WO2018068631A1 - 账户登录方法、设备和服务器 - Google Patents
账户登录方法、设备和服务器 Download PDFInfo
- Publication number
- WO2018068631A1 WO2018068631A1 PCT/CN2017/103390 CN2017103390W WO2018068631A1 WO 2018068631 A1 WO2018068631 A1 WO 2018068631A1 CN 2017103390 W CN2017103390 W CN 2017103390W WO 2018068631 A1 WO2018068631 A1 WO 2018068631A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- variable identifier
- device variable
- identifier
- mobile terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Definitions
- the present application relates to the field of network communication technologies, and in particular, to an account login method, device, and server.
- the existing account login method mainly includes two ways.
- One way is that the mobile terminal sends and saves the user name and password input by the user in the server, and saves the device identifier (Id) and the user name corresponding to the mobile terminal at the same time.
- the client sends the device ID and the user name to the server for verification, and the verification succeeds to log in.
- the server sends a token corresponding to the mobile terminal to the mobile terminal, and the mobile terminal receives and stores the device token.
- the mobile terminal sends the device token to the server, the server verifies the device token, and the authentication is automatically logged in.
- the main object of the present invention is to solve the above mentioned problems.
- an account login method comprising: receiving a login request from a mobile terminal, the login request including a device variable identifier; searching from a user account database The device variable identifier corresponding to the user account information; if found, according to the time stamp in the variable identifier of the device and the current time of the server, determining whether the The device variable identifier is updated; if the update is required, the device variable identifier is updated; the account login permission command and the updated device variable identifier are sent to the mobile terminal.
- Another aspect of the present invention provides an account login method, the account login method being applied to a server, comprising: receiving a login request from a mobile terminal, the login request including a device variable identifier; searching from a user account database The device variable identifier corresponds to user account information; if found, the device variable identifier is updated; and the account login permission command and the updated device variable identifier are sent to the mobile terminal.
- an account login method is provided, the account login method being applied to a mobile terminal, comprising: transmitting a login request to a server, wherein the login request includes a device variable identifier; receiving from a server via Device variable identification and account login permission instructions processed by the server.
- a server comprising: a receiving unit, receiving a login request from a mobile terminal, the login request including a device variable identifier; a storage unit storing a user account database; a searching unit, a slave user account Searching for the user account information corresponding to the variable identifier of the device in the database; the determining unit, according to the timestamp in the variable identifier of the device and the current time of the server, determining whether the variable identifier of the device needs to be updated; The device variable identifier is updated.
- an account login device including: a sending unit that transmits a login request to a server, wherein the login request includes a device variable identifier; and a receiving unit that receives the server-processed processing from the server Device variable identification and account login permission instructions.
- the above at least one technical solution adopted by the embodiment of the present application improves the security by using the device variable identifier to replace the unique and unchanged device identifier for automatic login.
- FIG. 1 shows a diagram of an account login system according to an exemplary embodiment of the present invention
- FIG. 2 illustrates a flowchart of an account login method performed by a server according to an exemplary embodiment of the present invention
- FIG. 3 illustrates a flowchart of an account login method performed by a mobile terminal according to an exemplary embodiment of the present invention
- FIG. 4 shows a block diagram of a server in accordance with an exemplary embodiment of the present invention
- FIG. 5 shows a block diagram of a mobile terminal in accordance with an exemplary embodiment of the present invention.
- Mobile terminal generally refers to a device in a network system used by a user and used to communicate with a server.
- the mobile terminal according to the present invention may include, but is not limited to, any of the following: a personal computer (PC), a mobile device (such as a cellular device) Telephones, personal digital assistants (PDAs), digital cameras, portable game consoles, MP3 players, portable/personal multimedia players (PMPs), handheld e-books, tablet PCs, portable laptop PCs, and Global Positioning System (GPS) Navigator, smart TV, etc.
- PC personal computer
- PDAs personal digital assistants
- PMPs portable/personal multimedia players
- PGPS Global Positioning System Navigator, smart TV, etc.
- An application refers to an embedded application or a third-party application that is stored in a storage unit of a mobile terminal.
- An embedded application refers to an application that is pre-installed in a mobile terminal.
- an embedded application can be a browser, an email, an instant messenger, and the like.
- Third-party applications are very diverse and refer to applications downloaded from the online marketplace for installation on mobile terminals, such as payment applications, shopping applications, Entertainment applications, etc.
- Device identification a long-term effective and non-changing identification code generated according to the attribute information of the mobile terminal and a specific algorithm model, wherein the attribute information of the mobile terminal based on the android operating system may include an international mobile phone device identification code. (imei), Android id, mac, serial number (Serial Number) and other information, and the attribute information of the mobile terminal based on the iOS operating system may include information such as an advertisement identifier (IDFA), a vendor identifier (vendor id), and the like. Id can't reverse crack.
