WO2020010726A1 - Registration and login method for hybrid application program, system, and computer device - Google Patents

Registration and login method for hybrid application program, system, and computer device Download PDF

Info

Publication number
WO2020010726A1
WO2020010726A1 PCT/CN2018/108778 CN2018108778W WO2020010726A1 WO 2020010726 A1 WO2020010726 A1 WO 2020010726A1 CN 2018108778 W CN2018108778 W CN 2018108778W WO 2020010726 A1 WO2020010726 A1 WO 2020010726A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
terminal
password
login
Prior art date
Application number
PCT/CN2018/108778
Other languages
French (fr)
Chinese (zh)
Inventor
邹国忠
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020010726A1 publication Critical patent/WO2020010726A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present application relates to the field of information processing technology, and in particular, to a method, a system, and a computer device for registering and logging in a hybrid application.
  • Hybrid app is an application between web app and native app, which has both the good user interaction experience of native apps and the advantages of cross-platform development of web apps.
  • Many existing applications are developed based on a hybrid application framework. For example, applications in the financial field such as online payment are developed using a hybrid application framework.
  • the hybrid application in the financial field involves resources in the account, it requires high security.
  • the login method of the hybrid application is only after the operator enters the user name and password, and determines whether the user name and password are correct. Or match, you can complete the login operation of the account, but you cannot determine whether the operator is the legal operator of the account, so the existing hybrid application has a single verification method.
  • the purpose of this application is to provide a method and system for registering and logging in a hybrid application, a computer device, and a storage medium, which are used to solve the foregoing problems in the prior art.
  • the present application provides a method for registering and logging in a hybrid application.
  • the registration and login method of the hybrid application includes: the terminal responds to the registration operation, and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; and the terminal obtains the registration page received through the js framework in response to the registration information input operation.
  • Registration information and collect the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and user password;
  • the terminal uses the js framework to perform the registration information and the number of passwords and password input parameters when the user enters the registration information
  • the first encrypted information is obtained through encryption, and the network interface provided by the native framework of the hybrid application is called to send the first encrypted information to the server;
  • the server decrypts the first encrypted information, and stores the decrypted registration information as a user information record ,
  • the password times and password input parameters when the user enters the registration information are stored as a user operation record, and the password input parameters when the user enters the registration information are recorded as user habits parameters;
  • the terminal responds to the login operation, and controls the hybrid application to jump through the js framework Go to the login page;
  • the terminal responds to the login information input operation, obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when the user enter
  • the server returns the result of the correct login information to the terminal, and the server sends The secret obtained by decrypting the second encrypted information
  • the number of times and password input parameters are stored as a user operation record, and the similarity between the password input parameter and the user habit parameter obtained by decrypting the second encrypted information is calculated, and when the similarity is less than a preset similarity threshold, an exception is sent by a preset method Login warning information.
  • the server calculates new user habits parameters based on all user operation records stored, and uses the new user habits parameters to update the user habits parameters. If the second encrypted information is obtained, the user password Inconsistent with the user password in the queried user information record, the server feeds back the result of the wrong login information to the terminal; the terminal controls the hybrid application to display the error prompt message through the js framework.
  • the present application also provides a registration and login system for a hybrid application.
  • the registration and login system of the hybrid application includes a terminal and a server, wherein the terminal is used to respond to the registration operation, and the hybrid application is controlled to jump to the registration page through the js framework of the hybrid application; the terminal is used to respond to the registration information input operation through js
  • the framework obtains the registration information received on the registration page, and collects the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and the user password; the terminal is used for the registration information and the user to enter the registration information through the js framework
  • the number of passwords and password input parameters are encrypted to obtain the first encrypted information, and the network interface provided by the native framework of the hybrid application is called to send the first encrypted information to the server; the server is used to decrypt the first encrypted information, and
  • the decrypted registration information is stored as a user information record, the password times and password input parameters when the user enters the registration information are stored as a user operation record, and the password input parameters when the user enters the registration information
  • the present application further provides a computer device including a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements registration of the hybrid application program when the processor executes the program.
  • the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; the terminal obtains the registration information received on the registration page through the js framework in response to the registration information input operation, and collects the user input registration information Password times and password input parameters, where the registration information includes the user name and user password; the terminal encrypts the registration information and the password times and password input parameters when the user enters the registration information through the js framework to obtain the first encrypted information, and calls the hybrid
  • the network interface provided by the native framework of the application program sends the first encrypted information to the server; the server decrypts the first encrypted information and stores the decrypted registration information as a user information record, and the number of passwords when the user enters the registration information And password input parameters are stored as user operation records, and password input parameters are recorded as user habit parameters when the user enters registration information; the terminal responds to the login operation and controls the hybrid application to jump to the login page through the js framework; the terminal responds to the login information lose
  • the server If the user password obtained from the second encrypted information is consistent with the user password in the queried user information record, the server returns the result of correct login information to the terminal, and the server will decrypt the number of passwords obtained from the second encrypted information and Password input parameters are stored for user operation
  • the server calculates new user habits parameters based on all stored user operation records, and uses the new user habits parameters to update the user habits parameters. If the user password obtained from the second encrypted information and the query user information records are If the user passwords are inconsistent, the server feeds back the result of the incorrect login information to the terminal; the terminal controls the hybrid application to display an error prompt message through the js framework.
  • the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by the processor, the following steps of the method for registering and logging in the hybrid application program are implemented:
  • the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; the terminal obtains the registration information received on the registration page through the js framework in response to the registration information input operation, and collects the user input registration information Password times and password input parameters, where the registration information includes the user name and user password; the terminal encrypts the registration information and the password times and password input parameters when the user enters the registration information through the js framework to obtain the first encrypted information, and calls the hybrid
  • the network interface provided by the native framework of the application program sends the first encrypted information to the server; the server decrypts the first encrypted information and stores the decrypted registration information as a user information record, and the number of passwords when the user enters the registration information And password input parameters are stored as user operation records, and password input parameters are recorded as user habit parameters when the user enters registration information; the terminal responds to the login operation and controls the hybrid application to jump to the login page through the js framework; the terminal responds to the login information lose
  • the server If the user password obtained from the second encrypted information is consistent with the user password in the queried user information record, the server returns the result of correct login information to the terminal, and the server will decrypt the number of passwords obtained from the second encrypted information and Password input parameters are stored for user operation
  • the server calculates new user habits parameters based on all stored user operation records, and uses the new user habits parameters to update the user habits parameters. If the user password obtained from the second encrypted information and the query user information records are If the user passwords are inconsistent, the server feeds back the result of the incorrect login information to the terminal; the terminal controls the hybrid application to display an error prompt message through the js framework.
  • the registration and registration method, system, computer equipment, and storage medium of the hybrid application provided in this application.
  • the native framework provides a basic interface method.
  • the login and registration page and jump logic are completely implemented and controlled by the JS framework.
  • each input The password input parameters of the user password are encrypted to the server, and the server calculates the user habits parameters.
  • the password input parameters and the user habits parameters are similar to each other when a user enters the user password, a reminder is provided to improve the security of the hybrid application.
  • the password input parameter when a user enters the user password is similar to the user habit parameter, the user habit parameter is updated in time to ensure that the user habit parameter dynamically follows the user habit.
  • FIG. 1 is a flowchart of a method for registering and logging in a hybrid application provided in Embodiment 1 of the present application;
  • FIG. 1 is a flowchart of a method for registering and logging in a hybrid application provided in Embodiment 1 of the present application;
  • FIG. 2 is a block diagram of a registration and login system for a hybrid application provided in Embodiment 2 of the present application;
  • FIG. 3 is a hardware structural diagram of a computer device provided in Embodiment 3 of the present application.
  • the hybrid application in this embodiment may be a financial app with high security requirements.
  • the financial app includes a native framework and a js framework.
  • the js framework is used to implement and control the pages of the financial app, such as a registration page and a login page.
  • the native framework is used to provide interfaces and methods for the js framework.
  • FIG. 1 is a flowchart of a registration and login method for a hybrid application provided in Embodiment 1 of the present application. As shown in FIG. 1, the registration and login method includes the following steps:
  • Step S101 In response to the registration operation, the terminal controls the hybrid application to jump to the registration page through the js framework.
  • Step S102 In response to the registration information input operation, the terminal obtains the registration information received on the registration page through the js framework, and collects the number of passwords and password input parameters when the user inputs the registration information.
  • the registration information includes a user name and a user password, and the number of passwords is the number of times the user enters the user password.
  • the password input parameters include input characteristic parameters and environmental parameters.
  • the input characteristic parameters include characteristic parameters that describe the input operation when the user enters the user password.
  • the parameters include parameters of the running environment in which the hybrid application is located when the user enters the user password.
  • the user registers on the registration page.
  • the JS framework obtains the registration information filled in by the user on the registration page.
  • the registration information includes at least the user name and user password.
  • the user name can be a common account form such as the user's mobile phone number, email address, and qq number.
  • the form of the user password includes a character form and / or a gesture form, and the registration information may further include a user nickname, a user gender, a user name, and the like.
  • the js framework collects the number of passwords and password input parameters for the user's password, where:
  • the number of passwords refers to the number of times the user enters the user password in the terminal. For the registration process, the user usually enters the user password twice. When the user enters the user password on the registration page, the number of passwords is 1. When the user confirms the password on the registration page, the number of passwords is 2.
  • Password input parameters include input characteristic parameters and environmental parameters.
  • the input characteristic parameters include various parameters that characterize the input characteristics when the user enters the user password.
  • the input characteristic parameters include, but are not limited to, the keyboard mode used when the user enters the user password and the user enters the user password.
  • the time interval between characters when the user password is in the form of a gesture, the input characteristic parameters include, but are not limited to, the time interval between graphic points when the user enters the user password.
  • the environment parameters include various parameters of the environment where the user enters the user password, including the terminal's IP address, the current geographical location, and the login time.
  • the acquisition of environment parameters usually requires the JS framework to call the corresponding interface provided by the native framework to implement, such as :
  • the js framework calls the GPS in the terminal by calling the getLocation interface of the native framework to obtain the current geographic location.
  • Step S103 The terminal encrypts the registration information and the number of passwords and password input parameters when the user enters the registration information through the JS framework to obtain the first encrypted information, and calls the network interface provided by the native framework of the hybrid application to send the first encrypted information. To the server.
  • the terminal encrypts the registration information, the number of passwords, and the password input parameters through the js framework, and the encryption algorithm may use the aes encryption algorithm.
  • the js framework calls the network interface provided by the native framework to send the encrypted information to the server over the network.
  • Step S104 The server decrypts the first encrypted information and stores the decrypted registration information as a user information record, stores the number of passwords and password input parameters when the user enters the registration information as a user operation record, and inputs the user's registration information
  • the password input parameters are recorded as user custom parameters.
  • the server obtains the registration information, the number of passwords, and the password input parameters after decrypting the information.
  • the server determines user habits based on the number of passwords and password input parameters, and stores the user name, user password, and user habits parameters in correspondence.
  • the user habit parameters include the characteristic values of various habit parameters.
  • the user habit parameters include the parameters in the password input parameters.
  • the user habit parameters are: keyboard mode is full keyboard, and the time interval between characters is 1s, 2s, 1s, 1s, 1s, geographical location is Shanghai.
  • Step S105 In response to the login operation, the terminal controls the hybrid application to jump to the login page through the js framework.
  • Step S106 In response to the login information input operation, the terminal obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when the user enters the login information.
  • the login information includes a user name and a user password.
  • the user logs in on the login page.
  • the JS framework obtains the login information filled in by the user on the login page.
  • the login information includes at least the user name and the user password.
  • the js framework collects the number of passwords and password input parameters for the user's password. The meanings of the number of passwords and password input parameters are the same as above.
  • Step S107 The terminal encrypts the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain the second encrypted information, and invokes a network interface to send the second encrypted information to the server.
  • the JS framework encrypts the login information, the number of passwords, and the password input parameters, and calls the network interface provided by the native framework to send the encrypted information to the server over the network.
  • the encryption algorithm can use the aes encryption algorithm, and the server decryption can obtain the login. Information, password times, and password input parameters.
  • Step S108 The server decrypts the second encrypted information, and inquires the user name obtained by decrypting the second encrypted information in the stored user operation record.
  • the server end can store multiple user information records.
  • the server can obtain the user name after decrypting the second encrypted information, and then query the stored user operation records. A record including the user name obtained by decryption. If not found, step S109 is performed, and if found, step S110 is performed.
  • Step S109 The server feeds back the unregistered result to the terminal, and the terminal controls the hybrid application to jump to the registration page through the js framework.
  • Step S110 The server judges whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record.
  • step S108 after the server decrypts the second encrypted information, in addition to the user name, the user password can be obtained. Further, in step S108, if a user including the user name obtained by decryption is queried, Information record, then in step S110, it is determined whether the decrypted user password is consistent with the user password in the queried user information record. If they are consistent, step S111 is performed, and if they are not consistent, step S115 is performed.
  • Step S111 The server feeds back the correct result of the login information to the terminal.
  • the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as a user operation record, and calculates the password input parameters and user habits parameters obtained by decrypting the second encrypted information. Similarity.
  • Step S112 The server judges the magnitude relationship between the calculated similarity and a preset similarity threshold.
  • step S113 When the similarity is less than the preset similarity threshold, step S113 is performed, and when the similarity is greater than the similarity threshold, step S114 is performed.
  • Step S113 The server sends an abnormal login warning message in a preset manner.
  • the preset method includes any one of communication methods such as short message and telephone, and informs the user of the abnormal login warning information.
  • Step S114 The server calculates new user habits parameters according to the stored all user operation records, and uses the new user habits parameters to update the user habits parameters.
  • Step S115 The server feeds back the result of the wrong login information to the terminal, and the terminal controls the hybrid application to display the error prompt message through the js framework.
  • the native framework provides a basic interface method, and the login and registration page and jump logic are completely implemented and controlled by the JS framework on the terminal side.
  • the password input parameters are encrypted to the server, and the server calculates user habits parameters.
  • the reminder is raised to improve the security of the hybrid application.
  • the password input parameter when the user enters the user password is similar to the user habit parameter, the user habit parameter is updated in time to ensure that the user habit parameter dynamically follows the user habit.
  • the registration and login method can also repair and update the registration page and the login page.
  • the method further includes: the server sends a first hot update package to the terminal, where The first hot update package is used to repair and update the registration page; the terminal loads the first hot update package to repair and update the registration page through the js framework.
  • hybrid application developers need to repair the registration page's vulnerabilities or changes. When registering the function of the page, it is not necessary to publish a new version of the hybrid application. Instead, a first hot update package is issued for the registration page.
  • the first hot update package only includes code for repairing and updating the registration page.
  • a hot update package is sent to the terminal, and the terminal stores it. After jumping to the registration page, first load the first hot update package through the js framework to repair and update the registration page.
  • the method further includes: the server sends a second hot update package to the terminal, where The second hot update package is used to repair and update the login page; the terminal loads the second hot update package to repair and update the login page through the js framework.
  • the hybrid application developer needs to repair the vulnerability or change of the login page.
  • a second hot update package is issued for the login page.
  • the second hot update package only includes code for repairing and updating the login page.
  • the second hot update package is sent to the terminal, and the terminal stores it. After jumping to the login page, first load the second hot update package through the js framework to repair and update the login page.
  • step S108 the step of calculating, by the server, the new user habits parameter according to the stored all user operation records specifically includes:
  • the most frequently occurring value in all user operation records is counted as the parameter value in the new user habit parameter
  • the number of passwords is usually at most two, and the chance is relatively large, so the password input parameters of both times can be directly stored.
  • the js framework will also collect the password input parameters when the user logs in and send them to the server.
  • the parameters in the password input parameters will tend to stable values.
  • the server can determine the most frequent value as the characteristic value of this parameter. For example, 90 out of 100 times use the full keyboard and 93 times in Shanghai. Then it is determined that the characteristic value of the keyboard mode in the password input habit is a full keyboard, and the characteristic value of the geographical position is Shanghai.
  • the server can use each time interval in each password input parameter as a set of sampling values, and cluster each set of sampling values to obtain a cluster center. For example, when the user password has At 6 digits, if the third digit is an uppercase letter and the rest are all lowercase letters, the user will need to switch between uppercase and lowercase when entering the third digit password, which will inevitably take more time, which means that the second interval must be longer. Long, as the user's input proficiency increases, the time interval tends to be stable, and the corresponding cluster center may be 1s, 2s, 1s, 1s, 1s, which can correctly reflect the password characteristics.
  • step S108 the server calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user's habit parameter, and the specific steps include:
  • weights are assigned to various custom parameters in the user's custom parameters.
  • the keyboard mode is assigned a weight of 0.5
  • the time interval is assigned a weight of 0.5
  • the keyboard mode is assigned a weight of 0.4
  • the time interval is assigned a weight of 0.4
  • the geographical position is assigned a weight of 0.2.
  • the actual user password has many digits, so there are usually multiple time intervals, and then each interval is assigned an equal weight. For example, when the user password has 6 digits, there are a total of 5 intervals, you can assign a 0.1 weight to each interval. .
  • the server calculates the similarity, it sequentially calculates the similarity between the parameters in the collected password input parameters and the corresponding custom parameters in the user's custom parameters, that is, the keyboard mode in the password input parameters and the password input habits.
  • the similarity between keyboard modes the similarity between time interval 1 and time interval 1, the similarity between time interval 2 and time interval 2, and so on. Take the keyboard input mode and time interval in the password input parameters and user habit parameters as examples.
  • the keyboard mode similarity you can define that when the keyboard modes are the same, the similarity is 1 and the similarity is 0 at the same time. For example, both are keyboards.
  • the similarity between the two is 1, when the keyboard input mode is the Jiugongge keyboard, and the keyboard input mode is the full keyboard, the keyboard mode similarity is 0.
  • the time interval similarity you can define the similarity between the time interval in the password input parameter and the time interval in the user's custom parameters to be within the set error range, and the similarity to 0 when the error range is exceeded, such as ,
  • the time interval in the password input habits is 0.2s
  • the time interval in the password input parameters is 0.5s
  • the error can correspond to the similarity of different gradients.
  • the corresponding similarity is 1, and when the error is When the range is -50% to -20% and 20% to 50%, the corresponding similarity is 0.8.
  • the error is in the range of -80% to -50% and 50% to 80%, the corresponding similarity is 0.6.
  • the specific settings can be customized according to the situation.
  • the js framework when the terminal controls the hybrid application to jump to the homepage through the js framework, that is, when the user normally logs in and uses the hybrid application, the js framework will call the network interface of the native framework to obtain server data from the server, and The data reading interface of the native framework is called to obtain the front-end data.
  • the data obtained by the JS framework can be divided into two types: temporary data and permanent data.
  • the temporary data mainly includes list data, business data, and user temporary login permission tokens. Permanent data is mainly There are user names and user nicknames. There is no obvious difference between the two types of data, which can be customized.
  • the js framework calls the write interface of the native framework to write temporary data to the terminal's cache, and calls the write interface of the native framework to write the permanent data to the terminal's memory.
  • the method further includes: the server detects whether the login permission of the user has expired, and when the expired time, the result of the login timeout is fed back to the terminal, and the terminal passes The js framework clears the temporary data written to the terminal cache and controls the hybrid application to jump to the login page.
  • the server when a user logs in normally and uses the hybrid application, if the login timeout duration reaches a preset duration, for example, setting the preset duration to 15 minutes, the server will detect that the login permission token of the user has expired. When the server determines the login timeout and returns the result to the terminal, the terminal clears the temporary data written to the terminal cache through the js framework and controls the hybrid application to jump to the login page.
  • a preset duration for example, setting the preset duration to 15 minutes
  • the gesture login page refers to a page displaying a nine-square grid pattern and the like for inputting a gesture form password
  • character The login page refers to a page that displays a keyboard and the like for entering a password in character form.
  • the user logs in on the login page, the js framework obtains the login information, the number of passwords, and the password input parameters and encrypts it, and calls the network interface provided by the native framework to send the encrypted information to the server through the network.
  • the server decrypts and obtains the login information.
  • the server And detect whether the user name in the login information is consistent with the user name logged in before the timeout. If a change in the user name is detected, it means that the user has been switched, and the server returns the result to the terminal.
  • the terminal controls the hybrid application to jump through the js framework. Go to the homepage; if the user name is not changed, it means that the user has not been switched, the server feeds the result back to the terminal, and the terminal controls the hybrid application to jump to the page before the timeout through the js framework.
  • the method further includes: the terminal responds to the network request operation, and adds a refresh mark to the page operated by the network request through the js framework; if the server receives The request corresponding to the network request operation and the response data is returned to the terminal.
  • the terminal refreshes the page operated by the network request and clears the refresh flag of the page through the js framework according to the response data; if the terminal adds the refresh mark to the page operated by the network request through the js framework
  • the control terminal jumps to the login page through the js framework hybrid application.
  • the js framework when the user needs to initiate a network request in a certain page of the hybrid application, the js framework will add a refresh mark to the page. If the server receives the network request and is normal If the response, the server will return the corresponding data. The terminal refreshes the page and clears the refresh flag of the page through the js framework according to the data returned by the server. However, if the user times out after logging in after the network request, the terminal has not received the server return. Data will control the hybrid application to redirect to the login page. At this time, if the user logs in again, when the terminal uses the js framework to control the hybrid application to redirect to the page before the login timeout, the js framework will be the page.
  • the added refresh mark has not been cleared.
  • the js framework detects that the refresh mark exists on the page, the js framework controls to jump to the page and refresh the page, while clearing the refresh mark.
  • a login timeout occurs, if the user does not initiate a network request, there is no refresh flag, and there is no refresh operation after re-login.
  • FIG. 2 is a block diagram of a hybrid application registration and login system provided in Embodiment 2 of the present application. As shown in FIG. 2, the system includes: a terminal 30 and a server 40, where:
  • the terminal 30 is configured to control the hybrid application to jump to a registration page in response to a registration operation
  • the terminal 30 is configured to obtain the registration information received on the registration page in response to the registration information input operation, and collect the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and the user password, and the number of passwords is the user The number of times the user password is entered.
  • the password input parameters include input characteristic parameters and environmental parameters.
  • the input characteristic parameters include characteristic parameters that describe the input operation when the user enters the user password.
  • the environmental parameters include the running environment of the hybrid application when the user enters the user password. Parameters
  • the terminal 30 is configured to encrypt the registration information and the password times and password input parameters when the user inputs the registration information to obtain the first encrypted information, and call the network interface provided by the native framework of the hybrid application to send the first encrypted information to the server;
  • the server 40 is configured to decrypt the first encrypted information, and store the decrypted registration information as a user information record, store the number of passwords and password input parameters when the user enters the registration information as a user operation record, and input the user's registration information
  • the password input parameters are recorded as user habit parameters
  • the terminal 30 is configured to control the hybrid application to jump to a login page in response to a login operation
  • the terminal 30 is configured to obtain the login information received on the login page in response to the login information input operation, and collect the password times and password input parameters when the user enters the login information, where the login information includes a user name and a user password;
  • the terminal 30 is configured to encrypt the login information and the password times and password input parameters when the user enters the login information to obtain the second encrypted information, and call the network interface to send the second encrypted information to the server 40;
  • the server 40 is configured to decrypt the second encrypted information.
  • the query included in the stored user operation records includes the user name obtained by decrypting the second encrypted information. If not found, the unregistered result is fed back to the terminal. If found, Then it is determined whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record.
  • the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, then The result of correct login information is fed back to the terminal, and the password times and password input parameters obtained by decrypting the second encrypted information are stored as a user operation record, and the similarity between the password input parameters obtained by decrypting the second encrypted information and the user's customary parameters is calculated, and When the similarity is less than a preset similarity threshold, an abnormal login warning message is sent in a preset manner.
  • the terminal 30 is used to control the hybrid application to jump to the registration page when receiving an unregistered result, and control the hybrid application to jump to the home page when receiving a result with correct login information, and to receive a result with incorrect login information ,
  • the hybrid application is controlled to display an error message.
  • the registration and login system of the hybrid application provided by this embodiment is adopted.
  • the native framework provides a basic interface method.
  • the login and registration page and the jump logic are completely implemented and controlled by the JS framework.
  • the server calculates the user's custom parameters, and reminds when the password input parameters and user custom parameters are low when a user enters the user password to improve the security of the hybrid application and enter the user password
  • the password input parameters are similar to the user habit parameters
  • the user habit parameters are updated in time to ensure that the user habit parameters dynamically follow the user habits.
  • the server 40 is further configured to send the first hot update package to the terminal 30; the terminal 30 is further configured to load the first hot update after the hybrid application jumps to the registration page and before obtaining the registration information received on the registration page.
  • the update package fixes and updates the registration page.
  • the server 40 is further configured to send a second hot update package to the terminal 30; the terminal 30 is further configured to load the second hot update package to log in after the hybrid application jumps to the login page and before obtaining the registration information received on the login page. Page for repairs and updates.
  • the input characteristic parameters include the keyboard mode used when the user enters the user password, and the time interval between characters when the user enters the user password; when the user password is in the form of a gesture, enter The characteristic parameters include the time interval between graphic points when the user enters the user password.
  • the environmental parameters include the terminal's IP address, the geographical location of the terminal, and the login time.
  • the specific steps include: for a non-numeric parameter of the password input parameters, counting the most frequently occurring user operation records The value is used as a parameter value in the custom parameters of the new user; for a numerical parameter in the password input parameter, a corresponding parameter value in each user operation record is extracted to obtain a sample value group, and the sample value group is clustered to obtain The cluster center is used as a parameter in the new user habits parameter.
  • the specific steps include: calculating the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, Sub-similarity between each of the same parameters; the product of multiplication of each sub-similarity with a predetermined weight is then added to obtain the similarity.
  • the server 40 is further configured to detect whether the login permission of the user has expired after feeding back the result of the correct login information to the terminal 30, and feedback the result of the login timeout to the terminal 30 when it expires; the terminal 30 is also used to clear Writes temporary data cached in the terminal and controls the hybrid application to jump to the login page.
  • the terminal 30 is further configured to add a refresh mark to a page requested to be operated by the network in response to the network request operation after feeding back the result of the correct login information to the terminal 30, and the server 40 is further configured to receive the operation response corresponding to the network request.
  • the response data is returned to the terminal 30.
  • the terminal 30 is also used to refresh the page operated by the network request and clear the refresh flag of the page according to the response data.
  • the terminal 30 adds a refresh flag to the page operated by the network request Before receiving the response data, after receiving the login timeout result, the terminal 30 is also used to control the hybrid application to jump to the login page through the js framework.
  • This embodiment also provides a computer device, such as a smart phone, tablet computer, notebook computer, desktop computer, rack server, blade server, tower server, or rack server (including a stand-alone server, or Server cluster consisting of multiple servers) and so on.
  • the computer device 20 of this embodiment includes, but is not limited to, a memory 21 and a processor 22 that can be communicatively connected to each other through a system bus, as shown in FIG.
  • FIG. 3 only shows the computer device 20 with components 21-22, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
  • the memory 21 (ie, a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM), Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
  • the memory 21 may be an internal storage unit of the computer device 20, such as a hard disk or a memory of the computer device 20.
  • the memory 21 may also be an external storage device of the computer device 20, for example, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, Flash card, etc.
  • the memory 21 may also include both the internal storage unit of the computer device 20 and its external storage device.
  • the memory 21 is generally used to store an operating system and various types of application software installed on the computer device 20, such as program code of the registration and login system of the hybrid application in the second embodiment.
  • the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
  • the processor 22 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor, or other data processing chip in some embodiments.
  • the processor 22 is generally used to control the overall operation of the computer device 20.
  • the processor 22 is configured to run program code or process data stored in the memory 21, such as a registration and login system of a hybrid application.
  • This embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM), Read memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, servers, App application stores, etc., which have computer programs stored on them, When the program is executed by the processor, the corresponding function is realized.
  • the computer-readable storage medium of this embodiment is used for a registration and login system of a hybrid application, and when executed by a processor, implements the registration and login method of the hybrid application of embodiment 1.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Provided by the present application are a registration and login method for a hybrid application program, a system, and a computer device; the native framework of a hybrid application program provides a basic interface method, and a login and registration page and jump logic completely cross-route the implementation and control of a js framework; meanwhile, password input parameters each time a user password is inputted are added to a server, and the server calculates user habit parameters; when the similarity between password input parameters at a certain time when a user inputs a user password and the user habit parameters is low, an alert is issued, and the security of the hybrid application program is increased; and when the similarity between password input parameters at a certain time when the user inputs the user password and the user habit parameters is high, the user habit parameters are promptly updated so as to ensure that the user habit parameters dynamically follow user habits.

