CN107070945A

CN107070945A - Identity logs method and apparatus

Info

Publication number: CN107070945A
Application number: CN201710349035.XA
Authority: CN
Inventors: 王占东; 赖景愚; 王向众
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-06-19
Filing date: 2013-06-19
Publication date: 2017-08-18
Anticipated expiration: 2033-06-19
Also published as: CN103609090B; CN103609090A; WO2014201636A1; CN107070945B

Abstract

The embodiment of the present invention provides a kind of identity logs method and apparatus, and the identity logs method includes：Account management terminal obtains the application description information of application server to be logged in application client end equipment；Account management terminal is sent to Authentication server by subscriber identity information and using description information, so that Authentication server is obtaining user's mandate, and after application server is authenticated, the corresponding user account of account management terminal is logged on the application server.Identity logs method and apparatus provided in an embodiment of the present invention, realizes the unified management of user account, improves the security of network application.

Description

Identity logs method and apparatus

Technical field

The present embodiments relate to the communication technology, more particularly to a kind of identity logs method and apparatus.

Background technology

With the arrival of Internet era, internet is increasingly opened, the community of user's addition, circle, the web used Using more and more.And in different communities, circle and application, because user name such as has been registered at the reason, Yong Huxu The different user to be registered name is also more and more, and which results in the cumbersome, it is necessary to remember and match of username and password memory The username and password of substantial amounts of community, circle and application.

User often runs into situations below during internet is used, because being not logged in or using for a long time for a long time " remembeing password " function and have forgotten some username and password；Or, the matching for different username and passwords is produced Memory is obscured, multiple login failure.This traditional identity logs method obviously can not meet the demand of user, need badly A solution is proposed to reduce the complexity of operation.

The content of the invention

The embodiment of the present invention provides a kind of identity logs method and apparatus, to realize the unified management of user account, improves The security of network application.

In a first aspect, the embodiment of the present invention provides a kind of identity logs method, including：

Account management terminal obtains the application description information of application server to be logged in application client end equipment；

Subscriber identity information and the application description information are sent to Authentication server by the account management terminal, So that the Authentication server is authorized obtaining user, and after being authenticated to the application server, by the account The corresponding user account of management terminal is logged on the application server.

In the first possible implementation, the account management terminal obtains and waits to log in application client end equipment Application server application description information, including：

The account management terminal obtains to be logged in the application client end equipment from the application client end equipment The address of the application server；The account management terminal is according to the address of the application server, from the application service Device obtains the application description information；Or

The account management terminal obtains from the application client end equipment and waits to log in the application client end equipment The application server application description information.

With reference to the first possible implementation of first aspect, in second of possible implementation, the account Management terminal obtains the application server to be logged in the application client end equipment from the application client end equipment Address, including：

The identification code that application client end equipment described in the account management terminal scanning is shown, is obtained from the identification code The address of the application server to be logged in the application client end equipment；The identification code includes：Quick Response Code, three-dimensional Code, color code, bar code, black and white code or buphthalmos code；Or

The account management terminal obtains NFC by close range wireless communication NFC modes from the application client end equipment Electronic tag, and obtain from the NFC electronic tags application service to be logged in the application client end equipment The address of device.

With reference to the first possible implementation of first aspect, in the third possible implementation, the account Management terminal obtains the application server to be logged in the application client end equipment from the application client end equipment Application description information, including：

The identification code that application client end equipment described in the account management terminal scanning is shown, is obtained from the identification code The application description information of the application server to be logged in the application client end equipment；The identification code includes：Two dimension Code, three-dimension code, color code, bar code, black and white code or buphthalmos code；Or

The account management terminal obtains NFC electronic tags by nearly NFC modes from the application client end equipment, and The application of the application server to be logged in the application client end equipment is obtained from the NFC electronic tags Description information.

It is possible at the 4th kind with reference to first aspect or first to the 3rd any possible implementation of first aspect In implementation, subscriber identity information and the application description information are sent to authentication service by the account management terminal Device so that the Authentication server is authorized obtaining user, and after being authenticated to the application server, by the account Number corresponding user account of management terminal is logged on the application server, including：

The subscriber identity information and the application description information are sent to the identity and tested by the account management terminal Demonstrate,prove server, authorized access code；

The authorization code is sent to the application server by the account management terminal, so that the application server is logical The authorization code is crossed, access token is obtained from the Authentication server, and by the Authentication server by the account Number corresponding user account of management terminal is logged on the application server.

With reference to the 4th kind of possible implementation of first aspect, in the 5th kind of possible implementation, the account The subscriber identity information and the application description information are sent to the Authentication server by management terminal, are authorized Code, including：

The subscriber identity information and the application description information are sent to the identity and tested by the account management terminal Demonstrate,prove server；The application description information includes application identities and user profile permissions list；

The account management terminal receives the user authorization request message that the Authentication server is sent；

The account management terminal, which receives to authorize, indicates message, indicates that message takes to the authentication according to described authorize Business device sends license confirmation message；Wherein, the user profile of user's mandate, the user are carried in the license confirmation message The user profile of mandate is part or all of for the user profile permissions list, and the user profile that the user authorizes includes institute State user account；

The account management terminal receives the mandate that the Authentication server is sent according to the license confirmation message Code.

With reference to the 5th kind of possible implementation of first aspect, in the 6th kind of possible implementation, the account The authorization code is sent to the application server by management terminal, including：

The authorization code is sent to the Authentication server by the account management terminal, to cause the identity to test The authorization code is sent to the application client end equipment by card server, by the application client end equipment by the authorization code It is sent to the application server；Or

The authorization code is sent to the application client end equipment by the account management terminal by NFC modes, so that The authorization code is sent to the application server by the application client end equipment.

Second aspect, the embodiment of the present invention provides a kind of identity logs method, including：

Authentication server receives the subscriber identity information of account management terminal transmission and in application client end equipment The application description information of application server to be logged in；

The Authentication server obtains user according to the subscriber identity information and the application description information and authorized, And the application server is authenticated, after certification success, by the corresponding user account of the account management terminal described Logged on application server.

In the first possible implementation, the Authentication server is according to the subscriber identity information and described User is obtained using description information to authorize, and the application server is authenticated, after certification success, by the account management The corresponding user account of terminal is logged on the application server, including：

The Authentication server is according to the subscriber identity information and the application description information to the account pipe Manage terminal and send authorization code, so that the authorization code is sent to the application server by the account management terminal；

The authorization code that the Authentication server is provided according to the application server, to the application server Access token is sent, the corresponding user account of the account management terminal is logged on the application server.

With reference to the first possible implementation of second aspect, in second of possible implementation, the identity Authentication server sends authorization code according to the subscriber identity information and the application description information to the account management terminal, Including：

The Authentication server is authenticated according to the subscriber identity information to the user account, certification success User authorization request message is sent to the account management terminal afterwards, the license confirmation for receiving the account management terminal transmission disappears Breath；

The Authentication server sends authorization code according to the license confirmation message to the account management terminal.