- a mobile terminal usually has a unique device Id, and therefore, the device Id of different mobile terminals is different.
- Device Variable Identifier eg, device token
- An identification code generated by a mobile terminal based on information such as device Id, app name, random number, timestamp (for uniquely identifying a moment). It can be seen that one device variable identifier corresponds to one device Id, and multiple device variable identifiers with different validity periods can be generated by one device Id.
- the timestamp can be parsed from the device variable identifier by a specific parsing method to determine whether the variable identifier of the device is valid, and different apps can set different expiration dates, so different in the same mobile terminal The app can correspond to a different device variable identity.
- an automatic login system is provided.
- the system includes a mobile terminal 100 and a server 200.
- the system consists of three phases: the first phase is the initialization phase, also known as the registration phase; the second phase is the initial login phase; the third phase is the automatic login phase.
- the three stages will be described in detail below with reference to FIG. 1.
- the mobile terminal 100 first launches an application stored in the mobile terminal, for example, in response to the user touching an application icon (such as an Alipay application, a QQ application, etc.) displayed on the display unit, the mobile terminal 100 transmits the terminal information to The server 200, the terminal information includes hardware information and software information, and then the server 200 generates a unique device Id according to the terminal information.
- an application icon such as an Alipay application, a QQ application, etc.
- the server 200 may generate the device ID of the mobile terminal 100 according to the IDFA or the Serial Number of the mobile terminal, and Generating a device variable identifier (eg, a device token) corresponding to the application according to the device Id, specifically, the server 200 according to the application information corresponding to the application, a preset expiration date and time Information such as stamps are generated to generate the device variable identification.
- the server 200 stores the device Id in the user account database of the server 200 corresponding to the device variable identifier, and transmits the device variable identifier to the mobile terminal 100, and the mobile terminal 100 saves the device variable identifier in the memory of the mobile terminal 100. .
- the system then enters the initial login phase.
- device variable identifications having different expiration dates may be set for different APPs depending on the type of APP. For example, when the APP is an application requiring a higher security level such as payment, instant communication, etc., the validity period of the variable identifier of the device may be set to be shorter. When the APP is an application such as news or video, the validity period of the variable identifier of the device may be Set to longer.
- the user inputs a user name and a user password in the mobile terminal, and the mobile terminal generates a login request based on the user name and the user password input by the user and the saved device variable identifier, and transmits the login request to the server 200.
- the server verifies the user name and the user password, and if the verification fails, returns the re-entered information to the mobile terminal until the verification is passed. If the verification is passed, the server 200 stores the device ID, the device variable identifier, and the user name in the user account database of the server 200 in two-to-two correspondence. The system then enters the automatic login phase in response to the user logging into the app again.
- the mobile terminal 100 When the user launches the app again, the mobile terminal 100 generates a login request based only on the device variable identity and transmits the login request to the server 200.
- the server 200 searches for the device Id corresponding to the variable identifier of the device based on the device variable identifier in the login request, and if found, sends the authentication pass information to the mobile terminal 100, and the mobile terminal 100 automatically logs in after receiving the information. Go to the corresponding account. If not found, the mobile terminal 100 transmits information indicating that the verification has not passed, and after receiving the information, the mobile terminal 100 returns to the second stage (ie, the initial login phase).
- the mobile terminal 100 when the user launches the app again, the mobile terminal 100 generates a login request based on the device variable identification and the username, and transmits the login request to the server 200.
- the server 200 determines the device ID corresponding to the device variable identifier based on the device variable identifier in the login request, and determines whether the username in the login request is the username corresponding to the device ID, if the user account database of the server 200 If there is no device Id corresponding to the device variable identifier in the login request, the automatic login phase is exited, and the system enters the initial login phase if the server 200 is used.
- the device ID corresponding to the device variable identifier in the login request exists in the account database, but the user name corresponding to the device Id does not match the stored user name, indicating that the user is using the mobile terminal 100 to log in to another account.
- the system enters the initial login phase, the user is required to input a username and password, and then the mobile terminal 100 generates an updated login request based on the username, password, and device variable identifier, and sends the updated login request to the server 200.
- the server 200 passes the verification, the server 200
- the user name is associated with the device Id, and it can be seen that one device Id can correspond to a plurality of user names. Therefore, in order to log in to the desired account, a login request can be generated based on the username and the device variable identity.
- the mobile terminal is caused to log into the account.
- the server 200 may determine, according to the timestamp in the variable identifier of the device and the current time of the server, whether the device variable identifier needs to be updated. Specifically, the server 200 may parse out from the device variable identifier. Timestamp, and determining whether the device variable identifier is within the validity period according to the timestamp. For example, the server 200 may calculate, according to the timestamp and the current time of the server, how long the device variable identifier has been created, and then determine whether Within the validity period. If the validity period is outside, an updated device variable identifier is generated, wherein the server 200 may generate the updated device variable identifier according to the current time of the server. The server 200 then transmits the updated device variable identification and account login permission instructions to the mobile terminal 100, and the mobile terminal 100 saves the updated device variable identification in the memory of the mobile terminal 100 for use in the next automatic login.
