CN107528830B - Account login method, system and storage medium - Google Patents
Account login method, system and storage medium Download PDFInfo
- Publication number
- CN107528830B CN107528830B CN201710655932.3A CN201710655932A CN107528830B CN 107528830 B CN107528830 B CN 107528830B CN 201710655932 A CN201710655932 A CN 201710655932A CN 107528830 B CN107528830 B CN 107528830B
- Authority
- CN
- China
- Prior art keywords
- account
- party system
- page
- application program
- service resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention provides an account login method, an account login system and a storage medium, wherein the account login method comprises the steps of logging in a first application program by using a first account to access a first service resource and sending the first account to a third-party system, and the first application program is embedded into at least one second page to access a second service resource; the third party system encrypts the first account to generate a certificate; the first application program writes the root certificate into the Cookie corresponding to the at least one second page; when a second page is opened in the first application program, acquiring a root certificate from the Cookie and sending the root certificate to a third-party system; the third-party system decrypts the root certificate to obtain the first account, generates a second shadow account, and writes the login state of the second shadow account into the second service resource; and accessing a second service resource with a second shadow account and operating on a second page embedded in the first application. The method and the system provided by the invention can realize the coexistence of multiple login states in the same application program.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to an account login method, an account login system and a storage medium.
Background
With the rapid development of the internet, the application of application programs has become very popular. Due to internet technology and creative ideas, blowouts, more and more companies develop their respective applications for the same type of service. However, when these companies collaborate, these applications will be rectified and merged for service. For example, when an application a, an application B, and an application C of an OTA (Online Travel Agent) perform rectification, the services of hotel browsing, ordering, and payment provided by the application a are embedded in these applications. Such operation would not require each to maintain similar services.
However, when the services of the application program are rectified, how to log in the embedded services in the application program by using the same account number on the basis of the existing architecture becomes a problem to be solved urgently.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides an account login method, an account login system and a storage medium, so as to realize multiple login states in the same application program.
According to one aspect of the invention, an account login method is provided, which includes: logging in a first application program by using a first account to access a first service resource and sending the first account to a third-party system, wherein the first application program is embedded into at least one second page to access a second service resource; the third party system encrypts the first account to generate a certificate; the first application program writes the root certificate into a Cookie corresponding to the at least one second page; when the second page is opened in the first application program, the root certificate is obtained from the Cookie and is sent to the third-party system; the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried; the third party system writes the second shadow account and the login state of the second shadow account into the first application program and the second service resource; and accessing the second service resource with the second shadow account and operating on the second page embedded in the first application.
Optionally, the first application program is further embedded in at least one third page to access a third service resource, and the step of encrypting the first account by the third-party system to generate a root credential further includes: the first application program writes the root certificate into a Cookie corresponding to the at least one third page; when the third page is opened in the first application program, the root certificate is obtained from the Cookie and is sent to the third-party system; the third party system decrypts the root certificate to obtain the first account, inquires a third shadow account related to the first account in the third party system, and generates a third shadow account and stores the third shadow account in the third party system in association with the first account if the third shadow account related to the first account is not inquired; the third party system writes the third shadow account and the login state of the third shadow account into the first application program and a third service resource; and accessing the third service resource with the third shadow account and operating on the third page embedded in the first application.
Optionally, the step of generating a second shadow account includes: and the third-party system applies a shadow account number for accessing the second service resource to a server where the second service resource is located as the second shadow account number.
Optionally, the step of writing the root credential into the Cookie corresponding to the at least one second page by the first application further includes: writing the time generated by the root certificate into the Cookie of the at least one second page; correspondingly, when the second page is opened in the first application program, the step of obtaining the root certificate from the Cookie and sending the root certificate to the third-party system further includes: and checking whether the time generated by the root voucher exceeds a time threshold value or not, and if so, not continuing to execute or deleting the root voucher in the Cookie.
Optionally, the time threshold ranges from 5 to 20 days.
Optionally, after the step of accessing the second service resource with the second shadow account and operating on the second page embedded in the first application, the method further includes: quitting the first application program and sending a logout request to the third-party system; and the third-party system deletes the root certificate according to the logout request.
Optionally, the step of exiting the first application and sending a logout request to the third-party system further includes: and deleting the login state of the shadow account in the second service resource.
Optionally, the step of writing, by the third party system, the second shadow account and the login status of the second shadow account into the first application program and the second service resource includes: and the third-party system writes the login state of the second shadow account into the interactive request of the first application program and the second service resource.