With reference to the first possible implementation of second aspect, in the third possible implementation, the identity The authorization code that authentication server is provided according to the application server, access token is sent to the application server, will The corresponding user account of the account management terminal is logged on the application server, including：

The Authentication server receives the ID authentication request message that the application server is sent, wherein, it is described ID authentication request message carries the application identities, the authorization code and applies key；

The Authentication server is according to the application identities, the authorization code and the application key to the application Server is authenticated, and after certification success, the access token is sent to the application server；

The Authentication server receives the account acquisition request message that the application server is sent, wherein, it is described Account obtains in request message and carries the access token；

The authentication service is verified to the access token, after being proved to be successful, and is sent out to the application server Send the account management terminal corresponding user account.

The third aspect, the embodiment of the present invention provides a kind of account management terminal, including：

Acquiring unit, the application description information for obtaining application server to be logged in application client end equipment；

Processing unit, the application description information for subscriber identity information and the acquiring unit to be got is sent To Authentication server so that the Authentication server is obtaining user's mandate, and the application server is carried out After certification, the corresponding user account of the account management terminal is logged on the application server.

In the first possible implementation, the acquiring unit specifically for：Obtained from the application client end equipment The address of the application server to be logged in the application client end equipment is taken, according to the address of the application server, The application description information is obtained from the application server；Or, obtained from the application client end equipment in the application The application description information of the application server to be logged on client device.

It is described to obtain in second of possible implementation with reference to the first possible implementation of the third aspect Unit is obtaining the ground of the application server to be logged in the application client end equipment from the application client end equipment During location, specifically for：

The identification code that the application client end equipment is shown is scanned, the applications client is obtained from the identification code and is set For the address of the application server above to be logged in；The identification code includes：Quick Response Code, three-dimension code, color code, bar code, Black and white code or buphthalmos code；Or

By close range wireless communication NFC modes, NFC electronic tags are obtained from the application client end equipment, and from institute State the address that the application server to be logged in the application client end equipment is obtained in NFC electronic tags.

It is described to obtain in the third possible implementation with reference to the first possible implementation of the third aspect Unit is obtaining the application server to be logged in the application client end equipment from the application client end equipment During using description information, specifically for：

The identification code that the application client end equipment is shown is scanned, the applications client is obtained from the identification code and is set For the application description information of the application server above to be logged in；The identification code includes：Quick Response Code, three-dimension code, color code, Bar code, black and white code or buphthalmos code；Or

By NFC modes, NFC electronic tags are obtained from the application client end equipment, and from the NFC electronic tags Obtain the application description information of the application server to be logged in the application client end equipment.

It is possible at the 4th kind with reference to the third aspect or first to the 3rd any possible implementation of the third aspect In implementation, the processing unit specifically for：

The subscriber identity information and the application description information are sent to the Authentication server, authorized Code；

The authorization code is sent to the application server, so that the application server is by the authorization code, from The Authentication server obtains access token, and by the Authentication server that the account management terminal is corresponding User account is logged on the application server.

With reference to the 4th kind of possible implementation of the third aspect, in the 5th kind of possible implementation, the processing The subscriber identity information and the application description information are being sent to the Authentication server, authorized access code by unit When, specifically for：

The subscriber identity information and the application description information are sent to the Authentication server；The application Description information includes application identities and user profile permissions list；

Receive the user authorization request message that the Authentication server is sent；

Receive to authorize and indicate message, indicate that message sends license confirmation to the Authentication server according to described authorize Message；Wherein, the user profile of user's mandate is carried in the license confirmation message, the user profile that the user authorizes is The user profile permissions list it is part or all of, the user profile that the user authorizes includes the user account；

Receive the authorization code that the Authentication server is sent according to the license confirmation message.

With reference to the 5th kind of possible implementation of the third aspect, in the 6th kind of possible implementation, the processing Unit when the authorization code is sent into the application server, specifically for：

The authorization code is sent to the Authentication server, to cause the Authentication server to be awarded described Weighted code is sent to the application client end equipment, and the authorization code is sent into the application by the application client end equipment takes Business device；Or

The authorization code is sent to by the application client end equipment by NFC modes, so that the applications client is set It is standby that the authorization code is sent to the application server.

Fourth aspect, the embodiment of the present invention provides a kind of Authentication server, including：

Receiving unit, for receiving the subscriber identity information of account management terminal transmission and being treated in application client end equipment The application description information of the application server of login；

Processing unit, for the subscriber identity information received according to the receiving unit and application description letter Breath obtains user and authorized, and the application server is authenticated, after certification success, the account management terminal is corresponding User account is logged on the application server.

In the first possible implementation, the processing unit specifically for：

Authorization code is sent to the account management terminal according to the subscriber identity information and the application description information, with Make the account management terminal that the authorization code is sent into the application server；

The authorization code provided according to the application server, sends access token, by institute to the application server The corresponding user account of account management terminal is stated to log on the application server.

With reference to the first possible implementation of fourth aspect, in second of possible implementation, the processing Unit to the account management terminal according to the subscriber identity information and the application description information when sending authorization code, tool Body is used for：

The user account is authenticated according to the subscriber identity information, the backward account management of certification success is whole End sends user authorization request message, receives the license confirmation message that the account management terminal is sent；

According to the license confirmation message, authorization code is sent to the account management terminal.

With reference to the first possible implementation of fourth aspect, in the third possible implementation, the processing Unit sends access token in the authorization code provided according to the application server to the application server, will be described When the corresponding user account of account management terminal is logged on the application server, specifically for：

The ID authentication request message that the application server is sent is received, wherein, the ID authentication request message is taken With the application identities, the authorization code and apply key；

The application server is authenticated according to the application identities, the authorization code and the application key, recognized After demonstrate,proving successfully, the access token is sent to the application server；

The account acquisition request message that the application server is sent is received, wherein, the account is obtained in request message Carry the access token；

The access token is verified, after being proved to be successful, the account management is sent to the application server whole Hold corresponding user account.

5th aspect, the embodiment of the present invention provides a kind of account management terminal, including：Processor, communication interface, memory And bus；

Wherein described processor, the communication interface and the memory pass through the bus bar；

The memory, for store instruction or data；

The processor, which is called, to be stored in the instruction in the memory to realize that acquisition is treated in application client end equipment The application description information of the application server of login, is believed subscriber identity information and application description by the communication interface Breath is sent to Authentication server so that the Authentication server is obtaining user's mandate, and to the application service After device is authenticated, the corresponding user account of the account management terminal is logged on the application server.

In the first possible implementation, the processor specifically for：Obtained from the application client end equipment The address of the application server to be logged in the application client end equipment, according to the address of the application server, leads to Cross the communication interface and obtain the application description information from the application server；Or, from the application client end equipment Obtain the application description information of the application server to be logged in the application client end equipment.