- the server 200 may generate the updated device variable identifier based on the received device variable identifier when the user account information corresponding to the device variable identifier is found, and use the updated The device variable identifier updates the device variable identity stored in the server 200 while transmitting the updated device variable identity to the mobile terminal 100.
- the mobile terminal 100 may merge the initialization phase with the login phase. Specifically, in response to the user inputting the user name and the user password in the mobile terminal, the mobile terminal 100 generates a login request based on the user name and the user password input by the user, and then the mobile terminal 100 will end The terminal information is sent to the server 200 together with the login request.
- the terminal information includes hardware information and software information.
- the server verifies the user name and the user password. If the verification fails, the re-entered information is returned to the mobile terminal until the verification is passed.
- the server If the verification passes, the server generates the device Id based on the terminal information, and then generates the device variable identifier according to the generated device Id, and then the server 200 stores the device Id and the device variable identifier and the device variable identifier and the user name in the memory correspondingly. in.
- the system enters the third phase (i.e., the automatic login phase) as described above, which will not be described repeatedly for the sake of brevity.
- the third phase i.e., the automatic login phase
- FIG. 2 illustrates a flowchart of an account login method performed by a server according to an exemplary embodiment of the present invention
- FIG. A flowchart of an account login method performed by a mobile terminal according to an exemplary embodiment of the present invention is shown.
- the server receives a login request from a mobile terminal, the login request including a device variable identifier (eg, a device token).
- the device variable identifier is generated by the server according to the device Id when the user first logs in the account, and the device ID is a unique identifier generated by the service terminal according to the terminal information received from the mobile terminal.
- the device variable identifier generates a device variable identifier according to the generated device Id according to information such as a time when the login request is made, an application to be logged in, and a preset time stamp.
- the device variable identifier can include application information, expiration date, and timestamp corresponding to the application that the user desires to log in to.
- the login request includes a device variable identification and a username.
- the server looks up the user account information corresponding to the device variable identifier from the user account database.
- the user account database stores a user ID stored corresponding to the device variable identifier.
- the mobile terminal sends the account information (ie, the username and password) and the terminal information to the server, and the server verifies the account information, and after the verification is passed, according to the terminal information.
- a device ID is generated, and a device variable identifier corresponding to the application is generated according to the device Id, and then the server stores the device variable identifier, the device ID, and the user name in a corresponding manner in the user account database.
- the server can be at the beginning of the mobile terminal
- the terminal information is sent to the server, and then the server generates the terminal Id according to the terminal information, and generates the device variable identifier according to the terminal Id, and after the user logs in to the account for the first time and passes the verification of the server, the server information is used by the server.
- the device variable identifier and the terminal ID are stored in the user account database correspondingly.
- the server searches for the device ID corresponding to the device variable identifier from the user account database.
- the server may look up the device identifier corresponding to the device variable Id from the user account database, and determine whether the username is a user corresponding to the device identifier. name.
- the server determines, according to the timestamp in the variable identifier of the device and the current time of the server, whether the device variable identifier needs to be updated.
- the server determines whether the variable identifier of the device is within the validity period, and if so, does not make any change, and if not, generates the updated device variable identifier according to the device variable identifier.
- the server may determine the lifetime of the variable identifier of the device according to the timestamp in the variable identifier of the device and the current time of the server, and compare the lifetime with the validity period. If it is within the validity period, no change is made, and if it is not within the validity period, the updated device variable identifier is generated.
- the server may generate the updated device variable identifier based on the received device variable identifier when the user account information corresponding to the device variable identifier is found, and use the updated The device variable identifier updates the device variable identifier stored in the server, and transmits the updated device variable identifier to the mobile terminal.
- the server sends an instruction to the mobile terminal that the verification fails, and after receiving the instruction, the mobile terminal enters the login interface and prompts the user to input the account information again.
- the server determines in S230 that the device variable identifier needs to be updated, the device variable identifier is updated in S240. Finally, at S250, the server transmits an account login permission command and an updated device variable identifier to the mobile terminal. After receiving the updated device variable identifier, the mobile terminal deletes the device variable identifier in the storage memory, and stores the updated device variable identifier in the memory. Sending to the mobile terminal if it is determined that the device variable identifier is not required to be updated The account login permission instruction and the device variable identifier.
- the mobile terminal transmits a login request to the server at S310, wherein the login request includes a device variable identifier, and the device variable identifier has a preset validity period. And the mobile terminal can be effectively identified.
- the mobile terminal sends the terminal information of the mobile terminal to the server in an initialization phase or an initial login phase, where the terminal information includes hardware information and software information, and then the server generates a unique device Id according to the terminal information and a device corresponding to the device Id.