Description

混合应用程序的注册登录方法、系统及计算机设备Method and system for registering and registering hybrid application program and computer equipment
本申请申明享有2018年7月11日递交的申请号为CN 2018107551380、名称为“混合应用程序的注册登录方法、系统及计算机设备”的中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application affirms the priority of Chinese patent application filed on July 11, 2018 with the application number of CN 2018107551380 and the name "Hybrid Application Registration Method, System and Computer Equipment". The entire content of this Chinese patent application is based on The reference is incorporated in this application.
技术领域Technical field
本申请涉及信息处理技术领域,尤其涉及一种混合应用程序的注册登录方法、系统及计算机设备。The present application relates to the field of information processing technology, and in particular, to a method, a system, and a computer device for registering and logging in a hybrid application.
背景技术Background technique
混合应用(Hybrid app)是一种介于网页应用(Web app)和原生应用(native app)之间的应用,兼具原生应用良好的用户交互体验以及网页应用跨平台开发的优势。现有的许多应用均是基于混合应用的框架进行开发,例如在线支付等金融领域的应用程序,均是以混合应用框架进行开发的应用程序。Hybrid app is an application between web app and native app, which has both the good user interaction experience of native apps and the advantages of cross-platform development of web apps. Many existing applications are developed based on a hybrid application framework. For example, applications in the financial field such as online payment are developed using a hybrid application framework.
由于金融领域的混合应用程序涉及到账户中的资源,因此对于安全性的要求较高,目前混合应用程序的登陆方式仅是在操作方输入用户名与密码后,通过判断用户名与密码是否正确或匹配,即可完成账户的登陆操作,但无法确定操作方是否为账户的合法操作方,因此现有的混合应用程序存在验证方式较为单一的问题。Because the hybrid application in the financial field involves resources in the account, it requires high security. At present, the login method of the hybrid application is only after the operator enters the user name and password, and determines whether the user name and password are correct. Or match, you can complete the login operation of the account, but you cannot determine whether the operator is the legal operator of the account, so the existing hybrid application has a single verification method.
因此,提供一种混合应用程序的注册登录方法、系统、计算机设备及存储介质,以提高金融应用程序的安全性,是本领域需要解决的技术问题。Therefore, it is a technical problem to be solved in the art to provide a method, a system, a computer device, and a storage medium for registering and registering a hybrid application to improve the security of a financial application.
发明内容Summary of the invention
本申请的目的是提供一种混合应用程序的注册登录方法、系统、计算机设备及存储介质,用于解决现有技术存在的上述问题。The purpose of this application is to provide a method and system for registering and logging in a hybrid application, a computer device, and a storage medium, which are used to solve the foregoing problems in the prior art.
为实现上述目的,本申请提供一种混合应用程序的注册登录方法。To achieve the above object, the present application provides a method for registering and logging in a hybrid application.
该混合应用程序的注册登录方法包括:终端响应于注册操作,通过混合应用程序的js框架控制混合应用程序跳转至注册页面;终端响应于注册信息输入操作,通过js框架获取注册页面上接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数,其中,注册信息包括用户名和用户密码;终端通过js框架对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器;服务器对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数;终端响应于登录操作,通过js框架控制混合应用程序跳转至登录页面;终端响应于登录信息输入操作,通过js框架获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数,其中,登录信息包括用户名和用户密码;终端通过js框架对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器;服务器对第 二加密信息进行解密,在存储的用户信息记录中查询包括解密第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至终端;在查询到时,判断解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码一致,则服务器将登录信息正确的结果反馈至终端,服务器将解密第二加密信息得到的密码次数和密码输入参数存储为用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度,并在相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在相似度大于相似度阈值时,则服务器根据存储的所有用户操作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码不一致,则服务器将登录信息错误的结果反馈至终端;终端通过js框架控制混合应用程序显示错误提示信息。The registration and login method of the hybrid application includes: the terminal responds to the registration operation, and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; and the terminal obtains the registration page received through the js framework in response to the registration information input operation. Registration information, and collect the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and user password; the terminal uses the js framework to perform the registration information and the number of passwords and password input parameters when the user enters the registration information The first encrypted information is obtained through encryption, and the network interface provided by the native framework of the hybrid application is called to send the first encrypted information to the server; the server decrypts the first encrypted information, and stores the decrypted registration information as a user information record , The password times and password input parameters when the user enters the registration information are stored as a user operation record, and the password input parameters when the user enters the registration information are recorded as user habits parameters; the terminal responds to the login operation, and controls the hybrid application to jump through the js framework Go to the login page; the terminal responds to the login information input operation, obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when the user enters the login information, where the login information includes the user name and the user password; The terminal encrypts the login information and the number of passwords and password input parameters when the user enters the login information through the JS framework to obtain the second encrypted information, and calls the network interface to send the second encrypted information to the server; the server decrypts the second encrypted information , The query in the stored user information record includes the user name obtained by decrypting the second encrypted information, and when not found, the unregistered result is fed back to the terminal; when the query is found, the user password obtained by decrypting the second encrypted information is judged Is it consistent with the user password in the queried user information record? If the user password obtained in the second encrypted information is the same as the user password in the queried user information record, the server returns the result of the correct login information to the terminal, and the server sends The secret obtained by decrypting the second encrypted information The number of times and password input parameters are stored as a user operation record, and the similarity between the password input parameter and the user habit parameter obtained by decrypting the second encrypted information is calculated, and when the similarity is less than a preset similarity threshold, an exception is sent by a preset method Login warning information. When the similarity is greater than the similarity threshold, the server calculates new user habits parameters based on all user operation records stored, and uses the new user habits parameters to update the user habits parameters. If the second encrypted information is obtained, the user password Inconsistent with the user password in the queried user information record, the server feeds back the result of the wrong login information to the terminal; the terminal controls the hybrid application to display the error prompt message through the js framework.
为实现上述目的,本申请还提供一种混合应用程序的注册登录系统。To achieve the above object, the present application also provides a registration and login system for a hybrid application.
该混合应用程序的注册登录系统包括终端和服务器,其中,终端用于响应注册操作,通过混合应用程序的js框架控制混合应用程序跳转至注册页面;终端用于响应注册信息输入操作,通过js框架获取注册页面上接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数,其中,注册信息包括用户名和用户密码;终端用于通过js框架对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器;服务器用于对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数;终端用于响应登录操作,通过js框架控制混合应用程序跳转至登录页面;终端用于响应登录信息输入操作,通过js框架获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数,其中,登录信息包括用户名和用户密码;终端用于通过js框架对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器;服务器用于对第二加密信息进行解密,在存储的用户信息记录中查询包括解密第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至终端,在查询到时,判断解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码一致,则将登录信息正确的结果反馈至终端,将解密第二加密信息得到的密码次数和密码输入参数存储为用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度,并在相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在相似度大于相似度阈值时,根据存储的所有用户操 作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码不一致,将登录信息错误的结果反馈至终端;终端用于通过js框架控制混合应用程序显示错误提示信息。The registration and login system of the hybrid application includes a terminal and a server, wherein the terminal is used to respond to the registration operation, and the hybrid application is controlled to jump to the registration page through the js framework of the hybrid application; the terminal is used to respond to the registration information input operation through js The framework obtains the registration information received on the registration page, and collects the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and the user password; the terminal is used for the registration information and the user to enter the registration information through the js framework The number of passwords and password input parameters are encrypted to obtain the first encrypted information, and the network interface provided by the native framework of the hybrid application is called to send the first encrypted information to the server; the server is used to decrypt the first encrypted information, and The decrypted registration information is stored as a user information record, the password times and password input parameters when the user enters the registration information are stored as a user operation record, and the password input parameters when the user enters the registration information are recorded as user habits parameters; the terminal is used for Responding to login operations To control the hybrid application to jump to the login page through the js framework; the terminal is used to respond to the login information input operation, obtain the login information received on the login page through the js framework, and collect the number of passwords and password input parameters when the user enters the login information The login information includes the user name and user password; the terminal is used to encrypt the login information and the number of passwords and password input parameters when the user enters the login information through the JS framework to obtain the second encrypted information, and call the network interface to encrypt the second encryption The information is sent to the server; the server is used to decrypt the second encrypted information, query the stored user information records to include the user name obtained by decrypting the second encrypted information, and when not found, feed back the unregistered result to the terminal, When inquired, determine whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the inquiry user information record. If the user password obtained by the second encrypted information is consistent with the user password in the inquiry user information record , The result of correct login information will be fed back to the end , Storing the password times and password input parameters obtained by decrypting the second encrypted information as a user operation record, calculating the similarity between the password input parameters obtained by decrypting the second encrypted information and the user's customary parameters, and the similarity is less than a preset similarity When the threshold value is exceeded, an abnormal login warning message is sent in a preset manner. When the similarity is greater than the similarity threshold, a new user habit parameter is calculated based on all stored user operation records, and the new user habit parameter is used to update the user habit parameter. The user password obtained from the second encrypted information is not consistent with the user password in the queryed user information record, and the result of incorrect login information is fed back to the terminal; the terminal is used to control the hybrid application program to display error prompt information through the js framework.
为实现上述目的,本申请还提供一种计算机设备,包括存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现混合应用程序的注册登录方法的以下步骤:In order to achieve the above object, the present application further provides a computer device including a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements registration of the hybrid application program when the processor executes the program. The following steps of the login method:
终端响应于注册操作,通过混合应用程序的js框架控制混合应用程序跳转至注册页面;终端响应于注册信息输入操作,通过js框架获取注册页面上接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数,其中,注册信息包括用户名和用户密码;终端通过js框架对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器;服务器对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数;终端响应于登录操作,通过js框架控制混合应用程序跳转至登录页面;终端响应于登录信息输入操作,通过js框架获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数,其中,登录信息包括用户名和用户密码;终端通过js框架对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器;服务器对第二加密信息进行解密,在存储的用户信息记录中查询包括解密第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至终端;在查询到时,判断解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码一致,则服务器将登录信息正确的结果反馈至终端,服务器将解密第二加密信息得到的密码次数和密码输入参数存储为用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度,并在相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在相似度大于相似度阈值时,则服务器根据存储的所有用户操作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码不一致,则服务器将登录信息错误的结果反馈至终端;终端通过js框架控制混合应用程序显示错误提示信息。The terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; the terminal obtains the registration information received on the registration page through the js framework in response to the registration information input operation, and collects the user input registration information Password times and password input parameters, where the registration information includes the user name and user password; the terminal encrypts the registration information and the password times and password input parameters when the user enters the registration information through the js framework to obtain the first encrypted information, and calls the hybrid The network interface provided by the native framework of the application program sends the first encrypted information to the server; the server decrypts the first encrypted information and stores the decrypted registration information as a user information record, and the number of passwords when the user enters the registration information And password input parameters are stored as user operation records, and password input parameters are recorded as user habit parameters when the user enters registration information; the terminal responds to the login operation and controls the hybrid application to jump to the login page through the js framework; the terminal responds to the login information lose Operation, obtain the login information received on the login page through the js framework, and collect the number of passwords and password input parameters when the user enters the login information, where the login information includes the user name and user password; the terminal uses the js framework to enter the login information and user input The number of passwords and password input parameters during login information are encrypted to obtain the second encrypted information, and the network interface is called to send the second encrypted information to the server; the server decrypts the second encrypted information, and the query in the stored user information record includes The user name obtained by decrypting the second encrypted information, and when not found, the unregistered result is fed back to the terminal; when the query is found, the user password obtained by decrypting the second encrypted information and the user in the queried user information record are judged Whether the passwords are consistent. If the user password obtained from the second encrypted information is consistent with the user password in the queried user information record, the server returns the result of correct login information to the terminal, and the server will decrypt the number of passwords obtained from the second encrypted information and Password input parameters are stored for user operation To calculate the similarity between the password input parameter and the user habit parameter obtained by decrypting the second encrypted information, and when the similarity is less than the preset similarity threshold, send an abnormal login warning message in a preset way, and when the similarity is greater than the similarity When the threshold value is reached, the server calculates new user habits parameters based on all stored user operation records, and uses the new user habits parameters to update the user habits parameters. If the user password obtained from the second encrypted information and the query user information records are If the user passwords are inconsistent, the server feeds back the result of the incorrect login information to the terminal; the terminal controls the hybrid application to display an error prompt message through the js framework.
为实现上述目的,本申请还提供计算机可读存储介质,其上存储有计算机程序,程序被处理器执行时实现混合应用程序的注册登录方法的以下步骤:In order to achieve the above purpose, the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by the processor, the following steps of the method for registering and logging in the hybrid application program are implemented:
终端响应于注册操作,通过混合应用程序的js框架控制混合应用程序跳转至注册页面;终端响应于注册信息输入操作,通过js框架获取注册页面上 接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数,其中,注册信息包括用户名和用户密码;终端通过js框架对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器;服务器对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数;终端响应于登录操作,通过js框架控制混合应用程序跳转至登录页面;终端响应于登录信息输入操作,通过js框架获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数,其中,登录信息包括用户名和用户密码;终端通过js框架对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器;服务器对第二加密信息进行解密,在存储的用户信息记录中查询包括解密第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至终端;在查询到时,判断解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码一致,则服务器将登录信息正确的结果反馈至终端,服务器将解密第二加密信息得到的密码次数和密码输入参数存储为用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度,并在相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在相似度大于相似度阈值时,则服务器根据存储的所有用户操作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新,若第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码不一致,则服务器将登录信息错误的结果反馈至终端;终端通过js框架控制混合应用程序显示错误提示信息。The terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application; the terminal obtains the registration information received on the registration page through the js framework in response to the registration information input operation, and collects the user input registration information Password times and password input parameters, where the registration information includes the user name and user password; the terminal encrypts the registration information and the password times and password input parameters when the user enters the registration information through the js framework to obtain the first encrypted information, and calls the hybrid The network interface provided by the native framework of the application program sends the first encrypted information to the server; the server decrypts the first encrypted information and stores the decrypted registration information as a user information record, and the number of passwords when the user enters the registration information And password input parameters are stored as user operation records, and password input parameters are recorded as user habit parameters when the user enters registration information; the terminal responds to the login operation and controls the hybrid application to jump to the login page through the js framework; the terminal responds to the login information lose Operation, obtain the login information received on the login page through the js framework, and collect the number of passwords and password input parameters when the user enters the login information, where the login information includes the user name and user password; the terminal uses the js framework to enter the login information and user input The number of passwords and password input parameters during login information are encrypted to obtain the second encrypted information, and the network interface is called to send the second encrypted information to the server; the server decrypts the second encrypted information, and the query in the stored user information record includes The user name obtained by decrypting the second encrypted information, and when not found, the unregistered result is fed back to the terminal; when the query is found, the user password obtained by decrypting the second encrypted information and the user in the queried user information record are judged Whether the passwords are consistent. If the user password obtained from the second encrypted information is consistent with the user password in the queried user information record, the server returns the result of correct login information to the terminal, and the server will decrypt the number of passwords obtained from the second encrypted information and Password input parameters are stored for user operation To calculate the similarity between the password input parameter and the user habit parameter obtained by decrypting the second encrypted information, and when the similarity is less than the preset similarity threshold, send an abnormal login warning message in a preset way, and when the similarity is greater than the similarity When the threshold value is reached, the server calculates new user habits parameters based on all stored user operation records, and uses the new user habits parameters to update the user habits parameters. If the user password obtained from the second encrypted information and the query user information records are If the user passwords are inconsistent, the server feeds back the result of the incorrect login information to the terminal; the terminal controls the hybrid application to display an error prompt message through the js framework.
本申请提供的混合应用程序的注册登录方法、系统、计算机设备及存储介质,原生框架提供基本的接口方法,登录注册页面及跳转逻辑完全交由js框架实现和控制,同时,将每次输入用户密码的密码输入参数加密至服务器,服务器计算出用户习惯参数,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似度低时,进行提醒,提升混合应用程序的安全性,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似高时,及时更新用户习惯参数,保证用户习惯参数动态跟随用户习惯。The registration and registration method, system, computer equipment, and storage medium of the hybrid application provided in this application. The native framework provides a basic interface method. The login and registration page and jump logic are completely implemented and controlled by the JS framework. At the same time, each input The password input parameters of the user password are encrypted to the server, and the server calculates the user habits parameters. When the password input parameters and the user habits parameters are similar to each other when a user enters the user password, a reminder is provided to improve the security of the hybrid application. When the password input parameter when a user enters the user password is similar to the user habit parameter, the user habit parameter is updated in time to ensure that the user habit parameter dynamically follows the user habit.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本申请实施例一提供的混合应用程序的注册登录方法的流程图;FIG. 1 is a flowchart of a method for registering and logging in a hybrid application provided in Embodiment 1 of the present application; FIG.
图2为本申请实施例二提供的混合应用程序的注册登录系统的框图;2 is a block diagram of a registration and login system for a hybrid application provided in Embodiment 2 of the present application;
图3为本申请实施例三提供的计算机设备的硬件结构图。FIG. 3 is a hardware structural diagram of a computer device provided in Embodiment 3 of the present application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及 实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solution, and advantages of the present application clearer, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the application, and are not used to limit the application. Based on the embodiments in the present application, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
实施例一Example one
该实施例中的混合应用程序可以为对安全性要求较高的金融app,该金融app包括原生框架和js框架,js框架用于实现和控制该金融app的页面,比如注册页面和登录页面,原生框架用于为js框架提供接口和方法。图1为本申请实施例一提供的混合应用程序的注册登录方法的流程图,如图1所示,该注册登录方法包括如下的步骤:The hybrid application in this embodiment may be a financial app with high security requirements. The financial app includes a native framework and a js framework. The js framework is used to implement and control the pages of the financial app, such as a registration page and a login page. The native framework is used to provide interfaces and methods for the js framework. FIG. 1 is a flowchart of a registration and login method for a hybrid application provided in Embodiment 1 of the present application. As shown in FIG. 1, the registration and login method includes the following steps:
步骤S101:终端响应于注册操作,通过js框架控制混合应用程序跳转至注册页面。Step S101: In response to the registration operation, the terminal controls the hybrid application to jump to the registration page through the js framework.
步骤S102:终端响应于注册信息输入操作,通过js框架获取注册页面上接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数。Step S102: In response to the registration information input operation, the terminal obtains the registration information received on the registration page through the js framework, and collects the number of passwords and password input parameters when the user inputs the registration information.
具体地,注册信息包括用户名和用户密码,密码次数为用户输入用户密码的次数,密码输入参数包括输入特性参数和环境参数,输入特性参数包括表征用户输入用户密码时描述输入操作的特性参数,环境参数包括用户输入用户密码时混合应用程序所处的运行环境的参数。Specifically, the registration information includes a user name and a user password, and the number of passwords is the number of times the user enters the user password. The password input parameters include input characteristic parameters and environmental parameters. The input characteristic parameters include characteristic parameters that describe the input operation when the user enters the user password. The parameters include parameters of the running environment in which the hybrid application is located when the user enters the user password.
用户在注册页面上进行注册,js框架获取用户在注册页面上填写的注册信息,注册信息至少包括用户名和用户密码,用户名可以是用户的手机号、邮箱以及qq号之类的常用账户形式,用户密码的形式包括字符形式和/或手势形式,注册信息还可以包括用户昵称、用户性别以及用户姓名等等。The user registers on the registration page. The JS framework obtains the registration information filled in by the user on the registration page. The registration information includes at least the user name and user password. The user name can be a common account form such as the user's mobile phone number, email address, and qq number. The form of the user password includes a character form and / or a gesture form, and the registration information may further include a user nickname, a user gender, a user name, and the like.
同时,js框架采集用户输入用户密码的密码次数和密码输入参数,其中:At the same time, the js framework collects the number of passwords and password input parameters for the user's password, where:
(a)、密码次数指的是用户在该终端中输入用户密码的次数,对于注册过程,用户通常会输入两次用户密码,当用户在注册页面上输入用户密码时,密码次数为1,当用户在注册页面上确认密码时,密码次数为2。(a) The number of passwords refers to the number of times the user enters the user password in the terminal. For the registration process, the user usually enters the user password twice. When the user enters the user password on the registration page, the number of passwords is 1. When the user confirms the password on the registration page, the number of passwords is 2.
(b)、密码输入参数包括输入特性参数和环境参数。输入特性参数包括表征用户输入用户密码时的输入特性的各项参数:当用户密码的形式是字符形式时,输入特性参数包括但不限于用户输入用户密码时使用的键盘模式以及用户输入用户密码时字符之间的时间间隔;当用户密码的形式是手势形式时,输入特性参数包括但不限于用户输入用户密码时图形点之间的时间间隔。环境参数包括用户输入用户密码时所处环境的各项参数,包括终端的ip地址、当前所在地理位置以及登录时间等,环境参数的获取通常需要js框架调用原生框架提供的相应接口来实现,比如:js框架通过调用原生框架的getLocation接口来调用终端中的GPS从而获取当前地理位置。(b) Password input parameters include input characteristic parameters and environmental parameters. The input characteristic parameters include various parameters that characterize the input characteristics when the user enters the user password. When the user password is in the form of characters, the input characteristic parameters include, but are not limited to, the keyboard mode used when the user enters the user password and the user enters the user password. The time interval between characters; when the user password is in the form of a gesture, the input characteristic parameters include, but are not limited to, the time interval between graphic points when the user enters the user password. The environment parameters include various parameters of the environment where the user enters the user password, including the terminal's IP address, the current geographical location, and the login time. The acquisition of environment parameters usually requires the JS framework to call the corresponding interface provided by the native framework to implement, such as : The js framework calls the GPS in the terminal by calling the getLocation interface of the native framework to obtain the current geographic location.
步骤S103:终端通过js框架对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器。Step S103: The terminal encrypts the registration information and the number of passwords and password input parameters when the user enters the registration information through the JS framework to obtain the first encrypted information, and calls the network interface provided by the native framework of the hybrid application to send the first encrypted information. To the server.
具体地,终端通过js框架对注册信息、密码次数以及密码输入参数进行加密,加密算法可以采用aes加密算法。js框架调用原生框架提供的网络接口通过网络将加密后的信息发送给服务器。Specifically, the terminal encrypts the registration information, the number of passwords, and the password input parameters through the js framework, and the encryption algorithm may use the aes encryption algorithm. The js framework calls the network interface provided by the native framework to send the encrypted information to the server over the network.
步骤S104:服务器对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数。Step S104: The server decrypts the first encrypted information and stores the decrypted registration information as a user information record, stores the number of passwords and password input parameters when the user enters the registration information as a user operation record, and inputs the user's registration information The password input parameters are recorded as user custom parameters.
具体地,服务器对信息进行解密后得到注册信息、密码次数以及密码输入参数。服务器根据密码次数以及密码输入参数确定用户习惯参数惯,并将用户名、用户密码和用户习惯参数对应存储。用户习惯参数中包括各项习惯参数的特征值,用户习惯参数包括密码输入参数中的各项参数,比如用户习惯参数为:键盘模式为全键盘,字符之间的时间间隔依次为1s、2s、1s、1s、1s,地理位置为上海。Specifically, the server obtains the registration information, the number of passwords, and the password input parameters after decrypting the information. The server determines user habits based on the number of passwords and password input parameters, and stores the user name, user password, and user habits parameters in correspondence. The user habit parameters include the characteristic values of various habit parameters. The user habit parameters include the parameters in the password input parameters. For example, the user habit parameters are: keyboard mode is full keyboard, and the time interval between characters is 1s, 2s, 1s, 1s, 1s, geographical location is Shanghai.
步骤S105:终端响应于登录操作,通过js框架控制混合应用程序跳转至登录页面。Step S105: In response to the login operation, the terminal controls the hybrid application to jump to the login page through the js framework.
步骤S106:终端响应于登录信息输入操作,通过js框架获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数。Step S106: In response to the login information input operation, the terminal obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when the user enters the login information.
具体地,登录信息包括用户名和用户密码,用户在登录页面上进行登录,js框架获取用户在登录页面上填写的登录信息,登录信息至少包括用户名和用户密码,用户名和用户密码的含义和形式如上。同时,js框架采集用户输入用户密码的密码次数和密码输入参数,密码次数和密码输入参数的含义同上。Specifically, the login information includes a user name and a user password. The user logs in on the login page. The JS framework obtains the login information filled in by the user on the login page. The login information includes at least the user name and the user password. . At the same time, the js framework collects the number of passwords and password input parameters for the user's password. The meanings of the number of passwords and password input parameters are the same as above.
步骤S107:终端通过js框架对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器。Step S107: The terminal encrypts the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain the second encrypted information, and invokes a network interface to send the second encrypted information to the server.
具体地,js框架对登录信息、密码次数以及密码输入参数进行加密,并调用原生框架提供的网络接口通过网络将加密后的信息发送给服务器,加密算法可以采用aes加密算法,服务器解密可得到登录信息、密码次数以及密码输入参数。Specifically, the JS framework encrypts the login information, the number of passwords, and the password input parameters, and calls the network interface provided by the native framework to send the encrypted information to the server over the network. The encryption algorithm can use the aes encryption algorithm, and the server decryption can obtain the login. Information, password times, and password input parameters.
步骤S108:服务器对第二加密信息进行解密,在存储的用户操作记录中查询包括解密第二加密信息得到的用户名。Step S108: The server decrypts the second encrypted information, and inquires the user name obtained by decrypting the second encrypted information in the stored user operation record.
其中,通过上述步骤S104,服务器一端可存储有多条用户信息记录,在该步骤中,服务器对第二加密信息进行解密后,可得到用户名,然后,在存储的各条用户操作记录中查询一条包括解密得到的用户名的记录,如果未查询到,则执行步骤S109,如果查询到,则执行步骤S110。Among them, through the above step S104, the server end can store multiple user information records. In this step, the server can obtain the user name after decrypting the second encrypted information, and then query the stored user operation records. A record including the user name obtained by decryption. If not found, step S109 is performed, and if found, step S110 is performed.
步骤S109:服务器将未注册的结果反馈至终端,终端通过js框架控制混合应用程序跳转至注册页面。Step S109: The server feeds back the unregistered result to the terminal, and the terminal controls the hybrid application to jump to the registration page through the js framework.
步骤S110:服务器判断解密第二加密信息得到的用户密码与查询到的用 户信息记录中的用户密码是否一致。Step S110: The server judges whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record.
其中,在上述步骤S108中,服务器对第二加密信息进行解密后,除了用户名之外,还可得到用户密码,进一步,在上述步骤S108中,如果查询到一条包括解密得到的用户名的用户信息记录,那么在该步骤S110中,判断解密得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若一致,则执行步骤S111,若不一致,则执行步骤S115。Wherein, in step S108, after the server decrypts the second encrypted information, in addition to the user name, the user password can be obtained. Further, in step S108, if a user including the user name obtained by decryption is queried, Information record, then in step S110, it is determined whether the decrypted user password is consistent with the user password in the queried user information record. If they are consistent, step S111 is performed, and if they are not consistent, step S115 is performed.
步骤S111:服务器将登录信息正确的结果反馈至终端,服务器将解密第二加密信息得到的密码次数和密码输入参数存储为用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度。Step S111: The server feeds back the correct result of the login information to the terminal. The server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as a user operation record, and calculates the password input parameters and user habits parameters obtained by decrypting the second encrypted information. Similarity.
步骤S112:服务器判断计算得到的相似度与预设的相似度阈值的大小关系。Step S112: The server judges the magnitude relationship between the calculated similarity and a preset similarity threshold.
