WO2016177342A1 - Procédé de traitement d'une ouverture de session de compte, serveur et système associés et support de stockage informatique - Google Patents

Procédé de traitement d'une ouverture de session de compte, serveur et système associés et support de stockage informatique Download PDF

Info

Publication number
WO2016177342A1
WO2016177342A1 PCT/CN2016/081189 CN2016081189W WO2016177342A1 WO 2016177342 A1 WO2016177342 A1 WO 2016177342A1 CN 2016081189 W CN2016081189 W CN 2016081189W WO 2016177342 A1 WO2016177342 A1 WO 2016177342A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
account
application
security level
mobile terminal
Prior art date
Application number
PCT/CN2016/081189
Other languages
English (en)
Chinese (zh)
Inventor
申世安
张立海
Original Assignee
努比亚技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 努比亚技术有限公司 filed Critical 努比亚技术有限公司
Publication of WO2016177342A1 publication Critical patent/WO2016177342A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates to an account management technology in the field of communications, and in particular, to an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card.
  • the user needs to log in to each of the various mobile Internet-based applications currently used by the mobile terminal (including the user name and password).
  • the naming rules of the account are also different.
  • the main purpose of the embodiments of the present invention is to provide an account login processing method, a server and a system, and a computer storage medium based on a virtual subscriber identity card, which are convenient, efficient, and secure for registering accounts of different applications.
  • an embodiment of the present invention provides an account login processing method, including:
  • Controlling according to the judgment result, the user, after logging in to the application based on the account, to the application Access rights.
  • each unified login account corresponds to one security control policy and one access control policy
  • the security control policy is used to control at least one of the following:
  • the manner of verification using the manner of verification by the user of the mobile terminal includes: a password verification method and a biometric verification method;
  • a trigger condition for re-authentication of a user using the mobile terminal including a change in a biometric of a user of the mobile terminal
  • the prompting method for re-verifying the user of the mobile terminal includes a reminder and a limited number of reminders
  • the access control policy is used for a security level of an account based on an application requested by the user, and an access authority of the application of the security level corresponding to the application;
  • the security levels include: read-only security level, general security level, advanced security level, and highest security level.
  • mapping relationship between the unified login account of the user and the account of the different application of the user is included, including:
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the determining, according to the mapping relationship, the unified login account used by the user, the application that is used by the user login request includes:
  • mapping relationship determining, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the security level of the account corresponding to the application used based on the user request is the application requested by the user to log in.
  • the security level of the account corresponding to the application that is used by the user request is an application that is requested to be used by the user to log in, including:
  • the user allocates a random account of the application through the resource pool to log in to the application for the user based on the allocated random account;
  • the user uses the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application.
  • the user logs in to the application once; when the biometric of the user of the mobile terminal is detected to be changed, a reminder is performed, and the user is re-verified;
  • the account of the application requested by the user is an advanced security level account
  • the account of the application set by the user in advance or the account corresponding to the application input when the user requests to use the application is The user logs in to the application in one time; when detecting that the biometric of the user of the mobile terminal changes, performs a preset number of reminders greater than one time, and re-verifies the user;
  • the user When the account of the application requested by the user is the highest security level account, the user is authenticated based on the password authentication method and the biometric verification mode, and the account or the application of the application preset by the user is verified when the user passes the verification. Determining, by the user, an account corresponding to the application that is input when the user uses the application, logging in to the application for the user; and detecting the user of the mobile terminal when the biometric of the user of the mobile terminal is changed. Unregister the app.
  • controlling, by the determining, the access rights of the user to the application after logging in to the application based on the account includes:
  • the user has the access right or the lowest priority authority assigned to the anonymous visitor of the application:
  • the user When the judgment result indicates that the account of the application requested by the user is the highest security level account, and the user logs in to the mobile terminal by using the unified login account based on the password login and the biometric authentication mode, the user is assigned to the mobile terminal. The user's full usage rights for the application.
  • an embodiment of the present invention provides a server, including:
  • mapping unit configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the mapping unit is further configured to indicate different users according to the user a security level of the account, a mapping relationship between an account of a different security level of the user and a unified login account of the user;
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication unit is further configured to perform verification on at least one of a password verification manner and a biometric verification manner by a user using the mobile terminal;
  • the authentication unit is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the authentication unit is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the authentication unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated A random account is used to log in to the application for the user;
  • the access control unit is further configured to use, when the account of the application requested by the user is an ordinary security level account, input by using the account of the application set by the user or the user requesting to use the application. Corresponding to the account of the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the user inputs the request when using the application Corresponding to the account of the application, logging in to the application for the user; performing a preset number of reminders greater than once when detecting that the biometric of the user of the mobile terminal changes, and re-performing the user Verification
  • the access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the user when the verification is passed. Pre-set the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting the biometric of the user of the mobile terminal When the change occurs, the user of the mobile terminal is released from the login for the application.
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated to the anonymous visitor of the application. Permission or lowest priority authority;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account.
  • the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
  • an embodiment of the present invention provides an account login processing system, including: a server and a mobile terminal provided with a virtual subscriber identity card;
  • the server configured to set the virtual subscriber identity card in the mobile terminal a unified login account of the user of the mobile terminal, and a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request by the user;
