,移动终端100可以包括外部显示单元(未示出)和内部显示单元(未示出)。触摸屏可用于检测触摸输入压力以及触摸输入位置和触摸输入面积。Meanwhile, when the display unit 151 and the touch panel are superposed on each other in the form of a layer to form a touch screen, the display unit 151 can function as an input device and an output device. The display unit 151 may include at least one of a liquid crystal display (LCD), a thin film transistor LCD (TFT-LCD), an organic light emitting diode (OLED) display, a flexible display, a three-dimensional (3D) display, and the like. Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as a transparent display, and a typical transparent display may be, for example, a TOLED (Transparent Organic Light Emitting Diode) display or the like. According to a particular desired embodiment, the mobile terminal 100 may include two or more display units (or other display devices), for example, the mobile terminal 100 may include an external display unit (not shown) and an internal display unit (not shown) ). The touch screen can be used to detect touch input pressure as well as touch input position and touch input area.
音频输出模块152可以在移动终端100处于呼叫信号接收模式、通话模式、记录模式、语音识别模式、广播接收模式等等模式下时,将无线通信单元110接收的或者在存储器160中存储的音频数据转换音频信号并且 输出为声音。而且,音频输出模块152可以提供与移动终端100执行的特定功能相关的音频输出(例如,呼叫信号接收声音、消息接收声音等等)。音频输出模块152可以包括扬声器、蜂鸣器等等。The audio output module 152 may output audio data received by the wireless communication unit 110 or stored in the memory 160 when the mobile terminal 100 is in a call signal receiving mode, a call mode, a recording mode, a voice recognition mode, a broadcast receiving mode, and the like. Convert audio signals and The output is sound. Moreover, the audio output module 152 can provide audio output (eg, call signal reception sound, message reception sound, etc.) associated with a particular function performed by the mobile terminal 100. The audio output module 152 can include a speaker, a buzzer, and the like.
警报单元153可以提供输出以将事件的发生通知给移动终端100。典型的事件可以包括呼叫接收、消息接收、键信号输入、触摸输入等等。除了音频或视频输出之外,警报单元153可以以不同的方式提供输出以通知事件的发生。例如,警报单元153可以以振动的形式提供输出,当接收到呼叫、消息或一些其它进入通信(incoming communication)时,警报单元153可以提供触觉输出(即,振动)以将其通知给用户。通过提供这样的触觉输出,即使在用户的移动电话处于用户的口袋中时,用户也能够识别出各种事件的发生。警报单元153也可以经由显示单元151或音频输出模块152提供通知事件的发生的输出。The alarm unit 153 can provide an output to notify the mobile terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alert unit 153 can provide an output in a different manner to notify of the occurrence of an event. For example, the alarm unit 153 can provide an output in the form of vibrations, and when a call, message, or some other incoming communication is received, the alarm unit 153 can provide a tactile output (ie, vibration) to notify the user of it. By providing such a tactile output, the user is able to recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 can also provide an output of the notification event occurrence via the display unit 151 or the audio output module 152.
存储器160可以存储由控制器180执行的处理和控制操作的软件程序等等,或者可以暂时地存储已经输出或将要输出的数据(例如,电话簿、消息、静态图像、视频等等)。而且,存储器160可以存储关于当触摸施加到触摸屏时输出的各种方式的振动和音频信号的数据。The memory 160 may store a software program or the like that performs processing and control operations performed by the controller 180, or may temporarily store data (for example, a phone book, a message, a still image, a video, and the like) that has been output or is to be output. Moreover, the memory 160 can store data regarding vibrations and audio signals of various manners that are output when a touch is applied to the touch screen.
存储器160可以包括至少一种类型的存储介质,所述存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等等。而且,移动终端100可以与通过网络连接执行存储器160的存储功能的网络存储装置协作。The memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a random access memory (RAM), a static random access memory ( SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like. Moreover, the mobile terminal 100 can cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
控制器180通常控制移动终端100的总体操作。例如,控制器180执行与语音通话、数据通信、视频通话等等相关的控制和处理。另外,控制器180可以包括用于再现或回放多媒体数据的多媒体模块181,多媒体模块 181可以构造在控制器180内,或者可以构造为与控制器180分离。控制器180可以执行模式识别处理,以将在触摸屏上执行的手写输入或者图片绘制输入识别为字符或图像。The controller 180 typically controls the overall operation of the mobile terminal 100. For example, the controller 180 performs the control and processing associated with voice calls, data communications, video calls, and the like. In addition, the controller 180 may include a multimedia module 181 for reproducing or playing back multimedia data, a multimedia module 181 may be constructed within controller 180 or may be configured to be separate from controller 180. The controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
电源单元190在控制器180的控制下接收外部电力或内部电力并且提供操作各元件和组件所需的适当的电力。The power supply unit 190 receives external power or internal power under the control of the controller 180 and provides appropriate power required to operate the various components and components.
这里描述的各种实施方式可以以使用例如计算机软件、硬件或其任何组合的计算机可读介质来实施。对于硬件实施,这里描述的实施方式可以通过使用特定用途集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理装置(DSPD)、可编程逻辑装置(PLD)、现场可编程门阵列(FPGA)、处理器、控制器、微控制器、微处理器、被设计为执行这里描述的功能的电子单元中的至少一种来实施,在一些情况下,这样的实施方式可以在控制器180中实施。对于软件实施,诸如过程或功能的实施方式可以与允许执行至少一种功能或操作的单独的软件模块来实施。软件代码可以由以任何适当的编程语言编写的软件应用程序(或程序)来实施,软件代码可以存储在存储器160中并且由控制器180执行。The various embodiments described herein can be implemented in a computer readable medium using, for example, computer software, hardware, or any combination thereof. For hardware implementations, the embodiments described herein may be through the use of application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays ( An FPGA, a processor, a controller, a microcontroller, a microprocessor, at least one of the electronic units designed to perform the functions described herein, in some cases, such an embodiment may be at the controller 180 Implemented in the middle. For software implementations, implementations such as procedures or functions may be implemented with separate software modules that permit the execution of at least one function or operation. The software code can be implemented by a software application (or program) written in any suitable programming language, which can be stored in memory 160 and executed by controller 180.
至此,已经按照其功能描述了移动终端100。下面,为了简要起见,将描述诸如折叠型、直板型、摆动型、滑动型移动终端100等等的各种类型的移动终端100中的滑动型移动终端100作为示例。因此,本发明能够应用于任何类型的移动终端100,并且不限于滑动型移动终端100。So far, the mobile terminal 100 has been described in terms of its function. Hereinafter, for the sake of brevity, the slide type mobile terminal 100 in various types of mobile terminals 100 such as a folding type, a bar type, a swing type, a slide type mobile terminal 100, and the like will be described as an example. Therefore, the present invention can be applied to any type of mobile terminal 100, and is not limited to the slide type mobile terminal 100.
如图1中所示的移动终端100可以被构造为利用经由帧或分组发送数据的诸如有线和无线通信系统以及基于卫星的通信系统来操作。The mobile terminal 100 as shown in FIG. 1 may be configured to operate using a communication system such as a wired and wireless communication system and a satellite-based communication system that transmits data via frames or packets.
现在将参考图2描述其中根据本发明的移动终端100能够操作的通信系统。A communication system in which the mobile terminal 100 according to the present invention can operate will now be described with reference to FIG.
这样的通信系统可以使用不同的空中接口和/或物理层。例如,由通信系统使用的空中接口包括例如频分多址(FDMA)、时分多址(TDMA)、码 分多址(CDMA)和通用移动通信系统(UMTS)(特别地,长期演进(LTE))、全球移动通信系统(GSM)等等。作为非限制性示例,下面的描述涉及CDMA通信系统,但是这样的教导同样适用于其它类型的系统。Such communication systems may use different air interfaces and/or physical layers. For example, the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), code. Divisional Multiple Access (CDMA) and Universal Mobile Telecommunications System (UMTS) (particularly, Long Term Evolution (LTE)), Global System for Mobile Communications (GSM), and the like. As a non-limiting example, the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
参考图2,CDMA无线通信系统可以包括多个移动终端100、多个基站(BS)270、基站控制器(BSC)275和移动交换中心(MSC)280。MSC 280被构造为与公共电话交换网络(PSTN)290形成接口。MSC 280还被构造为与可以经由回程线路耦接到基站270的BSC 275形成接口。回程线路可以根据若干已知的接口中的任一种来构造,所述接口包括例如E1/T1、ATM、IP、PPP、帧中继、HDSL、ADSL或xDSL。将理解的是,如图2中所示的系统可以包括多个BSC 2750。Referring to FIG. 2, a CDMA wireless communication system can include a plurality of mobile terminals 100, a plurality of base stations (BS) 270, a base station controller (BSC) 275, and a mobile switching center (MSC) 280. The MSC 280 is configured to interface with a public switched telephone network (PSTN) 290. The MSC 280 is also configured to interface with a BSC 275 that can be coupled to the base station 270 via a backhaul line. The backhaul line can be constructed in accordance with any of a number of known interfaces including, for example, E1/T1, ATM, IP, PPP, Frame Relay, HDSL, ADSL, or xDSL. It will be appreciated that the system as shown in FIG. 2 may include multiple BSCs 2750.
每个BS 270可以服务一个或多个分区(或区域),由多向天线或指向特定方向的天线覆盖的每个分区放射状地远离BS 270。或者,每个分区可以由用于分集接收的两个或更多天线覆盖。每个BS 270可以被构造为支持多个频率分配,并且每个频率分配具有特定频谱(例如,1.25MHz,5MHz等等)。Each BS 270 can serve one or more partitions (or regions), with each partition covered by a multi-directional antenna or an antenna pointing in a particular direction radially away from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS 270 can be configured to support multiple frequency allocations, and each frequency allocation has a particular frequency spectrum (eg, 1.25 MHz, 5 MHz, etc.).