其中,在相似度小于预设的相似度阈值时,则执行步骤S113,在相似度大于相似度阈值时,则执行步骤S114。When the similarity is less than the preset similarity threshold, step S113 is performed, and when the similarity is greater than the similarity threshold, step S114 is performed.
步骤S113:服务器通过预设的方式发送异常登录警告信息。Step S113: The server sends an abnormal login warning message in a preset manner.
具体地,预设的方式包括短信、电话等任意一种通讯方式,将异常登录警告信息告知用户。Specifically, the preset method includes any one of communication methods such as short message and telephone, and informs the user of the abnormal login warning information.
步骤S114:服务器根据存储的所有用户操作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新。Step S114: The server calculates new user habits parameters according to the stored all user operation records, and uses the new user habits parameters to update the user habits parameters.
步骤S115:服务器将登录信息错误的结果反馈至终端,终端通过js框架控制混合应用程序显示错误提示信息。Step S115: The server feeds back the result of the wrong login information to the terminal, and the terminal controls the hybrid application to display the error prompt message through the js framework.
采用该实施例提供的混合应用程序的注册登录方法,原生框架提供基本的接口方法,登录注册页面及跳转逻辑完全交由终端一侧的js框架实现和控制,同时,将每次输入用户密码的密码输入参数加密至服务器,服务器计算出用户习惯参数,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似度低时,进行提醒,提升混合应用程序的安全性,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似高时,及时更新用户习惯参数,保证用户习惯参数动态跟随用户习惯。Using the registration and login method of the hybrid application provided by this embodiment, the native framework provides a basic interface method, and the login and registration page and jump logic are completely implemented and controlled by the JS framework on the terminal side. At the same time, each time the user password is entered The password input parameters are encrypted to the server, and the server calculates user habits parameters. When the password input parameters and the user habits parameters are similar to each other when a user enters a user password, the reminder is raised to improve the security of the hybrid application. When the password input parameter when the user enters the user password is similar to the user habit parameter, the user habit parameter is updated in time to ensure that the user habit parameter dynamically follows the user habit.
可选地,该注册登录方法还可对注册页面和登录页面进行修复和更新。Optionally, the registration and login method can also repair and update the registration page and the login page.
具体地,在终端通过js框架控制混合应用程序跳转至注册页面之后,终端通过js框架获取注册页面上接收到的注册信息之前,该方法还包括:服务器向终端发送第一热更新包,其中,第一热更新包用于对注册页面进行修复和更新;终端通过js框架加载第一热更新包对注册页面进行修复和更新,具体地,混合应用程序开发者需要修复注册页面的漏洞或更改注册页面的功能时,不需要发布混合应用程序的新版本,而是针对注册页面发布一个第一热更新包,该第一热更新包仅包括对注册页面进行修复和更新的代码,将该第一热更新包下发至终端,终端进行存储。在跳转注册页面之后,先通过js框架加载该第一热更新包,以对注册页面进行修复和更新。Specifically, after the terminal controls the hybrid application to jump to the registration page through the js framework, and before the terminal obtains the registration information received on the registration page through the js framework, the method further includes: the server sends a first hot update package to the terminal, where The first hot update package is used to repair and update the registration page; the terminal loads the first hot update package to repair and update the registration page through the js framework. Specifically, hybrid application developers need to repair the registration page's vulnerabilities or changes. When registering the function of the page, it is not necessary to publish a new version of the hybrid application. Instead, a first hot update package is issued for the registration page. The first hot update package only includes code for repairing and updating the registration page. A hot update package is sent to the terminal, and the terminal stores it. After jumping to the registration page, first load the first hot update package through the js framework to repair and update the registration page.
同样的,在终端通过js框架控制混合应用程序跳转至登录页面之后,终 端通过js框架获取登录页面上接收到的登录信息之前,该方法还包括:服务器向终端发送第二热更新包,其中,第二热更新包用于对登录页面进行修复和更新;终端通过js框架加载第二热更新包对登录页面进行修复和更新,具体地,混合应用程序开发者需要修复登录页面的漏洞或更改登录页面的功能时,不需要发布混合应用程序的新版本,而是针对登录页面发布一个第二热更新包,该第二热更新包仅包括对登录页面进行修复和更新的代码,将该第二热更新包下发至终端,终端进行存储。在跳转登录页面之后,先通过js框架加载该第二热更新包,以对登录页面进行修复和更新。Similarly, after the terminal controls the hybrid application to jump to the login page through the js framework, and before the terminal obtains the login information received on the login page through the js framework, the method further includes: the server sends a second hot update package to the terminal, where The second hot update package is used to repair and update the login page; the terminal loads the second hot update package to repair and update the login page through the js framework. Specifically, the hybrid application developer needs to repair the vulnerability or change of the login page. When the function of the login page does not need to publish a new version of the hybrid application, a second hot update package is issued for the login page. The second hot update package only includes code for repairing and updating the login page. The second hot update package is sent to the terminal, and the terminal stores it. After jumping to the login page, first load the second hot update package through the js framework to repair and update the login page.
可选地,在步骤S108中,服务器根据存储的所有用户操作记录计算出新用户习惯参数的步骤具体包括:Optionally, in step S108, the step of calculating, by the server, the new user habits parameter according to the stored all user operation records specifically includes:
对于密码输入参数中的一种非数值类参数,统计所有用户操作记录中出现频率最高的值作为新用户习惯参数中的参数值;For a non-numerical parameter in the password input parameter, the most frequently occurring value in all user operation records is counted as the parameter value in the new user habit parameter;
对于密码输入参数中的一种数值类参数,提取每一个用户操作记录中对应的参数值得到一个取样值组,对取样值组进行聚类,得到的聚类中心作为新用户习惯参数中的参数。For a numerical parameter in the password input parameter, extract the corresponding parameter value in each user operation record to obtain a sample value group, cluster the sample value group, and the obtained cluster center is used as a parameter in the new user habits parameter .
具体地,对于注册过程,密码次数通常最多有2次,偶然性比较大,因此可以直接将两次的密码输入参数都存储下来。在后续用户登录的过程中,js框架也会同样采集用户登录时的密码输入参数并发送给服务器,随着用户登录次数的增多,密码输入参数中的各项参数会趋于稳定的值,则对于其中的键盘模式、地理位置之类的非数值类参数,服务器可以确定出现频率最高的值为这一项参数的特征值,比如100次中有90次使用全键盘,有93次位于上海,则确定密码输入习惯中键盘模式的特征值为全键盘,地理位置的特征值为上海。对于其中时间间隔之类的数值类参数,服务器可以将每一个密码输入参数中的各个时间间隔作为一组取样值,并对各组取样值进行聚类,得到聚类中心,比如当用户密码有6位时,若第3位为大写字母,其余都是小写字母,则用户在输入第3位密码时涉及到大小写切换,必然会花费较多时间,也就第2个时间间隔必然时间较长,则随着用户输入熟练度的增大,时间间隔趋于平稳,对应的聚类中心可能为1s、2s、1s、1s、1s,可以正确反应密码特征。Specifically, for the registration process, the number of passwords is usually at most two, and the chance is relatively large, so the password input parameters of both times can be directly stored. In the subsequent user login process, the js framework will also collect the password input parameters when the user logs in and send them to the server. As the number of user logins increases, the parameters in the password input parameters will tend to stable values. For non-numerical parameters such as keyboard mode and geographic location, the server can determine the most frequent value as the characteristic value of this parameter. For example, 90 out of 100 times use the full keyboard and 93 times in Shanghai. Then it is determined that the characteristic value of the keyboard mode in the password input habit is a full keyboard, and the characteristic value of the geographical position is Shanghai. For numerical parameters such as time interval, the server can use each time interval in each password input parameter as a set of sampling values, and cluster each set of sampling values to obtain a cluster center. For example, when the user password has At 6 digits, if the third digit is an uppercase letter and the rest are all lowercase letters, the user will need to switch between uppercase and lowercase when entering the third digit password, which will inevitably take more time, which means that the second interval must be longer. Long, as the user's input proficiency increases, the time interval tends to be stable, and the corresponding cluster center may be 1s, 2s, 1s, 1s, 1s, which can correctly reflect the password characteristics.
可选地,在步骤S108中,服务器计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度的具体步骤包括:Optionally, in step S108, the server calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user's habit parameter, and the specific steps include:
计算解密第二加密信息得到的密码输入参数与用户习惯参数中,各个相同参数之间的子相似度;将各子相似度与预定权重相乘的积再相加,得到相似度。Calculate the sub-similarity between the same parameters among the password input parameters and user habit parameters obtained by decrypting the second encrypted information; and multiply the product of the sub-similarity and the predetermined weight to obtain the similarity.
具体地,为用户习惯参数中的各项习惯参数分配权重,比如当用户习惯参数中包括键盘模式和时间间隔时,为键盘模式分配权重为0.5,为时间间隔分配权重为0.5;再比如,当用户习惯参数中包括键盘模式、时间间隔和地理位置时,为键盘模式分配权重为0.4,为时间间隔分配权重为0.4,为地理位 置分配权重为0.2。实际用户密码有很多位,则通常会有多个时间间隔,则进一步为各个间隔分配相等的权重,比如当用户密码有6位时,共有5个间隔,则可以为每个间隔分配0.1的权重。服务器在计算相似度时,依次计算采集到的密码输入参数中的各项参数与用户习惯参数中相应的习惯参数之间的相似度,也即计算密码输入参数中的键盘模式与密码输入习惯中的键盘模式之间的相似度、计算时间间隔1与时间间隔1之间的相似度、计算时间间隔2与时间间隔2之间的相似度,以此类推。以密码输入参数和用户习惯参数中均包括键盘模式和时间间隔为例,对于键盘模式相似度,可以定义当键盘模式相同时,相似度为1,不同时相似度为0,比如均为九宫格键盘时,两者相似度为1,当密码输入习惯中键盘模式为九宫格键盘,而密码输入参数中键盘模式为全键盘时,键盘模式相似度为0。对于时间间隔相似度,可以定义密码输入参数中的时间间隔与用户习惯参数中的时间间隔的误差在设定的误差范围内时,相似度为1,超过误差范围时,相似度为0,比如,密码输入习惯中的时间间隔为0.2s,密码输入参数中的时间间隔为0.5s,则误差范围为(0.5s-0.2s)/0.2s*100%=150%,若设定误差范围为±50%,则此时两者相似度为0。甚至进一步的,相似度可以不仅仅只有1和0两种情况,根据误差的不同,可以对应不同梯度的相似度,当误差在0~±20%范围内时,对应相似度为1,当误差在-50%~-20%以及20%~50%范围内时,对应相似度为0.8,当误差在-80%~-50%以及50%~80%范围内时,对应相似度为0.6,依次类推,具体的设定可以根据情况自定义。在计算得到键盘模式相似度以及各个时间间隔的相似度后,可以确定密码输入参数与密码输入习惯之间的相似度为S=0.5*(键盘模式相似度)+0.1*(时间间隔1相似度)+0.1*(时间间隔2相似度)+0.1*(时间间隔3相似度)+0.1*(时间间隔4相似度)+0.1*(时间间隔5相似度)。Specifically, weights are assigned to various custom parameters in the user's custom parameters. For example, when the user custom parameters include a keyboard mode and a time interval, the keyboard mode is assigned a weight of 0.5, and the time interval is assigned a weight of 0.5; for example, when When the user's custom parameters include keyboard mode, time interval, and geographical location, the keyboard mode is assigned a weight of 0.4, the time interval is assigned a weight of 0.4, and the geographical position is assigned a weight of 0.2. The actual user password has many digits, so there are usually multiple time intervals, and then each interval is assigned an equal weight. For example, when the user password has 6 digits, there are a total of 5 intervals, you can assign a 0.1 weight to each interval. . When the server calculates the similarity, it sequentially calculates the similarity between the parameters in the collected password input parameters and the corresponding custom parameters in the user's custom parameters, that is, the keyboard mode in the password input parameters and the password input habits. The similarity between keyboard modes, the similarity between time interval 1 and time interval 1, the similarity between time interval 2 and time interval 2, and so on. Take the keyboard input mode and time interval in the password input parameters and user habit parameters as examples. For the keyboard mode similarity, you can define that when the keyboard modes are the same, the similarity is 1 and the similarity is 0 at the same time. For example, both are keyboards. , The similarity between the two is 1, when the keyboard input mode is the Jiugongge keyboard, and the keyboard input mode is the full keyboard, the keyboard mode similarity is 0. For the time interval similarity, you can define the similarity between the time interval in the password input parameter and the time interval in the user's custom parameters to be within the set error range, and the similarity to 0 when the error range is exceeded, such as , The time interval in the password input habits is 0.2s, and the time interval in the password input parameters is 0.5s, then the error range is (0.5s-0.2s) /0.2s*100%=150%. If the error range is set to ± 50%, then the similarity between the two is 0. Even further, the similarity can be more than just 1 and 0. Depending on the error, it can correspond to the similarity of different gradients. When the error is in the range of 0 to ± 20%, the corresponding similarity is 1, and when the error is When the range is -50% to -20% and 20% to 50%, the corresponding similarity is 0.8. When the error is in the range of -80% to -50% and 50% to 80%, the corresponding similarity is 0.6. By analogy, the specific settings can be customized according to the situation. After calculating the keyboard pattern similarity and similarity at various time intervals, it can be determined that the similarity between the password input parameters and the password input habits is S = 0.5 * (keyboard mode similarity) + 0.1 * (time interval 1 similarity ) + 0.1 * (time interval 2 similarity) + 0.1 * (time interval 3 similarity) + 0.1 * (time interval 4 similarity) + 0.1 * (time interval 5 similarity).
可选地,在终端通过js框架控制混合应用程序跳转至首页,也即用户在正常登录并使用该混合应用程序的过程中,js框架会调用原生框架的网络接口从服务器获取服务器数据,并调用原生框架的数据读取接口获取前端数据,js框架获取到的数据主要可以分为临时数据和永久数据两类,临时数据主要有列表数据、业务数据、用户临时登录权限token等,永久数据主要有用户名以及用户昵称等,两类数据没有明显区分,可以自定义设置。js框架调用原生框架的写入接口将临时数据写到终端的缓存中,调用原生框架的写入接口将永久数据写入到终端的内存中。Optionally, when the terminal controls the hybrid application to jump to the homepage through the js framework, that is, when the user normally logs in and uses the hybrid application, the js framework will call the network interface of the native framework to obtain server data from the server, and The data reading interface of the native framework is called to obtain the front-end data. The data obtained by the JS framework can be divided into two types: temporary data and permanent data. The temporary data mainly includes list data, business data, and user temporary login permission tokens. Permanent data is mainly There are user names and user nicknames. There is no obvious difference between the two types of data, which can be customized. The js framework calls the write interface of the native framework to write temporary data to the terminal's cache, and calls the write interface of the native framework to write the permanent data to the terminal's memory.
可选地,在终端通过js框架控制混合应用程序跳转至首页的步骤之后,该方法还包括:服务器检测用户的登录权限是否过期,并且在过期时将登录超时的结果反馈至终端,终端通过js框架清除写入终端缓存的临时数据并控制混合应用程序跳转至登录页面。Optionally, after the terminal controls the step of the hybrid application to jump to the homepage through the js framework, the method further includes: the server detects whether the login permission of the user has expired, and when the expired time, the result of the login timeout is fed back to the terminal, and the terminal passes The js framework clears the temporary data written to the terminal cache and controls the hybrid application to jump to the login page.
具体地,当用户在正常登录并使用该混合应用程序的过程中,若登录超时时长达到预设时长,比如设定预设时长为15分钟,则服务器会检测到用户的登录权限token过期,此时服务器确定登录超时并将结果返回给终端,终端 通过js框架清除写入终端缓存的临时数据并控制该混合应用程序跳转至登录页面。当检测到用户设置的用户密码包括手势形式的密码时,跳转至手势登录页面(手势登录页面是指显示九宫格图案等用于输入手势形式密码的页面),否则跳转至字符登录页面(字符登录页面是指显示键盘等用于输入字符形式密码的页面)。用户在登录页面上进行登录,js框架获取登录信息、密码次数以及密码输入参数后加密,并调用原生框架提供的网络接口通过网络将加密后的信息发送给服务器,服务器解密后获取到登录信息,并检测登录信息中的用户名是否与超时之前登录的用户名一致,若检测到用户名发生变化,则表示已切换用户,则服务器将结果反馈给终端,终端通过js框架控制该混合应用程序跳转至首页;若检测到用户名未发生变化,则表示未切换用户,则服务器将结果反馈给终端,终端通过js框架控制该混合应用程序跳转至超时之前所在的页面。Specifically, when a user logs in normally and uses the hybrid application, if the login timeout duration reaches a preset duration, for example, setting the preset duration to 15 minutes, the server will detect that the login permission token of the user has expired. When the server determines the login timeout and returns the result to the terminal, the terminal clears the temporary data written to the terminal cache through the js framework and controls the hybrid application to jump to the login page. When it is detected that the user password set by the user includes a password in a gesture form, jump to a gesture login page (the gesture login page refers to a page displaying a nine-square grid pattern and the like for inputting a gesture form password), otherwise jump to a character login page (character The login page refers to a page that displays a keyboard and the like for entering a password in character form.) The user logs in on the login page, the js framework obtains the login information, the number of passwords, and the password input parameters and encrypts it, and calls the network interface provided by the native framework to send the encrypted information to the server through the network. The server decrypts and obtains the login information. And detect whether the user name in the login information is consistent with the user name logged in before the timeout. If a change in the user name is detected, it means that the user has been switched, and the server returns the result to the terminal. The terminal controls the hybrid application to jump through the js framework. Go to the homepage; if the user name is not changed, it means that the user has not been switched, the server feeds the result back to the terminal, and the terminal controls the hybrid application to jump to the page before the timeout through the js framework.
可选地,在终端通过js框架控制混合应用程序跳转至首页的步骤之后,该方法还包括:终端响应于网络请求操作,通过js框架给被网络请求操作的页面添加刷新标记;若服务器接收网络请求操作对应的请求并向终端返回响应数据,终端通过js框架根据响应数据刷新被网络请求操作的页面并清除该页面的刷新标记;若终端通过js框架给被网络请求操作的页面添加刷新标记之后,接收响应数据之前,接收到登录超时的结果,则控终端通过js框架制混合应用程序跳转至登录页面。Optionally, after the terminal controls the step of the hybrid application to jump to the homepage through the js framework, the method further includes: the terminal responds to the network request operation, and adds a refresh mark to the page operated by the network request through the js framework; if the server receives The request corresponding to the network request operation and the response data is returned to the terminal. The terminal refreshes the page operated by the network request and clears the refresh flag of the page through the js framework according to the response data; if the terminal adds the refresh mark to the page operated by the network request through the js framework After receiving the login timeout result before receiving the response data, the control terminal jumps to the login page through the js framework hybrid application.