  • the server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the server is further configured to: according to the security level of the user indicating different accounts of the user, construct a mapping relationship between an account of a different security level of the user and a unified login account of the user;
  • mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the server is further configured to control, by the mobile terminal, at least one of a password verification manner and a biometric verification manner to be used by a user using the mobile terminal;
  • the server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate, by the resource pool, the user to use the random account of the application to be based on the allocated random account. Logging in to the application for the user;
  • the server is further configured to: the account of the application requested by the user is normal security, etc.
  • the account is a level
  • the user is logged in to the application for the user by using the account of the application set in advance or the account corresponding to the application that is input when the user requests to use the application; Performing a reminder when the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application Applying an account for the user to log in to the application for one time; when detecting that the biometric of the user of the mobile terminal changes, performing a preset number of reminders greater than one time, and re-authenticating the user;
  • the server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the pre-set by the user when the verification is passed.
  • the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when detecting that the biometric of the user of the mobile terminal changes The login for the application is released for the user of the mobile terminal.
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access rights of the anonymous visitors to the application or Minimum priority permissions:
  • the server is further configured to: when the determining result indicates that the account of the application requested by the user is a read-only security level account, the user is allocated read-only permission for the application;
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the server is further configured to allocate, to the user, all uses of the application when the determination result indicates that the account of the application requested by the user is an advanced security level account. Permission
  • the server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user logs in with the unified login account based on the password login and the biometric authentication mode.
  • the mobile terminal When the mobile terminal is described, all the usage rights of the user for the application are assigned.
  • an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores executable instructions, and the executable instructions are used to execute an account login processing method provided by an embodiment of the present invention.
  • the embodiment of the present invention provides a unified account login processing method based on a virtual user identification card.
  • the present invention constructs a unified system for processing an account login by using a virtual user identification card as a center, and after setting the mapping relationship, the user does not need to Each time you enter your account information, you can log in to a common Internet application, which improves the convenience, efficiency, and security of automatic account login.
  • FIG. 1 is a schematic structural diagram of hardware of a mobile terminal that implements various embodiments of the present invention
  • FIG. 2 is a schematic diagram of a wireless communication system of the mobile terminal shown in FIG. 1;
  • FIG. 3 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for processing a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a unified account login method based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to an embodiment of the present invention
  • FIG. 7 is a unified account login process based on a virtual subscriber identity card according to an embodiment of the present invention.
  • the mobile terminal can be implemented in various forms.
  • the terminals described in the present invention may include, for example, mobile phones, smart phones, notebook computers, digital broadcast receivers, personal digital assistants (PDAs), tablet computers (PADs), portable multimedia players (PMPs), navigation devices, and the like.
  • Mobile terminals and fixed terminals such as digital TVs, desktop computers, and the like.
  • the terminal is a mobile terminal.
  • PDAs personal digital assistants
  • PADs tablet computers
  • PMPs portable multimedia players
  • Mobile terminals and fixed terminals such as digital TVs, desktop computers, and the like.
  • the terminal is a mobile terminal.
  • configurations in accordance with embodiments of the present invention can be applied to fixed type terminals in addition to components that are specifically for mobile purposes.
  • FIG. 1 is a schematic diagram showing the hardware structure of a mobile terminal 100 that implements various embodiments of the present invention.
  • the mobile terminal 100 may include a wireless communication unit 110, an audio/video (A/V) input unit 120, and a user input unit 130.
  • FIG. 1 illustrates a mobile terminal 100 having various components, but it should be understood that not all illustrated components are required to be implemented. More or fewer components can be implemented instead. The elements of the mobile terminal 100 will be described in detail below.
  • Wireless communication unit 110 typically includes one or more components that permit radio communication between mobile terminal 100 and a wireless communication system or network.
  • the wireless communication unit 110 may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.
  • the broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel.
  • the broadcast channel can include a satellite channel and/or a terrestrial channel.
  • the broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to the terminal.
  • the broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like.
  • the broadcast signal may further include a broadcast signal combined with a TV or radio broadcast signal.
  • the broadcast associated information may also be provided via a mobile communication network, and in this case, the broadcast associated information may be received by the mobile communication module 112.
  • the broadcast signal may exist in various forms, for example, it may exist in the form of Digital Multimedia Broadcasting (DMB) Electronic Program Guide (EPG), Digital Video Broadcasting Handheld (DVB-H) Electronic Service Guide (ESG), and the like.
  • the broadcast receiving module 111 can receive a signal broadcast by using various types of broadcast systems.
  • the broadcast receiving module 111 can use forward link media (MediaFLO) by using, for example, multimedia broadcast-terrestrial (DMB-T), digital multimedia broadcast-satellite (DMB-S), digital video broadcast-handheld (DVB-H)
  • MediaFLO forward link media
  • the digital broadcasting system of the @ ) data broadcasting system, the terrestrial digital broadcasting integrated service (ISDB-T), and the like receives digital broadcasting.
  • the broadcast receiving module 111 can be constructed as various broadcast systems suitable for providing broadcast signals as well as the above-described digital broadcast system.
  • the broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of
  • the mobile communication module 112 transmits the radio signals to and/or receives radio signals from at least one of a base station (e.g., an access point, a Node B, etc.), an external terminal, and a server.
  • a base station e.g., an access point, a Node B, etc.
  • Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received in accordance with text and/or multimedia messages.
  • the wireless internet module 113 supports wireless internet access of the mobile terminal 100.
  • the wireless internet module 113 can be internally or externally coupled to the terminal.
  • the wireless internet access technologies involved in the wireless internet module 113 may include wireless local area network (WLAN), wireless compatibility authentication (Wi-Fi), wireless broadband (Wibro), global microwave interconnection access (Wimax), and high-speed downlink. Road Packet Access (HSDPA) and more.
  • the short range communication module 114 is a module for supporting short range communication.