分区与频率分配的交叉可以被称为CDMA信道。BS 270也可以被称为基站收发器子系统(BTS)或者其它等效术语。在这样的情况下,术语“基站”可以用于笼统地表示单个BSC 275和至少一个BS 270。基站也可以被称为“蜂窝站”。或者,特定BS 270的各分区可以被称为多个蜂窝站。The intersection of partitioning and frequency allocation can be referred to as a CDMA channel. BS 270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology. In such a case, the term "base station" can be used to generally mean a single BSC 275 and at least one BS 270. A base station can also be referred to as a "cell station." Alternatively, each partition of a particular BS 270 may be referred to as multiple cellular stations.
如图2中所示,广播发射器(BT)295将广播信号发送给在系统内操作的移动终端100。如图1中所示的广播接收模块111被设置在移动终端100处以接收由BT295发送的广播信号。在图2中,示出了几个卫星300,例如可以采用全球定位系统(GPS)卫星300。卫星300帮助定位多个移动终端100中的至少一个。As shown in FIG. 2, a broadcast transmitter (BT) 295 transmits a broadcast signal to the mobile terminal 100 operating within the system. A broadcast receiving module 111 as shown in FIG. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295. In Figure 2, several satellites 300 are shown, for example, a Global Positioning System (GPS) satellite 300 can be employed. The satellite 300 helps locate at least one of the plurality of mobile terminals 100.
在图2中,描绘了多个卫星300,但是理解的是,可以利用任何数目的 卫星获得有用的定位信息。如图1中所示的GPS模块115通常被构造为与卫星300配合以获得想要的定位信息。替代GPS跟踪技术或者在GPS跟踪技术之外,可以使用可以跟踪移动终端100的位置的其它技术。另外,至少一个GPS卫星300可以选择性地或者额外地处理卫星DMB传输。In Figure 2, a plurality of satellites 300 are depicted, but it is understood that any number of The satellite gets useful positioning information. The GPS module 115 as shown in Figure 1 is typically configured to cooperate with the satellite 300 to obtain desired positioning information. Instead of GPS tracking techniques or in addition to GPS tracking techniques, other techniques that can track the location of the mobile terminal 100 can be used. Additionally, at least one GPS satellite 300 can selectively or additionally process satellite DMB transmissions.
作为无线通信系统的一个典型操作,BS 270接收来自各种移动终端100的反向链路信号。移动终端100通常参与通话、消息收发和其它类型的通信。特定基站270接收的每个反向链路信号被在特定BS 270内进行处理。获得的数据被转发给相关的BSC 275。BSC提供通话资源分配和包括BS 270之间的软切换过程的协调的移动管理功能。BSC275还将接收到的数据路由到MSC 280,其提供用于与PSTN 290形成接口的额外的路由服务。类似地,PSTN 290与MSC 280形成接口,MSC与BSC 275形成接口,并且BSC 275相应地控制BS 270以将正向链路信号发送到移动终端100。As a typical operation of a wireless communication system, BS 270 receives reverse link signals from various mobile terminals 100. Mobile terminal 100 typically participates in calls, messaging, and other types of communications. Each reverse link signal received by a particular base station 270 is processed within a particular BS 270. The obtained data is forwarded to the relevant BSC 275. The BSC provides call resource allocation and coordinated mobility management functions including a soft handoff procedure between the BSs 270. The BSC 275 also routes the received data to the MSC 280, which provides additional routing services for interfacing with the PSTN 290. Similarly, PSTN 290 interfaces with MSC 280, which forms an interface with BSC 275, and BSC 275 controls BS 270 accordingly to transmit forward link signals to mobile terminal 100.
基于上述移动终端100硬件结构以及通信系统,提出本发明方法各个实施例。Based on the above-described hardware structure of the mobile terminal 100 and the communication system, various embodiments of the method of the present invention are proposed.
基于上述移动终端硬件结构以及通信系统,提出本发明各个实施例。Various embodiments of the present invention are proposed based on the above-described mobile terminal hardware structure and communication system.
实施例一Embodiment 1
图3为本发明的实施例一的一种基于虚拟用户识别卡的统一账号登录处理方法的流程图,下面结合图3来描述本发明的一个实施例的一种基于虚拟用户识别卡统一账号登录处理方法,如图3所示,一种基于虚拟用户识别卡统一账号登录处理方法,包括:FIG. 3 is a flowchart of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 1 of the present invention. FIG. 3 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention. The processing method, as shown in FIG. 3, is a unified account login processing method based on a virtual subscriber identity card, including:
步骤101,服务器通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系。Step 101: The server sets a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and constructs a mapping relationship between the unified login account of the user and an account of a different application of the user.
虚拟用户识别卡是指移动终端中以软件方式维护的配置为支持移动终端接入到运营商的通信网络的鉴权信息,移动终端不设置实体的用户识别 模块即可接入通信网络使用语音或者数据通信功能。由于虚拟用户识别卡中存储了配置为唯一识别用户的鉴权信息,因此基于虚拟用户识别卡设置用户的统一登录账号,可以实施为将虚拟用户识别卡中的鉴权信息设置为用户的统一登录账号,或者,在鉴权信息具有保密需求的情况下,实施为采用单向不不可逆的加密算法对鉴权信息进行加密得到的加密信息作为用户的统一登录账号,当然,实际应用中,为了便于用户记忆,还可以将鉴权信息或者加密信息进行再次变换为便于用户识别和记忆的统一登录账号(包括用户名,可选地,还可以包括密码)。The virtual subscriber identity card refers to the authentication information in the mobile terminal that is configured in the software mode to support the mobile terminal to access the communication network of the operator, and the mobile terminal does not set the entity identification of the entity. The module can access the communication network using voice or data communication functions. Since the virtual subscriber identity card stores the authentication information configured to uniquely identify the user, setting the user's unified login account based on the virtual subscriber identity card may be implemented to set the authentication information in the virtual subscriber identity card to the user's unified login. The account number, or in the case where the authentication information has a security requirement, is implemented as a unified login account obtained by encrypting the authentication information by using a one-way irreversible encryption algorithm. Of course, in practical applications, The user can also re-transform the authentication information or the encrypted information into a unified login account (including a user name, optionally, a password) that is convenient for the user to recognize and memorize.
实际应用中,服务器可以实施为单个服务器或服务器集合(如认证服务器和访问控制服务器)。In practice, the server can be implemented as a single server or collection of servers (such as an authentication server and an access control server).
对于一个移动终端用户来说,可能在移动终端中安装多个应用,如游戏应用、音乐客户端、电子邮箱(客户端)、即时通信应用、电子银行(客户端)等,每个应用具有对立的账号(包括用户名,可选地,还包括密码)将基于用户的移动终端中虚拟用户识别卡设置的针对用户的统一登账号,与用户在移动终端安装的各种应用的账号进行关联形成映射关系。For a mobile terminal user, it is possible to install multiple applications in the mobile terminal, such as a game application, a music client, an email (client), an instant messaging application, an electronic banking (client), etc., each application has a contradiction The account number (including the user name, optionally, including the password) is based on the unified account number of the user set by the virtual user identification card in the user's mobile terminal, and is associated with the account of the various applications installed by the user on the mobile terminal. Mapping relations.
在与用户的统一登录账号对应的不同应用的账号具有不同的安全等级,不同的应用账号的安全等级可以由用户手动设置,也可以由服务器自动设置。示例性地,所述安全等级包括:只读安全等级、普通安全等级、高级安全等级及最高安全等级。The accounts of different applications corresponding to the unified login account of the user have different security levels, and the security levels of different application accounts may be manually set by the user, or may be automatically set by the server. Illustratively, the security levels include: a read-only security level, a general security level, an advanced security level, and a highest security level.
步骤102,服务器基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证。Step 102: The server performs judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user.
服务器基于所述映射关系、所述用户所使用的统一登录账号确定用户所请求使用的应用对应的账号,判断认证用户是否可以使用对应的账号登录服务器。The server determines the account corresponding to the application requested by the user based on the mapping relationship and the unified login account used by the user, and determines whether the authenticated user can log in to the server by using the corresponding account.
每一个账号对应一个安全控制策略,示例性地,不同安全等级的账号 采用的安全控制策略和不同。Each account corresponds to a security control policy, and exemplary, accounts with different security levels The security control strategy adopted is different.
步骤103,服务器基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断。Step 103: The server determines, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application.
用户的每个应用的账号对应一个访问控制策略,示例性地,不同安全等级的账号采用的访问控制策略不同。所述访问控制策略配置为基于所述用户请求使用的应用的账号的安全等级、以及所述安全等级的应用的账号具有的对应所述应用的访问权限;所述安全等级包括:只读安全等级、普通安全等级、高级安全等级及最高安全等级。示例性地,访问权限的类型可以包括:应用的全部访问权限(也就是可以对应用进行任意操作)和应用的只读权限(也就是在应用中只有读取的权限)。The account of each application of the user corresponds to an access control policy. Illustratively, the access control policies adopted by the accounts of different security levels are different. The access control policy is configured to be based on a security level of an account of an application requested by the user, and an access authority of the application of the security level corresponding to the application; the security level includes: a read-only security level , general security level, advanced security level and highest security level. Illustratively, the type of access rights may include: all access rights of the application (ie, any operation can be performed on the application) and read-only permissions of the application (that is, only read permissions in the application).
步骤104,服务器根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。Step 104: The server controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
需要指出的是,本实施例以及后续实施例中记载的服务器可以实施为单个服务器、多服务器或者服务器集群的形式,示例性地,根据服务器实现的不同功能,例如形成映射关系、对用户进行验证以及对控制访问权限,可以实施为映射关系服务器、认证服务器和访问权限控制器。It should be noted that the servers described in this embodiment and subsequent embodiments may be implemented in the form of a single server, multiple servers, or server clusters. Illustratively, according to different functions implemented by the server, for example, forming a mapping relationship and authenticating the user. And the control access rights can be implemented as a mapping relationship server, an authentication server, and an access authority controller.