具体地,在用户正常使用混合应用程序的情况下,当用户在混合应用程序的某一页面中需要发起网络请求时,js框架会给该页面添加刷新标记,若服务器接收到该网络请求并正常响应,则服务器会返回相应数据,终端通过js框架根据服务器返回的数据刷新页面并清除该页面的刷新标记;但若用户在发起网络请求后出现登录超时的问题,则终端还未接收到服务器返回的数据时就会控制混合应用程序重新跳转至登录页面,此时若用户重新登录,则当终端通过js框架控制混合应用程序重新跳转至登录超时之前所在的页面时,js框架为该页面添加的刷新标记还未清除,则当js框架检测到页面存在该刷新标记时,js框架控制跳转至该页面并对页面进行刷新,同时清除刷新标记。当发生登录超时时,用户若未发起网络请求,则不存在刷新标记,重新登录后也就不存在刷新的操作。Specifically, in the case that the user normally uses the hybrid application, when the user needs to initiate a network request in a certain page of the hybrid application, the js framework will add a refresh mark to the page. If the server receives the network request and is normal If the response, the server will return the corresponding data. The terminal refreshes the page and clears the refresh flag of the page through the js framework according to the data returned by the server. However, if the user times out after logging in after the network request, the terminal has not received the server return. Data will control the hybrid application to redirect to the login page. At this time, if the user logs in again, when the terminal uses the js framework to control the hybrid application to redirect to the page before the login timeout, the js framework will be the page. The added refresh mark has not been cleared. When the js framework detects that the refresh mark exists on the page, the js framework controls to jump to the page and refresh the page, while clearing the refresh mark. When a login timeout occurs, if the user does not initiate a network request, there is no refresh flag, and there is no refresh operation after re-login.
实施例二Example two
本申请实施例二提供了一种混合应用程序的注册登录系统,相关技术特征的描述可以参见上述实施例一的描述。图2为本申请实施例二提供的混合应用程序的注册登录系统的框图,如图2所示,该系统包括:终端30和服务器40,其中:The second embodiment of the present application provides a registration and login system for a hybrid application. For a description of related technical features, refer to the description of the first embodiment. FIG. 2 is a block diagram of a hybrid application registration and login system provided in Embodiment 2 of the present application. As shown in FIG. 2, the system includes: a terminal 30 and a server 40, where:
终端30用于响应于注册操作,控制混合应用程序跳转至注册页面;The terminal 30 is configured to control the hybrid application to jump to a registration page in response to a registration operation;
终端30用于响应于注册信息输入操作,获取注册页面上接收到的注册信息,并采集用户输入注册信息时的密码次数和密码输入参数,其中,注册信 息包括用户名和用户密码,密码次数为用户输入用户密码的次数,密码输入参数包括输入特性参数和环境参数,输入特性参数包括表征用户输入用户密码时描述输入操作的特性参数,环境参数包括用户输入用户密码时混合应用程序所处的运行环境的参数;The terminal 30 is configured to obtain the registration information received on the registration page in response to the registration information input operation, and collect the number of passwords and password input parameters when the user enters the registration information, where the registration information includes the user name and the user password, and the number of passwords is the user The number of times the user password is entered. The password input parameters include input characteristic parameters and environmental parameters. The input characteristic parameters include characteristic parameters that describe the input operation when the user enters the user password. The environmental parameters include the running environment of the hybrid application when the user enters the user password. Parameters
终端30用于对注册信息和用户输入注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用混合应用程序的原生框架提供的网络接口,将第一加密信息发送至服务器;The terminal 30 is configured to encrypt the registration information and the password times and password input parameters when the user inputs the registration information to obtain the first encrypted information, and call the network interface provided by the native framework of the hybrid application to send the first encrypted information to the server;
服务器40用于对第一加密信息进行解密,并将解密得到的注册信息存储为用户信息记录,将用户输入注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入注册信息时密码输入参数记作用户习惯参数;The server 40 is configured to decrypt the first encrypted information, and store the decrypted registration information as a user information record, store the number of passwords and password input parameters when the user enters the registration information as a user operation record, and input the user's registration information The password input parameters are recorded as user habit parameters;
终端30用于响应于登录操作,控制混合应用程序跳转至登录页面;The terminal 30 is configured to control the hybrid application to jump to a login page in response to a login operation;
终端30用于响应于登录信息输入操作,获取登录页面上接收到的登录信息,并采集用户输入登录信息时的密码次数和密码输入参数,其中,登录信息包括用户名和用户密码;The terminal 30 is configured to obtain the login information received on the login page in response to the login information input operation, and collect the password times and password input parameters when the user enters the login information, where the login information includes a user name and a user password;
终端30用于对登录信息和用户输入登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用网络接口,将第二加密信息发送至服务器40;The terminal 30 is configured to encrypt the login information and the password times and password input parameters when the user enters the login information to obtain the second encrypted information, and call the network interface to send the second encrypted information to the server 40;
服务器40用于对第二加密信息进行解密,在存储的用户操作记录中查询的包括解密第二加密信息得到的用户名,如果未查询到,则将未注册的结果反馈终端,如果查询到,则判断解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码是否一致,若解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码一致,则将登录信息正确的结果反馈至终端,将解密第二加密信息得到的密码次数和密码输入参数存储为一条用户操作记录,计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度,并在相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在相似度大于相似度阈值时,则根据存储的所有用户操作记录计算出新用户习惯参数,利用新用户习惯参数对用户习惯参数进行更新,若解密第二加密信息得到的用户密码与查询到的用户信息记录中的用户密码不一致,则服务器将登录信息错误的结果反馈至终端30;The server 40 is configured to decrypt the second encrypted information. The query included in the stored user operation records includes the user name obtained by decrypting the second encrypted information. If not found, the unregistered result is fed back to the terminal. If found, Then it is determined whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record. If the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, then The result of correct login information is fed back to the terminal, and the password times and password input parameters obtained by decrypting the second encrypted information are stored as a user operation record, and the similarity between the password input parameters obtained by decrypting the second encrypted information and the user's customary parameters is calculated, and When the similarity is less than a preset similarity threshold, an abnormal login warning message is sent in a preset manner. When the similarity is greater than the similarity threshold, new user habits parameters are calculated based on all stored user operation records, and new users are used Custom parameters update user custom parameters, if decrypted second Confidential information obtained user password and user information query to record user passwords do not match, the server login information incorrect result is fed back to terminal 30;
终端30用于在接收到未注册的结果时,控制混合应用程序跳转至注册页面,在接收到登录信息正确的结果时,控制混合应用程序跳转至首页,在接收到登录信息错误的结果时,控制混合应用程序显示错误提示信息。The terminal 30 is used to control the hybrid application to jump to the registration page when receiving an unregistered result, and control the hybrid application to jump to the home page when receiving a result with correct login information, and to receive a result with incorrect login information , The hybrid application is controlled to display an error message.
采用该实施例提供的混合应用程序的注册登录系统,原生框架提供基本的接口方法,登录注册页面及跳转逻辑完全交由js框架实现和控制,同时,将每次输入用户密码的密码输入参数加密至服务器,服务器计算出用户习惯参数,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似度低时,进行提醒,提升混合应用程序的安全性,在某次用户输入用户密码时的密码输入参数与用户习惯参数相似高时,及时更新用户习惯参数,保证用户 习惯参数动态跟随用户习惯。The registration and login system of the hybrid application provided by this embodiment is adopted. The native framework provides a basic interface method. The login and registration page and the jump logic are completely implemented and controlled by the JS framework. At the same time, each time the user enters the password for the password input parameters Encrypted to the server, the server calculates the user's custom parameters, and reminds when the password input parameters and user custom parameters are low when a user enters the user password to improve the security of the hybrid application and enter the user password When the password input parameters are similar to the user habit parameters, the user habit parameters are updated in time to ensure that the user habit parameters dynamically follow the user habits.
可选地,服务器40还用于向终端30发送第一热更新包;终端30还用于在混合应用程序跳转至注册页面之后,获取注册页面上接收到的注册信息之前,加载第一热更新包对注册页面进行修复和更新。Optionally, the server 40 is further configured to send the first hot update package to the terminal 30; the terminal 30 is further configured to load the first hot update after the hybrid application jumps to the registration page and before obtaining the registration information received on the registration page. The update package fixes and updates the registration page.
服务器40还用于向终端30发送第二热更新包;终端30还用于在混合应用程序跳转至登录页面之后,获取登录页面上接收到的注册信息之前,加载第二热更新包对登录页面进行修复和更新。The server 40 is further configured to send a second hot update package to the terminal 30; the terminal 30 is further configured to load the second hot update package to log in after the hybrid application jumps to the login page and before obtaining the registration information received on the login page. Page for repairs and updates.
可选地,用户密码的形式为字符形式时,输入特性参数包括用户输入用户密码时使用的键盘模式、用户输入用户密码时各个字符之间的时间间隔;用户密码的形式为手势形式时,输入特性参数包括用户输入用户密码时图形点之间的时间间隔环境参数包括终端的ip地址、终端所在地理位置以及登录时间。Optionally, when the user password is in the form of characters, the input characteristic parameters include the keyboard mode used when the user enters the user password, and the time interval between characters when the user enters the user password; when the user password is in the form of a gesture, enter The characteristic parameters include the time interval between graphic points when the user enters the user password. The environmental parameters include the terminal's IP address, the geographical location of the terminal, and the login time.
可选地,服务器40在根据存储的用户操作记录计算出新用户习惯参数时,具体执行的步骤包括:对于密码输入参数中的一种非数值类参数,统计所有用户操作记录中出现频率最高的值作为新用户习惯参数中的参数值;对于密码输入参数中的一种数值类参数,提取每一个用户操作记录中对应的参数值得到一个取样值组,对取样值组进行聚类,得到的聚类中心作为新用户习惯参数中的参数。Optionally, when the server 40 calculates the new user habit parameters based on the stored user operation records, the specific steps include: for a non-numeric parameter of the password input parameters, counting the most frequently occurring user operation records The value is used as a parameter value in the custom parameters of the new user; for a numerical parameter in the password input parameter, a corresponding parameter value in each user operation record is extracted to obtain a sample value group, and the sample value group is clustered to obtain The cluster center is used as a parameter in the new user habits parameter.
可选地,服务器40在计算解密第二加密信息得到的密码输入参数与用户习惯参数的相似度时,具体执行的步骤包括:计算解密第二加密信息得到的密码输入参数与用户习惯参数中,各个相同参数之间的子相似度;将各子相似度与预定权重相乘的积再相加,得到相似度。Optionally, when the server 40 calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, the specific steps include: calculating the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, Sub-similarity between each of the same parameters; the product of multiplication of each sub-similarity with a predetermined weight is then added to obtain the similarity.
可选地,服务器40还用于在将登录信息正确的结果反馈至终端30之后,检测用户的登录权限是否过期,并且在过期时将登录超时的结果反馈至终端30;终端30还用于清除写入终端缓存的临时数据并控制混合应用程序跳转至登录页面。Optionally, the server 40 is further configured to detect whether the login permission of the user has expired after feeding back the result of the correct login information to the terminal 30, and feedback the result of the login timeout to the terminal 30 when it expires; the terminal 30 is also used to clear Writes temporary data cached in the terminal and controls the hybrid application to jump to the login page.
可选地,终端30还用于在将登录信息正确的结果反馈至终端30之后,响应于网络请求操作,给被网络请求操作的页面添加刷新标记,服务器40还用于在接收网络请求操作对应的请求时,向终端30返回响应数据,终端30还用于根据响应数据刷新被网络请求操作的页面并清除该页面的刷新标记,同时,若终端30给被网络请求操作的页面添加刷新标记之后,接收响应数据之前,接收到登录超时的结果,终端30还用于通过js框架控制混合应用程序跳转至登录页面。Optionally, the terminal 30 is further configured to add a refresh mark to a page requested to be operated by the network in response to the network request operation after feeding back the result of the correct login information to the terminal 30, and the server 40 is further configured to receive the operation response corresponding to the network request. When the request is received, the response data is returned to the terminal 30. The terminal 30 is also used to refresh the page operated by the network request and clear the refresh flag of the page according to the response data. At the same time, if the terminal 30 adds a refresh flag to the page operated by the network request Before receiving the response data, after receiving the login timeout result, the terminal 30 is also used to control the hybrid application to jump to the login page through the js framework.
实施例三Example three
本实施例还提供一种计算机设备,如可以执行程序的智能手机、平板电脑、笔记本电脑、台式计算机、机架式服务器、刀片式服务器、塔式服务器或机柜式服务器(包括独立的服务器,或者多个服务器所组成的服务器集群)等。如图3所示,本实施例的计算机设备20至少包括但不限于:可通过系统 总线相互通信连接的存储器21、处理器22,如图3所示。需要指出的是,图3仅示出了具有组件21-22的计算机设备20,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。This embodiment also provides a computer device, such as a smart phone, tablet computer, notebook computer, desktop computer, rack server, blade server, tower server, or rack server (including a stand-alone server, or Server cluster consisting of multiple servers) and so on. As shown in FIG. 3, the computer device 20 of this embodiment includes, but is not limited to, a memory 21 and a processor 22 that can be communicatively connected to each other through a system bus, as shown in FIG. It should be noted that FIG. 3 only shows the computer device 20 with components 21-22, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
本实施例中,存储器21(即可读存储介质)包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,存储器21可以是计算机设备20的内部存储单元,例如该计算机设备20的硬盘或内存。在另一些实施例中,存储器21也可以是计算机设备20的外部存储设备,例如该计算机设备20上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。当然,存储器21还可以既包括计算机设备20的内部存储单元也包括其外部存储设备。本实施例中,存储器21通常用于存储安装于计算机设备20的操作系统和各类应用软件,例如实施例2的混合应用程序的注册登录系统的程序代码等。此外,存储器21还可以用于暂时地存储已经输出或者将要输出的各类数据。In this embodiment, the memory 21 (ie, a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM), Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc. In some embodiments, the memory 21 may be an internal storage unit of the computer device 20, such as a hard disk or a memory of the computer device 20. In other embodiments, the memory 21 may also be an external storage device of the computer device 20, for example, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, Flash card, etc. Of course, the memory 21 may also include both the internal storage unit of the computer device 20 and its external storage device. In this embodiment, the memory 21 is generally used to store an operating system and various types of application software installed on the computer device 20, such as program code of the registration and login system of the hybrid application in the second embodiment. In addition, the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
处理器22在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器22通常用于控制计算机设备20的总体操作。本实施例中,处理器22用于运行存储器21中存储的程序代码或者处理数据,例如混合应用程序的注册登录系统等。The processor 22 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor, or other data processing chip in some embodiments. The processor 22 is generally used to control the overall operation of the computer device 20. In this embodiment, the processor 22 is configured to run program code or process data stored in the memory 21, such as a registration and login system of a hybrid application.
实施例四Example 4
本实施例还提供一种计算机可读存储介质,如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘、服务器、App应用商城等等,其上存储有计算机程序,程序被处理器执行时实现相应功能。本实施例的计算机可读存储介质用于混合应用程序的注册登录系统,被处理器执行时实现实施例1的混合应用程序的注册登录方法。This embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM), Read memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, servers, App application stores, etc., which have computer programs stored on them, When the program is executed by the processor, the corresponding function is realized. The computer-readable storage medium of this embodiment is used for a registration and login system of a hybrid application, and when executed by a processor, implements the registration and login method of the hybrid application of embodiment 1.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present application are merely for description, and do not represent the superiority or inferiority of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。Through the description of the above embodiments, those skilled in the art can clearly understand that the methods in the above embodiments can be implemented by means of software plus a necessary universal hardware platform, and of course, also by hardware, but in many cases the former is better. Implementation.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of the present application, and thus do not limit the patent scope of the present application. Any equivalent structure or equivalent process transformation made using the contents of the description and drawings of the application, or directly or indirectly used in other related technical fields Are included in the scope of patent protection of this application.