  • Some examples of short-range communication technology include Bluetooth TM, a radio frequency identification (RFID), infrared data association (IrDA), ultra wideband (UWB), ZigBee, etc. TM.
  • the location information module 115 is a module for checking or acquiring location information of the mobile terminal 100.
  • a typical example of location information module 115 is Global Positioning System (GPS) module 115.
  • GPS Global Positioning System
  • the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information to accurately calculate three-dimensional current position information based on longitude, latitude, and altitude.
  • the method for calculating position and time information uses three satellites and corrects the calculated position and time information errors by using another satellite.
  • the GPS module 115 is capable of calculating speed information by continuously calculating current position information in real time.
  • the A/V input unit 120 is for receiving an audio or video signal.
  • the A/V input unit 120 may include a camera 121 and a microphone 122 that processes image data of still pictures or video obtained by the image capturing device in a video capturing mode or an image capturing mode.
  • the processed image frame can be displayed on the display unit 151.
  • the image frames processed by the camera 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 121 may be provided according to the configuration of the mobile terminal 100.
  • the microphone 122 can receive sound (audio data) via a microphone in an operation mode of a telephone call mode, a recording mode, a voice recognition mode, and the like, and can process such sound as audio data.
  • the processed audio (voice) data can be converted to a format output that can be transmitted to the mobile communication base station via the mobile communication module 112 in the case of a telephone call mode.
  • the microphone 122 can implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated during the process of receiving and transmitting audio signals.
  • the user input unit 130 can generate key input data according to a command input by the user to control the shift. Various operations of the mobile terminal 100.
  • the user input unit 130 allows the user to input various types of information, and may include a keyboard, a pot, a touch pad (eg, a touch sensitive component that detects changes in resistance, pressure, capacitance, etc. due to contact), a scroll wheel , rocker, etc.
  • a touch screen can be formed.
  • the sensing unit 140 detects the current state of the mobile terminal 100 (eg, the open or closed state of the mobile terminal 100), the location of the mobile terminal 100, the presence or absence of contact (ie, touch input) by the user with the mobile terminal 100, and the mobile terminal.
  • the sensing unit 140 can sense whether the slide type phone is turned on or off.
  • the sensing unit 140 can detect whether the power supply unit 190 provides power or whether the interface unit 170 is coupled to an external device.
  • the interface unit 170 serves as an interface through which at least one external device can connect with the mobile terminal 100.
  • the external device may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port (a typical example is a universal serial bus USB port), for connection having The port of the device that identifies the module, the audio input/output (I/O) port, the video I/O port, the headphone port, and so on.
  • the identification module may be stored to verify various information used by the user using the mobile terminal 100 and may include a User Identification Module (UIM), a Customer Identification Module (SIM), a Universal Customer Identity Module (USIM), and the like.
  • the device having the identification module (hereinafter referred to as "identification device”) may take the form of a smart card, and thus the identification device may be connected to the mobile terminal 100 via a port or other connection device.
  • the interface unit 170 can be configured to receive input (eg, data information, power, etc.) from an external device and transmit the received input to one or more components within the mobile terminal 100 or can be used at the mobile terminal 100 and externally Data is transferred between devices.
  • input eg, data information, power, etc.
  • the interface unit 170 may function as a path through which power is supplied from the base to the mobile terminal 100 or may be used as a bottom allowing The various command signals input by the cradle are transmitted to the path of the mobile terminal 100 therethrough.
  • Various command signals or power input from the base can be used as signals for identifying whether the mobile terminal 100 is accurately mounted on the base.
  • Output unit 150 is configured to provide an output signal (eg, an audio signal, a video signal, an alarm signal, a vibration signal, etc.) in a visual, audio, and/or tactile manner.
  • the output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.
  • the display unit 151 can display information processed in the mobile terminal 100. For example, when the mobile terminal 100 is in a phone call mode, the display unit 151 can display a user interface (UI) or a graphical user interface (GUI) related to a call or other communication (eg, text messaging, multimedia file download, etc.). When the mobile terminal 100 is in a video call mode or an image capturing mode, the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or image and related functions, and the like.
  • UI user interface
  • GUI graphical user interface
  • the display unit 151 can function as an input device and an output device.
  • the display unit 151 may include at least one of a liquid crystal display (LCD), a thin film transistor LCD (TFT-LCD), an organic light emitting diode (OLED) display, a flexible display, a three-dimensional (3D) display, and the like.
  • LCD liquid crystal display
  • TFT-LCD thin film transistor LCD
  • OLED organic light emitting diode
  • a flexible display a three-dimensional (3D) display, and the like.
  • 3D three-dimensional
  • Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as a transparent display, and a typical transparent display may be, for example, a TOLED (Transparent Organic Light Emitting Diode) display or the like.
  • TOLED Transparent Organic Light Emitting Diode
  • the mobile terminal 100 may include two or more display units (or other display devices), for example, the mobile terminal 100 may include an external display unit (not shown) and an internal display unit (not shown) ).
  • the touch screen can be used to detect touch input pressure as well as touch input position and touch input area.
  • the audio output module 152 may output audio data received by the wireless communication unit 110 or stored in the memory 160 when the mobile terminal 100 is in a call signal receiving mode, a call mode, a recording mode, a voice recognition mode, a broadcast receiving mode, and the like. Convert audio signals and The output is sound. Moreover, the audio output module 152 can provide audio output (eg, call signal reception sound, message reception sound, etc.) associated with a particular function performed by the mobile terminal 100.
  • the audio output module 152 can include a speaker, a buzzer, and the like.
  • the alarm unit 153 can provide an output to notify the mobile terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alert unit 153 can provide an output in a different manner to notify of the occurrence of an event. For example, the alarm unit 153 can provide an output in the form of vibrations, and when a call, message, or some other incoming communication is received, the alarm unit 153 can provide a tactile output (ie, vibration) to notify the user of it. By providing such a tactile output, the user is able to recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 can also provide an output of the notification event occurrence via the display unit 151 or the audio output module 152.
  • the memory 160 may store a software program or the like that performs processing and control operations performed by the controller 180, or may temporarily store data (for example, a phone book, a message, a still image, a video, and the like) that has been output or is to be output. Moreover, the memory 160 can store data regarding vibrations and audio signals of various manners that are output when a touch is applied to the touch screen.
  • the memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a random access memory (RAM), a static random access memory ( SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like.