在本实施例中,本发明通过基于虚拟用户识别卡在服务器中构建一个统一的包括映射关系的账号系统,不同安全等级的账号采用不同的安全控制策略和访问控制策略,例如当用户设置完成不同应用的账号的安全等级之后,对应安全等级较低的账号如只读安全等级的账号,服务器在进行认证可以不强制用户每次使用账号登录都输入用户名密码,从而提高了账号的自动登录的便捷性和高效性。In this embodiment, the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different. After the security level of the applied account, the account with the lower security level, such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
实施例二Embodiment 2
基于实施例一,图4为本发明的实施例二的一种基于虚拟用户识别卡统一账号登录处理方法的示意图;如图4所示,在设置用户的统一登录账 号与用户的各种应用的账号的映射关系后,如果用户需要使用移动终端以请求使用某个应用的账号,例如使用游戏应用的账号或使用电子银行的账号,服务器经由移动终端对用户进行验证,例如采用口令验证方式和/或生物特征验证输入方式验证用户,合法用户的口令以及生物特征已经预先采集并维护在服务器和移动终端至少之一。Based on the first embodiment, FIG. 4 is a schematic diagram of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 2 of the present invention; as shown in FIG. 4, a unified login account of a user is set. After the number is mapped to the account of the user's various applications, if the user needs to use the mobile terminal to request to use an account of an application, for example, using an account of the game application or using an account of the electronic bank, the server authenticates the user via the mobile terminal. For example, the user is authenticated by using a password verification method and/or a biometric authentication input method, and the password and biometrics of the legitimate user have been previously collected and maintained at least one of the server and the mobile terminal.
在验证通过时,基于所述映射关系、用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号;基于所述用户请求使用的应用对应的账号确定账号对应的安全控制策略,示例性地,所述安全控制策略配置为控制以下至少之一:And determining, according to the mapping relationship, the unified login account used by the user, the account corresponding to the application requested by the user in the mapping relationship; determining the account corresponding to the account corresponding to the application used by the user request Security control policy, exemplarily, the security control policy is configured to control at least one of the following:
1)使用所述移动终端的用户的验证的方式,验证的方式包括:口令验证方式和生物特征(例如指纹、虹膜、声纹、掌纹等生物特征)验证方式。1) Using the manner of verification of the user of the mobile terminal, the manner of verification includes: a password verification method and a verification method of biometrics (eg, biometrics such as fingerprint, iris, voiceprint, palm print, etc.).
2)对使用所述移动终端的用户的重新验证的触发条件,包括所述移动终端的用户的生物特征发生变更,也就是在使用移动终端的用户的生物特征变化时对用户重新进行验证。2) A trigger condition for re-authentication of a user using the mobile terminal, including a change in the biometrics of the user of the mobile terminal, that is, re-authentication of the user when the biometric of the user using the mobile terminal changes.
3)在移动终端的应用的生物特征发生变化时,对所述移动终端的用户的重新进行验证的提示方式,包括一次提醒和有限次数(大于一次)提醒。3) When the biometric of the application of the mobile terminal changes, the prompting manner for re-verifying the user of the mobile terminal includes a reminder and a limited number of times (greater than one time).
4)基于安全控制策略为用户在所请求使用的应用对应的应用服务器进行登录,以使用户可以基于账号使用应用;如果验证未通过,则不会为用户登录所请求用的应用。4) Based on the security control policy, the user logs in to the application server corresponding to the requested application, so that the user can use the application based on the account; if the verification fails, the user is not logged in to the requested application.
在本实施例中,在用户使用移动终端之前,利用口令验证方式、生物特征验证方式至少之一对用户进行验证,对于验证通过的用户才基于用户请求使用的应用所对应的账号为用户登录相应的应用服务器,对于在验证没有通过时则不为用户登录所请求使用应用的应用服务器,从而提高了账号登录的高效性和便捷性。In this embodiment, before the user uses the mobile terminal, the user is authenticated by using at least one of the password verification mode and the biometric verification mode, and the user corresponding to the application requested by the user is logged in according to the account corresponding to the application requested by the user. The application server improves the efficiency and convenience of account login for the application server that does not log in to the user when the authentication is not passed.
实施例三 Embodiment 3
图5为本发明的实施例三的一种基于虚拟用户识别卡统一账号登录方法中投建用户的统一登录账号与用户的不同的应用的账号的映射关系的示意图。FIG. 5 is a schematic diagram of a mapping relationship between a unified login account of a built-in user and an account of a different application of the user in the unified account login method of the virtual subscriber identity card according to the third embodiment of the present invention.
如图5所示,所述账号,包括:只读安全等级账号、普通安全等级账号、高级安全等级账号及最高安全等级账号。如图5所示,所述统一登录账号与只读安全等级账号为随机映射;所述统一登录账号与普通安全等级账号为普通映射;所述统一登录账号与高级安全等级账号为高级映射;所述统一登录账号与最高安全等级账号为最高映射。As shown in FIG. 5, the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account. As shown in FIG. 5, the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
作为前述实施例一步骤102至步骤104的一个可选的实施方式,包括以下几种情况:As an optional implementation manner of the foregoing step 102 to step 104 of the first embodiment, the following situations are included:
1)对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号;当移动终端用户请求登录只读安全等级的应用时,基于映射关系确定用户请求使用的应用对应的账号的安全等级,所述用户请求使用的应用的账号为只读安全等级账号时,为用户分配通过资源池分配的随机账号,为用户以匿名游客或者最低优先级权限的账号的方式在应用的应用服务器完成登录浏览,为用户分配针对应用的只读权限,在用户使用应用的过程中不对用户再次进行验证。1) verifying, by the user using the mobile terminal, at least one of a password verification mode and a biometric verification mode; and determining the mapping relationship based on the mapping relationship and the unified login account used by the user when the verification is passed The account corresponding to the application requested by the user; when the mobile terminal user requests to log in to the application of the read-only security level, the security level of the account corresponding to the application requested by the user is determined based on the mapping relationship, and the application requested by the user is used. When the account is a read-only security level account, the user is assigned a random account assigned through the resource pool, and the user completes the login browsing on the application server of the application by means of an anonymous visitor or an account with the lowest priority authority, and assigns the user only to the application. Read permission, the user is not verified again during the user's use of the application.
2)对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;2) verifying, by using at least one of a password verification mode and a biometric verification mode, the user using the mobile terminal, and determining the mapping relationship based on the mapping relationship and the unified login account used by the user when the verification is passed. The security level of the account corresponding to the application requested by the user;
当移动终端用户请求登录只读安全等级的应用时,基于映射关系确定用户请求使用的应用对应的账号,所述用户请求使用的应用的账号为普通 安全等级账号时,通过用户针对该应用预先设置的账号,或者用户在请求登录应用时输入对应的账号为用户在应用的应用服务器进行一次性登录,这样用户之后的使用过程中不需要再次输入账号信息,并为用户分配针对应用的全部使用权限,如果通过移动终端检测到用户的统一登录账号发生变化,服务器通过移动终端提醒一次移动终端的用户发生变化,并使移动终端对用户进行验证;When the mobile terminal user requests to log in to the application of the read-only security level, the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is normal. In the security level account, the user logs in to the application server for the application by using the account set in advance for the application, or when the user inputs the corresponding account when requesting to log in to the application, so that the user does not need to input the account again during the subsequent use of the user. Information, and allocating all the usage rights for the application to the user. If the mobile terminal detects that the user's unified login account has changed, the server reminds the mobile terminal that the user of the mobile terminal changes and the mobile terminal authenticates the user;
3)对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;3) verifying, by using at least one of a password verification mode and a biometric verification mode, the user using the mobile terminal, and determining the mapping relationship based on the mapping relationship and the unified login account used by the user when the verification is passed The security level of the account corresponding to the application requested by the user;
当移动终端用户请求登录只读安全等级的应用时,基于映射关系确定用户请求使用的应用对应的账号,所述用户请求使用的应用的账号为高级安全等级账号时,通过用户针对该应用预先设置的账号,或者用户在请求登录应用时输入对应的账号为用户在应用的应用服务器进行一次性登录,,这样用户之后的使用过程中不需要再次输入账号信息,并为用户分配针对应用的全部使用权限,如果检测到用户的统一登录账号发生变化,服务器通过移动终端提醒至少两次移动终端的用户发生变化,并使移动终端对用户进行验证,在验证通过时将验证通过的生物特征与移动终端的统一登录账号绑定并维护在移动终端和服务器至少之一,配置为后续对用户验证。When the mobile terminal user requests to log in to the application of the read-only security level, the account corresponding to the application requested by the user is determined based on the mapping relationship, and when the account of the application requested by the user is an advanced security level account, the user presets for the application. The account number, or the user inputting the corresponding account when requesting to log in to the application, is a one-time login for the user in the application server of the application, so that the user does not need to input the account information again during the subsequent use, and allocate all the use for the application for the user. Permission, if it is detected that the user's unified login account has changed, the server reminds the mobile terminal to change the user of the mobile terminal at least twice, and causes the mobile terminal to verify the user, and the biometric and mobile terminal that will pass the verification when the verification passes The unified login account is bound and maintained on at least one of the mobile terminal and the server, configured for subsequent user authentication.