- the variable identifier (eg, device variable identifier)
- the server may generate a device variable identifier having a validity period according to the application information corresponding to the application, a preset validity period, and a time stamp.
- the mobile terminal transmits the device variable identification and username to the server.
- the server may determine whether to update the device variable identifier, and if the update is determined, send the updated device variable identifier to the mobile device, if it is determined not to update. , the original device variable identity is sent to the mobile device.
- the device variable identifier is updated after determining whether the validity period of the device variable identifier is invalid, updating the device variable identifier, or determining to find the corresponding user account information device from the user account database.
- the mobile terminal receives the device variable identification and account login permission instruction processed by the server from the server.
- the server may include a receiving unit 410, a storage unit 420, a lookup unit 430, a judging unit 440, an updating unit 450, and a transmitting unit 460.
- the receiving unit 410 receives a login request from the mobile terminal, where the login request includes a device variable Logo.
- the device variable identifier has an expiration date and can identify the mobile terminal.
- the storage unit 420 stores a user account database, wherein the device identification, the device variable identifier, and the username are stored in the user account database in pairs.
- the searching unit 430 searches for the user account information corresponding to the device variable identifier from the user account database. Specifically, the lookup unit 410 looks up the device identifier corresponding to the device variable identifier from the user account database.
- the login request includes the device variable identifier and the username
- the searching unit 410 searches the user account database for the device identifier corresponding to the device variable identifier, and determines whether the user name is The user name corresponding to the device identifier.
- the determining unit 440 determines whether the device variable identifier needs to be updated according to the timestamp in the device variable identifier and the current time of the server.
- the update unit 450 updates the device variable identifier, and then the transmitting unit 460 transmits the account login permission command and the updated device variable identifier to the mobile terminal. If the determining unit 440 determines that the update is not required, the transmitting unit 460 transmits an account login permission command and the device variable identifier to the mobile terminal.
- the storage unit 420 can update the user account database with the updated device variable identity.
- the server may not include a determination unit, that is, the server includes only the receiving unit, the storage unit, the lookup unit, the update unit, and the transmitting unit. After the search unit searches the user account database for the user account information corresponding to the device variable identifier, the server does not need to determine to update the device variable identifier directly through the update unit.
- FIG. 5 shows a block diagram of a mobile terminal in accordance with an exemplary embodiment of the present invention.
- the account login device (“mobile terminal” in the foregoing) according to an exemplary embodiment includes a transmitting unit 510 and a receiving unit 520.
- the sending unit 510 sends a login request to the server, wherein the login request includes a device variable identifier.
- the receiving unit 520 receives the device variable identifier and the account login permission instruction processed by the server from the server.
- variable identifier of the device processed by the server means that the server determines that it is Whether the device variable identity needs to be updated, the updated device variable identity if an update is needed, and the device variable identity if no update is needed.
- the account login method, device, and server of the present invention replace the device identifier by using the device variable identifier in the automatic login process and update the device variable identifier according to the condition, thereby preventing the device identifier from being exposed to the mobile terminal for a long period of time, thereby improving
- both the device variable identifier and the user name can be utilized in the automatic login process, so that the user can log in to the desired account using the same mobile terminal, thereby improving the user experience.
- the validity period of the variable identifier of the device may be different according to the type of the application corresponding to the login account, so that the valid period of the variable identifier of the device of different applications is different, thereby providing a personalized service.
- embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
- the apparatus implements a particular function in a block or blocks of a flow or a flow and/or block diagram of the flowchart.
- These computer program instructions can also be loaded onto a computer or other programmable data processing device such that A series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing such that instructions executed on a computer or other programmable device are provided for implementing one or more processes and/or block diagrams in the flowchart The steps of a particular function in a box or multiple boxes.
- a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
- processors CPUs
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
- RAM random access memory
- ROM read only memory
- Memory is an example of a computer readable medium.
- Computer readable media includes both permanent and non-persistent, removable and non-removable media.
- Information storage can be implemented by any method or technology.
- the information can be computer readable instructions, data structures, modules of programs, or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device.
- computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
- embodiments of the present application can be provided as a method, system, or computer program product. Therefore, the present application can employ an entirely hardware embodiment, an entirely software embodiment, or a combination of software and A form of embodiment of the hardware aspect. Moreover, the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (22)
- 一种账户登录方法,所述账户登录方法应用于服务器,其特征在于,包括:接收来自移动终端对应用的登录请求,所述登录请求包括设备可变标识;从用户账户数据库中查找与所述设备可变标识对应的用户账户信息;若找到,根据设备可变标识中的时间戳和服务器的当前时间,判断是否需要对所述设备可变标识进行更新;若需要更新,对所述设备可变标识进行更新;向移动终端发送账户登录许可指令和更新后的设备可变标识。
- 如权利要求1所述的方法,其特征在于,所述设备可变标识具有有效期并且能够对移动终端进行标识。
- 如权利要求2所述的方法,其特征在于,所述设备可变标识的有效期根据应用类型不同而不同。
- 如权利要求1所述的方法,其特征在于,判断是否需要对所述设备可变标识进行更新的步骤包括:根据设备可变标识中的时间戳和服务器的当前时间,确定设备可变标识的存活时间,判断所述存活时间是否在有效期内,若不在有效期,则需要对所述设备可变标识进行更新。
- 如权利要求1所述的方法,其特征在于,判断是否需要对所述设备可变标识进行更新之后,若判断不需要对所述设备可变标识进行更新,则向移动终端发送账户登录许可指令和所述设备可变标识。
- 如权利要求1所述的方法,其特征在于,所述设备可变标识包括具有有效期的设备令牌token。
- 如权利要求1所述的方法,其特征在于,设备可变标识是服务器根据应用、设备标识、有效期和时间戳而生成的。
- 如权利要求7所述的方法,其中,设备标识是服务器根据移动终端的终端信息生成的唯一标识。
- 如权利要求8所述的方法,其特征在于,设备标识、设备可变标识和用户名两两对应地存储在用户账户数据库中。
- 如权利要求9所述的方法,其特征在于,从用户账户数据库中查找与所述设备可变标识对应的用户账户信息的步骤包括:从用户账户数据库中查找与所述设备可变标识对应的设备标识。
- 如权利要求9所述的方法,其特征在于,所述登录请求包括设备可变标识和用户名。
- 如权利要求11所述的方法,其特征在于,从用户账户数据库中查找与所述设备可变标识对应的用户账户信息的步骤包括:从用户账户数据库中查找与所述设备可变标识对应的设备标识,同时确定用户名是否为与所述设备标识相对应的用户名。
- 如权利要求1至12中的任意一项所述的方法,其特征在于,对所述设备可变标识进行更新之后,使用更新后的设备可变标识来更新用户账户数据库。
- 一种账户登录方法,所述账户登录方法应用于服务器,其特征在于,包括:接收来自移动终端的登录请求,所述登录请求包括设备可变标识;从用户账户数据库中查找与所述设备可变标识对应的用户账户信息;若找到,对所述设备可变标识进行更新;向移动终端发送账户登录许可指令和更新后的设备可变标识。
- 一种账户登录方法,所述账户登录方法应用于移动终端,其特征在于,包括:将登录请求发送到服务器,其中,所述登录请求包括设备可变标识;从服务器接收经由服务器处理后的设备可变标识和账户登录许可指令。
- 如权利要求15所述的方法,其特征在于:经由服务器处理后的设备可变标识是指服务器判断是否需要对所述设备 可变标识进行更新,在需要更新的情况下的更新后的设备可变标识以及在不需要更新的情况下的所述设备可变标识。
- 如权利要求15所述的方法,其特征在于,所述登录请求包括设备可变标识和用户名。
- 一种服务器,其特征在于,包括:接收单元,接收来自移动终端的登录请求,所述登录请求包括设备可变标识;存储单元,存储用户账户数据库;查找单元,从用户账户数据库中查找与所述设备可变标识对应的用户账户信息;判断单元,判断是否需要对所述设备可变标识进行更新;更新单元,根据设备可变标识中的时间戳和所述服务器的当前时间,对所述设备可变标识进行更新;发送单元,向移动终端发送账户登录许可指令和更新后的设备可变标识。
- 如权利要求18所述的服务器,其特征在于,所述设备可变标识具有有效期并且能够对移动终端进行标识。
- 如权利要求18所述的服务器,其特征在于,所述登录请求包括设备可变标识和用户名。
- 一种服务器,其特征在于,包括:接收单元,接收来自移动终端的登录请求,所述登录请求包括设备可变标识;存储单元,存储用户账户数据库;查找单元,从用户账户数据库中查找与所述设备可变标识对应的用户账户信息;更新单元,对所述设备可变标识进行更新;发送单元,向移动终端发送账户登录许可指令和更新后的设备可变标识。
- 一种账户登录设备,其特征在于,包括:发送单元,将登录请求发送到服务器,其中,所述登录请求包括设备可变标识;接收单元,从服务器接收经由服务器处理后的设备可变标识和账户登录许可指令。
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG11201903216TA SG11201903216TA (en) | 2016-10-10 | 2017-09-26 | Method, apparatus and server for account login |
EP17860687.7A EP3525410B1 (en) | 2016-10-10 | 2017-09-26 | Account login method, apparatus, and server |
MYPI2019001971A MY202019A (en) | 2016-10-10 | 2017-09-26 | Method, apparatus and server for account login |
JP2019519300A JP6752969B2 (ja) | 2016-10-10 | 2017-09-26 | アカウントログインのための方法、装置及びサーバ |
KR1020197012539A KR102204733B1 (ko) | 2016-10-10 | 2017-09-26 | 계정 로그인을 위한 방법, 장치, 및 서버 |
PH12019500769A PH12019500769A1 (en) | 2016-10-10 | 2019-04-10 | Method, apparatus and server for account login |
US16/380,319 US11019051B2 (en) | 2016-10-10 | 2019-04-10 | Secure authentication using variable identifiers |