  • the mobile terminal 100 can cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
  • the controller 180 typically controls the overall operation of the mobile terminal 100.
  • the controller 180 performs the control and processing associated with voice calls, data communications, video calls, and the like.
  • the controller 180 may include a multimedia module 181 for reproducing or playing back multimedia data, a multimedia module 181 may be constructed within controller 180 or may be configured to be separate from controller 180.
  • the controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
  • the power supply unit 190 receives external power or internal power under the control of the controller 180 and provides appropriate power required to operate the various components and components.
  • the various embodiments described herein can be implemented in a computer readable medium using, for example, computer software, hardware, or any combination thereof.
  • the embodiments described herein may be through the use of application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays ( An FPGA, a processor, a controller, a microcontroller, a microprocessor, at least one of the electronic units designed to perform the functions described herein, in some cases, such an embodiment may be at the controller 180 Implemented in the middle.
  • implementations such as procedures or functions may be implemented with separate software modules that permit the execution of at least one function or operation.
  • the software code can be implemented by a software application (or program) written in any suitable programming language, which can be stored in memory 160 and executed by
  • the mobile terminal 100 has been described in terms of its function.
  • the slide type mobile terminal 100 in various types of mobile terminals 100 such as a folding type, a bar type, a swing type, a slide type mobile terminal 100, and the like will be described as an example. Therefore, the present invention can be applied to any type of mobile terminal 100, and is not limited to the slide type mobile terminal 100.
  • the mobile terminal 100 as shown in FIG. 1 may be configured to operate using a communication system such as a wired and wireless communication system and a satellite-based communication system that transmits data via frames or packets.
  • a communication system such as a wired and wireless communication system and a satellite-based communication system that transmits data via frames or packets.
  • a communication system in which the mobile terminal 100 according to the present invention can operate will now be described with reference to FIG.
  • Such communication systems may use different air interfaces and/or physical layers.
  • the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), code. Divisional Multiple Access (CDMA) and Universal Mobile Telecommunications System (UMTS) (particularly, Long Term Evolution (LTE)), Global System for Mobile Communications (GSM), and the like.
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • CDMA Code Divisional Multiple Access
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • GSM Global System for Mobile Communications
  • the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
  • a CDMA wireless communication system can include a plurality of mobile terminals 100, a plurality of base stations (BS) 270, a base station controller (BSC) 275, and a mobile switching center (MSC) 280.
  • the MSC 280 is configured to interface with a public switched telephone network (PSTN) 290.
  • PSTN public switched telephone network
  • the MSC 280 is also configured to interface with a BSC 275 that can be coupled to the base station 270 via a backhaul line.
  • the backhaul line can be constructed in accordance with any of a number of known interfaces including, for example, E1/T1, ATM, IP, PPP, Frame Relay, HDSL, ADSL, or xDSL. It will be appreciated that the system as shown in FIG. 2 may include multiple BSCs 2750.
  • Each BS 270 can serve one or more partitions (or regions), with each partition covered by a multi-directional antenna or an antenna pointing in a particular direction radially away from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS 270 can be configured to support multiple frequency allocations, and each frequency allocation has a particular frequency spectrum (eg, 1.25 MHz, 5 MHz, etc.).
  • BS 270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology.
  • BTS Base Transceiver Subsystem
  • the term "base station” can be used to generally mean a single BSC 275 and at least one BS 270.
  • a base station can also be referred to as a "cell station.”
  • each partition of a particular BS 270 may be referred to as multiple cellular stations.
  • a broadcast transmitter (BT) 295 transmits a broadcast signal to the mobile terminal 100 operating within the system.
  • a broadcast receiving module 111 as shown in FIG. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295.
  • several satellites 300 are shown, for example, a Global Positioning System (GPS) satellite 300 can be employed.
  • GPS Global Positioning System
  • the satellite 300 helps locate at least one of the plurality of mobile terminals 100.
  • a plurality of satellites 300 are depicted, but it is understood that any number of The satellite gets useful positioning information.
  • the GPS module 115 as shown in Figure 1 is typically configured to cooperate with the satellite 300 to obtain desired positioning information. Instead of GPS tracking techniques or in addition to GPS tracking techniques, other techniques that can track the location of the mobile terminal 100 can be used. Additionally, at least one GPS satellite 300 can selectively or additionally process satellite DMB transmissions.
  • BS 270 receives reverse link signals from various mobile terminals 100.
  • Mobile terminal 100 typically participates in calls, messaging, and other types of communications.
  • Each reverse link signal received by a particular base station 270 is processed within a particular BS 270.
  • the obtained data is forwarded to the relevant BSC 275.
  • the BSC provides call resource allocation and coordinated mobility management functions including a soft handoff procedure between the BSs 270.
  • the BSC 275 also routes the received data to the MSC 280, which provides additional routing services for interfacing with the PSTN 290.
  • PSTN 290 interfaces with MSC 280, which forms an interface with BSC 275, and BSC 275 controls BS 270 accordingly to transmit forward link signals to mobile terminal 100.
  • FIG. 3 is a flowchart of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 1 of the present invention.
  • FIG. 3 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention.
  • the processing method as shown in FIG. 3, is a unified account login processing method based on a virtual subscriber identity card, including:
  • Step 101 The server sets a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and constructs a mapping relationship between the unified login account of the user and an account of a different application of the user.
  • the virtual subscriber identity card refers to the authentication information in the mobile terminal that is configured in the software mode to support the mobile terminal to access the communication network of the operator, and the mobile terminal does not set the entity identification of the entity.
  • the module can access the communication network using voice or data communication functions. Since the virtual subscriber identity card stores the authentication information configured to uniquely identify the user, setting the user's unified login account based on the virtual subscriber identity card may be implemented to set the authentication information in the virtual subscriber identity card to the user's unified login.
  • the account number or in the case where the authentication information has a security requirement, is implemented as a unified login account obtained by encrypting the authentication information by using a one-way irreversible encryption algorithm. Of course, in practical applications, The user can also re-transform the authentication information or the encrypted information into a unified login account (including a user name, optionally, a password) that is convenient for the user to recognize and memorize.
  • the server can be implemented as a single server or collection of servers (such as an authentication server and an access control server).
  • each application has a contradiction