4)对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;4) verifying, by the user using the mobile terminal, at least one of a password verification mode and a biometric verification mode; and determining the mapping relationship based on the mapping relationship and the unified login account used by the user when the verification is passed The security level of the account corresponding to the application requested by the user;
当移动终端用户请求登录只读安全等级的应用时,基于映射关系确定用户请求使用的应用对应的账号,所述用户请求使用的应用的账号为高级 安全等级账号时最高安全等级账号时,服务器确定移动终端对当前用户所采用的验证方式,在当前用户同时通过口令验证和生物特征验证时,为用户分配针对应用的全部使用权限;When the mobile terminal user requests to log in to the application of the read-only security level, the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is advanced. When the security level account is the highest security level account, the server determines the authentication mode adopted by the mobile terminal for the current user, and allocates all the usage rights for the application to the user when the current user simultaneously passes the password verification and biometric verification;
对于采用口令验证或生物特征验证通过的用户分配所请求使用应用的使用权限,不为用户分配针对应用的使用权限;For the user permission to use the application by password authentication or biometric authentication, the user is not assigned the usage right for the application;
如果检测到用户的生物特征发生变化,服务器通过移动终端提醒移动终端的用户发生变化,为所述移动终端的当前用户解除针对所述应用之前所作的登录;为了保证安全性,与安全等级的账号的处理方式不同,服务器直接解除应用的登录状态,不会对当前用户进行验证,也不会为当前用户的新生物特征的添加授权验证,其它用户无法使用登录最高安全等级账号。If it is detected that the biometric of the user changes, the server reminds the user of the mobile terminal to change through the mobile terminal, and cancels the login made for the current user for the current user of the mobile terminal; in order to ensure security, the account with the security level The processing method is different. The server directly cancels the login status of the application, does not verify the current user, and does not add authorization verification for the new biometric feature of the current user. Other users cannot use the login maximum security level account.
可见,四种映射对应不同的安全控制策略和访问控制策略。通过虚拟用户识别卡形成的统一登录账号而与不同安全等级的账号构建映射关系,用户设置完成之后,不需每次都输入用户名密码登录就可以登录常用的互联网应用,从而提高了账号的自动登录的便捷性、高效性和安全性。It can be seen that the four mappings correspond to different security control policies and access control policies. The unified login account formed by the virtual user identification card is used to construct a mapping relationship with the account of different security levels. After the user is set, the user can log in to the commonly used Internet application without entering the user name and password every time, thereby improving the automatic account. Convenience, efficiency and security of login.
在本实施例中,只读安全等级账号,包括:偶然登入的某个论坛的账号;所述普通安全等级账号,包括:电子游戏账号、在线音乐账号;所述高级安全等级账号,包括:电子邮箱账号、即时通信账号;所述最高安全等级账号,包括:电子银行应用账号、第三方支付应用账号等。In this embodiment, the read-only security level account includes: an account of a forum that is accidentally logged in; the general security level account includes: a video game account, an online music account; the advanced security level account, including: Email account, instant messaging account; the highest security level account, including: electronic banking application account, third-party payment application account, and the like.
通过虚拟用户识别卡设置用户的统一登录账号,构建所述统一登录账号与不同应用账号之间的映射关系,以虚拟用户识别卡作为识别用户的为起点和中心,采用手动输入不同应用的账号的安全等级的方式,在服务器中构建针对用户的不同安全等级的账号系统,对于只读安全等级账号和普通安全等级账号也可以采用系统自动方法进行构建。用户设置完成不同账号的安全等级之后,在请求登录某个应用时,由服务器基于映射关系确定 应用对应的账号,根据安全等级为用户登录应用,不需每次都输入用户名密码登录,从而提高了账号的自动登录的便捷性、高效性和安全性。The virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed. The virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input. In the security level mode, an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account. After the user sets the security level of different accounts, when the server requests to log in to an application, the server determines based on the mapping relationship. Apply the corresponding account and log in to the application according to the security level. You do not need to enter the user name and password to log in every time, which improves the convenience, efficiency and security of the automatic login of the account.
实施例四Embodiment 4
图6为本发明的实施例四的一种基于虚拟用户识别卡统一账号登录处理服务器的示范性结构框图;如图6所示,本发明实施例提供的一种基于虚拟用户识别卡统一账号登录处理服务器400,包括:FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to Embodiment 4 of the present invention; FIG. 6 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention; The processing server 400 includes:
映射单元401,配置为通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;The mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
认证单元402,配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
访问控制单元403,配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。And controlling, according to the judgment result, the access authority of the user to the application after logging in to the application based on the account.
在本实施例中,本发明通过基于虚拟用户识别卡在服务器中构建一个统一的包括映射关系的账号系统,不同安全等级的账号采用不同的安全控制策略和访问控制策略,例如当用户设置完成不同应用的账号的安全等级之后,对应安全等级较低的账号如只读安全等级的账号,服务器在进行认证可以不强制用户每次使用账号登录都输入用户名密码,从而提高了账号的自动登录的便捷性和高效性。In this embodiment, the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different. After the security level of the applied account, the account with the lower security level, such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
实施例五Embodiment 5
基于实施例四,本发明实施例提供的一种基于虚拟用户识别卡统一账号登录处理服务器,包括: Based on Embodiment 4, a unified account login processing server based on a virtual subscriber identity card according to an embodiment of the present invention includes:
映射单元401,配置为通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;The mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
认证单元402,配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
访问控制单元403,配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。The access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request, and control the user to log in based on the account according to the determination result. The access authority to the application after the application.
所述映射单元采用如下方式构建映射关系:根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。The mapping unit constructs a mapping relationship according to the security level of the different accounts of the user, and constructs a mapping relationship between the account of different security levels of the user and the unified login account of the user; Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
参见图4,所述认证单元采用如下方式移动终端的用户进行验证:对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。Referring to FIG. 4, the authentication unit performs verification by using a user of the mobile terminal by using at least one of a password verification mode and a biometric verification mode; and when the verification is passed, based on the mapping relationship The unified login account used by the user determines the security level of the account corresponding to the application requested by the user in the mapping relationship; the security level of the account corresponding to the application used by the user request is the user login The application requested to use.
如图5所示,所述账号,包括:只读安全等级账号、普通安全等级账号、高级安全等级账号及最高安全等级账号。如图5所示,所述统一登录账号与只读安全等级账号为随机映射;所述统一登录账号与普通安全等级账号为普通映射;所述统一登录账号与高级安全等级账号为高级映射;所述统一登录账号与最高安全等级账号为最高映射。 As shown in FIG. 5, the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account. As shown in FIG. 5, the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
基于图5,所述认证单元基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用,包括以下几种方式:Based on FIG. 5, the authentication unit is based on the security level of the account corresponding to the application that the user requests to use, and the application is used by the user to log in, including the following methods:
1)所述访问控制单元,还配置为当所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;1) The access control unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random The account is logged in to the application for the user;
2)所述访问控制单元,还配置为当所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;2) The access control unit is further configured to: when the account of the application requested by the user is an ordinary security level account, use the user to use the application by using an account of the application set in advance or the user requests And inputting the account corresponding to the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
3)所述访问控制单元,还配置为当所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;The access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, when the account of the application preset by the user or the user requests to use the application Entering an account corresponding to the application, logging the application to the user at one time; performing a preset number of reminders greater than one time when detecting that the biometric of the user of the mobile terminal changes, and re-writing the User verification;
4)所述访问控制单元,还配置为当所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。4) The access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the verification An account of the application preset by the user or an account corresponding to the application that is input when the user requests to use the application, logging in to the application for the user; when detecting the user of the mobile terminal The user of the mobile terminal releases the login for the application when the biometric changes.
访问控制单元根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限,包括以下方式,The access control unit controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account, including the following manner,