Optionally, when the server where the second service resource is located receives a request for loading a second page, determining whether the request for loading the second page is from the first application program according to the request information; and if the server where the second service resource is located judges that the request for loading the second page comes from the first application program, acquiring the root certificate and sending the root certificate to the third-party system.
Optionally, the first application program has a login state of the first account and a login state of the second shadow account at the same time.
Optionally, the first service resource and the second service resource are different service resources of the same application type.
According to another aspect of the present invention, there is also provided an account login system, including: a first server for providing a first service resource accessed by a first application; the second server is used for providing a second service resource and accessing at least one second page of the second service resource, and the at least one second page is embedded in the first application program; the third party system is used for acquiring a shadow account according to the first account for logging in the first application program so that the first application program can access the second service resource, wherein the first server receives a login request of the first account sent by the first application program and provides a login state of the first account; the third-party system receives the first account from the first application program and encrypts the first account to generate a certificate; the second server receives a request for loading the second page; the second server acquires the root certificate from the Cookie corresponding to the second page and sends the root certificate to the third-party system; the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried; and the third party system sends the second shadow account and the login state of the second shadow account to the first application program and the second server so that the first application program can access the second service resource through the second shadow account and operate on the second page embedded in the first application program.
Optionally, if the second server determines that the request for loading the second page is from the first application program, the root credential is obtained from the Cookie of the second page and sent to the third-party system.
Optionally, the first server and the second server are different servers of the same application type.
According to another aspect of the present invention, there is also provided an account login system, including: a first server for providing a first service resource accessed by a first application; the second server is used for providing a second service resource and accessing at least one second page of the second service resource, and the at least one second page is embedded in the first application program; the third party system is used for acquiring a shadow account according to the first account for logging in the first application program so that the first application program can access the second service resource; the terminal device is used for installing and running the first application program, wherein the first server receives a login request of a first account sent by the terminal device and provides a login state of the first account; the third party system receives the first account from the terminal equipment and encrypts the first account to generate a certificate; the terminal device writes the root certificate into a Cookie corresponding to the second page; the second server receives a request for loading the second page sent by the terminal equipment; the second server acquires the root certificate from the Cookie corresponding to the second page and sends the root certificate to the third-party system; the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried; and the third party system sends the second shadow account and the login state of the second shadow account to the first application program and the second server so that the terminal equipment can access the second service resource on the first application program through the second shadow account and operate on the second page embedded in the first application program.
According to another aspect of the present invention, there is also provided an account login system, including: a first server comprising a first processor and a first storage medium storing a first computer program, the first computer program, when executed by the first processor, providing a first service resource accessed by a first application program; a second server, including a second processor and a second storage medium storing a second computer program, where the second computer program is executed by the second processor to provide a second service resource and access at least one second page of the second service resource, and the at least one second page is embedded in the first application program; the third-party system comprises a third processor and a third storage medium which stores a third computer program, wherein the third computer program is run by the third processor and acquires a shadow account according to a first account which logs in the first application program so that the first application program can access the second service resource; the first computer program when run by the first processor, the second computer program when run by the second processor and the third computer program when run by the third processor interact in the method as described above.
According to still another aspect of the present invention, there is also provided a storage medium including: a storage medium having stored thereon a computer program which, when executed by a processor, performs the steps as described above.
Compared with the prior art, the invention has the advantages that:
the invention utilizes a third-party system to manage the account number and the associated shadow account number of the application program, and authenticates the account number of the application program through the encrypted root certificate so as to realize the multi-login state existence in the application program embedded with other services. In addition, the root certificate and the shadow account are obtained through automatic operation of the system to realize silent login, user confirmation is not needed, and the speed of logging in other services by the user is increased. Furthermore, the invention can reduce the development cost through the mode. Meanwhile, under the scene of merging with companies of the same application type, under the condition that the operation habits of users are not changed and servers under different companies are not merged, the interaction with different service resources is realized in the same application program.
Drawings
The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
Fig. 1 is a schematic diagram illustrating an account login system according to an embodiment of the present invention.
Fig. 2 shows a flowchart of an account login method according to an embodiment of the present invention.
Fig. 3 shows a timing chart of an account login method according to an embodiment of the present invention.
Fig. 4 shows a timing chart of an account login method according to an embodiment of the present invention.