  • the account number (including the user name, optionally, including the password) is based on the unified account number of the user set by the virtual user identification card in the user's mobile terminal, and is associated with the account of the various applications installed by the user on the mobile terminal. Mapping relations.
  • the accounts of different applications corresponding to the unified login account of the user have different security levels, and the security levels of different application accounts may be manually set by the user, or may be automatically set by the server.
  • the security levels include: a read-only security level, a general security level, an advanced security level, and a highest security level.
  • Step 102 The server performs judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user.
  • the server determines the account corresponding to the application requested by the user based on the mapping relationship and the unified login account used by the user, and determines whether the authenticated user can log in to the server by using the corresponding account.
  • Each account corresponds to a security control policy, and exemplary, accounts with different security levels
  • the security control strategy adopted is different.
  • Step 103 The server determines, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application.
  • the account of each application of the user corresponds to an access control policy.
  • the access control policies adopted by the accounts of different security levels are different.
  • the access control policy is configured to be based on a security level of an account of an application requested by the user, and an access authority of the application of the security level corresponding to the application; the security level includes: a read-only security level , general security level, advanced security level and highest security level.
  • the type of access rights may include: all access rights of the application (ie, any operation can be performed on the application) and read-only permissions of the application (that is, only read permissions in the application).
  • Step 104 The server controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the servers described in this embodiment and subsequent embodiments may be implemented in the form of a single server, multiple servers, or server clusters.
  • the server for example, forming a mapping relationship and authenticating the user.
  • the control access rights can be implemented as a mapping relationship server, an authentication server, and an access authority controller.
  • the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different.
  • the account with the lower security level such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
  • FIG. 4 is a schematic diagram of a unified account login processing method based on a virtual subscriber identity card according to Embodiment 2 of the present invention; as shown in FIG. 4, a unified login account of a user is set.
  • the server After the number is mapped to the account of the user's various applications, if the user needs to use the mobile terminal to request to use an account of an application, for example, using an account of the game application or using an account of the electronic bank, the server authenticates the user via the mobile terminal.
  • the user is authenticated by using a password verification method and/or a biometric authentication input method, and the password and biometrics of the legitimate user have been previously collected and maintained at least one of the server and the mobile terminal.
  • the security control policy is configured to control at least one of the following:
  • the manner of verification includes: a password verification method and a verification method of biometrics (eg, biometrics such as fingerprint, iris, voiceprint, palm print, etc.).
  • biometrics eg, biometrics such as fingerprint, iris, voiceprint, palm print, etc.
  • a trigger condition for re-authentication of a user using the mobile terminal including a change in the biometrics of the user of the mobile terminal, that is, re-authentication of the user when the biometric of the user using the mobile terminal changes.
  • the prompting manner for re-verifying the user of the mobile terminal includes a reminder and a limited number of times (greater than one time).
  • the user logs in to the application server corresponding to the requested application, so that the user can use the application based on the account; if the verification fails, the user is not logged in to the requested application.
  • the user before the user uses the mobile terminal, the user is authenticated by using at least one of the password verification mode and the biometric verification mode, and the user corresponding to the application requested by the user is logged in according to the account corresponding to the application requested by the user.
  • the application server improves the efficiency and convenience of account login for the application server that does not log in to the user when the authentication is not passed.
  • FIG. 5 is a schematic diagram of a mapping relationship between a unified login account of a built-in user and an account of a different application of the user in the unified account login method of the virtual subscriber identity card according to the third embodiment of the present invention.
  • the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account.
  • the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
  • step 102 to step 104 of the first embodiment the following situations are included:
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is normal.
  • the user logs in to the application server for the application by using the account set in advance for the application, or when the user inputs the corresponding account when requesting to log in to the application, so that the user does not need to input the account again during the subsequent use of the user.
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and when the account of the application requested by the user is an advanced security level account, the user presets for the application.
  • the account number, or the user inputting the corresponding account when requesting to log in to the application is a one-time login for the user in the application server of the application, so that the user does not need to input the account information again during the subsequent use, and allocate all the use for the application for the user.
  • the server reminds the mobile terminal to change the user of the mobile terminal at least twice, and causes the mobile terminal to verify the user, and the biometric and mobile terminal that will pass the verification when the verification passes
  • the unified login account is bound and maintained on at least one of the mobile terminal and the server, configured for subsequent user authentication.
  • the account corresponding to the application requested by the user is determined based on the mapping relationship, and the account of the application requested by the user is advanced.
  • the server determines the authentication mode adopted by the mobile terminal for the current user, and allocates all the usage rights for the application to the user when the current user simultaneously passes the password verification and biometric verification;
  • the user For the user permission to use the application by password authentication or biometric authentication, the user is not assigned the usage right for the application;
  • the server reminds the user of the mobile terminal to change through the mobile terminal, and cancels the login made for the current user for the current user of the mobile terminal; in order to ensure security, the account with the security level
  • the processing method is different.
  • the server directly cancels the login status of the application, does not verify the current user, and does not add authorization verification for the new biometric feature of the current user. Other users cannot use the login maximum security level account.
  • mappings correspond to different security control policies and access control policies.
  • the unified login account formed by the virtual user identification card is used to construct a mapping relationship with the account of different security levels. After the user is set, the user can log in to the commonly used Internet application without entering the user name and password every time, thereby improving the automatic account. Convenience, efficiency and security of login.