1)访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿 名游客的访问权限或者最低优先级权限;1) an access control unit, configured to: when the result of the determination indicates that the account of the application requested by the user is a read-only security level account, the user is assigned to the application Visitor access or minimum priority authority;
2)访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;2) The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
3)所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a normal security level account, all the usage rights of the user for the application are allocated;
4)所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
5)所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric verification mode. When the login account is logged into the mobile terminal, all the usage rights of the user for the application are assigned.
在本实施例中,只读安全等级账号,包括:偶然登入的某个论坛的账号;所述普通安全等级账号,包括:电子游戏账号、在线音乐账号;所述高级安全等级账号,包括:电子邮箱账号、即时通信账号;所述最高安全等级账号,包括:电子银行应用账号、第三方支付应用账号等。In this embodiment, the read-only security level account includes: an account of a forum that is accidentally logged in; the general security level account includes: a video game account, an online music account; the advanced security level account, including: Email account, instant messaging account; the highest security level account, including: electronic banking application account, third-party payment application account, and the like.
通过虚拟用户识别卡设置用户的统一登录账号,构建所述统一登录账号与不同应用账号之间的映射关系,以虚拟用户识别卡作为识别用户的为起点和中心,采用手动输入不同应用的账号的安全等级的方式,在服务器中构建针对用户的不同安全等级的账号系统,对于只读安全等级账号和普通安全等级账号也可以采用系统自动方法进行构建。用户设置完成不同账号的安全等级之后,在请求登录某个应用时,由服务器基于映射关系确定应用对应的账号,根据安全等级为用户登录应用,不需每次都输入用户名 密码登录,从而提高了账号的自动登录的便捷性、高效性和安全性。The virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed. The virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input. In the security level mode, an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account. After the user sets the security level of the different accounts, when requesting to log in to an application, the server determines the account corresponding to the application based on the mapping relationship, and logs the application for the user according to the security level, and does not need to input the user name each time. The password is logged in, which improves the convenience, efficiency and security of the automatic login of the account.
实施例六Embodiment 6
图7为本发明的实施例七的一种基于虚拟用户识别卡统一账号登录系统的示范性结构框图。如图7所示,本发明所述的一种基于虚拟用户识别卡统一账号登录系统,包括:设置有虚拟用户识别卡的移动终端100、认证服务器500及访问控制服务器600。FIG. 7 is a block diagram showing an exemplary structure of a unified account login system based on a virtual subscriber identity card according to Embodiment 7 of the present invention. As shown in FIG. 7, a unified account registration system based on a virtual subscriber identity card according to the present invention includes: a mobile terminal 100 provided with a virtual subscriber identity card, an authentication server 500, and an access control server 600.
认证服务器,配置为通过所述移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;An authentication server configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user ;
所述认证服务器,还配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The authentication server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
所述访问控制服务器,还配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The access control server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
所述访问控制服务器,还配置为根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。The access control server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
所述认证服务器,还配置为根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。The authentication server is further configured to: according to the security level of the user indicating the different accounts of the user, construct a mapping relationship between the account of different security levels of the user and the unified login account of the user; or, automatically The mapping relationship between the read-only security level account of the different users and the unified login account of the corresponding user is constructed, and the mapping relationship between the common security level account of different users and the unified login account of the corresponding user is automatically constructed.
所述认证服务器,还配置为控制所述移动终端对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;The authentication server is further configured to control, by the mobile terminal, at least one of a password verification mode and a biometric verification mode by using a user of the mobile terminal;
所述认证服务器还配置为验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级; The authentication server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
所述认证服务器,还配置为基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The authentication server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
所述认证服务器,还配置为所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;The authentication server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random account. The user logs in to the application;
所述认证服务器,还配置为所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;The authentication server is further configured to use, when the account of the application requested by the user is an ordinary security level account, use the account of the application set by the user or the corresponding input when the user requests to use the application. The account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a reminder is performed, and the user is re-verified;
所述认证服务器,还配置为所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;The authentication server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application The account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a preset number of reminders greater than one time is performed, and the user is re-verified;
所述认证服务器,还配置为所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。And the authentication server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the user is preset by the user when the verification is passed. The account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when the biometric of the user of the mobile terminal is detected to change The login for the application is released for the user of the mobile terminal.
所述访问控制服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限:The access control server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access authority or the lowest priority assigned to the anonymous visitor of the application for the application Level permissions:
所述访问控制服务器,还配置为当所述判断结果指示所述用户请求使 用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;The access control server is further configured to: when the determination result indicates that the user requests to make When the account of the used application is a read-only security level account, the user is assigned read-only permission for the application;
所述访问控制服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
所述访问控制服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
所述访问控制服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The access control server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account. When the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
本实施例通过虚拟用户识别卡设置用户的统一账号登录信息,并构建统一账号登录信息与不同应用账号,譬如社交应用、电子邮箱之间的映射关系,当登录终端的某应用或者登陆某网站时,通过认证服务器对登录时获取的统一登录账号进行判断认证,认证通过,则直接为用户登入该应用或者某网站,同时,访问控制服务器根据其安全等级限定其访问控制的内容,可见,本发明通过以虚拟用户识别卡为中心在服务器构建的一个统一的账号系统,用户设置完成之后,不需每次都输入用户名密码即可登录常用的互联网应用,从而提高了账号的自动登录的便捷性、高效性和安全性。In this embodiment, the user's unified account login information is set by the virtual user identification card, and the unified account login information and the different application accounts, such as the mapping relationship between the social application and the email mailbox, are constructed, when logging in to an application of the terminal or logging in to a website. The authentication server authenticates the unified login account obtained by the login server. If the authentication is passed, the user or the website is directly logged into the application, and the access control server defines the content of the access control according to the security level. By using a virtual subscriber identity card as the center to build a unified account system on the server, after the user is set up, you can log in to the commonly used Internet application without entering the username and password each time, thus improving the convenience of automatic login of the account. , efficiency and safety.
在本实施例中,认证服务器以不同安全等级的方式记录了不同安全等级的账号。为了保证安全,认证服务器可以考虑分布式部署,对于安全等级有要求的账号,以加密形式记录在移动终端本地为最佳。In this embodiment, the authentication server records accounts of different security levels in different security levels. To ensure security, the authentication server can consider distributed deployment. It is best to record the account with the required security level in the encrypted form locally on the mobile terminal.
实施例八Example eight
本实施例提供一种计算机存储介质,所述计算机存储介质中存储有 可执行指令,所述可执行指令用于执行本发明实施例提供的账号登录处理方法。The embodiment provides a computer storage medium, where the computer storage medium stores The executable instruction is used to execute the account login processing method provided by the embodiment of the present invention.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is to be understood that the term "comprises", "comprising", or any other variants thereof, is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a series of elements includes those elements. It also includes other elements that are not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.