Fig. 5 schematically illustrates a computer-readable storage medium in an exemplary embodiment of the disclosure.
Fig. 6 schematically illustrates an electronic device in an exemplary embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
In order to overcome the defects of the prior art and realize multiple login states in the same application program, the invention provides an account login method, an account login system and a storage medium.
Referring first to fig. 1, fig. 1 shows a schematic diagram of an account login system according to an embodiment of the present invention. The account login system provided by the invention comprises a terminal device 110, a first server 120, a second server 130 and a third-party system 140.
The first server 120 is used to provide a first service resource accessed through the first application 111. The first server 120 may communicate with the terminal device 110 through the internet.
The second server 130 is used for providing a second service resource and accessing at least one second page of the second service resource. The at least one second page is embedded in the first application 111. In some embodiments, the second page is opened by some links embedded in the first application 111. In some embodiments, the second page may serve as a functional module of the first application 111. Specifically, the first server 120 and the second server 130 are different servers of the same application type. The application types described herein represent providing the same type of service goods and/or virtual goods, for example, both the first server 120 and the second server 130 provide catering type services, travel type goods, etc.
The third party system 140 is configured to obtain a shadow account according to the first account logged in the first application 111, so that the first application 111 has a login status corresponding to the second service resource and can access the second service resource.
The terminal device 110, the first server 120, the second server 130, and the third-party system 140 may interact according to the account login method shown in fig. 2.
Referring now to fig. 2, fig. 2 illustrates 7 steps.
Step S210: the terminal device 110 opens the first application 111. The first application 111 embeds at least one second page to access a second service resource. The terminal device 110 logs in the first application 111 with the first account to access the first service resource. If the login is successful, the first application 111 sends the first account to the third party system 140. The second page embedded in the first application 111 may be a Native page, a Hybrid page, or an H5 page.
Step S220: the third party system 140 encrypts the first account to generate a root certificate.
The first account number may be encrypted using a common encryption algorithm. The encrypted key is stored in the third party system 140.
Step S230: the first application 111 writes the root credentials into a Cookie corresponding to the at least one second page.
Specifically, at least one second page is embedded in the first application 111, so that when the terminal device 110 obtains the root credential, the first application 111 can find the Cookie corresponding to the second page, and write (directly write or cover the existing information) the root credential into the Cookie locally stored in the terminal device 110.
Step S240: when the terminal device 110 opens the second page in the first application 111, the second server 130 obtains the root certificate from the Cookie and sends the root certificate to the third-party system 140.
In a specific embodiment, in step S230, the first application 111 further writes the time of generating the root credential into the Cookie of the at least one second page. Correspondingly, in step S240, when the second server 130 acquires the root credential from the Cookie, it is further checked whether the time for generating the root credential has exceeded a time threshold, and if so, the root credential in the Cookie is not executed or deleted. The time threshold may be, for example, the validity period of the root credential. The validity period may be set to 5 days to 20 days. In some preferred examples, the expiration date may be set to 10 days. The setting of the validity period can effectively improve the security of the root certificate.
In another embodiment, when the second server 130 where the second service resource is located receives the request for loading the second page sent by the mobile terminal 110, it is determined whether the request for loading the second page is from the first application 111 according to the request information. If the second server 130 where the second service resource is located determines that the request for loading the second page is from the first application 111, the root certificate is obtained from the Cookie of the second page and sent to the third-party system 140. If the second server 130 in which the second service resource is located determines that the request for loading the second page comes from a second application program (for example, an application program developed by a team in which the second server is located to access the second service resource), a conventional operation may be performed, for example, obtaining a login state for accessing the second service resource from a Cookie of the second page and loading the second page. The above determination may be too different as to which application the request was sent by, by adding a field to the request message or by using the setting of a field value that is not commonly used.
Step S250: the third party system 140 decrypts the root credential to obtain the first account number. A second shadow account associated with the first account is queried in the third party system 140, and if the second shadow account associated with the first account is not queried, a second shadow account is generated and stored in the third party system 140 in association with the first account.
Specifically, if a second shadow account associated with the first account is not queried, the third party system 140 applies a shadow account accessing the second service resource to the second server 130 where the second service resource is located as the second shadow account, and optionally, generates a login state of the second shadow account in the second server 130 at the same time.
Step S260: the third party system 140 writes the second shadow account and the login status of the second shadow account into the second server 130 where the first application 111 and the second service resource are located.