  • the read-only security level account includes: an account of a forum that is accidentally logged in;
  • the general security level account includes: a video game account, an online music account;
  • the advanced security level account including: Email account, instant messaging account;
  • the highest security level account including: electronic banking application account, third-party payment application account, and the like.
  • the virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed.
  • the virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input.
  • an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account.
  • the server determines based on the mapping relationship. Apply the corresponding account and log in to the application according to the security level. You do not need to enter the user name and password to log in every time, which improves the convenience, efficiency and security of the automatic login of the account.
  • FIG. 6 is a block diagram showing an exemplary structure of a unified account login processing server based on a virtual subscriber identity card according to Embodiment 4 of the present invention
  • FIG. 6 is a schematic diagram of a unified account login based on a virtual subscriber identity card according to an embodiment of the present invention
  • the processing server 400 includes:
  • the mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the present invention constructs a unified account system including a mapping relationship in a server based on a virtual subscriber identity card, and different security level accounts adopt different security control policies and access control policies, for example, when the user settings are different.
  • the account with the lower security level such as the account with the read-only security level, can be authenticated by the server without forcing the user to enter the user name and password every time the account is used for login, thereby improving the automatic login of the account. Convenience and efficiency.
  • a unified account login processing server based on a virtual subscriber identity card includes:
  • the mapping unit 401 is configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user;
  • the authentication unit 402 is configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control unit 403 is configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the account corresponding to the application request, and control the user to log in based on the account according to the determination result.
  • the access authority to the application after the application.
  • the mapping unit constructs a mapping relationship according to the security level of the different accounts of the user, and constructs a mapping relationship between the account of different security levels of the user and the unified login account of the user; Alternatively, the mapping between the read-only security level account of the different users and the unified login account of the corresponding user is automatically constructed, and the mapping relationship between the common security level account of the different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication unit performs verification by using a user of the mobile terminal by using at least one of a password verification mode and a biometric verification mode; and when the verification is passed, based on the mapping relationship
  • the unified login account used by the user determines the security level of the account corresponding to the application requested by the user in the mapping relationship; the security level of the account corresponding to the application used by the user request is the user login The application requested to use.
  • the account includes: a read-only security level account, a general security level account, an advanced security level account, and a highest security level account.
  • the unified login account and the read-only security level account are randomly mapped; the unified login account and the common security level account are common mapping; the unified login account and the advanced security level account are advanced mapping; The unified login account and the highest security level account are the highest mapping.
  • the authentication unit is based on the security level of the account corresponding to the application that the user requests to use, and the application is used by the user to log in, including the following methods:
  • the access control unit is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random The account is logged in to the application for the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an ordinary security level account, use the user to use the application by using an account of the application set in advance or the user requests And inputting the account corresponding to the application, logging in to the application for the user; performing a reminder when detecting that the biometric of the user of the mobile terminal changes, and re-authenticating the user;
  • the access control unit is further configured to: when the account of the application requested by the user is an advanced security level account, when the account of the application preset by the user or the user requests to use the application Entering an account corresponding to the application, logging the application to the user at one time; performing a preset number of reminders greater than one time when detecting that the biometric of the user of the mobile terminal changes, and re-writing the User verification;
  • the access control unit is further configured to: when the account of the application requested by the user is the highest security level account, verify the password verification mode and the biometric verification mode of the user, and pass the verification An account of the application preset by the user or an account corresponding to the application that is input when the user requests to use the application, logging in to the application for the user; when detecting the user of the mobile terminal The user of the mobile terminal releases the login for the application when the biometric changes.
  • the access control unit controls, according to the determination result, the access authority of the user to the application after logging in to the application based on the account, including the following manner,
  • an access control unit configured to: when the result of the determination indicates that the account of the application requested by the user is a read-only security level account, the user is assigned to the application Visitor access or minimum priority authority;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the read-only permission of the user for the application is allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is a normal security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control unit is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric verification mode. When the login account is logged into the mobile terminal, all the usage rights of the user for the application are assigned.
  • the read-only security level account includes: an account of a forum that is accidentally logged in;
  • the general security level account includes: a video game account, an online music account;
  • the advanced security level account including: Email account, instant messaging account;
  • the highest security level account including: electronic banking application account, third-party payment application account, and the like.
  • the virtual user identification card is used to set the unified login account of the user, and the mapping relationship between the unified login account and different application accounts is constructed.
  • the virtual user identification card is used as the starting point and the center for identifying the user, and the account of different applications is manually input.
  • an account system for different security levels of users is built in the server, and a system automatic method can also be constructed for a read-only security level account and a general security level account.
  • the server determines the account corresponding to the application based on the mapping relationship, and logs the application for the user according to the security level, and does not need to input the user name each time.
  • the password is logged in, which improves the convenience, efficiency and security of the automatic login of the account.
  • FIG. 7 is a block diagram showing an exemplary structure of a unified account login system based on a virtual subscriber identity card according to Embodiment 7 of the present invention.