Claims (20)

  1. 一种账号登录处理方法,包括:An account login processing method includes:
    通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;Setting a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and constructing a mapping relationship between the unified login account of the user and an account of a different application of the user;
    基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;Determining and authenticating the application used by the user login request based on the mapping relationship and the unified login account used by the user;
    基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;Determining, by the user, the security level of the account corresponding to the application, based on the mapping relationship and the unified login account of the user;
    根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。And controlling, according to the judgment result, the access authority of the user to the application after logging in to the application based on the account.
  2. 根据权利要求1所述的账号登录处理方法,其中,所述每一个统一登录账号对应一个安全控制策略和一个访问控制策略;The account login processing method according to claim 1, wherein each of the unified login accounts corresponds to one security control policy and one access control policy;
    所述安全控制策略用于控制以下至少之一:The security control policy is used to control at least one of the following:
    使用所述移动终端的用户的验证的方式,验证的方式包括:口令验证方式和生物特征验证方式;The manner of verification using the manner of verification by the user of the mobile terminal includes: a password verification method and a biometric verification method;
    对使用所述移动终端的用户的重新验证的触发条件,包括所述移动终端的用户的生物特征发生变更;a trigger condition for re-authentication of a user using the mobile terminal, including a change in a biometric of a user of the mobile terminal;
    对所述移动终端的用户的重新进行验证的提示方式,包括一次提醒和有限次数提醒;The prompting method for re-verifying the user of the mobile terminal includes a reminder and a limited number of reminders;
    所述访问控制策略用于基于所述用户请求使用的应用的账号的安全等级、以及所述安全等级的应用的账号具有的对应所述应用的访问权限;The access control policy is used for a security level of an account based on an application requested by the user, and an access authority of the application of the security level corresponding to the application;
    所述安全等级包括:只读安全等级、普通安全等级、高级安全等级及最高安全等级。The security levels include: read-only security level, general security level, advanced security level, and highest security level.
  3. 根据权利要求1所述的一种账号登录处理方法,其中,所述构建所 述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系,包括:An account login processing method according to claim 1, wherein the construction site The mapping relationship between the unified login account of the user and the account of the different application of the user includes:
    根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;And establishing, according to the security level of the different accounts of the user, the mapping relationship between the account of different security levels of the user and the unified login account of the user;
    或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  4. 根据权利要求1所述的账号登录处理方法,其中,所述基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证,包括:The account login processing method according to claim 1, wherein the determining and authenticating the application used by the user login request based on the mapping relationship and the unified login account used by the user includes:
    对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;Performing verification on at least one of a password verification method and a biometric verification method for a user using the mobile terminal;
    验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;And determining, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
    基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The security level of the account corresponding to the application used based on the user request is the application requested by the user to log in.
  5. 根据权利要求4所述的账号登录处理方法,其中,所述基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用,包括:The account login processing method according to claim 4, wherein the security level of the account corresponding to the application that is used by the user request is an application that is requested to be used by the user to log in, including:
    所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号,以基于所分配的随机账号为所述用户登录所述应用;When the account of the application requested by the user is a read-only security level account, the user allocates a random account of the application through the resource pool to log in to the application for the user based on the allocated random account;
    所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述 移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;When the account of the application requested by the user is a normal security level account, the user uses the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application. The user logs in to the application once; when the A reminder is made when the biometrics of the user of the mobile terminal changes, and the user is re-verified;
    所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;When the account of the application requested by the user is an advanced security level account, the account of the application set by the user in advance or the account corresponding to the application input when the user requests to use the application is The user logs in to the application in one time; when detecting that the biometric of the user of the mobile terminal changes, performs a preset number of reminders greater than one time, and re-verifies the user;
    所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。When the account of the application requested by the user is the highest security level account, the user is authenticated based on the password authentication method and the biometric verification mode, and the account or the application of the application preset by the user is verified when the user passes the verification. Determining, by the user, an account corresponding to the application that is input when the user uses the application, logging in to the application for the user; and detecting the user of the mobile terminal when the biometric of the user of the mobile terminal is changed. Unregister the app.
  6. 根据权利要求1所述的账号登录处理方法,其中,所述根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限,包括:The account login processing method according to claim 1, wherein the controlling the access authority of the user to the application after logging in to the application based on the account, according to the determination result, includes:
    所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限:When the judgment result indicates that the account of the application requested by the user is a read-only security level account, the user has the access right or the lowest priority authority assigned to the anonymous visitor of the application:
    所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;When the judgment result indicates that the account of the application requested by the user is a read-only security level account, the user is assigned read-only permission for the application;
    所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;When the judgment result indicates that the account of the application requested by the user is a normal security level account, all the usage rights of the user for the application are allocated;
    所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限; When the judgment result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
    所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。When the judgment result indicates that the account of the application requested by the user is the highest security level account, and the user logs in to the mobile terminal by using the unified login account based on the password login and the biometric authentication mode, the user is assigned to the mobile terminal. The user's full usage rights for the application.
  7. 一种服务器,包括:A server that includes:
    映射单元,配置为通过移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;a mapping unit, configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
    认证单元,配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The authentication unit is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
    访问控制单元,配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The access control unit is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
    根据判断结果控制所述用户基于所述账号登录所述应用后对所述应用的访问权限。And controlling, according to the judgment result, the access authority of the user to the application after logging in to the application based on the account.
  8. 根据权利要求7所述的服务器,其中,The server according to claim 7, wherein
    所述映射单元,还配置为根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;The mapping unit is further configured to: according to the security level of the user indicating the different accounts of the user, construct a mapping relationship between the account of different security levels of the user and the unified login account of the user;
    或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  9. 根据权利要求7所述的服务器,其中,The server according to claim 7, wherein
    所述认证单元,还配置为对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;The authentication unit is further configured to perform verification on at least one of a password verification mode and a biometric verification mode by a user using the mobile terminal;
    所述认证单元,还配置为验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对 应的账号的安全等级;The authentication unit is further configured to determine, according to the mapping relationship, the unified login account used by the user, the application pair that is used by the user in the mapping relationship. The security level of the account number;