With reference to the first possible implementation of the 5th aspect, in second of possible implementation, described account Number management terminal, in addition to：Scanner or close range wireless communication NFC transmitters, the scanner or the NFC transmitters lead to The bus is crossed to interconnect with the processor；

The processor from the application client end equipment obtain in the application client end equipment it is to be logged in described in During the address of application server, specifically for：

The identification code that the application client end equipment is shown is scanned by the scanner, institute is obtained from the identification code State the address of the application server to be logged in application client end equipment；The identification code includes：Quick Response Code, three-dimension code, Color code, bar code, black and white code or buphthalmos code；Or

By the NFC transmitters in NFC modes, NFC electronic tags are obtained from the application client end equipment, and from institute State the address that the application server to be logged in the application client end equipment is obtained in NFC electronic tags.

With reference to the first possible implementation of the 5th aspect, in the third possible implementation, described account Number management terminal, in addition to：Scanner or NFC transmitters, the scanner or the NFC transmitters pass through the bus and institute State processor interconnection；

The processor is obtaining institute to be logged in the application client end equipment from the application client end equipment When stating the application description information of application server, specifically for：

The identification code that the application client end equipment is shown is scanned by the scanner, institute is obtained from the identification code State the application description information of the application server to be logged in application client end equipment；The identification code includes：Quick Response Code, Three-dimension code, color code, bar code, black and white code or buphthalmos code；Or

By the NFC transmitters in NFC modes, NFC electronic tags are obtained from the application client end equipment, and from institute State the application description that the application server to be logged in the application client end equipment is obtained in NFC electronic tags Information.

It is possible at the 4th kind with reference to the 5th aspect or first to the 3rd any possible implementation of the 5th aspect In implementation, the processor specifically for：

The subscriber identity information and the application description information are sent into the identity by the communication interface to test Demonstrate,prove server, authorized access code；

The authorization code is sent to by the application server by the communication interface, so that the application server is logical The authorization code is crossed, access token is obtained from the Authentication server, and by the Authentication server by the account Number corresponding user account of management terminal is logged on the application server.

With reference to the 4th kind of possible implementation of the 5th aspect, in the 5th kind of possible implementation, the processing The subscriber identity information and the application description information are being sent to the Authentication server, authorized access code by device When, specifically for：

The subscriber identity information and the application description information are sent into the identity by the communication interface to test Demonstrate,prove server；The application description information includes application identities and user profile permissions list；

The user authorization request message that the Authentication server is sent is received by the communication interface；

Receive to authorize by the communication interface and indicate message, indicate that message takes to the authentication according to described authorize Business device sends license confirmation message；Wherein, the user profile of user's mandate, the user are carried in the license confirmation message The user profile of mandate is part or all of for the user profile permissions list, and the user profile that the user authorizes includes institute State user account；

The mandate that the Authentication server is sent according to the license confirmation message is received by the communication interface Code.

With reference to the 5th kind of possible implementation of the 5th aspect, in the 6th kind of possible implementation, described account Number management terminal, in addition to：NFC transmitters, the NFC transmitters are interconnected by the bus and the processor；

The processor when the authorization code is sent into the application server, specifically for：

The authorization code is sent to by the Authentication server by the communication interface, to cause the identity to test The authorization code is sent to the application client end equipment by card server, by the application client end equipment by the authorization code It is sent to the application server；Or

The authorization code is sent to by the application client end equipment in NFC modes by the NFC transmitters, so that institute State application client end equipment and the authorization code is sent to the application server.

6th aspect, the embodiment of the present invention provides a kind of Authentication server, including：

Processor, communication interface, memory and bus；

The communication interface is used to receive the subscriber identity information of account management terminal transmission and in application client end equipment On application server to be logged in application description information；

The memory, for store instruction or data；

The processor, which is called, to be stored in the instruction in the memory to realize according to the subscriber identity information and institute State and obtain user's mandate using description information, and the application server is authenticated, after certification success, by the account pipe The corresponding user account of reason terminal is logged on the application server.

In the first possible implementation, the processor specifically for：

According to the subscriber identity information and the application description information by the communication interface to the account management Terminal sends authorization code, so that the authorization code is sent to the application server by the account management terminal；

The authorization code provided according to the application server, is sent out by the communication interface to the application server Access token is sent, the corresponding user account of the account management terminal is logged on the application server.

With reference to the first possible implementation of the 6th aspect, in second of possible implementation, the processing Device to the account management terminal according to the subscriber identity information and the application description information when sending authorization code, specifically For：

The user account is authenticated according to the subscriber identity information, the backward account management of certification success is whole End sends user authorization request message, and the license confirmation for receiving the account management terminal transmission by the communication interface disappears Breath；

According to the license confirmation message, authorization code is sent to the account management terminal by the communication interface.

With reference to the first possible implementation of the 6th aspect, in the third possible implementation, the processing Device sends access token, by the account in the authorization code provided according to the application server to the application server When number corresponding user account of management terminal is logged on the application server, specifically for：

The ID authentication request message that the application server is sent is received by the communication interface, wherein, the body Part authentication request message carries the application identities, the authorization code and applies key；According to the application identities, described award Weighted code and the application key are authenticated to the application server, after certification success, by the communication interface to described Application server sends the access token；

The account acquisition request message that the application server is sent is received by the communication interface, wherein, the account Number obtain request message in carry the access token；

The access token is verified, after being proved to be successful, sent out by the communication interface to the application server Send the account management terminal corresponding user account.

As shown from the above technical solution, identity logs method and apparatus provided in an embodiment of the present invention, realizes user's account Number unified management, user need not remember account number cipher and can complete login process by account management terminal, drop on the whole The low complexity of subscriber authentication, it is to avoid the operation such as multiple input password account, memory cipher account, registration new account The problems such as Operating Complexity and leakage of information risk for bringing, improve the security of network application.

Brief description of the drawings

Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, for this For the those of ordinary skill of field, without having to pay creative labor, other can also be obtained according to these accompanying drawings Accompanying drawing.

Fig. 1 is a kind of identity logs method flow diagram provided in an embodiment of the present invention；

Fig. 2 is another identity logs method flow diagram provided in an embodiment of the present invention；

Fig. 3 is another identity logs method flow diagram provided in an embodiment of the present invention；

Fig. 4 is another identity logs method flow diagram provided in an embodiment of the present invention；

Fig. 5 is a kind of account management terminal structure schematic diagram provided in an embodiment of the present invention；

Fig. 6 is a kind of Authentication server structural representation provided in an embodiment of the present invention；

Fig. 7 is another account management terminal structure schematic diagram provided in an embodiment of the present invention；

Fig. 8 is another account management terminal structure schematic diagram provided in an embodiment of the present invention；

Fig. 9 is another account management terminal structure schematic diagram provided in an embodiment of the present invention；

Figure 10 is another Authentication server structural representation provided in an embodiment of the present invention.

Embodiment

To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.

Fig. 1 is a kind of identity logs method flow diagram provided in an embodiment of the present invention.As shown in figure 1, the present embodiment is provided Identity logs method specifically go for identity logs process in the Internet, applications, the identity logs method is specifically wrapped Include：

The application that step A10, account management terminal obtain application server to be logged in application client end equipment is retouched State information；

Subscriber identity information and the application description information are sent to identity and tested by step A20, the account management terminal Demonstrate,prove server so that the Authentication server is authorized obtaining user, and after being authenticated to the application server, will The corresponding user account of the account management terminal is logged on the application server.