  • a unified account registration system based on a virtual subscriber identity card according to the present invention includes: a mobile terminal 100 provided with a virtual subscriber identity card, an authentication server 500, and an access control server 600.
  • An authentication server configured to set a unified login account of the user of the mobile terminal by using a virtual subscriber identity card in the mobile terminal, and construct a mapping relationship between the unified login account of the user and an account of a different application of the user ;
  • the authentication server is further configured to perform judgment and authentication on the application used by the user login request based on the mapping relationship and the unified login account used by the user;
  • the access control server is further configured to determine, according to the mapping relationship and the unified login account of the user, the security level of the user requesting the account corresponding to the application;
  • the access control server is further configured to control, according to the determination result, the access authority of the user to the application after logging in to the application based on the account.
  • the authentication server is further configured to: according to the security level of the user indicating the different accounts of the user, construct a mapping relationship between the account of different security levels of the user and the unified login account of the user; or, automatically The mapping relationship between the read-only security level account of the different users and the unified login account of the corresponding user is constructed, and the mapping relationship between the common security level account of different users and the unified login account of the corresponding user is automatically constructed.
  • the authentication server is further configured to control, by the mobile terminal, at least one of a password verification mode and a biometric verification mode by using a user of the mobile terminal;
  • the authentication server is further configured to determine, according to the mapping relationship, the unified login account used by the user, the security level of the account corresponding to the application requested by the user in the mapping relationship;
  • the authentication server is further configured to use, according to the security level of the account corresponding to the application that the user requests to use, an application that is requested to be used by the user to log in.
  • the authentication server is further configured to: when the account of the application requested by the user is a read-only security level account, allocate the random account of the application to the user through the resource pool to be based on the allocated random account. The user logs in to the application;
  • the authentication server is further configured to use, when the account of the application requested by the user is an ordinary security level account, use the account of the application set by the user or the corresponding input when the user requests to use the application.
  • the account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a reminder is performed, and the user is re-verified;
  • the authentication server is further configured to: when the account of the application requested by the user is an advanced security level account, the account of the application preset by the user or the corresponding input when the user requests to use the application The account of the application is used to log in to the application for the user; when it is detected that the biometric of the user of the mobile terminal changes, a preset number of reminders greater than one time is performed, and the user is re-verified;
  • the authentication server is further configured to verify, according to the password authentication mode and the biometric verification mode, that the account of the application requested by the user is the highest security level account, and the user is preset by the user when the verification is passed.
  • the account of the application or the account corresponding to the application that is input when the user requests to use the application, log in to the application for the user; when the biometric of the user of the mobile terminal is detected to change The login for the application is released for the user of the mobile terminal.
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is a read-only security level account, the access authority or the lowest priority assigned to the anonymous visitor of the application for the application Level permissions:
  • the access control server is further configured to: when the determination result indicates that the user requests to make When the account of the used application is a read-only security level account, the user is assigned read-only permission for the application;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an ordinary security level account, all the usage rights of the user for the application are allocated;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is an advanced security level account, all the usage rights of the user for the application are allocated;
  • the access control server is further configured to: when the determination result indicates that the account of the application requested by the user is the highest security level account, and the user is based on the password login and the biometric authentication mode to use the unified login account.
  • the mobile terminal is logged in, all the usage rights of the user for the application are assigned.
  • the user's unified account login information is set by the virtual user identification card, and the unified account login information and the different application accounts, such as the mapping relationship between the social application and the email mailbox, are constructed, when logging in to an application of the terminal or logging in to a website.
  • the authentication server authenticates the unified login account obtained by the login server. If the authentication is passed, the user or the website is directly logged into the application, and the access control server defines the content of the access control according to the security level.
  • the authentication server records accounts of different security levels in different security levels. To ensure security, the authentication server can consider distributed deployment. It is best to record the account with the required security level in the encrypted form locally on the mobile terminal.
  • the embodiment provides a computer storage medium, where the computer storage medium stores The executable instruction is used to execute the account login processing method provided by the embodiment of the present invention.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne un procédé de traitement d'une ouverture de session de compte, un serveur et un système associés, ainsi qu'un support de stockage informatique. Le procédé comprend les étapes consistant à : paramétrer un compte d'ouverture de session unifiée d'un abonné d'un terminal mobile par l'intermédiaire d'une carte virtuelle d'un module d'identité d'abonné dans le terminal mobile, puis établir une relation de correspondance entre le compte d'ouverture de session unifiée de l'abonné et des comptes de différentes applications de l'abonné ; effectuer une certification d'évaluation sur une application requise par l'abonné par l'intermédiaire d'une ouverture de session sur la base de la relation de correspondance et du compte d'ouverture de session unifiée utilisé par l'abonné ; évaluer le niveau de sécurité du compte correspondant à l'application requise par l'abonné sur la base de la relation de correspondance et du compte d'ouverture de session unifiée de l'abonné ; et contrôler une autorité d'accès de l'abonné à l'application en fonction d'un résultat d'évaluation lorsque l'abonné a ouvert une session dans l'application sur la base du compte. La présente invention permet d'accroître l'efficacité, la sécurité et la commodité d'une ouverture de session dans différents comptes.
PCT/CN2016/081189 2015-05-06 2016-05-05 Procédé de traitement d'une ouverture de session de compte, serveur et système associés et support de stockage informatique WO2016177342A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510227573.2A CN104980429A (zh) 2015-05-06 2015-05-06 一种基于虚拟用户识别卡统一账户登录方法、装置及系统
CN201510227573.2 2015-05-06