Claims (20)

  1. 一种混合应用程序的注册登录方法,其特征在于,包括:A method for registering and logging in a hybrid application, which includes:
    终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面;In response to the registration operation, the terminal controls the hybrid application to jump to the registration page through the js framework of the hybrid application;
    所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息,并采集用户输入所述注册信息时的密码次数和密码输入参数,其中,所述注册信息包括用户名和用户密码;The terminal responds to a registration information input operation, obtains the registration information received on the registration page through the js framework, and collects the number of passwords and password input parameters when a user enters the registration information, wherein the registration information Including username and password;
    所述终端通过所述js框架对所述注册信息和用户输入所述注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用所述混合应用程序的原生框架提供的网络接口,将所述第一加密信息发送至服务器;The terminal encrypts the registration information and the number of passwords and password input parameters when the user enters the registration information through the js framework to obtain first encrypted information, and calls a network interface provided by the native framework of the hybrid application Sending the first encrypted information to a server;
    所述服务器对所述第一加密信息进行解密,并将解密得到的所述注册信息存储为用户信息记录,将用户输入所述注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入所述注册信息时密码输入参数记作用户习惯参数;The server decrypts the first encrypted information, stores the decrypted registration information as a user information record, stores the number of passwords and password input parameters when the user enters the registration information as a user operation record, and Recording the password input parameter when the user enters the registration information as a user habit parameter;
    所述终端响应于登录操作,通过所述js框架控制所述混合应用程序跳转至登录页面;In response to the login operation, the terminal controls the hybrid application to jump to a login page through the js framework;
    所述终端响应于登录信息输入操作,通过所述js框架获取所述登录页面上接收到的登录信息,并采集用户输入所述登录信息时的密码次数和密码输入参数,其中,所述登录信息包括所述用户名和所述用户密码;The terminal responds to the login information input operation, obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when a user enters the login information, wherein the login information Including the user name and the user password;
    所述终端通过所述js框架对所述登录信息和用户输入所述登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用所述网络接口,将所述第二加密信息发送至所述服务器;The terminal encrypts the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain second encrypted information, and invokes the network interface to encrypt the second encrypted information. Sending to the server;
    所述服务器对所述第二加密信息进行解密,在存储的所述用户信息记录中查询包括解密所述第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至所述终端;在查询到时,判断解密所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码是否一致,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码一致,则所述服务器将登录信息正确的结果反馈至所述终端,所述服务器将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度,并在所述相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在所述相似度大于所述相似度阈值时,则所述服务器根据存储的所有所述用户操作记录计算出新用户习惯参数,利用所述新用户习惯参数对所述用户习惯参数进行更新,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码不一致,则所述服务器将登录信息错误的结果反馈至所述终端;The server decrypts the second encrypted information, and the query in the stored user information record includes the user name obtained by decrypting the second encrypted information, and when it is not queried, returns the unregistered result to all The terminal; when inquired, determining whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, if the user password obtained by the second encrypted information is If the user passwords in the user information records are consistent, the server feeds back the correct login information to the terminal, and the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as all The user operation record calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, and sends an exception in a preset manner when the similarity is less than a preset similarity threshold. Login warning information, when the similarity is greater than the similarity threshold, the server The operation record calculates a new user habit parameter, and uses the new user habit parameter to update the user habit parameter, if the user password obtained by the second encrypted information does not match the user password in the queried user information record , The server feeds back the result of the incorrect login information to the terminal;
    所述终端通过所述js框架控制所述混合应用程序显示错误提示信息。The terminal controls the hybrid application to display error prompt information through the js framework.
  2. 根据权利要求1所述的混合应用程序的注册登录方法,其特征在于,The method for registering and registering a hybrid application program according to claim 1, wherein:
    在终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面之后,所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息之前,所述方法还包括:After the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application, the terminal obtains the registration page received through the js framework in response to the registration information input operation. Before the registration information, the method further includes:
    所述服务器向所述终端发送热更新包;Sending, by the server, a hot update package to the terminal;
    所述终端通过所述js框架加载所述热更新包对所述注册页面进行修复和更新。The terminal loads the hot update package through the js framework to repair and update the registration page.
  3. 根据权利要求1所述的混合应用程序的注册登录方法,其特征在于,The method for registering and registering a hybrid application program according to claim 1, wherein:
    所述用户密码的形式为字符形式时,所述输入特性参数包括用户输入所述用户密码时使用的键盘模式、用户输入所述用户密码时各个字符之间的时间间隔;When the form of the user password is a character form, the input characteristic parameters include a keyboard mode used when the user enters the user password, and a time interval between characters when the user enters the user password;
    所述用户密码的形式为手势形式时,所述输入特性参数包括用户输入所述用户密码时图形点之间的时间间隔;When the form of the user password is a gesture form, the input characteristic parameter includes a time interval between graphic points when the user enters the user password;
    所述环境参数包括所述终端的ip地址、所述终端所在地理位置以及登录时间。The environmental parameters include the IP address of the terminal, the geographical location of the terminal, and the login time.
  4. 根据权利要求3所述的混合应用程序的注册登录方法,其特征在于,所述服务器根据存储的所有所述用户操作记录计算出新用户习惯参数的步骤包括:The method for registering and logging in a hybrid application program according to claim 3, wherein the step of calculating, by the server, a new user habit parameter based on all stored user operation records comprises:
    对于所述密码输入参数中的一种非数值类参数,统计所述用户操作记录中出现频率最高的值作为所述新用户习惯参数中的参数值;For a non-numerical parameter among the password input parameters, counting the most frequently occurring value in the user operation record as the parameter value in the new user habits parameter;
    对于所述密码输入参数中的一种数值类参数,提取所述用户操作记录中对应的参数值得到取样值组,对所述取样值组进行聚类,得到的聚类中心作为所述新用户习惯参数中的参数。For a numerical parameter in the password input parameter, extracting a corresponding parameter value in the user operation record to obtain a sample value group, clustering the sample value group, and the obtained cluster center is used as the new user. Parameters in custom parameters.
  5. 根据权利要求1所述的混合应用程序的注册登录方法,其特征在于,所述服务器将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度的步骤包括:The method of claim 1, wherein the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as the user operation record, and calculates and decrypts the The similarity between the password input parameter obtained from the second encrypted information and the user habit parameter includes:
    计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数中,各个相同参数之间的子相似度;Calculating a sub-similarity between a password input parameter obtained by decrypting the second encrypted information and each of the same parameters among the user habit parameters;
    将各子相似度与预定权重相乘的积再相加,得到所述相似度。The product of the similarity of each child and the predetermined weight is added again to obtain the similarity.
  6. 根据权利要求1所述的混合应用程序的注册登录方法,其特征在于,在所述服务器将登录信息正确的结果反馈至所述终端的步骤之后,所述方法还包括:The method for registering and registering a hybrid application according to claim 1, wherein after the step of the server feeding back the correct result of the login information to the terminal, the method further comprises:
    所述服务器检测用户的登录权限是否过期,并且在过期时将登录超时的结果反馈至所述终端;Detecting, by the server, whether a user's login permission has expired, and feeding back the result of the login timeout to the terminal when the login permission expires;
    所述终端通过所述js框架清除写入终端缓存的临时数据并控制所述混合应用程序跳转至所述登录页面。The terminal clears the temporary data written into the terminal cache through the js framework and controls the hybrid application to jump to the login page.
  7. 根据权利要求6所述的混合应用程序的注册登录方法,其特征在于,The method for registering and registering a hybrid application program according to claim 6, wherein:
    在所述服务器将登录信息正确的结果反馈至所述终端的步骤之后,所述方法还包括:After the server feedbacks the result of correct login information to the terminal, the method further includes:
    所述终端响应于网络请求操作,通过所述js框架给被所述网络请求操作的页面添加刷新标记;In response to a network request operation, the terminal adds a refresh mark to a page operated by the network request through the js framework;
    若所述服务器接收所述网络请求操作对应的请求并向所述终端返回响应数据时,所述终端通过所述js框架根据所述响应数据刷新被所述网络请求操作的页面并清除该页面的刷新标记;If the server receives a request corresponding to the network request operation and returns response data to the terminal, the terminal refreshes the page operated by the network request and clears the page through the js framework according to the response data. Refresh mark
    若所述终端通过所述js框架给被所述网络请求操作的页面添加刷新标记之后,接收所述响应数据之前,接收到所述登录超时的结果,则所述终端通过所述js框架控制所述混合应用程序跳转至所述登录页面。If the terminal receives a result of the login timeout after adding a refresh mark to a page operated by the network request through the js framework, before receiving the response data, the terminal controls the website through the js framework. The hybrid application jumps to the login page.
  8. 一种混合应用程序的注册登录系统,其特征在于,包括终端和服务器,其中,A registration and login system for a hybrid application is characterized in that it includes a terminal and a server, wherein:
    所述终端用于响应注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面;The terminal is used to respond to a registration operation, and control the hybrid application to jump to a registration page through a js framework of the hybrid application;
    所述终端用于响应注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息,并采集用户输入所述注册信息时的密码次数和密码输入参数,其中,所述注册信息包括用户名和用户密码;The terminal is used to respond to a registration information input operation, obtain the registration information received on the registration page through the js framework, and collect the number of passwords and password input parameters when a user enters the registration information, wherein the registration The information includes username and password;
    所述终端用于通过所述js框架对所述注册信息和用户输入所述注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用所述混合应用程序的原生框架提供的网络接口,将所述第一加密信息发送至所述服务器;The terminal is configured to use the js framework to encrypt the registration information and the number of passwords and password input parameters when the user enters the registration information to obtain first encrypted information, and call the hybrid application provided by the native framework A network interface, sending the first encrypted information to the server;
    所述服务器用于对所述第一加密信息进行解密,并将解密得到的所述注册信息存储为用户信息记录,将用户输入所述注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入所述注册信息时密码输入参数记作用户习惯参数;The server is configured to decrypt the first encrypted information, and store the decrypted registration information as a user information record, and store the number of passwords and password input parameters when the user enters the registration information as a user operation record And the password input parameter when the user enters the registration information is recorded as a user habit parameter;
    所述终端用于响应登录操作,通过所述js框架控制所述混合应用程序跳转至登录页面;The terminal is used to respond to a login operation, and control the hybrid application to jump to a login page through the js framework;
    所述终端用于响应登录信息输入操作,通过所述js框架获取所述登录页面上接收到的登录信息,并采集用户输入所述登录信息时的密码次数和密码输入参数,其中,所述登录信息包括所述用户名和所述用户密码;The terminal is configured to respond to a login information input operation, obtain the login information received on the login page through the js framework, and collect password times and password input parameters when a user enters the login information, wherein the login The information includes the user name and the user password;
    所述终端用于通过所述js框架对所述登录信息和用户输入所述登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用所述网络接口,将所述第二加密信息发送至所述服务器;The terminal is configured to encrypt the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain second encrypted information, and call the network interface to convert the second encrypted information. Sending the encrypted information to the server;
    所述服务器用于对所述第二加密信息进行解密,在存储的所述用户信息记录中查询包括解密所述第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至所述终端,在查询到时,判断解密所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码是否一致,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码一致, 则将登录信息正确的结果反馈至所述终端,将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度,并在所述相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在所述相似度大于所述相似度阈值时,根据存储的所有所述用户操作记录计算出新用户习惯参数,利用所述新用户习惯参数对所述用户习惯参数进行更新,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码不一致,将登录信息错误的结果反馈至所述终端;The server is configured to decrypt the second encrypted information, and query in the stored user information record includes a user name obtained by decrypting the second encrypted information, and when not found, feedback the unregistered result To the terminal, when inquired, determine whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, and if the user password obtained by the second encrypted information is the same as If the user passwords in the queryed user information records are consistent, the result of correct login information is fed back to the terminal, and the password times and password input parameters obtained by decrypting the second encrypted information are stored as the user operation record , Calculating a similarity between the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, and sending the abnormal login warning information in a preset manner when the similarity is less than a preset similarity threshold, When the similarity is greater than the similarity threshold, a new user habit parameter is calculated according to all the stored user operation records. Using the new user habit parameter to update the user habit parameter, if the user password obtained by the second encrypted information does not match the user password in the queried user information record, the login information is incorrect Feedback to the terminal;
    所述终端用于通过所述js框架控制所述混合应用程序显示错误提示信息。The terminal is configured to control the hybrid application to display error prompt information through the js framework.
  9. 根据权利要求8所述的混合应用程序的注册登录系统,其特征在于,The registration and registration system for a hybrid application according to claim 8, wherein:
    在终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面之后,所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息之前:After the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application, the terminal obtains the registration page received through the js framework in response to the registration information input operation. Before registration information:
    所述服务器还用于向所述终端发送热更新包;The server is further configured to send a hot update package to the terminal;
    所述终端还用于通过所述js框架加载所述热更新包对所述注册页面进行修复和更新。The terminal is further configured to load the hot update package through the js framework to repair and update the registration page.
  10. 根据权利要求8所述的混合应用程序的注册登录系统,其特征在于,The registration and registration system for a hybrid application according to claim 8, wherein:
    所述用户密码的形式为字符形式时,所述输入特性参数包括用户输入所述用户密码时使用的键盘模式、用户输入所述用户密码时各个字符之间的时间间隔;When the form of the user password is a character form, the input characteristic parameters include a keyboard mode used when the user enters the user password, and a time interval between characters when the user enters the user password;
    所述用户密码的形式为手势形式时,所述输入特性参数包括用户输入所述用户密码时图形点之间的时间间隔;When the form of the user password is a gesture form, the input characteristic parameter includes a time interval between graphic points when the user enters the user password;
    所述环境参数包括所述终端的ip地址、所述终端所在地理位置以及登录时间。The environmental parameters include the IP address of the terminal, the geographical location of the terminal, and the login time.
  11. 根据权利要求10所述的混合应用程序的注册登录系统,其特征在于,所述服务器根据存储的所有所述用户操作记录计算出新用户习惯参数时,具体执行的步骤包括:The registration and login system for a hybrid application according to claim 10, wherein when the server calculates a new user habit parameter based on all the user operation records stored, the specific steps include:
    对于所述密码输入参数中的一种非数值类参数,统计所述用户操作记录中出现频率最高的值作为所述新用户习惯参数中的参数值;For a non-numerical parameter among the password input parameters, counting the most frequently occurring value in the user operation record as the parameter value in the new user habits parameter;