Specifically, the third party system 140 may write the login status of the second shadow account into the interaction request of the first application 111 and the second service resource. For example, the third party system 140 may use the login status of the second shadow account as a field and its field value in the session control of the second server 130 where the first application 111 and the second service resource are located. The second server 130 is authenticated by the field and the field value to see if the first application 111 remains logged on.
Step S270: a second service resource is accessed with a second shadow account and operated on the second page embedded in the first application 111.
Therefore, through the above steps, the first application 111 can have the login state of the first account and the login state of the second shadow account at the same time.
Further, after step S270, when exiting the first application 111, the first application 111 sends a logout request to the third party system 140. The third party system 140 deletes the root voucher generated from the first account number according to the logoff request. When the first application program 111 is exited, the method further comprises the step of deleting the login state of the shadow account in the second service resource. For example, the login status of the second shadow account in the first application 111 and the second server 130 is deleted.
In yet another variation, more than two login states may also be implemented in the first application. For example, the first application 111 also embeds a third page to access a third service resource. When logging in the first application 111, the first application 111 and the third party system 140 perform the steps of steps S210 and S220 as described above. The first application 111 then writes the root credentials into a Cookie corresponding to the at least one third page. When the third page is opened in the first application 111, the first application 111 obtains the root certificate from the Cookie corresponding to the third page and sends the root certificate to the third-party system 140. The third party system 140 decrypts the root certificate to obtain the first account, and queries the third party system 140 that the first account is associated with a third shadow account (corresponding to a third service resource). If the third shadow account associated with the first account is not queried, a third shadow account associated with a third service resource is generated and stored in the third party system 140 in association with the first account. Then, the third-party system writes a third shadow account and the login state of the third shadow account into the third service resource; and accessing the third service resource with the third shadow account and operating on the third page embedded in the first application.
The account login method provided by the present invention is described below with reference to the embodiments of fig. 3 and fig. 4, respectively.
Referring to fig. 3, the terminal device 110 first executes step S301 to log in a first application program with a first account. In step S302, the terminal device 110 sends the first account to the first server 120 for verification. The first server 120 verifies the first account and obtains the login status of the first account in step S303. In step S304, the first server 120 feeds back successful login to the terminal device 110, and may write the login status of the first account into the first application program. When the first application program subsequently interacts with the first server 120, the login status of the first account is carried in each request message, and the first service resource provided by the first server 120 can be accessed by continuing authentication through the first server 120. After the terminal device 110 successfully logs in the first application program, the terminal device 110 automatically executes step S305, and sends the first account to the third-party system 305 through the first application program. After receiving the first account, the third-party system 140 performs step S306 to encrypt the first account to obtain the root certificate. The third party system 140 returns the root certificate to the terminal device 110 in step S307. Terminal device 110 writes the root voucher in the cookie of the second page in step S308. In some embodiments, writing herein may also refer to overwriting the original root credential of the cookie. When the terminal device 110 opens the second page through the first application, a request message is sent to the second server 130. The second server 130, upon receiving the request, may determine whether the request is from the first application. If the second server 130 determines that the request is from the first application, step S310 is executed, and the second server 130 obtains the root credential from the cookie of the second page. Thereafter, in step S311, the second server 130 sends the root credential to the third party system 140. After the third-party system 140 receives the root voucher, step S312 is executed to decrypt the root voucher to obtain the first account. In this embodiment, the shadow account associated with the first account is not stored in the third party system 140. Therefore, the third party system 140 executes step S313 to request the second server 130 for a second shadow account and the login status of the second shadow account. The second server 130 generates a second shadow account and a login status of the second shadow account in step S314, and returns the second shadow account and the login status of the second shadow account to the third party system 140 in step S315. Thereafter, in step S316, the third party system 140 stores the second shadow account in the third party system in association with the first account for later review. In step S317, the third party system 140 sends the second shadow account and the login status of the second shadow account to the second server 130 and the terminal device 110. Optionally, in this step, the third party system 140 may also send only the second shadow account and the login status of the second shadow account to the terminal device 110. Then, in step S318, the terminal device 110 opens the second page and interacts with the second server 130, and the interactive request carries the login status of the second shadow account, so that the second server 130 can authenticate the login status. Thereby, access to the second service resource provided by the second server 130 in the first application is achieved.