Specifically, account management terminal for example can be mobile phone, tablet personal computer or PDA (Personal Digital Assistant, personal digital assistant) etc. mobile terminal, application client end equipment for example can for mobile phone, tablet personal computer, PDA, Applications client can be provided with the terminal device such as personal computer or notebook computer, the application client end equipment, with reality Existing application-specific, to should applications client be provided with application server.Browser can also be set in application client end equipment, To realize various applications by form web page, in this case, different applications can have corresponding application server.

Account management terminal can coordinate with Authentication server realize the unified management of user account, when initial, User's user account registered in advance, and log in account management terminal the authentication in the user account, the login process The specific authentication process process for being referred to prior art, for example, account management terminal sends user account and password To Authentication server, Authentication server is verified to user account and password, after being proved to be successful, and notifies account pipe Terminal logs in success is managed, and subscriber identity information is sent to account management terminal, the subscriber identity information is, for example, service token (ServiceToken).User's application to be used also is registered all on the Authentication server.The user account is in account After being logined successfully in number management terminal, the user for holding the account management terminal uses above-mentioned note by application client end equipment again During the application that volume is crossed, the identity logs method that can be provided by the present embodiment carries out identity logs.

, it is necessary to when logging in application server during user's common application client device uses application, account management Terminal obtains the application description information of the application server, and this can specifically include application identities (AppID) using description information, The information such as user profile permissions list can also be included.Application identities are to identify the application, for different applications, Yong Huxin The content for ceasing permissions list is different.For example, microblogging application in, user profile permissions list can include user name, strange thing and Microblogging release right etc..Account management terminal obtains this can also have a variety of using the implementation of description information：In one kind realization In mode, the address of the application server can be passed through identification code or NFC (Near Field by application client end equipment Communication, close range wireless communication) mode is supplied to account management terminal, and account management terminal is further according to the address Application server is accessed, description information is applied to obtain this；In another implementation, application client end equipment can from should This is obtained with server and applies description information, and this is supplied to by account using description information by identification code or NFC modes Management terminal.Account management terminal can also by other means obtain and apply description information, be not limited with the present embodiment.

Account management terminal is sent to Authentication server, identity by above-mentioned subscriber identity information and using description information After authentication server is authorized in acquisition user, and application server is authenticated, by the corresponding user's account of account management terminal Number log on the application server.When user needs to log in using all applications registered in the Authentication server, The method that can be provided using the present embodiment carries out identity logs, i.e. user can be logged in all by a user account Application.

The identity logs method that the present embodiment is provided, account management terminal obtains to be logged in application client end equipment The application description information of application server, is sent to Authentication server by subscriber identity information and using description information, makes Authentication server is authorized obtaining user, it is and after application server is authenticated, account management terminal is corresponding User account is logged on the application server.The unified management of user account is realized, user need not remember account number cipher and lead to Login process can be completed by crossing account management terminal, the complexity of subscriber authentication is reduced on the whole, it is to avoid multiple defeated Entering password account, memory cipher account, registration new account etc. operates the Operating Complexity brought and leakage of information risk etc. to ask Topic, improves the security of network application.

In the present embodiment, step A10, the account management terminal obtains to be logged in application client end equipment answer With the application description information of server, it can specifically include：

In the present embodiment, the account management terminal obtains the applications client from the application client end equipment and set For the address of the application server above to be logged in, it can specifically include：

The account management terminal is by NFC modes, from application client end equipment acquisition NFC electronic tags, and from The address of the application server to be logged in the application client end equipment is obtained in the NFC electronic tags.

In the present embodiment, the account management terminal is obtained in the applications client from the application client end equipment The application description information of the application server to be logged in, can specifically include in equipment：

The account management terminal is by NFC modes, from application client end equipment acquisition NFC electronic tags, and from The application that the application server to be logged in the application client end equipment is obtained in the NFC electronic tags is retouched State information.

For convenience, the browser access website set in application client end equipment or Web are passed through with user below Exemplified by, the application description information of application server to be logged in application client end equipment is obtained to account management terminal Process illustrate, but the present invention is not limited thereto.

In one implementation, user is by browser access website or Web applications, it is necessary to when logging in, and user can be with Actively click on and log in option to trigger login process, or specific events trigger login process of the user in navigation process.It is clear Device of looking at sends identification code to Authentication server by interface interchange and obtains request message, and the network address for the website that user accesses is made Authentication server is passed to for parameter, the network address of website is the address for the application server for carrying the website, such as URL (Uniform/Universal Resource Locator, URL) or IP (Internet Protocol, net Interconnection agreement between network) address etc..Browser can also pass to body in the lump using code (ConnectionCode) is connected as parameter Part authentication server, connection code is used for identification code of unique mark and obtains request, can pass through session identification (SessionID) Calculating is obtained.Authentication server generates identification code according to the address of the application server received, and identification code includes this The address of application server.Identification code can be but be not limited to Quick Response Code, three-dimension code, color code, bar code, black and white code or buphthalmos Code.When there is above-mentioned connection code in the information received, address and the company of the Authentication server according to application server Code generation identification code is connect, identification code includes address and the connection code of application server.Authentication server sends out identification code Give the browser of application client end equipment.Browser is received after the identification code of Authentication server transmission, and this is recognized Code is shown to user.User is scanned by the scanner of account management terminal to the identification code, to the identification code scanned Parsed, the address for the server that is applied, when also including connection code in identification code, also parsing obtains connection code.Or Person, when triggering login process, application client end equipment directly can also obtain including this according to the address of application server The identification code or electronic tag of address, if NFC transmitters can be set in obtained when electronic tag, application client end equipment, And electronic tag is sent to by account management terminal by the NFC transmitters, account management terminal is from the electronic tag received The middle address for obtaining the application server.

Account management terminal accesses corresponding application server according to the address, and application description letter is obtained from application server Breath.During implementing, account management terminal can send to the application server indicated by the address acquired and apply Description information obtains request message, and application server obtains request message using description information according to this and returned to account management terminal Response description information.

In another implementation process, when triggering login process, application client end equipment can be directly to application service Device acquisition request application description information, generation includes the identification code or electronic tag using description information, by identification code User is shown to by browser, so that user scans the identification code to obtain application by the scanner in account management terminal Electronic tag is sent to account management terminal, account management by description information, or application client end equipment by NFC transmitters Terminal obtains from electronic tag and applies description information.

During the identity logs of the present embodiment, pass through account management terminal scanning identification code or reception electronic tag Identity logs are achieved that, user need not remember account number cipher, simplify operating process.

Fig. 2 is another identity logs method flow diagram provided in an embodiment of the present invention.The present embodiment is based on shown in Fig. 1 Embodiment, as shown in Fig. 2 in the present embodiment, the step A20 in embodiment illustrated in fig. 1 can specifically include：

The subscriber identity information and the application description information are sent to institute by step A201, the account management terminal State Authentication server, authorized access code；

The authorization code is sent to the application server by step A202, the account management terminal, so that described should With server by the authorization code, access token is obtained from the Authentication server, and by the authentication service Device logs in the corresponding user account of the account management terminal on the application server.