    对于所述密码输入参数中的一种数值类参数,提取所述用户操作记录中对应的参数值得到取样值组,对所述取样值组进行聚类,得到的聚类中心作为所述新用户习惯参数中的参数。For a numerical parameter in the password input parameter, extracting a corresponding parameter value in the user operation record to obtain a sample value group, clustering the sample value group, and the obtained cluster center is used as the new user. Parameters in custom parameters.
  12. 根据权利要求8所述的混合应用程序的注册登录系统,其特征在于,所述服务器将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度时,执行的步骤包括:The registration and login system for the hybrid application program according to claim 8, wherein the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as the user operation record, and calculates the decryption of the When the password input parameter obtained by the second encrypted information is similar to the user habit parameter, the steps performed include:
    计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数中,各个相同参数之间的子相似度;Calculating a sub-similarity between a password input parameter obtained by decrypting the second encrypted information and each of the same parameters among the user habit parameters;
    将各子相似度与预定权重相乘的积再相加,得到所述相似度。The product of the similarity of each child and the predetermined weight is added again to obtain the similarity.
  13. 根据权利要求8所述的混合应用程序的注册登录系统,其特征在于,在所述服务器将登录信息正确的结果反馈至所述终端的步骤之后:The registration and login system for a hybrid application according to claim 8, characterized in that, after the step of the server feeding back a correct result of the login information to the terminal:
    所述服务器还用于检测用户的登录权限是否过期,并且在过期时将登录超时的结果反馈至所述终端;The server is further configured to detect whether a user's login permission expires, and feed back the result of the login timeout to the terminal when the login permission expires;
    所述终端还用于通过所述js框架清除写入终端缓存的临时数据并控制所述混合应用程序跳转至所述登录页面。The terminal is further configured to clear the temporary data written to the terminal cache and control the hybrid application to jump to the login page through the js framework.
  14. 根据权利要求13所述的混合应用程序的注册登录系统,其特征在于,The registration and registration system for a hybrid application according to claim 13, wherein:
    在所述服务器将登录信息正确的结果反馈至所述终端的步骤之后:After the step that the server feeds back the correct login information to the terminal:
    所述终端还用于响应于网络请求操作,通过所述js框架给被所述网络请求操作的页面添加刷新标记;The terminal is further configured to add a refresh mark to a page operated by the network request through the js framework in response to the network request operation;
    若所述服务器接收所述网络请求操作对应的请求并向所述终端返回响应数据时,所述终端还用于通过所述js框架根据所述响应数据刷新被所述网络请求操作的页面并清除该页面的刷新标记;If the server receives a request corresponding to the network request operation and returns response data to the terminal, the terminal is further configured to refresh and clear a page operated by the network request according to the response data through the js framework. Refresh mark for this page;
    若所述终端通过所述js框架给被所述网络请求操作的页面添加刷新标记之后,接收所述响应数据之前,接收到所述登录超时的结果,则所述终端还用于通过所述js框架控制所述混合应用程序跳转至所述登录页面。If the terminal receives a result of the login timeout after adding a refresh mark to a page operated by the network request through the js framework, before receiving the response data, the terminal is further configured to use the js The framework controls the hybrid application to jump to the login page.
  15. 一种计算机设备,所述计算机设备包括存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现混合应用程序的注册登录方法的以下步骤:A computer device includes a memory, a processor, and a computer program stored on the memory and executable on the processor. The computer device is characterized in that when the processor executes the program, registration and login of a hybrid application program are implemented. The following steps of the method:
    终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面;In response to the registration operation, the terminal controls the hybrid application to jump to the registration page through the js framework of the hybrid application;
    所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息,并采集用户输入所述注册信息时的密码次数和密码输入参数,其中,所述注册信息包括用户名和用户密码;The terminal responds to a registration information input operation, obtains the registration information received on the registration page through the js framework, and collects the number of passwords and password input parameters when a user enters the registration information, wherein the registration information Including username and password;
    所述终端通过所述js框架对所述注册信息和用户输入所述注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用所述混合应用程序的原生框架提供的网络接口,将所述第一加密信息发送至服务器;The terminal encrypts the registration information and the number of passwords and password input parameters when the user enters the registration information through the js framework to obtain first encrypted information, and calls a network interface provided by the native framework of the hybrid application Sending the first encrypted information to a server;
    所述服务器对所述第一加密信息进行解密,并将解密得到的所述注册信息存储为用户信息记录,将用户输入所述注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入所述注册信息时密码输入参数记作用户习惯参数;The server decrypts the first encrypted information, stores the decrypted registration information as a user information record, stores the number of passwords and password input parameters when the user enters the registration information as a user operation record, and Recording the password input parameter when the user enters the registration information as a user habit parameter;
    所述终端响应于登录操作,通过所述js框架控制所述混合应用程序跳转至登录页面;In response to the login operation, the terminal controls the hybrid application to jump to a login page through the js framework;
    所述终端响应于登录信息输入操作,通过所述js框架获取所述登录页面上接收到的登录信息,并采集用户输入所述登录信息时的密码次数和密码输入参数,其中,所述登录信息包括所述用户名和所述用户密码;The terminal responds to the login information input operation, obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when a user enters the login information, wherein the login information Including the user name and the user password;
    所述终端通过所述js框架对所述登录信息和用户输入所述登录信息时的 密码次数和密码输入参数进行加密得到第二加密信息,并调用所述网络接口,将所述第二加密信息发送至所述服务器;The terminal encrypts the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain second encrypted information, and invokes the network interface to encrypt the second encrypted information. Sending to the server;
    所述服务器对所述第二加密信息进行解密,在存储的所述用户信息记录中查询包括解密所述第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至所述终端;在查询到时,判断解密所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码是否一致,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码一致,则所述服务器将登录信息正确的结果反馈至所述终端,所述服务器将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度,并在所述相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在所述相似度大于所述相似度阈值时,则所述服务器根据存储的所有所述用户操作记录计算出新用户习惯参数,利用所述新用户习惯参数对所述用户习惯参数进行更新,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码不一致,则所述服务器将登录信息错误的结果反馈至所述终端;The server decrypts the second encrypted information, and the query in the stored user information record includes the user name obtained by decrypting the second encrypted information, and when it is not queried, returns the unregistered result to all The terminal; when inquired, determining whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, if the user password obtained by the second encrypted information is If the user passwords in the user information records are consistent, the server feeds back the correct login information to the terminal, and the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as all The user operation record calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, and sends an exception in a preset manner when the similarity is less than a preset similarity threshold. Login warning information, when the similarity is greater than the similarity threshold, the server The operation record calculates a new user habit parameter, and uses the new user habit parameter to update the user habit parameter, if the user password obtained by the second encrypted information does not match the user password in the queried user information record , The server feeds back the result of the incorrect login information to the terminal;
    所述终端通过所述js框架控制所述混合应用程序显示错误提示信息。The terminal controls the hybrid application to display error prompt information through the js framework.
  16. 根据权利要求15所述的计算机设备,其特征在于,The computer device according to claim 15, wherein:
    在终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面之后,所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息之前,所述处理器执行所述程序时实现混合应用程序的注册登录方法还包括以下步骤:After the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application, the terminal obtains the registration page received through the js framework in response to the registration information input operation. Prior to the registration information, the method for registering and logging in the hybrid application when the processor executes the program further includes the following steps:
    所述服务器向所述终端发送热更新包;Sending, by the server, a hot update package to the terminal;
    所述终端通过所述js框架加载所述热更新包对所述注册页面进行修复和更新。The terminal loads the hot update package through the js framework to repair and update the registration page.
  17. 根据权利要求15所述的计算机设备,其特征在于,The computer device according to claim 15, wherein:
    所述用户密码的形式为字符形式时,所述输入特性参数包括用户输入所述用户密码时使用的键盘模式、用户输入所述用户密码时各个字符之间的时间间隔;When the form of the user password is a character form, the input characteristic parameters include a keyboard mode used when the user enters the user password, and a time interval between characters when the user enters the user password;
    所述用户密码的形式为手势形式时,所述输入特性参数包括用户输入所述用户密码时图形点之间的时间间隔;When the form of the user password is a gesture form, the input characteristic parameter includes a time interval between graphic points when the user enters the user password;
    所述环境参数包括所述终端的ip地址、所述终端所在地理位置以及登录时间。The environmental parameters include the IP address of the terminal, the geographical location of the terminal, and the login time.
  18. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于:所述程序被处理器执行时实现混合应用程序的注册登录方法的以下步骤:A computer-readable storage medium having stored thereon a computer program, characterized in that the steps of the method for registering and logging in a hybrid application are implemented when the program is executed by a processor:
    终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面;In response to the registration operation, the terminal controls the hybrid application to jump to the registration page through the js framework of the hybrid application;
    所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面 上接收到的注册信息,并采集用户输入所述注册信息时的密码次数和密码输入参数,其中,所述注册信息包括用户名和用户密码;The terminal responds to a registration information input operation, obtains the registration information received on the registration page through the js framework, and collects the number of passwords and password input parameters when a user enters the registration information, wherein the registration information Including username and password;
    所述终端通过所述js框架对所述注册信息和用户输入所述注册信息时的密码次数和密码输入参数进行加密得到第一加密信息,并调用所述混合应用程序的原生框架提供的网络接口,将所述第一加密信息发送至服务器;The terminal encrypts the registration information and the number of passwords and password input parameters when the user enters the registration information through the js framework to obtain first encrypted information, and calls a network interface provided by the native framework of the hybrid application Sending the first encrypted information to a server;
    所述服务器对所述第一加密信息进行解密,并将解密得到的所述注册信息存储为用户信息记录,将用户输入所述注册信息时的密码次数和密码输入参数存储为用户操作记录,并将用户输入所述注册信息时密码输入参数记作用户习惯参数;The server decrypts the first encrypted information, stores the decrypted registration information as a user information record, stores the number of passwords and password input parameters when the user enters the registration information as a user operation record, and Recording the password input parameter when the user enters the registration information as a user habit parameter;
    所述终端响应于登录操作,通过所述js框架控制所述混合应用程序跳转至登录页面;In response to the login operation, the terminal controls the hybrid application to jump to a login page through the js framework;
    所述终端响应于登录信息输入操作,通过所述js框架获取所述登录页面上接收到的登录信息,并采集用户输入所述登录信息时的密码次数和密码输入参数,其中,所述登录信息包括所述用户名和所述用户密码;The terminal responds to the login information input operation, obtains the login information received on the login page through the js framework, and collects the number of passwords and password input parameters when a user enters the login information, wherein the login information Including the user name and the user password;
    所述终端通过所述js框架对所述登录信息和用户输入所述登录信息时的密码次数和密码输入参数进行加密得到第二加密信息,并调用所述网络接口,将所述第二加密信息发送至所述服务器;The terminal encrypts the login information and the password times and password input parameters when the user enters the login information through the js framework to obtain second encrypted information, and invokes the network interface to encrypt the second encrypted information. Sending to the server;
    所述服务器对所述第二加密信息进行解密,在存储的所述用户信息记录中查询包括解密所述第二加密信息得到的用户名,当未查询到时,将未注册的结果反馈至所述终端;在查询到时,判断解密所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码是否一致,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码一致,则所述服务器将登录信息正确的结果反馈至所述终端,所述服务器将解密所述第二加密信息得到的密码次数和密码输入参数存储为所述用户操作记录,计算解密所述第二加密信息得到的密码输入参数与所述用户习惯参数的相似度,并在所述相似度小于预设的相似度阈值时,通过预设的方式发送异常登录警告信息,在所述相似度大于所述相似度阈值时,则所述服务器根据存储的所有所述用户操作记录计算出新用户习惯参数,利用所述新用户习惯参数对所述用户习惯参数进行更新,若所述第二加密信息得到的用户密码与查询到的所述用户信息记录中的用户密码不一致,则所述服务器将登录信息错误的结果反馈至所述终端;The server decrypts the second encrypted information, and the query in the stored user information record includes the user name obtained by decrypting the second encrypted information, and when it is not queried, returns the unregistered result to all The terminal; when inquired, determining whether the user password obtained by decrypting the second encrypted information is consistent with the user password in the queried user information record, if the user password obtained by the second encrypted information is If the user passwords in the user information records are consistent, the server feeds back the correct login information to the terminal, and the server stores the number of passwords and password input parameters obtained by decrypting the second encrypted information as all The user operation record calculates the similarity between the password input parameter obtained by decrypting the second encrypted information and the user habit parameter, and sends an exception in a preset manner when the similarity is less than a preset similarity threshold. Login warning information, when the similarity is greater than the similarity threshold, the server The operation record calculates a new user habit parameter, and uses the new user habit parameter to update the user habit parameter, if the user password obtained by the second encrypted information does not match the user password in the queried user information record , The server feeds back the result of the incorrect login information to the terminal;
    所述终端通过所述js框架控制所述混合应用程序显示错误提示信息。The terminal controls the hybrid application to display error prompt information through the js framework.
  19. 根据权利要求18所述的计算机可读存储介质,其特征在于,The computer-readable storage medium of claim 18, wherein
    在终端响应于注册操作,通过混合应用程序的js框架控制所述混合应用程序跳转至注册页面之后,所述终端响应于注册信息输入操作,通过所述js框架获取所述注册页面上接收到的注册信息之前,所述程序被处理器执行时实现混合应用程序的注册登录方法还包括以下步骤:After the terminal responds to the registration operation and controls the hybrid application to jump to the registration page through the js framework of the hybrid application, the terminal obtains the registration page received through the js framework in response to the registration information input operation. Prior to the registration information, when the program is executed by the processor, the method for registering and logging in the hybrid application further includes the following steps:
    所述服务器向所述终端发送热更新包;Sending, by the server, a hot update package to the terminal;
    所述终端通过所述js框架加载所述热更新包对所述注册页面进行修复和更新。The terminal loads the hot update package through the js framework to repair and update the registration page.
  20. 根据权利要求18所述的计算机可读存储介质,其特征在于,The computer-readable storage medium of claim 18, wherein
    所述用户密码的形式为字符形式时,所述输入特性参数包括用户输入所述用户密码时使用的键盘模式、用户输入所述用户密码时各个字符之间的时间间隔;When the form of the user password is a character form, the input characteristic parameters include a keyboard mode used when the user enters the user password, and a time interval between characters when the user enters the user password;
    所述用户密码的形式为手势形式时,所述输入特性参数包括用户输入所述用户密码时图形点之间的时间间隔;When the form of the user password is a gesture form, the input characteristic parameter includes a time interval between graphic points when the user enters the user password;
    所述环境参数包括所述终端的ip地址、所述终端所在地理位置以及登录时间。The environmental parameters include the IP address of the terminal, the geographical location of the terminal, and the login time.
PCT/CN2018/108778 2018-07-11 2018-09-29 Registration and login method for hybrid application program, system, and computer device WO2020010726A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810755138.0 2018-07-11
CN201810755138.0A CN108965291B (en) 2018-07-11 2018-07-11 Registration login method and system of hybrid application program and computer equipment