Referring then to fig. 4, the timing diagram of fig. 4 is similar to fig. 3. Specifically, steps S401 to S411 in fig. 4 are the same as steps S301 to S311 in fig. 3. In step S412, the third party system 140 decrypts the root certificate to obtain the first account, and finds the associated second shadow account according to the first account. In this embodiment, the login status of the second shadow account is also stored in the third party system 140, and the third party system 140 provides the login status of the second shadow account and the second shadow account to the second server 130 and the terminal device 110 in step S413. In some variations, when the third party system 140 finds the associated second shadow account according to the first account, it requests the second server 130 for a login status of the second shadow account, and after obtaining the login status of the second shadow account, sends the second shadow account and the login status thereof to the terminal device 110 (and the second server 130). After obtaining the second shadow account and the login status thereof, the terminal device 110 opens a second page and performs an operation on the second page in step S414. Further, in step S414, the terminal device 110 interacts with the second server 130 through the second page, and carries the login status of the second shadow account in the interaction for the second server 130 to authenticate. When the terminal device 110 exits the first application program by performing step S415, a logout request is transmitted to the second server 130 and the third party system 140 as step S416. In step S417, the second server 130 (and the terminal device 110) deletes the login status of the second shadow account. In step S418, the third party system 140 deletes the root certificate corresponding to the first account.
Compared with the prior art, the invention has the advantages that:
the invention utilizes a third-party system to manage the account number and the associated shadow account number of the application program, and authenticates the account number of the application program through the encrypted root certificate so as to realize the multi-login state existence in the application program embedded with other services. In addition, the root certificate and the shadow account are obtained through automatic operation of the system to realize silent login, user confirmation is not needed, and the speed of logging in other services by the user is increased. Furthermore, the invention can reduce the development cost through the mode. Meanwhile, under the scene of merging with companies of the same application type, under the condition that the operation habits of users are not changed and servers under different companies are not merged, the interaction with different service resources is realized in the same application program.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium including a different computer program stored thereon. In some possible embodiments, the apparatuses of the present invention may also be implemented in the form of a program product including program code for causing a terminal device to perform the steps according to the various exemplary embodiments of the present invention described in the section of the electronic prescription flow processing method of the terminal device, the first server, the second server, and the third-party system described in this specification when the program product is run on the terminal device.
Referring to fig. 5, a program product 300 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the tenant computing device, partly on the tenant device, as a stand-alone software package, partly on the tenant computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing devices may be connected to the tenant computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In an exemplary embodiment of the present disclosure, an account login system including a plurality of electronic devices is also provided. The plurality of electronic devices comprise terminal devices, a first server, a second server and a third-party system. Each electronic device may include a processor and a memory for storing executable instructions for the processor. Wherein the processor is configured to execute the steps of the electronic prescription flow processing method in any one of the above embodiments via execution of the executable instructions.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, an electronic device 600 (e.g., a terminal device, a first server, a second server, or a third-party system) is presented in the form of a general-purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one storage unit 620, a bus 630 that connects the various system components (including the storage unit 620 and the processing unit 610), a display unit 640, and the like.
Wherein the storage unit stores program code executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, the processing unit 610 may perform the steps as shown in fig. 2.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a tenant to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above-mentioned electronic prescription flow processing method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (17)
1. An account login method is characterized by comprising the following steps:
logging in a first application program by using a first account to access a first service resource and sending the first account to a third-party system, wherein the first application program is embedded into at least one second page to access a second service resource;
the third-party system encrypts the first account to generate a root certificate and feeds the root certificate back to the first application program;
the first application program writes the root certificate into a Cookie corresponding to the at least one second page;
when the second page is opened in the first application program, the root certificate is obtained from the Cookie and is sent to the third-party system;
the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried;
the third party system writes the second shadow account and the login state of the second shadow account into the first application program and the second service resource; and
accessing the second service resource with the second shadow account and operating on the second page embedded in the first application.
2. The account login method of claim 1, wherein the first application program is further embedded in at least one third page to access a third service resource, and the step of the third party system encrypting the first account to generate a root credential further comprises:
the first application program writes the root certificate into a Cookie corresponding to the at least one third page;
when the third page is opened in the first application program, the root certificate is obtained from the Cookie and is sent to the third-party system;
the third party system decrypts the root certificate to obtain the first account, inquires a third shadow account related to the first account in the third party system, and generates a third shadow account and stores the third shadow account in the third party system in association with the first account if the third shadow account related to the first account is not inquired;
the third party system writes the third shadow account and the login state of the third shadow account into the first application program and the third service resource; and
accessing the third service resource with the third shadow account and operating on the third page embedded in the first application.