US17/320,625 US11184347B2 (en) | 2016-10-10 | 2021-05-14 | Secure authentication using variable identifiers |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610884223.8 | 2016-10-10 | ||
CN201610884223.8A CN107026832B (zh) | 2016-10-10 | 2016-10-10 | 账户登录方法、设备和服务器 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/380,319 Continuation US11019051B2 (en) | 2016-10-10 | 2019-04-10 | Secure authentication using variable identifiers |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018068631A1 true WO2018068631A1 (zh) | 2018-04-19 |
Family
ID=59525097
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/103390 WO2018068631A1 (zh) | 2016-10-10 | 2017-09-26 | 账户登录方法、设备和服务器 |
Country Status (10)
Country | Link |
---|---|
US (2) | US11019051B2 (zh) |
EP (1) | EP3525410B1 (zh) |
JP (1) | JP6752969B2 (zh) |
KR (1) | KR102204733B1 (zh) |
CN (2) | CN107026832B (zh) |
MY (1) | MY202019A (zh) |
PH (1) | PH12019500769A1 (zh) |
SG (1) | SG11201903216TA (zh) |
TW (1) | TWI706262B (zh) |
WO (1) | WO2018068631A1 (zh) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107026832B (zh) * | 2016-10-10 | 2021-01-15 | 创新先进技术有限公司 | 账户登录方法、设备和服务器 |
WO2019090552A1 (zh) * | 2017-11-09 | 2019-05-16 | 深圳传音通讯有限公司 | 一种用于智能设备的应用的登录方法及登录装置 |
CN113452719B (zh) * | 2018-03-30 | 2022-12-30 | 平安科技(深圳)有限公司 | 一种应用登录方法、装置、终端设备及存储介质 |
CN108989298B (zh) * | 2018-06-30 | 2021-04-27 | 平安科技(深圳)有限公司 | 一种设备安全监控方法、装置及计算机可读存储介质 |
CN108989187A (zh) * | 2018-07-27 | 2018-12-11 | 深信服科技股份有限公司 | 邮件即时提醒系统及方法 |
CN109684799B (zh) * | 2018-08-21 | 2023-12-26 | Tcl金融科技(深圳)有限公司 | 账户登录方法、登录装置、账户登录设备及存储介质 |
CN109635529A (zh) * | 2018-11-13 | 2019-04-16 | 平安科技(深圳)有限公司 | 账号共用检测方法、装置、介质及电子设备 |
CN112579032B (zh) * | 2019-09-27 | 2023-10-03 | 百度在线网络技术(北京)有限公司 | 智能设备引导的方法及装置 |
WO2021064472A1 (en) * | 2019-10-01 | 2021-04-08 | Lenovo (Singapore) Pte. Ltd. | Determining a time to perform an update |
CN111181977B (zh) * | 2019-12-31 | 2021-06-04 | 瑞庭网络技术(上海)有限公司 | 一种登录方法、装置、电子设备及介质 |
KR102304438B1 (ko) * | 2020-02-03 | 2021-09-24 | 소프트런치주식회사 | 사용자 단말의 가변 식별값을 이용한 복수의 사용자 단말 관리 방법 및 그 장치 |
CN111600858B (zh) * | 2020-05-06 | 2021-12-14 | 腾讯科技(深圳)有限公司 | 一种应用登录方法、装置及系统 |
CN112287318B (zh) * | 2020-10-29 | 2024-07-02 | 平安科技(深圳)有限公司 | 跨应用程序登录方法、装置、设备及介质 |
CN116016246A (zh) * | 2021-10-22 | 2023-04-25 | 华为技术有限公司 | 设备标识符获取方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8868921B2 (en) * | 2011-07-20 | 2014-10-21 | Daon Holdings Limited | Methods and systems for authenticating users over networks |
CN104348620A (zh) * | 2013-07-31 | 2015-02-11 | 中兴通讯股份有限公司 | 一种对智能家居终端进行鉴权的方法及相应装置 |
CN105210076A (zh) * | 2013-04-03 | 2015-12-30 | 赛门铁克公司 | 弹性、可恢复的动态设备识别 |
WO2016155668A1 (zh) * | 2015-04-02 | 2016-10-06 | 成都鼎桥通信技术有限公司 | 集群系统中应用统一鉴权方法、服务器与终端 |
CN107026832A (zh) * | 2016-10-10 | 2017-08-08 | 阿里巴巴集团控股有限公司 | 账户登录方法、设备和服务器 |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003157366A (ja) * | 2001-11-20 | 2003-05-30 | Sanyo Electric Co Ltd | 個人情報管理方法、管理装置、流通装置及び物品流通システム |
CN101064695A (zh) * | 2007-05-16 | 2007-10-31 | 杭州看吧科技有限公司 | 一种P2P(Peer to Peer)安全连接的方法 |
TWI344607B (en) * | 2007-08-15 | 2011-07-01 | Inventec Appliances Corp | Method and system for downloading digital content |
CN101605030B (zh) * | 2008-06-13 | 2012-09-05 | 新奥特(北京)视频技术有限公司 | 一种面向电视台应用的基于Active Directory的统一认证实现方法 |