    所述认证单元,还配置为基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The authentication unit is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  10. 根据权利要求9所述的服务器,其中,The server according to claim 9, wherein
    所述认证单元,还配置为当所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;The authentication unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random account. The user logs in to the application;
    所述访问控制单元,还配置为当所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证;The access control unit is further configured to use, when the account of the application requested by the user is an ordinary security level account, input by using the account of the application set by the user or the user requesting to use the application. Corresponding to the account of the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
    所述访问控制单元,还配置为当所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;The access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the user inputs the request when using the application Corresponding to the account of the application, logging in to the application for the user; performing a preset number of reminders greater than once when detecting that the biometric of the user of the mobile terminal changes, and re-performing the user verification;
    所述访问控制单元,还配置为当所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。The access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the user when the verification is passed. Pre-set the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting the biometric of the user of the mobile terminal When the change occurs, the user of the mobile terminal is released from the login for the application.
  11. 根据权利要求7所述的服务器,其中,The server according to claim 7, wherein
    所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用 的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限;The access control unit is further configured to: when the determination result indicates that the user requests to use When the account of the application is a read-only security level account, the user's access rights or lowest priority rights are assigned to the anonymous visitors of the application;
    所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
    所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
    所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
    所述访问控制单元,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account. When the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
  12. 一种账号登录处理系统,包括:服务器和设置有虚拟用户识别卡的移动终端;An account login processing system includes: a server and a mobile terminal provided with a virtual subscriber identity card;
    所述服务器,配置为通过所述移动终端中的虚拟用户识别卡设置所述移动终端的用户的统一登录账号,构建所述用户的统一登录账号与所述用户的不同应用的账号之间的映射关系;The server is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping between the unified login account of the user and an account of a different application of the user. relationship;
    所述服务器,还配置为基于所述映射关系、所述用户所使用的统一登录账号,对所述用户登录请求使用的应用进行判断认证;The server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
    所述服务器,还配置为基于所述映射关系、以及所述用户的统一登录账号,对所述用户请求使用应用对应的账号的安全等级进行判断;The server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request by the user;
    所述服务器,还配置为根据判断结果控制所述用户基于所述账号登录 所述应用后对所述应用的访问权限。The server is further configured to control, according to the determination result, the user to log in based on the account The access authority to the application after the application.
  13. 根据权利要求12所述的系统,其中,The system of claim 12, wherein
    所述服务器,还配置为根据所述用户指示所述用户的不同账号的安全等级,构建所述用户的不同安全等级的账号与所述用户的统一登录账号之间的映射关系;The server is further configured to construct a mapping relationship between an account of a different security level of the user and a unified login account of the user according to the security level of the user indicating the different accounts of the user;
    或者,自动构建不同用户的只读安全等级账号和与相应用户的统一登录账号之间的映射关系,自动构建不同用户的普通安全等级账号与相应用户的统一登录账号之间的映射关系。Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  14. 根据权利要求12所述的系统,其中,The system of claim 12, wherein
    所述服务器,还配置为控制所述移动终端对使用所述移动终端的用户采用口令验证方式和生物特征验证方式至少之一进行验证;The server is further configured to control, by the mobile terminal, at least one of a password verification mode and a biometric verification mode by using a user of the mobile terminal;
    所述服务器,还配置为验证通过时,基于所述映射关系、所述用户所使用的统一登录账号,确定所述映射关系中所述用户请求使用的应用对应的账号的安全等级;The server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
    所述服务器,还配置为基于所述用户请求使用的应用对应的账号的安全等级为所述用户登录所请求使用的应用。The server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  15. 根据权利要求14所述的系统,其中,The system of claim 14 wherein
    所述服务器,还配置为所述用户请求使用的应用的账号为只读安全等级账号时,通过资源池分配给所述用户使用所述应用的随机账号以基于所分配的随机账号为所述用户登录所述应用;The server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to use the allocated random account as the user. Log in to the application;
    所述服务器,还配置为所述用户请求使用的应用的账号为普通安全等级账号时,使用所述用户通过预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行一次提醒,并重新对所述用户进行验证; The server is further configured to use, when the account of the application requested by the user is an ordinary security level account, use the account of the application set by the user or the corresponding input when the user requests to use the application. An account of the application, the user is logged in to the application for one time; when it is detected that the biometric of the user of the mobile terminal changes, a reminder is performed, and the user is re-verified;
    所述服务器,还配置为所述用户请求使用的应用的账号为高级安全等级账号时,通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时进行大于一次的预设数量的提醒,并重新对所述用户进行验证;The server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application Applying an account for the user to log in to the application for one time; when detecting that the biometric of the user of the mobile terminal changes, performing a preset number of reminders greater than one time, and re-authenticating the user;
    所述服务器,还配置为所述用户请求使用的应用的账号为最高安全等级账号时,对所述用户基于口令严验证方式和生物特征验证方式进行验证,验证通过时通过所述用户预先设置的所述应用的账号或者所述用户请求使用所述应用时输入的对应所述应用的账号,为所述用户一次性登录所述应用;当检测到所述移动终端的用户的生物特征发生变化时为所述移动终端的用户解除针对所述应用的登录。The server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the pre-set by the user when the verification is passed. The account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting that the biometric of the user of the mobile terminal changes The login for the application is released for the user of the mobile terminal.
  16. 根据权利要求12所述的系统,其中,The system of claim 12, wherein
    所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的匿名游客的访问权限或者最低优先级权限:The server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access rights or the lowest priority rights of the anonymous visitors to the application are allocated to the user. :
    所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为只读安全等级账号时,分配给所述用户针对所述应用的只读权限;The server is further configured to: when the determining result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated read-only permission for the application;
    所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为普通安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
    所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为高级安全等级账号时,分配给所述用户针对所述应用的全部使用权限;The server is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
    所述服务器,还配置为当所述判断结果指示所述用户请求使用的应用的账号为最高安全等级账号时,且所述用户是基于口令登录和生物特征验 证方式以所述统一登录账号登录所述移动终端时,分配给所述用户针对所述应用的全部使用权限。The server is further configured to: when the judgment result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric check When the login mode is used to log in to the mobile terminal by using the unified login account, all the usage rights of the user for the application are allocated.
  17. 根据权利要求12所述的系统,其中,The system of claim 12, wherein
    所述每一个统一登录账号对应一个安全控制策略和一个访问控制策略。Each of the unified login accounts corresponds to a security control policy and an access control policy.
  18. 根据权利要求17所述的系统,其中,The system of claim 17 wherein
    所述安全控制策略用于控制以下至少之一:The security control policy is used to control at least one of the following:
    使用所述移动终端的用户的验证的方式,验证的方式包括:口令验证方式和生物特征验证方式;The manner of verification using the manner of verification by the user of the mobile terminal includes: a password verification method and a biometric verification method;
    对使用所述移动终端的用户的重新验证的触发条件,包括所述移动终端的用户的生物特征发生变更;a trigger condition for re-authentication of a user using the mobile terminal, including a change in a biometric of a user of the mobile terminal;
    对所述移动终端的用户的重新进行验证的提示方式,包括一次提醒和有限次数提醒。The prompting method for re-verifying the user of the mobile terminal includes a reminder and a limited number of reminders.
  19. 根据权利要求17所述的系统,其中,The system of claim 17 wherein
    所述访问控制策略用于基于所述用户请求使用的应用的账号的安全等级、以及所述安全等级的应用的账号具有的对应所述应用的访问权限;The access control policy is used for a security level of an account based on an application requested by the user, and an access authority of the application of the security level corresponding to the application;
    所述安全等级包括:只读安全等级、普通安全等级、高级安全等级及最高安全等级。The security levels include: read-only security level, general security level, advanced security level, and highest security level.
  20. 一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行权利要求1-6任一项所述的账号登录处理方法。 A computer storage medium storing executable instructions for executing the account login processing method according to any one of claims 1-6.
PCT/CN2016/081189 2015-05-06 2016-05-05 Account login processing method, server and system therefor, and computer storage medium WO2016177342A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510227573.2A CN104980429A (en) 2015-05-06 2015-05-06 Method, device and system for unified account login based on virtual user identification card
CN201510227573.2 2015-05-06