Specifically, subscriber identity information and application message are sent to Authentication server, identity by account management terminal Authentication server can be authenticated according to the subscriber identity information to corresponding user account, and obtain user's mandate, generation Authorization code is simultaneously sent to account management terminal.Authorization code is sent to application server, application server by account management terminal again Access token (AccessToken) between the application server and Authentication server, identity are obtained by the authorization code Authentication server can be according to the access token application server certification.By the setting of access token, and the access token Only Authentication server and application server is known, can further improve the security of login process.

In the present embodiment, step A201, the account management terminal retouches the subscriber identity information and the application State information and be sent to the Authentication server, authorized access code can specifically include：

Specifically, the process of Authentication server acquisition user mandate can be：Authentication server is to account pipe Manage terminal and send user authorization request message, the user authorization request message can be real for the form at user's license confirmation interface It is existing, the user profile that user in need authorizes can be shown on user's license confirmation interface, the user profile is specifically as follows use Information included by family permissions list (Scope), user can by way of choosing selected section or whole user profile Authorized, i.e. user's input authorizes configured information.The user, which authorizes, to be realized using default behavior, i.e., in original application During configuration, user can set the scope of authority, when account management terminal receives the user authorization request message, automatically generate License confirmation information and sending is to Authentication server.

In the present embodiment, the authorization code is sent to the application service by step A202, the account management terminal Device, can include：

Specifically, in one implementation, account management terminal can send user's body to Authentication server When part information and application description information, while loopback address (CallbackURL) is sent into Authentication server, to cause Authentication server is returned, account management in the lump when returning to authorization code to the account management terminal together with the loopback address Terminal can locally be called according to the loopback address, started thread and performed follow-up process.

Application client end equipment, can be to authentication service after the identification code of Authentication server transmission is received Device sends authorization code Asynchronous Request message, to inform that after generation authorization code, authorization code is returned for Authentication server.Identity After authentication server generation authorization code, the authorization code application client end equipment is not returned at once, but work as and receive account After the authorization code that number management terminal is sent, then reply the authorization code Asynchronous Request of application client end equipment initiation.Account management is whole End can send connection code simultaneously, Authentication server is according to the connection when sending authorization code to Authentication server Code, which matches unanswered asynchronous data, asks and is correspondingly handled.

Authorization code is sent to application client end equipment by Authentication server, and application client end equipment sends authorization code To application server, the authorization code is sent to Authentication server to obtain access token by application server again, using clothes Token is sent to Authentication server and is authenticated by business device, and after certification success, Authentication server takes to application Business device returns to user account, to realize login.After logging in successfully, application server can notify application client end equipment to log in into Work(.

In another implementation, authorization code can be sent to application by account management terminal with directly by NFC modes Authorization code is sent to application server by client device, application client end equipment again, and application server again sends out the authorization code Authentication server is given to obtain access token, token is sent to Authentication server and carried out by application server Certification, after certification success, Authentication server returns to user account to application server, to realize login.After logging in successfully, Application server can notify application client end equipment to login successfully.

Fig. 3 is another identity logs method flow diagram provided in an embodiment of the present invention.As shown in figure 3, the present embodiment is carried The identity logs method of confession can specifically coordinate with the identity logs method applied to account management terminal to be realized, is implemented Journey will not be repeated here.The identity logs method that the present embodiment is provided, is specifically included：

Step B10, Authentication server receive the subscriber identity information of account management terminal transmission and in application client The application description information of application server to be logged in end equipment；

Step B20, the Authentication server are obtained according to the subscriber identity information and the application description information User is authorized, and the application server is authenticated, after certification success, by the corresponding user's account of the account management terminal Log in number on the application server.

The identity logs method that the present embodiment is provided, realizes the unified management of user account, user need not remember account Password and login process can be completed by account management terminal, the complexity of subscriber authentication is reduced on the whole, it is to avoid Operating Complexity and leakage of information wind that the operations such as multiple input password account, memory cipher account, registration new account are brought Dangerous the problems such as, improve the security of network application.

Fig. 4 is another identity logs method flow diagram provided in an embodiment of the present invention.The present embodiment is based on shown in Fig. 3 Embodiment, as shown in figure 4, in the present embodiment, the step B20 in embodiment illustrated in fig. 3 can specifically include：

Step B201, the Authentication server are according to the subscriber identity information and the application description information to institute State account management terminal and send authorization code, so that the authorization code is sent to the application service by the account management terminal Device；

The authorization code that step B202, the Authentication server are provided according to the application server, to described Application server sends access token, and the corresponding user account of the account management terminal is stepped on the application server Record.

In the present embodiment, step B201, the Authentication server according to the subscriber identity information and it is described should Authorization code is sent to the account management terminal with description information, can be included：

In the present embodiment, step B202 can specifically include：

Specifically, application server sends ID authentication request message, the ID authentication request to Authentication server The information such as authorization code, application identities and application key (AppSecret) are carried in message.Authentication server receives this After ID authentication request message, application server is authenticated, if certification success, application service is sent to by access token Device.Application server is received after the access token, and sending account to Authentication server obtains request message, and in the account Number obtain request message in carry access token, to obtain user account.Authentication server receives account and obtains request After message, access token is verified, if being proved to be successful, user account is returned into application server, to realize login.

Below by way of two specific application scenarios, identity logs method provided in an embodiment of the present invention is implemented Process is described in detail.

Under first application scenarios, application server is to be provided with to browse in forum servers, application client end equipment Device, user can pass through the browser access forum.

Step 1, user are opened after forum's login page by browser, and browser is taken by interface interchange to authentication Device transmission identification code of being engaged in obtains request message, carries the URL of the corresponding forum servers of the forum；

Step 2, Authentication server return to identification code to browser；

Step 3, browser send authorization code Asynchronous Request message to Authentication server；

The identification code shown in step 4, account management terminal scanning browser；

Step 6, account management terminal-pair identification code are parsed, and obtain URL and connection code (ConnectionCode) etc. Information；

Step 7, account management terminal send application description information acquisition request to forum servers according to obtained URL and disappeared Breath；

Step 8, forum servers return to account management terminal and apply description information, and including application using description information marks Know the information such as (AppID) and user right list (Scope)；

Step 9, account management terminal are to Authentication server by AppID, Scope, service token And loopback address (CallbackURL) is sent to Authentication server (ServiceToken)；

Step 10, Authentication server carry out AppID, Scope and ServiceToken validity check, examine into After work(, user's license confirmation interface is returned to account management terminal；

Step 11, account management terminal are inputted according to user, and the user for submitting user to authorize to Authentication server believes (Option) and device identification (DeviceID) are ceased, to apply for authorization code (AuthCode)；

Step 12, Authentication server are tested to DeviceID, and generate unique AuthCode, according to CallbackURL links return to account management terminal；

Step 13, account management terminal submit AuthCode and connection code (ConnectionCode) to authentication service Device, the authorization code request that command authentication server response browser is initiated；

Step 14, Authentication server match unanswered asynchronous data according to ConnectionCode and asked, to Browser sends AuthCode；

Step 15, browser initiate connection and submit AuthCode to forum servers；

Step 16, forum servers extract itself related data, and sending token to Authentication server obtains request Message, the token, which is obtained, carries AuthCode, AppID and application key (AppSecret) in request message；

Step 17, Authentication server verify AuthCode, AppID and AppSecret validity, if being proved to be successful Afterwards, then to forum servers backward reference token (AccessToken)；

Step 18, forum servers send account to Authentication server and obtain request message, and the account obtains request AccessToken is carried in message；

Step 19, Authentication server verify AccessToken validity, if being proved to be successful, by user account (username) forum servers are returned to；

Step 20, forum servers submit the result logined successfully to browser, and browser carries out corresponding application client The refresh process of end equipment, terminates login sessions.