US9363262B1 (en) * | 2008-09-15 | 2016-06-07 | Galileo Processing, Inc. | Authentication tokens managed for use with multiple sites |
KR20100045716A (ko) * | 2008-10-24 | 2010-05-04 | 삼성전자주식회사 | 정적 식별자 및 동적 식별자를 이용한 정품 인증에 기초한 통신 방법 및 장치 |
CN102110200A (zh) * | 2009-12-25 | 2011-06-29 | 凹凸电子(武汉)有限公司 | 计算机可执行的认证方法 |
CN101964791B (zh) * | 2010-09-27 | 2014-08-20 | 北京神州泰岳软件股份有限公司 | 客户端与web应用的通讯认证系统及认证方法 |
EP2798775B1 (en) | 2011-12-27 | 2019-06-19 | Intel Corporation | Authenticating to a network via a device-specific one time password |
US8718607B2 (en) * | 2012-04-12 | 2014-05-06 | At&T Intellectual Property I, L.P. | Anonymous customer reference services enabler |
CN102684881B (zh) | 2012-05-03 | 2016-05-25 | 飞天诚信科技股份有限公司 | 一种动态口令的认证方法和装置 |
CN102739686B (zh) * | 2012-07-05 | 2014-09-24 | 无锡中科泛在信息技术研发中心有限公司 | 一种限制用户多地点同时登录的方法 |
US9203818B1 (en) | 2012-08-23 | 2015-12-01 | Amazon Technologies, Inc. | Adaptive timeouts for security credentials |
CN104125565A (zh) * | 2013-04-23 | 2014-10-29 | 中兴通讯股份有限公司 | 一种基于oma dm实现终端认证的方法、终端及服务器 |
KR102069685B1 (ko) * | 2013-06-05 | 2020-01-23 | 에스케이플래닛 주식회사 | 로그인 유지 시 보안토큰을 이용한 인증 장치 |
CN103457738B (zh) * | 2013-08-30 | 2017-02-22 | 优视科技有限公司 | 基于浏览器的登陆处理方法及系统 |
CN104580074B (zh) * | 2013-10-14 | 2018-08-24 | 阿里巴巴集团控股有限公司 | 客户端应用的登录方法及其相应的服务器 |
CN103595809A (zh) * | 2013-11-22 | 2014-02-19 | 乐视致新电子科技(天津)有限公司 | 智能电视中的账户信息管理方法及装置 |
US9258291B2 (en) * | 2013-12-19 | 2016-02-09 | Dropbox, Inc. | Pre-authorizing a client application to access a user account on a content management system |
US9509682B2 (en) * | 2014-01-10 | 2016-11-29 | The Board Of Regents Of The Nevada System Of Higher Education On Behalf Of The University Of Nevada, Las Vegas | Obscuring usernames during a login process |
JP6235406B2 (ja) * | 2014-05-08 | 2017-11-22 | 日本電信電話株式会社 | 認証方法と認証装置と認証プログラム |
WO2015179640A1 (en) * | 2014-05-22 | 2015-11-26 | Alibaba Group Holding Limited | Method, apparatus, and system for providing a security check |
JP6463023B2 (ja) * | 2014-07-23 | 2019-01-30 | キヤノン株式会社 | 情報処理装置とその制御方法、及びプログラム |
CN104301316A (zh) * | 2014-10-13 | 2015-01-21 | 中国电子科技集团公司第二十八研究所 | 一种单点登录系统及其实现方法 |
CN104580177B (zh) * | 2014-12-26 | 2018-04-27 | 广州酷狗计算机科技有限公司 | 资源提供方法、装置和系统 |
CN104580496B (zh) * | 2015-01-22 | 2018-04-13 | 深圳先进技术研究院 | 一种基于临时代理的虚拟机访问系统及服务器 |
CN104821937B (zh) * | 2015-03-26 | 2018-05-11 | 腾讯科技(北京)有限公司 | 令牌获取方法、装置及系统 |
US9342617B1 (en) * | 2015-05-19 | 2016-05-17 | Parrable, Inc. | Unique identifiers for browsers |
CN105205384B (zh) * | 2015-10-16 | 2019-03-29 | 深圳市宏辉智通科技有限公司 | 一种自动获取用户端账号信息并登录保存的方法 |
US20170147772A1 (en) * | 2015-11-23 | 2017-05-25 | Covidien Lp | Wireless patient verification |
CN105978682A (zh) * | 2016-06-27 | 2016-09-28 | 武汉斗鱼网络科技有限公司 | 移动端令牌生成系统及其判断登录用户身份的方法 |
US10178093B2 (en) * | 2016-08-12 | 2019-01-08 | Sears Brands, L.L.C. | Systems and methods for online fraud detection |
-
2016
- 2016-10-10 CN CN201610884223.8A patent/CN107026832B/zh active Active
- 2016-10-10 CN CN202110195325.XA patent/CN113014568B/zh active Active
-
2017
- 2017-09-11 TW TW106130940A patent/TWI706262B/zh active
- 2017-09-26 SG SG11201903216TA patent/SG11201903216TA/en unknown
- 2017-09-26 MY MYPI2019001971A patent/MY202019A/en unknown