Publications (1)

Publication Number Publication Date
WO2016177342A1 true WO2016177342A1 (en) 2016-11-10

Family

ID=54276534

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/081189 WO2016177342A1 (en) 2015-05-06 2016-05-05 Account login processing method, server and system therefor, and computer storage medium

Country Status (2)

Country Link
CN (1) CN104980429A (en)
WO (1) WO2016177342A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111467809A (en) * 2020-03-06 2020-07-31 苏州澳盛网络发展有限公司 Game user information management system
CN114499905A (en) * 2020-11-12 2022-05-13 腾讯科技(深圳)有限公司 Method and device for changing and binding application account, computer equipment and storage medium

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980429A (en) * 2015-05-06 2015-10-14 努比亚技术有限公司 Method, device and system for unified account login based on virtual user identification card
CN105933339B (en) * 2016-06-24 2019-04-12 宇龙计算机通信科技(深圳)有限公司 A kind of application login method and mobile terminal
CN106603547B (en) * 2016-12-23 2022-03-18 中科星图股份有限公司 Unified login method
CN107864114B (en) * 2016-12-28 2019-12-17 平安科技(深圳)有限公司 Group insurance account login method and system
CN106888223B (en) * 2017-04-26 2020-04-17 维沃移动通信有限公司 User account login method and mobile terminal
CN108768993A (en) * 2018-05-21 2018-11-06 深圳市云谷创新科技有限公司 The method and apparatus that associated terminal logs in
CN108900519B (en) * 2018-07-10 2021-04-06 国网电子商务有限公司 Unified login method, device and system for multiple electronic service channels
CN110795712B (en) * 2020-01-03 2020-05-22 北京信安世纪科技股份有限公司 Login authentication method and device
CN111914223B (en) * 2020-07-28 2023-10-24 杭州浙大东南土地研究所有限公司 Urban and rural homeland resource data integrated management method, system and storage medium
CN115001786B (en) * 2022-05-26 2024-01-12 浙江零跑科技股份有限公司 Implementation method of intelligent cabin face-associated individual application account
CN117692256B (en) * 2024-02-02 2024-04-09 烟台软图信息科技有限公司 Network office method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (en) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 A single-point login system and method for integrated isomerous system
CN101783795A (en) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 Security level authentication method and system
WO2010144470A2 (en) * 2009-06-08 2010-12-16 Qualcomm Incorporated Method and apparatus for switching virtual sim service contracts when roaming
CN102461271A (en) * 2009-06-08 2012-05-16 高通股份有限公司 Method and apparatus for switching virtual sim service contracts based upon a user profile
CN103036899A (en) * 2012-12-25 2013-04-10 广东欧珀移动通信有限公司 Method and system of automatic login user account
CN104980429A (en) * 2015-05-06 2015-10-14 努比亚技术有限公司 Method, device and system for unified account login based on virtual user identification card

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045375B (en) * 2009-10-22 2013-09-11 华为技术有限公司 Remote command interaction method and bastion host
CN103402203B (en) * 2013-07-30 2017-08-25 努比亚技术有限公司 Fast access method and device based on bio-identification
CN104283885B (en) * 2014-10-14 2017-07-28 中国科学院信息工程研究所 A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (en) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 A single-point login system and method for integrated isomerous system
WO2010144470A2 (en) * 2009-06-08 2010-12-16 Qualcomm Incorporated Method and apparatus for switching virtual sim service contracts when roaming
CN102461271A (en) * 2009-06-08 2012-05-16 高通股份有限公司 Method and apparatus for switching virtual sim service contracts based upon a user profile
CN101783795A (en) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 Security level authentication method and system
CN103036899A (en) * 2012-12-25 2013-04-10 广东欧珀移动通信有限公司 Method and system of automatic login user account
CN104980429A (en) * 2015-05-06 2015-10-14 努比亚技术有限公司 Method, device and system for unified account login based on virtual user identification card

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111467809A (en) * 2020-03-06 2020-07-31 苏州澳盛网络发展有限公司 Game user information management system
CN114499905A (en) * 2020-11-12 2022-05-13 腾讯科技(深圳)有限公司 Method and device for changing and binding application account, computer equipment and storage medium
CN114499905B (en) * 2020-11-12 2023-07-28 腾讯科技(深圳)有限公司 Method, device, computer equipment and storage medium for binding application account replacement

Also Published As

Publication number Publication date
CN104980429A (en) 2015-10-14

Similar Documents

Publication Publication Date Title
WO2016177342A1 (en) Account login processing method, server and system therefor, and computer storage medium
US9961088B2 (en) Systems and methods for geolocation-based authentication and authorization
US10623962B2 (en) System and method for geo-location-based mobile user authentication
US8600355B1 (en) Systems and methods for authenticating applications for access to secure data using identity modules
US9112866B2 (en) Methods and devices for controlling access to computing resources
US9301139B2 (en) System and method for multifactor authentication and login through smart wrist watch using near field communication
JP6001816B1 (en) Managing wireless network login password sharing
US8836472B2 (en) Combining navigation and fingerprint sensing
US8990906B2 (en) Methods and systems for replacing shared secrets over networks
KR20170096117A (en) Security and permission architecture in a multi-tenant computing system
US20120089847A1 (en) Method of obtaining authorization for accessing a service
CN105100415B (en) Login method, mobile terminal
US20130227664A1 (en) Central biometric verification service
CA2793445C (en) Combining navigation and fingerprint sensing
US20160171220A1 (en) Display control method and apparatus and display device comprising same
JP2012506594A (en) Managing user authentication
WO2016188319A1 (en) Virtual sim card information management method, apparatus and mobile terminal
US10993090B2 (en) Network access method, apparatus, and system
WO2015035936A1 (en) Identity authentication method, identity authentication apparatus, and identity authentication system
WO2016173442A1 (en) Communication service processing method, mobile terminal and server
US20220116404A1 (en) Methods and systems for adaptive multi-factored geo-location based document access rights management and enforcement
CA2807583C (en) Method of obtaining authorization for accessing a service
CN104809406A (en) Method and device for safe file sharing
CA2778736C (en) Methods and devices for controlling access to computing resources
US10127407B2 (en) Location defined power charger management authorization for a user equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16789336

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/04/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16789336

Country of ref document: EP

Kind code of ref document: A1