Under second application scenarios, application server is to be provided with group buying websites server, application client end equipment Browser, user can pass through the browser access group buying websites.User logs in group buying websites process is specifically referred to first Forum servers in above-mentioned steps are replaced with group buying websites server by the step 1- steps 20 of individual application scenarios, tool Body is repeated no more.After login sessions terminate, user can also be included and obtain the step of purchasing by group product bill (Acode), i.e., it is following Step.

Step 21, user purchase by group product A by browser operation, and the operation information is sent to group buying websites and taken by browser Business device；

Step 22, group buying websites server are by username and purchase by group product A Acode and be pushed to authentication service Device；

Acode is pushed to account management terminal by step 23, Authentication server according to username.

Fig. 5 is a kind of account management terminal structure schematic diagram provided in an embodiment of the present invention.As shown in figure 5, the present embodiment The account management terminal of offer can realize the identity logs applied to account management terminal that any embodiment of the present invention is provided Each step of method, the process of implementing will not be repeated here.The account management terminal that the present embodiment is provided is specifically included：

Acquiring unit 11, the application description letter for obtaining application server to be logged in application client end equipment Breath；

Processing unit 12, for the application description information for getting subscriber identity information and the acquiring unit 11 It is sent to Authentication server so that the Authentication server is obtaining user's mandate, and to the application server After being authenticated, the corresponding user account of the account management terminal is logged on the application server.

The account management terminal that the present embodiment is provided, realizes the unified management of user account, user need not remember account Password and login process can be completed by account management terminal, the complexity of subscriber authentication is reduced on the whole, it is to avoid Operating Complexity and leakage of information wind that the operations such as multiple input password account, memory cipher account, registration new account are brought Dangerous the problems such as, improve the security of network application.

In the present embodiment, the acquiring unit 11 specifically can be used for：Obtain described from the application client end equipment The address of the application server to be logged in application client end equipment, according to the address of the application server, from described Application server obtains the application description information；Or, obtained from the application client end equipment in the applications client The application description information of the application server to be logged in equipment.

In the present embodiment, the acquiring unit 11 is set from the application client end equipment acquisition applications client It is standby above when the address of the application server logged in, specifically can be used for：

In the present embodiment, the acquiring unit 11 is obtained in the applications client from the application client end equipment In equipment when the application description information of the application server logged in, specifically it can be used for：

In the present embodiment, the processing unit 12 specifically can be used for：

In the present embodiment, the processing unit 12 is sent by the subscriber identity information and the application description information To the Authentication server, during authorized access code, specifically it can be used for：

In the present embodiment, the processing unit 12 by the authorization code when being sent to the application server, specifically It can be used for：

Fig. 6 is a kind of Authentication server structural representation provided in an embodiment of the present invention.As shown in fig. 6, this implementation The Authentication server that example is provided can realize the body applied to Authentication server that any embodiment of the present invention is provided Each step of part login method, the process of implementing will not be repeated here.The Authentication server tool that the present embodiment is provided Body includes：

Receiving unit 21, for receiving the subscriber identity information of account management terminal transmission and in application client end equipment The application description information of application server to be logged in；

Processing unit 22, the subscriber identity information and the application for being received according to the receiving unit 21 are retouched Acquisition of information user mandate is stated, and the application server is authenticated, after certification success, by the account management terminal-pair The user account answered is logged on the application server.

The Authentication server that the present embodiment is provided, realizes the unified management of user account, user need not remember account Number password and login process can be completed by account management terminal, the complexity of subscriber authentication is reduced on the whole, is kept away Operating Complexity and leakage of information that the operations such as multiple input password account, memory cipher account, registration new account are brought are exempted from The problems such as risk, improve the security of network application.

In the present embodiment, the processing unit 22 specifically can be used for：

In the present embodiment, the processing unit 22 according to the subscriber identity information and the application description information to When the account management terminal sends authorization code, specifically it can be used for：

In the present embodiment, the processing unit 22 is in the authorization code provided according to the application server, to institute State application server and send access token, the corresponding user account of the account management terminal is stepped on the application server During record, specifically it can be used for：

Fig. 7 is another account management terminal structure schematic diagram provided in an embodiment of the present invention.As shown in fig. 7, this implementation The account management terminal 700 that example is provided can realize the identity applied to account management terminal that any embodiment of the present invention is provided Each step of login method, the process of implementing will not be repeated here.The account management terminal 700 that the present embodiment is provided is specific Including：Processor 710, communication interface 720, memory 730 and bus 740；

Wherein described processor 710, the communication interface 720 and the memory 730 are interconnected by the bus 740；

The memory 730, for store instruction or data；

The processor 710, which is called, to be stored in the instruction in the memory 730 to realize that acquisition is set in applications client The application description information of standby above application server to be logged in, by the communication interface 720 by subscriber identity information and described Authentication server is sent to using description information so that the Authentication server is obtaining user's mandate, and to institute State after application server is authenticated, the corresponding user account of the account management terminal is stepped on the application server Record.

In the present embodiment, the processor 710 specifically can be used for：Described answer is obtained from the application client end equipment With the address of the application server to be logged on client device, according to the address of the application server, by described Communication interface 720 obtains the application description information from the application server；Or, obtained from the application client end equipment The application description information of the application server to be logged in the application client end equipment.

Fig. 8 is another account management terminal structure schematic diagram provided in an embodiment of the present invention, and Fig. 9 is the embodiment of the present invention The 4th kind of account management terminal structure schematic diagram provided.As shown in Figure 8 and Figure 9, in the present embodiment, the account management terminal 700 can also include：Scanner 750 or close range wireless communication NFC transmitters 760, the scanner 750 or the NFC are passed Defeated device 760 is interconnected by the bus 740 with the processor 710.Fig. 8, which is shown in account management terminal, sets scanner 750 implementation, Fig. 9 shows the embodiment that NFC transmitters 760 are set in account management terminal, people in the art Member can also set scanner 750 and NFC transmitters 760 simultaneously in account management terminal as needed.

The processor 710 is obtaining institute to be logged in the application client end equipment from the application client end equipment When stating the address of application server, specifically it can be used for：

The identification code that the application client end equipment is shown is scanned by the scanner 750, obtained from the identification code Take the address of the application server to be logged in the application client end equipment；The identification code includes：Quick Response Code, three-dimensional Code, color code, bar code, black and white code or buphthalmos code；Or

By the NFC transmitters 760 in NFC modes, NFC electronic tags are obtained from the application client end equipment, and The address of the application server to be logged in the application client end equipment is obtained from the NFC electronic tags.

In the present embodiment, the account management terminal 700 can also include：Scanner 750 or NFC transmitters 760, it is described Scanner 750 or the NFC transmitters 760 are interconnected by the bus 740 with the processor 710；

The processor 710 is obtaining to be logged in the application client end equipment from the application client end equipment During the application description information of the application server, specifically it can be used for：

The identification code that the application client end equipment is shown is scanned by the scanner 750, obtained from the identification code Take the application description information of the application server to be logged in the application client end equipment；The identification code includes：Two Tie up code, three-dimension code, color code, bar code, black and white code or buphthalmos code；Or

By the NFC transmitters 760 in NFC modes, NFC electronic tags are obtained from the application client end equipment, and The application of the application server to be logged in the application client end equipment is obtained from the NFC electronic tags Description information.

In the present embodiment, the processor 710 specifically can be used for：

The subscriber identity information and the application description information are sent to by the identity by the communication interface 720 Authentication server, authorized access code；

The authorization code is sent to by the application server by the communication interface 720, so that the application service Device obtains access token by the authorization code from the Authentication server, and by the Authentication server by institute The corresponding user account of account management terminal is stated to log on the application server.

In the present embodiment, the processor 710 is sent by the subscriber identity information and the application description information To the Authentication server, during authorized access code, specifically it can be used for：

The subscriber identity information and the application description information are sent to by the identity by the communication interface 720 Authentication server；The application description information includes application identities and user profile permissions list；

The user authorization request message that the Authentication server is sent is received by the communication interface 720；

Receive to authorize by the communication interface 720 and indicate message, indicate that message is tested to the identity according to described authorize Demonstrate,prove server and send license confirmation message；Wherein, the user profile of user's mandate is carried in the license confirmation message, it is described The user profile that user authorizes is part or all of for the user profile permissions list, the user profile bag that the user authorizes Include the user account；

The Authentication server is received according to awarding that the license confirmation message is sent by the communication interface 720 Weighted code.

In the present embodiment, the account management terminal 700 can also include NFC transmitters 760, the NFC transmitters 760 Interconnected by the bus 740 with the processor 710；

The processor 710 when the authorization code is sent into the application server, specifically for：

The authorization code is sent to by the Authentication server by the communication interface 720, to cause the body The authorization code is sent to the application client end equipment by part authentication server, is awarded by the application client end equipment by described Weighted code is sent to the application server；Or

The authorization code is sent to by the application client end equipment in NFC modes by the NFC transmitters 760, with Make the application client end equipment that the authorization code is sent into the application server.

Figure 10 is another Authentication server structural representation provided in an embodiment of the present invention.As shown in fig. 6, this reality Applying the Authentication server 800 of example offer can realize that what any embodiment of the present invention provided is applied to Authentication server Identity logs method each step, the process of implementing will not be repeated here.The authentication service that the present embodiment is provided Device 800 is specifically included：Processor 810, communication interface 820, memory 830 and bus 840；

Wherein described processor 810, the communication interface 820 and the memory 830 are interconnected by the bus 840；

The communication interface 820 is used to receive the subscriber identity information of account management terminal transmission and set in applications client For the application description information of application server above to be logged in；

The memory 830, for store instruction or data；

The processor 810, which is called, to be stored in the instruction in the memory 830 to realize according to user identity letter Breath and the application description information obtain user and authorized, and the application server is authenticated, after certification success, will be described The corresponding user account of account management terminal is logged on the application server.

In the present embodiment, the processor 810 specifically can be used for：

According to the subscriber identity information and the application description information by the communication interface 820 to the account pipe Manage terminal and send authorization code, so that the authorization code is sent to the application server by the account management terminal；

The authorization code provided according to the application server, by the communication interface 820 to the application service Device sends access token, and the corresponding user account of the account management terminal is logged on the application server.

In the present embodiment, the processor 810 according to the subscriber identity information and the application description information to When the account management terminal sends authorization code, specifically for：

The user account is authenticated according to the subscriber identity information, the backward account management of certification success is whole End sends user authorization request message, and the license confirmation that the account management terminal is sent is received by the communication interface 820 Message；

According to the license confirmation message, authorization code is sent to the account management terminal by the communication interface 820.

In the present embodiment, the processor 810 is in the authorization code provided according to the application server, to described Application server sends access token, and the corresponding user account of the account management terminal is logged on the application server When, specifically for：

The ID authentication request message that the application server is sent is received by the communication interface 820, wherein, it is described ID authentication request message carries the application identities, the authorization code and applies key；

The application server is authenticated according to the application identities, the authorization code and the application key, recognized After demonstrate,proving successfully, the access token is sent to the application server by the communication interface 820；

The account acquisition request message that the application server is sent is received by the communication interface 820, wherein, it is described Account obtains in request message and carries the access token；

The access token is verified, after being proved to be successful, by the communication interface 820 to the application server Send the corresponding user account of the account management terminal.

One of ordinary skill in the art will appreciate that：Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program Upon execution, the step of including above method embodiment is performed；And foregoing storage medium includes：ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.

Finally it should be noted that：Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations；To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that：Its according to The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered Row equivalent substitution；And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims

1. a kind of identity logs method, it is characterised in that including：

Account management terminal obtains the application description information of application server to be logged in from application client end equipment；

The account management terminal shows user's license confirmation interface；

The user that the account management terminal obtains at user's license confirmation interface inputs；

Account management terminal inputs to Authentication server according to the user and sends license confirmation message；

The Authentication server sends to the application client end equipment and awarded in response to receiving the license confirmation message Weighted code；

The application client end equipment sends the authorization code in response to receiving the authorization code to the application server；

The application server responses send token in receiving the authorization code, to the Authentication server and obtain request Message；

The Authentication server obtains request message in response to receiving the token, sends and visits to the application server Ask token；

The application server obtains user account according to the access token from the Authentication server；

The application server returns to the application client end equipment and logins successfully result.

2. identity logs method according to claim 1, it is characterised in that the application description information includes application and marked Know, or, user profile permissions list, or, application identities and user profile permissions list.

3. identity logs method according to claim 1 or 2, it is characterised in that user's license confirmation interface includes The user profile for needing user to authorize.

4. according to any described identity logs method of claims 1 to 3, it is characterised in that the token obtains request message Including the authorization code, application identities and apply key.

5. according to any described identity logs method of Claims 1-4, the account management terminal is from application client end equipment The application description information of application server to be logged in is obtained, including：

The Quick Response Code that the account management terminal scanning application client end equipment is shown, obtains to be logged in from the Quick Response Code The application description information of application server.

6. according to any described identity logs method of Claims 1-4, the account management terminal is from application client end equipment The application description information of application server to be logged in is obtained, including：

The account management terminal obtains NFC electronic tags from application client end equipment, and is obtained from the NFC electronic tags The application description information of application server to be logged in.

7. a kind of identity logs method, it is characterised in that including：

The account management terminal shows user's license confirmation interface；

Account management terminal inputs to Authentication server according to the user and sends license confirmation message, the license confirmation Message is used to trigger the Authentication server to application client end equipment transmission authorization code.

8. identity logs method according to claim 7, it is characterised in that also include：The authorization code is by the application Client device is transferred to the application server.

9. identity logs method according to claim 8, it is characterised in that the authorization code is used to trigger the application clothes Business device sends token to the Authentication server and obtains request message.

10. identity logs method according to claim 9, it is characterised in that the token, which obtains request message, to be used to touch Send out Authentication server described and send access token to the application server.

11. identity logs method according to claim 10, it is characterised in that the access token takes for the application Business device obtains user account from the Authentication server.

12. according to any described identity logs method of claim 7 to 11, it is characterised in that the application description information bag Application identities are included, or, user profile permissions list, or, application identities and user profile permissions list.

13. according to any described identity logs method of claim 7 to 12, it is characterised in that user's license confirmation circle Face includes the user profile for needing user to authorize.

14. according to any described identity logs method of claim 9 to 13, it is characterised in that the token obtains request and disappeared Breath includes the authorization code, application identities and applies key.

15. according to any described identity logs method of claim 7 to 14, the account management terminal is set from applications client The standby application description information for obtaining application server to be logged in, including：

16. according to any described identity logs method of claim 7 to 14, the account management terminal is set from applications client The standby application description information for obtaining application server to be logged in, including：

17. a kind of identity logs method, it is characterised in that including：

Application client end equipment two-dimensional code display, the Quick Response Code includes the application description information of application server to be logged in；

The application client end equipment receives the authorization code that Authentication server is sent, and the authorization code is the authentication Server receives the account management terminal and inputs what is sent after the license confirmation message sent according to user；

The application client end equipment sends the authorization code to the application server, and the authorization code is used to trigger described answer Access token is obtained from the Authentication server with server, the access token is used for the application server from described Authentication server obtains user account；

What the application client end equipment reception application server was returned logins successfully result.

18. identity logs method according to claim 17, it is characterised in that the application description information includes application and marked Know, or, user profile permissions list, or, application identities and user profile permissions list.

19. a kind of identity logs method, it is characterised in that including：

Authentication server sends user authorization request message to account management terminal；

The Authentication server receives the license confirmation message that the account management terminal is sent；

The Authentication server sends authorization code to application client end equipment, and the authorization code is set by the applications client Standby to be transferred to application server, the authorization code is used to trigger the application server to Authentication server transmission order Board obtains request message；

The Authentication server obtains request message in response to receiving the token, sends and visits to the application server Token is asked, the access token is used for the application server and obtains user account from the Authentication server.

20. identity logs method according to claim 19, it is characterised in that the token, which obtains request message, includes institute State authorization code, application identities and apply key.

21. a kind of identity logs system, it is characterised in that including：Account management terminal, application client end equipment, application service Device and Authentication server, the system are configured to：

The account management terminal shows user's license confirmation interface；

22. system according to claim 21, it is characterised in that the application description information includes, or, user profile Permissions list, or, application identities and user profile permissions list.

23. the system according to claim 21 or 22, it is characterised in that user's license confirmation interface includes needing to use The user profile that family is authorized.

24. according to any described system of claim 21 to 23, it is characterised in that the token, which obtains request message, includes institute State authorization code, application identities and apply key.

25. according to any described system of claim 21 to 24, the account management terminal is obtained from application client end equipment The application description information of application server to be logged in, including：

26. according to any described system of claim 21 to 24, the account management terminal is obtained from application client end equipment The application description information of application server to be logged in, including：

27. a kind of account management terminal, it is characterised in that including：Processor, communication interface, memory and bus；

The memory, for store instruction or data；

The processor, which is called, to be stored in the instruction in the memory to realize：

The application description information of application server to be logged in is obtained from application client end equipment；

Show user's license confirmation interface；

The user at user's license confirmation interface is obtained to input；

Inputted according to the user to Authentication server and send license confirmation message, the license confirmation message is used to trigger The Authentication server sends authorization code to the application client end equipment.

28. account management terminal according to claim 27, it is characterised in that the authorization code is by the applications client Equipment is transferred to the application server.

29. account management terminal according to claim 28, it is characterised in that the authorization code is used to trigger the application Server sends token to the Authentication server and obtains request message.

30. account management terminal according to claim 29, it is characterised in that the token, which obtains request message, to be used to touch Send out Authentication server described and send access token to the application server.

31. account management terminal according to claim 30, it is characterised in that the access token takes for the application Business device obtains user account from the Authentication server.

32. according to any described account management terminal of claim 27 to 31, it is characterised in that the application description information bag Application identities are included, or, user profile permissions list, or, application identities and user profile permissions list.

33. according to any described account management terminal of claim 27 to 32, it is characterised in that user's license confirmation circle Face includes the user profile for needing user to authorize.

34. according to any described account management terminal of claim 29 to 33, it is characterised in that the token obtains request and disappeared Breath includes the authorization code, application identities and applies key.

35. according to any described account management terminal of claim 27 to 34, described obtained from application client end equipment waits to step on The application description information of the application server of record, including：

The Quick Response Code that scanning application client end equipment is shown, obtains the application of application server to be logged in from the Quick Response Code Description information.

36. according to any described account management terminal of claim 27 to 34, described obtained from application client end equipment waits to step on The application description information of the application server of record, including：

NFC electronic tags are obtained from application client end equipment, and application service to be logged in is obtained from the NFC electronic tags The application description information of device.

37. a kind of application client end equipment, it is characterised in that including：

Display unit, for two-dimensional code display, the Quick Response Code includes the application description information of application server to be logged in；

Receiving unit, the authorization code for receiving Authentication server transmission, the authorization code is the authentication service Device receives the account management terminal and inputs what is sent after the license confirmation message sent according to user；

Transmitting element, for sending the authorization code to the application server, the authorization code is used to trigger the application clothes Device be engaged in from Authentication server acquisition access token, the access token is used for the application server from the identity Authentication server obtains user account；

The receiving unit is additionally operable to, and receive the application server return logins successfully result.

38. the application client end equipment according to claim 37, it is characterised in that the application description information includes application Mark, or, user profile permissions list, or, application identities and user profile permissions list.

39. a kind of Authentication server, it is characterised in that including：Processor, communication interface, memory and bus；

The memory, for store instruction or data；

User authorization request message is sent to account management terminal；

Receive the license confirmation message that the account management terminal is sent；

Authorization code is sent to application client end equipment, the authorization code is transferred to application service by the application client end equipment Device, the authorization code is used to trigger the application server to Authentication server transmission token acquisition request message；

Request message is obtained in response to receiving the token, access token, the access order are sent to the application server Board is used for the application server and obtains user account from the Authentication server.

40. the Authentication server according to claim 39, it is characterised in that the token, which obtains request message, to be included The authorization code, application identities and apply key.