- 2017-09-26 EP EP17860687.7A patent/EP3525410B1/en active Active
- 2017-09-26 JP JP2019519300A patent/JP6752969B2/ja active Active
- 2017-09-26 WO PCT/CN2017/103390 patent/WO2018068631A1/zh unknown
- 2017-09-26 KR KR1020197012539A patent/KR102204733B1/ko active IP Right Grant
-
2019
- 2019-04-10 PH PH12019500769A patent/PH12019500769A1/en unknown
- 2019-04-10 US US16/380,319 patent/US11019051B2/en active Active
-
2021
- 2021-05-14 US US17/320,625 patent/US11184347B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8868921B2 (en) * | 2011-07-20 | 2014-10-21 | Daon Holdings Limited | Methods and systems for authenticating users over networks |
CN105210076A (zh) * | 2013-04-03 | 2015-12-30 | 赛门铁克公司 | 弹性、可恢复的动态设备识别 |
CN104348620A (zh) * | 2013-07-31 | 2015-02-11 | 中兴通讯股份有限公司 | 一种对智能家居终端进行鉴权的方法及相应装置 |
WO2016155668A1 (zh) * | 2015-04-02 | 2016-10-06 | 成都鼎桥通信技术有限公司 | 集群系统中应用统一鉴权方法、服务器与终端 |
CN107026832A (zh) * | 2016-10-10 | 2017-08-08 | 阿里巴巴集团控股有限公司 | 账户登录方法、设备和服务器 |
Also Published As
Publication number | Publication date |
---|---|
JP6752969B2 (ja) | 2020-09-09 |
CN107026832B (zh) | 2021-01-15 |
CN113014568B (zh) | 2023-06-30 |
CN113014568A (zh) | 2021-06-22 |
SG11201903216TA (en) | 2019-05-30 |
US20190238529A1 (en) | 2019-08-01 |
EP3525410A4 (en) | 2019-10-30 |
EP3525410B1 (en) | 2022-01-12 |
KR20190067194A (ko) | 2019-06-14 |
KR102204733B1 (ko) | 2021-01-20 |
MY202019A (en) | 2024-03-29 |
TWI706262B (zh) | 2020-10-01 |
US11019051B2 (en) | 2021-05-25 |
PH12019500769A1 (en) | 2019-11-11 |
CN107026832A (zh) | 2017-08-08 |
JP2019537112A (ja) | 2019-12-19 |
US20210273936A1 (en) | 2021-09-02 |
US11184347B2 (en) | 2021-11-23 |
EP3525410A1 (en) | 2019-08-14 |
TW201814569A (zh) | 2018-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018068631A1 (zh) | 账户登录方法、设备和服务器 | |
TWI679550B (zh) | 帳號登入方法及裝置 | |
US10136281B2 (en) | Method for logging in to application, server, terminal, and nonvolatile computer readable storage medium | |
KR102194052B1 (ko) | 서비스 실행 방법 및 디바이스 | |
EP3044936B1 (en) | Method and apparatus of downloading and installing a client | |
WO2015101320A1 (zh) | 一种账号的生成方法、终端及后台服务器 | |
US11762979B2 (en) | Management of login information affected by a data breach | |
US11727101B2 (en) | Methods and systems for verifying applications | |
US20120227035A1 (en) | Cross platform service notification | |
JP7111907B2 (ja) | 自動的なリンクベースのメッセージ検証 | |
CN106899563B (zh) | 鉴权方法及装置、鉴权码生成方法及装置、鉴权系统 | |
US20230281695A1 (en) | Determining and presenting information related to a semantic context of electronic message text or voice data | |
US11244031B2 (en) | License data structure including license aggregation | |
US20210064756A1 (en) | Methods and systems for verifying applications | |
WO2018121164A1 (zh) | 一种用于创建服务号的方法、设备及系统 | |
US20180260541A1 (en) | License data structure including location-based application features | |
CN115473698A (zh) | 用户数据的授权方法、装置、电子设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17860687 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019519300 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20197012539 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2017860687 Country of ref document: EP Effective date: 20190510 |