3. The account login method of claim 1, wherein the step of generating a second shadow account comprises:
and the third-party system applies a shadow account number for accessing the second service resource to a server where the second service resource is located as the second shadow account number.
4. The account login method of claim 1, wherein the step of the first application writing the root credential into the Cookie corresponding to the at least one second page further comprises:
writing the time generated by the root certificate into the Cookie of the at least one second page;
correspondingly, when the second page is opened in the first application program, the step of obtaining the root certificate from the Cookie and sending the root certificate to the third-party system further includes:
and checking whether the time generated by the root voucher exceeds a time threshold value or not, and if so, not continuing to execute or deleting the root voucher in the Cookie.
5. The account login method of claim 4, wherein the time threshold is in a range of 5 to 20 days.
6. The account login method of claim 1, wherein the step of accessing the second service resource with the second shadow account and operating on the second page embedded in the first application further comprises:
quitting the first application program and sending a logout request to the third-party system; and
and the third-party system deletes the root certificate according to the logout request.
7. The account login method of claim 6, wherein the step of exiting the first application and sending a logout request to the third party system further comprises:
and deleting the login state of the shadow account in the second service resource.
8. The account login method according to any one of claims 1 to 7, wherein the step of writing the login status of the second shadow account and the second shadow account into the first application program and the second service resource by the third party system comprises:
and the third-party system writes the login state of the second shadow account into the interactive request of the first application program and the second service resource.
9. The account login method according to any one of claims 1 to 7,
when the server where the second service resource is located receives a request for loading a second page, judging whether the request for loading the second page comes from the first application program or not according to request information;
and if the server where the second service resource is located judges that the request for loading the second page comes from the first application program, acquiring the root certificate and sending the root certificate to the third-party system.
10. The account login method of any one of claims 1 to 7, wherein the first application program has a login state of the first account and a login state of the second shadow account at the same time.
11. The account login method of any one of claims 1 to 7, wherein the first service resource and the second service resource are different service resources of the same application type.
12. An account login system, comprising:
a first server for providing a first service resource accessed by a first application;
the second server is used for providing a second service resource and accessing at least one second page of the second service resource, and the at least one second page is embedded in the first application program;
a third party system, configured to obtain a second shadow account for the first application to access the second service resource according to the first account logged in to the first application, wherein,
the first server receives a login request of a first account sent by the first application program and provides a login state of the first account;
the third-party system receives the first account from the first application program and encrypts the first account to generate a certificate;
the second server receives a request for loading the second page;
the second server acquires the root certificate from the Cookie corresponding to the second page and sends the root certificate to the third-party system;
the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried;
and the third party system sends the second shadow account and the login state of the second shadow account to the second server and the first application program so that the first application program can access the second service resource through the second shadow account and operate on the second page embedded in the first application program.
13. The account login system of claim 12, wherein if the second server determines that the request for loading the second page is from the first application, the root credential is obtained from a Cookie of the second page and sent to the third-party system.
14. The account login system of claim 12, wherein the first server and the second server are different servers of the same application type.
15. An account login system, comprising:
a first server for providing a first service resource accessed by a first application;
the second server is used for providing a second service resource and accessing at least one second page of the second service resource, and the at least one second page is embedded in the first application program;
the third party system is used for acquiring a second shadow account according to the first account for logging in the first application program so that the first application program can access the second service resource;
a terminal device for installing and running the first application, wherein,
the first server receives a login request of a first account sent by the terminal equipment and provides a login state of the first account;
the third party system receives the first account from the terminal equipment and encrypts the first account to generate a certificate;
the terminal device writes the root certificate into a Cookie corresponding to the second page;
the second server receives a request for loading the second page sent by the terminal equipment;
the second server acquires the root certificate from the Cookie corresponding to the second page and sends the root certificate to the third-party system;
the third party system decrypts the root certificate to obtain the first account, queries a second shadow account related to the first account in the third party system, and generates a second shadow account and stores the second shadow account in the third party system in association with the first account if the second shadow account related to the first account is not queried;
and the third party system sends the second shadow account and the login state of the second shadow account to the second server and the terminal equipment so that the terminal equipment can access the second service resource on the first application program through the second shadow account and operate on the second page embedded in the first application program.