Publications (1)

Publication Number Publication Date
WO2016177342A1 true WO2016177342A1 (fr) 2016-11-10

Family

ID=54276534

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/081189 WO2016177342A1 (fr) 2015-05-06 2016-05-05 Procédé de traitement d'une ouverture de session de compte, serveur et système associés et support de stockage informatique

Country Status (2)

Country Link
CN (1) CN104980429A (fr)
WO (1) WO2016177342A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111467809A (zh) * 2020-03-06 2020-07-31 苏州澳盛网络发展有限公司 一种游戏用户信息管理系统
CN114499905A (zh) * 2020-11-12 2022-05-13 腾讯科技(深圳)有限公司 应用账号更换绑定的方法、装置、计算机设备和存储介质

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980429A (zh) * 2015-05-06 2015-10-14 努比亚技术有限公司 一种基于虚拟用户识别卡统一账户登录方法、装置及系统
CN105933339B (zh) * 2016-06-24 2019-04-12 宇龙计算机通信科技(深圳)有限公司 一种应用登录方法及移动终端
CN106603547B (zh) * 2016-12-23 2022-03-18 中科星图股份有限公司 一种统一登录方法
CN107864114B (zh) * 2016-12-28 2019-12-17 平安科技(深圳)有限公司 团险账户登录方法和系统
CN106888223B (zh) * 2017-04-26 2020-04-17 维沃移动通信有限公司 用户账号登陆方法及移动终端
CN108768993A (zh) * 2018-05-21 2018-11-06 深圳市云谷创新科技有限公司 关联终端登录的方法和装置
CN108900519B (zh) * 2018-07-10 2021-04-06 国网电子商务有限公司 一种多电子服务渠道的统一登录方法、装置及系统
CN110795712B (zh) * 2020-01-03 2020-05-22 北京信安世纪科技股份有限公司 一种登录认证方法及装置
CN111914223B (zh) * 2020-07-28 2023-10-24 杭州浙大东南土地研究所有限公司 一种城乡国土资源数据一体化管理方法、系统、以及存储介质
CN115001786B (zh) * 2022-05-26 2024-01-12 浙江零跑科技股份有限公司 一种智能座舱人脸关联个性应用账号的实现方法
CN117692256B (zh) * 2024-02-02 2024-04-09 烟台软图信息科技有限公司 一种网络办公方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (zh) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 一种整合异构系统的单点登录系统及方法
CN101783795A (zh) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 一种安全等级认证的方法和系统
WO2010144470A2 (fr) * 2009-06-08 2010-12-16 Qualcomm Incorporated Procédé et système de basculement de contrats de services sur carte sim virtuelle
CN102461271A (zh) * 2009-06-08 2012-05-16 高通股份有限公司 用于基于用户简档来切换虚拟sim服务契约的方法和设备
CN103036899A (zh) * 2012-12-25 2013-04-10 广东欧珀移动通信有限公司 一种自动登录用户账号的方法及系统
CN104980429A (zh) * 2015-05-06 2015-10-14 努比亚技术有限公司 一种基于虚拟用户识别卡统一账户登录方法、装置及系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045375B (zh) * 2009-10-22 2013-09-11 华为技术有限公司 远程命令交互方法及堡垒主机
CN103402203B (zh) * 2013-07-30 2017-08-25 努比亚技术有限公司 基于生物识别的快速接入方法及装置
CN104283885B (zh) * 2014-10-14 2017-07-28 中国科学院信息工程研究所 一种基于智能终端本地认证的多sp安全绑定的实现方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (zh) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 一种整合异构系统的单点登录系统及方法
WO2010144470A2 (fr) * 2009-06-08 2010-12-16 Qualcomm Incorporated Procédé et système de basculement de contrats de services sur carte sim virtuelle
CN102461271A (zh) * 2009-06-08 2012-05-16 高通股份有限公司 用于基于用户简档来切换虚拟sim服务契约的方法和设备
CN101783795A (zh) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 一种安全等级认证的方法和系统
CN103036899A (zh) * 2012-12-25 2013-04-10 广东欧珀移动通信有限公司 一种自动登录用户账号的方法及系统
CN104980429A (zh) * 2015-05-06 2015-10-14 努比亚技术有限公司 一种基于虚拟用户识别卡统一账户登录方法、装置及系统

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111467809A (zh) * 2020-03-06 2020-07-31 苏州澳盛网络发展有限公司 一种游戏用户信息管理系统
CN114499905A (zh) * 2020-11-12 2022-05-13 腾讯科技(深圳)有限公司 应用账号更换绑定的方法、装置、计算机设备和存储介质
CN114499905B (zh) * 2020-11-12 2023-07-28 腾讯科技(深圳)有限公司 应用账号更换绑定的方法、装置、计算机设备和存储介质

Also Published As

Publication number Publication date
CN104980429A (zh) 2015-10-14

Similar Documents

Publication Publication Date Title
WO2016177342A1 (fr) Procédé de traitement d'une ouverture de session de compte, serveur et système associés et support de stockage informatique
US9961088B2 (en) Systems and methods for geolocation-based authentication and authorization
US10623962B2 (en) System and method for geo-location-based mobile user authentication
US8600355B1 (en) Systems and methods for authenticating applications for access to secure data using identity modules
US9112866B2 (en) Methods and devices for controlling access to computing resources
US9301139B2 (en) System and method for multifactor authentication and login through smart wrist watch using near field communication
JP6001816B1 (ja) 無線ネットワークログインパスワードの共有の管理
US8836472B2 (en) Combining navigation and fingerprint sensing
US8990906B2 (en) Methods and systems for replacing shared secrets over networks
KR20170096117A (ko) 멀티-테넌트 컴퓨팅 시스템의 보안 및 허가 아키텍처
US20120089847A1 (en) Method of obtaining authorization for accessing a service
CN105100415B (zh) 登录方法、移动终端
US20130227664A1 (en) Central biometric verification service
CA2793445C (fr) Combinaison de navigation et de detection d'empreinte digitale
US20160171220A1 (en) Display control method and apparatus and display device comprising same
JP2012506594A (ja) ユーザ認証の管理
WO2016188319A1 (fr) Procédé et appareil de gestion d'informations de carte sim virtuelle, et terminal mobile
US10993090B2 (en) Network access method, apparatus, and system
WO2015035936A1 (fr) Procédé d'authentification d'identité, appareil d'authentification d'identité et système d'authentification d'identité
WO2016173442A1 (fr) Procédé de traitement de service de communication, terminal mobile, et serveur
US20220116404A1 (en) Methods and systems for adaptive multi-factored geo-location based document access rights management and enforcement
CA2807583C (fr) Procede permettant d'obtenir une autorisation d'acceder a un service
CN104809406A (zh) 安全分享文件的方法和装置
CA2778736C (fr) Methodes et dispositifs permettant de controler l'acces aux ressources informatiques
US10127407B2 (en) Location defined power charger management authorization for a user equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16789336

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/04/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16789336

Country of ref document: EP

Kind code of ref document: A1