Publications (1)

Publication Number Publication Date
WO2020010726A1 true WO2020010726A1 (en) 2020-01-16

Family

ID=64483741

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/108778 WO2020010726A1 (en) 2018-07-11 2018-09-29 Registration and login method for hybrid application program, system, and computer device

Country Status (2)

Country Link
CN (1) CN108965291B (en)
WO (1) WO2020010726A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110244963B (en) * 2019-05-24 2020-05-22 深圳市明源云科技有限公司 Data updating method and device and terminal equipment
CN113051541B (en) * 2021-03-31 2022-02-01 广州锦行网络科技有限公司 Logoff method and device of target account, electronic equipment and computer readable medium
CN114692040B (en) * 2022-04-06 2022-11-29 山东特亿宝互联网科技有限公司 Auxiliary display platform of web browser
CN115049392A (en) * 2022-06-20 2022-09-13 阮荣军 Duration habit verification system and method based on cloud storage
CN115412373B (en) * 2022-11-01 2023-03-21 中网信安科技有限公司 Method and system for safely accessing mechanical-electrical integrated industrial control network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
US20170213025A1 (en) * 2015-10-30 2017-07-27 General Electric Company Methods, systems, apparatus, and storage media for use in detecting anomalous behavior and/or in preventing data loss
CN107871279A (en) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 User ID authentication method and application server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3976201B2 (en) * 2002-02-15 2007-09-12 サイエンスパーク株式会社 Personal authentication method using input characteristics of input device by network, program thereof, and recording medium of program
US8443197B2 (en) * 2005-09-30 2013-05-14 The Invention Science Fund I, Llc Voice-capable system and method for authentication using prior entity user interaction

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
US20170213025A1 (en) * 2015-10-30 2017-07-27 General Electric Company Methods, systems, apparatus, and storage media for use in detecting anomalous behavior and/or in preventing data loss
CN107871279A (en) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 User ID authentication method and application server

Also Published As

Publication number Publication date
CN108965291B (en) 2021-04-16
CN108965291A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
WO2020010726A1 (en) Registration and login method for hybrid application program, system, and computer device
US11558388B2 (en) Provisional computing resource policy evaluation
CN108156237B (en) Product information pushing method and device, storage medium and computer equipment
US10223524B1 (en) Compromised authentication information clearing house
CN110798472B (en) Data leakage detection method and device
KR102146587B1 (en) Method, client, server and system of login verification
US9838384B1 (en) Password-based fraud detection
US11916920B2 (en) Account access security using a distributed ledger and/or a distributed file system
US10032037B1 (en) Establishing application trust levels using taint propagation as a service
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
US10114960B1 (en) Identifying sensitive data writes to data stores
US10574697B1 (en) Providing a honeypot environment in response to incorrect credentials
US10122830B2 (en) Validation associated with a form
US11361063B2 (en) Access control policy simulation and testing
US10769045B1 (en) Measuring effectiveness of intrusion detection systems using cloned computing resources
US10432622B2 (en) Securing biometric data through template distribution
US20170104746A1 (en) System and method for data security on big data sets
US10158990B2 (en) SMS message reading control method and terminal
US20180060591A1 (en) Computing Device Protection Based On Device Attributes And Device Risk Factor
US9853811B1 (en) Optimistic key usage with correction
US10225152B1 (en) Access control policy evaluation and remediation
CN102186173A (en) Identity authentication method and system
US20150106903A1 (en) Information processing system, information processing method, and non-transitory computer-readable medium
US11929991B2 (en) Data aggregation using proxy entry of credentials
US9667659B2 (en) Determining security factors associated with an operating environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18926010

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18926010

Country of ref document: EP

Kind code of ref document: A1