16. An account login system, comprising:
a first server comprising a first processor and a first storage medium storing a first computer program, the first computer program, when executed by the first processor, providing a first service resource accessed by a first application program;
a second server, including a second processor and a second storage medium storing a second computer program, where the second computer program is executed by the second processor to provide a second service resource and access at least one second page of the second service resource, and the at least one second page is embedded in the first application program;
the third-party system comprises a third processor and a third storage medium which stores a third computer program, wherein the third computer program is run by the third processor and acquires a second shadow account according to the first account which logs in the first application program so that the first application program can access the second service resource;
interacting according to the method of any of claims 1 to 11 when the first computer program is run by the first processor, the second computer program is run by the second processor and the third computer program is run by the third processor.
17. A storage medium, comprising:
a storage medium having stored thereon a computer program which, when executed by a processor, performs an account login method according to any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710655932.3A CN107528830B (en) | 2017-08-03 | 2017-08-03 | Account login method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710655932.3A CN107528830B (en) | 2017-08-03 | 2017-08-03 | Account login method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107528830A CN107528830A (en) | 2017-12-29 |
| CN107528830B true CN107528830B (en) | 2020-04-10 |
Family
ID=60680599
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710655932.3A Active CN107528830B (en) | 2017-08-03 | 2017-08-03 | Account login method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107528830B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107528830B (en) * | 2017-08-03 | 2020-04-10 | 携程旅游信息技术(上海)有限公司 | Account login method, system and storage medium |
| CN108228370B (en) * | 2018-01-31 | 2021-04-16 | 阿里巴巴(中国)有限公司 | Activation method and device for user rights |
| CN109597640B (en) * | 2018-07-27 | 2020-01-17 | 北京字节跳动网络技术有限公司 | Account management method, device, equipment and medium for application program |
| CN110753921B (en) * | 2019-01-11 | 2023-08-29 | Oppo广东移动通信有限公司 | Query request processing method, device, computer equipment and storage medium |
| CN110633432A (en) * | 2019-08-19 | 2019-12-31 | 深圳汇商通盈科技有限公司 | Method, device, terminal equipment and medium for acquiring data |
| CN111460476B (en) * | 2020-03-27 | 2023-07-14 | 腾讯科技(深圳)有限公司 | Account cancellation method and device, storage medium and electronic device |
| CN112231654B (en) * | 2020-10-16 | 2024-02-06 | 北京天融信网络安全技术有限公司 | Operation and data isolation method and device, electronic equipment and storage medium |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101932135A (en) * | 2010-08-16 | 2010-12-29 | 中兴通讯股份有限公司 | Web management-based wireless data card and implementation method thereof |
| CN102281311A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing network service based on open application programming interface |
| CN102710759A (en) * | 2012-05-22 | 2012-10-03 | 中国联合网络通信集团有限公司 | Web server, business logging method and system |
| CN102752230A (en) * | 2011-04-22 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method and system for sharing subscriber relationship chain |
| CN102821085A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Third party authorization login method, open platform and system |
| CN102882903A (en) * | 2011-07-12 | 2013-01-16 | 腾讯科技(深圳)有限公司 | Method and system for acquiring multi-site application information |
| CN103067381A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Third-party service login method, login system and login device by means of platform-party account |
| CN103365893A (en) * | 2012-03-31 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Method and device for searching individual information of user |
| CN103825884A (en) * | 2014-01-23 | 2014-05-28 | 汉柏科技有限公司 | Dynamic user login password interaction method and equipment |
| CN104093077A (en) * | 2013-10-29 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Multi terminal interconnection method, device and system |
| CN104253686A (en) * | 2013-06-25 | 2014-12-31 | 华为技术有限公司 | Account number login method, equipment and system |
| EP2517127A4 (en) * | 2009-12-22 | 2015-02-18 | Nokia Corp | Method and apparatus for secure cross-site scripting |
| CN104394172A (en) * | 2014-12-12 | 2015-03-04 | 用友软件股份有限公司 | Single sign-on device and method |
| CN106127475A (en) * | 2016-06-30 | 2016-11-16 | 北京奇虎科技有限公司 | A kind of data processing method and device |
| CN106936842A (en) * | 2016-04-11 | 2017-07-07 | 任少华 | Subscriber Management System or method |
| CN107528830A (en) * | 2017-08-03 | 2017-12-29 | 携程旅游信息技术(上海)有限公司 | account login method, system and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421733B2 (en) * | 2002-02-06 | 2008-09-02 | Hewlett-Packard Development Company, L.P. | System and method for providing multi-class processing of login requests |
| US9419818B2 (en) * | 2014-04-30 | 2016-08-16 | Linkedin Corporation | Viral invitations for social networks |
| US9679078B2 (en) * | 2014-05-21 | 2017-06-13 | Facebook, Inc. | Search client context on online social networks |
-
2017
- 2017-08-03 CN CN201710655932.3A patent/CN107528830B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2517127A4 (en) * | 2009-12-22 | 2015-02-18 | Nokia Corp | Method and apparatus for secure cross-site scripting |
| CN102281311A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing network service based on open application programming interface |
| CN101932135A (en) * | 2010-08-16 | 2010-12-29 | 中兴通讯股份有限公司 | Web management-based wireless data card and implementation method thereof |
| CN102752230A (en) * | 2011-04-22 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method and system for sharing subscriber relationship chain |
| CN102882903A (en) * | 2011-07-12 | 2013-01-16 | 腾讯科技(深圳)有限公司 | Method and system for acquiring multi-site application information |
| CN102821085A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Third party authorization login method, open platform and system |
| CN103365893A (en) * | 2012-03-31 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Method and device for searching individual information of user |
| CN102710759A (en) * | 2012-05-22 | 2012-10-03 | 中国联合网络通信集团有限公司 | Web server, business logging method and system |
| CN103067381A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Third-party service login method, login system and login device by means of platform-party account |
| CN104253686A (en) * | 2013-06-25 | 2014-12-31 | 华为技术有限公司 | Account number login method, equipment and system |
| CN104093077A (en) * | 2013-10-29 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Multi terminal interconnection method, device and system |
| CN103825884A (en) * | 2014-01-23 | 2014-05-28 | 汉柏科技有限公司 | Dynamic user login password interaction method and equipment |
| CN104394172A (en) * | 2014-12-12 | 2015-03-04 | 用友软件股份有限公司 | Single sign-on device and method |
| CN106936842A (en) * | 2016-04-11 | 2017-07-07 | 任少华 | Subscriber Management System or method |
| CN106127475A (en) * | 2016-06-30 | 2016-11-16 | 北京奇虎科技有限公司 | A kind of data processing method and device |
| CN107528830A (en) * | 2017-08-03 | 2017-12-29 | 携程旅游信息技术(上海)有限公司 | account login method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107528830A (en) | 2017-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107528830B (en) | Account login method, system and storage medium | |
| US20180239897A1 (en) | Performance of distributed system functions using a trusted execution environment | |
| US9887965B2 (en) | Method and system for browser identity | |
| US9430211B2 (en) | System and method for sharing information in a private ecosystem | |
| US10467421B2 (en) | Establishing trust between containers | |
| US10833859B2 (en) | Automating verification using secure encrypted phone verification | |
| CN107613005B (en) | Reverse proxy method and device, electronic device and storage medium | |
| US20170064549A1 (en) | Providing access to applications with varying enrollment levels | |
| US11258611B2 (en) | Trusted data verification | |
| CN105027107A (en) | Secure virtual machine migration | |
| KR101832535B1 (en) | Trustworthy device claims as a service | |
| CN110574350B (en) | Method and system for performing a prioritized generation of a second factor certificate | |
| CN112039826A (en) | Login method and device applied to applet terminal | |
| US20180152434A1 (en) | Virtual content repository | |
| CN111193725A (en) | Configuration-based combined login method and device and computer equipment | |
| US11363012B1 (en) | System and methods for using role credentials associated with a VM instance | |
| US10049222B1 (en) | Establishing application trust levels using taint propagation | |
| US10462113B1 (en) | Systems and methods for securing push authentications | |
| US20200319905A1 (en) | Metadata service provisioning in a cloud environment | |
| CN110008186A (en) | For file management method, device, terminal and the medium of more ftp data sources | |
| US11580210B2 (en) | Password authentication | |
| US11526633B2 (en) | Media exfiltration prevention system | |
| TWI441534B (en) | A method of the data transmission of the mobile phone and the system therefore | |
| CN111147470A (en) | Account authorization method and device and electronic equipment | |
| CN113645239B (en) | Application login method and device, user terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |