CN111191202B - Single sign-on method, device and system for mobile application - Google Patents
Single sign-on method, device and system for mobile application Download PDFInfo
- Publication number
- CN111191202B CN111191202B CN201911421847.6A CN201911421847A CN111191202B CN 111191202 B CN111191202 B CN 111191202B CN 201911421847 A CN201911421847 A CN 201911421847A CN 111191202 B CN111191202 B CN 111191202B
- Authority
- CN
- China
- Prior art keywords
- mobile application
- vsa
- user
- point mobile
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a single sign-on method, a device and a system for mobile application, wherein the method comprises the following steps: respectively carrying out virtual security domain VSA packaging processing aiming at each single-point mobile application; when a login request triggered by at least one single-point mobile application is received, transmitting user account information to the at least one single-point mobile application through a VSA client, so that the user account information from the VSA client is sent to a target service end by the at least one single-point mobile application for verification; and when receiving the verification passing notification message returned by the target server, starting the login operation of the at least one single-point mobile application. According to the method, the VSA client can perform the replacement filling operation of the user account information, so that each single-point mobile application can log in on the premise that the user does not need to manually input the password, the login efficiency of the mobile application is greatly improved, and the phenomenon that the user cannot log in due to the fact that the password is forgotten manually is avoided.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a single sign-on method, a single sign-on device and a single sign-on system for mobile application.
Background
Currently, with the increasing popularity of the internet and mobile devices, the number of mobile applications is increasing. Typically, a large number of mobile applications are installed in a mobile device. Before using a specific mobile application, a user needs to log in the specific mobile application. Since each mobile application is provided with authentication information such as a login account and a login password, when a user logs in a plurality of mobile applications in sequence, the user needs to input the authentication information such as the login account and the login password for each mobile application.
However, the inventor finds that the mode has at least the following defects in the process of implementing the invention: the method of inputting login accounts and login passwords for each mobile application to be logged in one by one is tedious and time-consuming in operation, and when a user forgets the login password of a certain mobile application due to negligence, the corresponding mobile application fails to log in. Therefore, the existing mobile application login method is complicated in operation and difficult to memorize.
Disclosure of Invention
In view of the above, the present invention is proposed to provide a single sign-on method, apparatus and system for mobile applications that overcomes or at least partially solves the above mentioned problems.
According to one aspect of the invention, a single sign-on method for a mobile application is provided, which comprises the following steps:
respectively carrying out virtual security domain VSA packaging processing aiming at each single-point mobile application;
when a login request triggered by at least one single-point mobile application is received, transmitting user account information to the at least one single-point mobile application through a VSA client, so that the user account information from the VSA client is sent to a target service end by the at least one single-point mobile application for verification;
and when receiving the verification passing notification message returned by the target server, starting the login operation of the at least one single-point mobile application.
Optionally, the performing the VSA encapsulation process for each standalone mobile application includes:
and performing VSA encapsulation processing on each single-point mobile application contained in the single-point mobile application group so as to enable each encapsulated single-point mobile application to run in a VSA client.
Optionally, the transmitting, by the VSA client, the user account information to the at least one standalone mobile application includes:
and obtaining pre-stored user account information through a VSA client, and transmitting the user account information to an account input interface of the at least one single-point mobile application.
Optionally, the sending, by the at least one standalone mobile application, the user account information from the VSA client to the target server for verification includes:
the at least one single point mobile application sends user account information from a VSA client to a target server corresponding to the at least one single point mobile application;
the target server acquires user registration account data from a preset user center server to verify.
Optionally, the user center server is connected to a plurality of target servers and VSA servers respectively; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data.
According to another aspect of the present invention, there is provided a single sign-on apparatus for a mobile application, comprising:
the packaging module is suitable for carrying out VSA packaging processing aiming at each single-point mobile application;
the transmission module is suitable for transmitting user account information to at least one single point mobile application through a VSA client when a login request triggered by the at least one single point mobile application is received, so that the at least one single point mobile application can send the user account information from the VSA client to a service end for verification;
and the login module is suitable for starting the login operation of the at least one single-point mobile application when receiving the verification passing notification message returned by the server.
Optionally, the encapsulation module is specifically adapted to:
and performing VSA encapsulation processing on each single-point mobile application contained in the single-point mobile application group so as to enable each encapsulated single-point mobile application to run in a VSA client.
According to another aspect of the present invention, there is provided a single sign-on system for a mobile application, comprising: the single sign-on device, the user center server, the VSA server and the target server of the mobile application;
the user center server is respectively connected with a plurality of target servers and VSA servers; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data.
According to still another aspect of the present invention, there is provided an electronic apparatus including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the single sign-on method of the mobile application.
According to still another aspect of the present invention, a computer storage medium is provided, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform an operation corresponding to the single sign-on method of the mobile application.
In the single sign-on method, device and system for the mobile application provided by the invention, VSA encapsulation processing can be respectively carried out on each single-point mobile application, and correspondingly, when a sign-on request triggered by at least one single-point mobile application is received, user account information is transmitted to the at least one single-point mobile application through a VSA client so as to send the user account information to a target server for verification, and then the sign-on operation of the at least one single-point mobile application is started. Therefore, in the method, the VSA client can perform the replacement and filling operation of the user account information in a mode of executing the VSA packaging processing on each single-point mobile application, so that each single-point mobile application can log in on the premise of not needing a user to manually input a password, the login efficiency of the mobile application is greatly improved, and the phenomenon that the user cannot log in due to the fact that the password is manually forgotten is avoided.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a flow diagram of a single sign-on method for a mobile application according to one embodiment of the invention;
FIG. 2 illustrates a flow diagram of a single sign-on method for a mobile application according to another embodiment of the invention;
FIG. 3 is a schematic diagram of a single sign-on apparatus for a mobile application according to another embodiment of the present invention;
FIG. 4 shows a schematic structural diagram of an electronic device according to the present invention;
figure 5 shows a server side system architecture diagram.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a flowchart illustrating a single sign-on method for a mobile application according to an embodiment of the present invention, where the method includes:
step S110: and respectively carrying out virtual security domain VSA packaging processing aiming at each single-point mobile application.
Wherein, the single-point mobile application means: the mobile application can carry out login operation through a single-point login function. The single sign-on means: in multiple application systems, a user only needs to log in once to access all mutually trusted application systems. Correspondingly, in this step, virtual security domain VSA encapsulation processing is performed for each single-point mobile application.
The vsa (virtual Security area) is a virtual Security domain, and is used to implement a Security protection function through a virtual machine technology. Correspondingly, the VSA encapsulation processing is to encapsulate the mobile application by using the VSA virtual machine technology, so that the mobile application runs in the virtual machine, thereby facilitating the control of the mobile application by using the VSA virtual machine.
Step S120: when a login request triggered by at least one single-point mobile application is received, user account information is transmitted to the at least one single-point mobile application through the VSA client, so that the user account information from the VSA client is sent to a target service end for verification by the at least one single-point mobile application.
Specifically, since the VSA encapsulation process has been performed for each standalone mobile application, each operational event of the standalone mobile application is taken over by the VSA client (also called VSA virtual machine). Correspondingly, when a login request triggered by at least one single-point mobile application is received, the user account information acquired in advance is transmitted to the at least one single-point mobile application through the VSA client, so that the user account information from the VSA client is sent to the target service end by the at least one single-point mobile application for verification. Wherein, the target service end means: and the background server is used for providing service functions for the at least one single-point mobile application. Wherein different types of single point mobile applications may correspond to different target servers. Therefore, the matched target server needs to be selected according to the application type of the single-point mobile application.
Step S130: and when receiving the verification passing notification message returned by the target server, starting the login operation of at least one single-point mobile application.
Specifically, after receiving the user account information sent by the single-point mobile application, the target server verifies the user account information according to the pre-stored user registration account data, and returns a verification passing notification message when the verification passes, so that the single-point mobile application can log in smoothly.
In the single sign-on method of the mobile application provided by the invention, VSA packaging processing can be respectively carried out on each single point mobile application, and correspondingly, when a sign-on request triggered by at least one single point mobile application is received, user account information is transmitted to the at least one single point mobile application through a VSA client so as to be sent to a target server for verification, and then the sign-on operation of the at least one single point mobile application is started. Therefore, in the method, the VSA client can perform the replacement and filling operation of the user account information in a mode of executing the VSA packaging processing on each single-point mobile application, so that each single-point mobile application can log in on the premise of not needing a user to manually input a password, the login efficiency of the mobile application is greatly improved, and the phenomenon that the user cannot log in due to the fact that the password is manually forgotten is avoided.
Fig. 2 is a flowchart illustrating a single sign-on method for a mobile application according to another embodiment of the present invention. As shown in fig. 2, the method includes:
step S200: the individual standalone mobile applications included within the group of standalone mobile applications are predetermined.
Wherein, the single-point mobile application group is: an application collection consisting of a plurality of single point mobile applications that trust each other. For example, a plurality of mobile applications belonging to the same application development organization may be treated as a single point mobile application group. The mobile applications in the same single-point mobile application group can log in without secret, namely: when a single-point mobile application in the same single-point mobile application group successfully logs in, the VSA client acquires and stores the user account information when the single-point mobile application successfully logs in, and enables other single-point mobile applications to rapidly log in without manually inputting passwords by the user in an account information substitution and filling mode when other single-point mobile applications log in.
Therefore, this step needs to identify each standalone mobile application belonging to a standalone mobile application group in advance, so as to facilitate the VSA encapsulation process for these standalone mobile applications.
Step S210: and respectively carrying out virtual security domain VSA packaging processing aiming at each single-point mobile application.
Specifically, VSA encapsulation processing is performed on each standalone mobile application included in the standalone mobile application group, so that each encapsulated standalone mobile application runs in the VSA client. The VSA packaging processing is equivalent to a process of adding the shell to the mobile application, and the original mobile application is not damaged in the whole shell adding process, so that the shell adding process can be realized after safety reinforcement, the whole shell adding process can be automatically completed in a background within a very short time, and the mobile application after shell adding has a very high one-time operation success rate. In addition, in terms of performance, the size difference of the application files before and after encapsulation is less than 1MB, which represents smaller occupation of redundant system resources. Through VSA encapsulation processing, each operation behavior of the mobile application can be taken over by the VSA client, so that the VSA client can serve as a security engine, data leakage can be prevented, and the application operation security is improved.
Step S220: when a login request triggered by at least one single-point mobile application is received, user account information is transmitted to the at least one single-point mobile application through the VSA client, so that the user account information from the VSA client is sent to a target service end for verification by the at least one single-point mobile application.
Specifically, since the VSA encapsulation process has been performed for each single point mobile application, each operational event of the single point mobile application is taken over by the VSA client (also called VSA virtual machine). Correspondingly, when a login request triggered by at least one single-point mobile application is received, the user account information acquired in advance is transmitted to the at least one single-point mobile application through the VSA client, so that the user account information from the VSA client is sent to the target service end by the at least one single-point mobile application for verification. Wherein, the target service end means: and the background server is used for providing service functions for the at least one single-point mobile application. Wherein different types of single point mobile applications may correspond to different target servers. Therefore, the matched target server needs to be selected according to the application type of the single-point mobile application.
In specific implementation, when the VSA client monitors a login request triggered by a single-point mobile application, the VSA client acquires user account information. The user account information can be acquired in various ways:
in an alternative obtaining mode, the user inputs the user account information into the VSA client in advance, so as to log in each single-point application quickly through the user account information. Wherein, user account information includes: account name information, password verification problems and the like. Correspondingly, when any single-point application logs in, the VSA client side can achieve the quick login function by acquiring the pre-stored user account information. According to the method, the user can input the user account information once to realize the quick login of each single-point application, and the operation mode is convenient and fast.
In yet another alternative obtaining manner, when a user manually inputs user account information to implement a login operation of a single-point application, the VSA client obtains and stores the manually input user account information, and directly and quickly logs in through the stored user account information for each single-point application to be logged in within a preset time period (e.g., within three days). According to the method, the user needs to manually input the user account information once, and then the user can log in other single-point applications without secret in a preset time period. If the preset time period is exceeded, the user is required to manually input the user account information once again so as to activate the user account information stored in the VSA client. Therefore, the method can improve the security of the account information.
Specifically, when the VSA client transmits the acquired user account information to at least one single-point mobile application, the following method may be implemented: and obtaining pre-stored user account information through the VSA client, and transmitting the user account information to an account input interface of at least one single-point mobile application. The VSA client can supervise each operation interface of the single-point mobile application, so that the VSA client directly transmits the acquired user account information to the account input interface of the single-point mobile application, the user account information is automatically input through the account input interface of the single-point mobile application, and the filling operation of the user account information is realized. Correspondingly, after the single-point mobile application receives the user account information filled by the account input interface, the at least one single-point mobile application sends the user account information from the VSA client to the target server corresponding to the at least one single-point mobile application.
The single-point mobile application needs to select one target server from a plurality of candidate target servers as a receiving end of the current user account information according to the application type. Since the number of the standalone mobile applications is large, a plurality of different target servers are required to provide service services for different types of standalone mobile applications. Therefore, the matched target server needs to be selected according to the application type of the single-point mobile application.
Step S230: and when receiving the verification passing notification message returned by the target server, starting the login operation of at least one single-point mobile application.
Specifically, after receiving the user account information sent by the single-point mobile application, the target server verifies the user account information according to the pre-stored user registration account data, and returns a verification passing notification message when the verification passes, so that the single-point mobile application can log in smoothly.
In specific implementation, the target server acquires user registration account data from a preset user center server to verify. The user center server is respectively connected with the target servers and the VSA server; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data. Therefore, in the embodiment, the function of unified account management of the service end is realized by the user center service end respectively connected with each target service end and the VSA service end: the VSA server pre-acquires and stores legal user registration account data, which may be pre-input by a user or stored by the user during manual login of other single-point applications. In a word, the VSA server uniformly stores the acquired user registration account data in the user center server. Correspondingly, each target server respectively corresponding to different single-point mobile applications can uniformly acquire user registration account data from the user center server, so that uniform login management among a plurality of single-point mobile applications is realized.
For convenience of understanding, the implementation manner in the embodiment of the present invention is described in detail below by taking a specific example as an example:
currently, in a mobile office business scenario, a plurality of enterprise mobile applications may be available on a mobile phone of an employee, however, each application has its own user name and password, and it is a very challenging matter to remember various passwords. Through a single sign-on (SSO) scheme of the mobile application, after an enterprise application is logged on the mobile phone, other enterprise applications can be logged on quickly without the user inputting a user name and a password again. However, the traditional single sign-on scheme needs to modify codes of the mobile application client and the server, the operation process of code modification is tedious and time-consuming, and many enterprise users are unable to modify codes of the mobile application client and the server, so that the application scenario of the traditional single sign-on scheme is limited.
In order to solve the above technical problem, the present example provides a method for implementing single sign-on of a mobile application, in which a mobile application and a server do not need to be code-modified, and only a VSA technology needs to be used to encapsulate the mobile application, so that the purpose of single sign-on of multiple mobile applications can be achieved. The vsa (virtual Security area) refers to a technology for implementing a virtual machine on a mobile device by taking over communication between a mobile application and an OS (operating system such as Android and iOS). Through the virtualization technology, the VSA is hooked with the drive of the bottom layer of the operating system, so that any enterprise-level application can be safely operated in a virtual machine, and the safety and fine-grained control of the application are realized.
In this solution, first, unified account management needs to be performed for the server. Fig. 5 shows a server side system architecture diagram, and as shown in fig. 5, the virtual security server side management system includes: the system comprises a user center server, a virtual security domain server (namely, a VSA server) and a plurality of target servers. Each target server corresponds to different business applications, and each target server (for example, target server a and target server B in fig. 5) is uniformly connected to a user center (for example, AD/LDAP), and has a uniform account name and password.
Secondly, on the premise that the server side manages the unified account, the single sign-on function of the client side can be achieved. Specifically, first, the virtual security domain encapsulates the application a and the application B, so that the application a and the application B run in the VSA. Then, when the user clicks the application A on the mobile phone, the virtual security domain VSA fills the account name and the password into the application A in a replacement filling mode, and the application A transmits the account name and the password to the target server A for verification and can be normally used after the verification.
Therefore, the scheme provides a method for realizing single sign-on of the mobile application based on the VSA technology, and the scheme does not need to modify codes of the mobile application and the server and only needs to use the VSA technology to package the mobile application, so that the aim of single sign-on of a plurality of mobile applications can be fulfilled.
Fig. 3 is a schematic structural diagram of a single sign-on apparatus for a mobile application according to another embodiment of the present invention, and as shown in fig. 3, the apparatus includes:
the encapsulation module 31 is adapted to perform VSA encapsulation processing for each single-point mobile application;
the transmission module 32 is adapted to transmit the user account information to the at least one single-point mobile application through the VSA client when a login request triggered by the at least one single-point mobile application is received, so that the at least one single-point mobile application sends the user account information from the VSA client to the server for verification;
and the login module 33 is adapted to start the login operation of the at least one single-point mobile application when receiving the authentication passing notification message returned by the server.
Optionally, the encapsulation module is specifically adapted to:
and performing VSA encapsulation processing on each single-point mobile application contained in the single-point mobile application group so as to enable each encapsulated single-point mobile application to run in a VSA client.
The specific structure and the working principle of each module may refer to the description of the corresponding step in the method embodiment, and are not described herein again.
The embodiment of the invention also provides a single sign-on system of mobile application, which comprises: the single sign-on device, the user center server, the VSA server and the target server of the mobile application; the user center server is respectively connected with a plurality of target servers and VSA servers; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data.
The embodiment of the present application provides a non-volatile computer storage medium, where the computer storage medium stores at least one executable instruction, and the computer executable instruction may execute the single sign-on method of the mobile application in any method embodiment described above.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the electronic device.
As shown in fig. 4, the electronic device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the above embodiments of the domain name resolution method.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The electronic device comprises one or more processors, which can be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may be specifically configured to cause the processor 402 to perform the operations in the above-described method embodiments.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in an electronic device according to embodiments of the present invention. The present invention may also be embodied as apparatus or system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several systems, several of these systems may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (8)
1. A single sign-on method for a mobile application, comprising:
performing virtual security domain VSA encapsulation processing on each single-point mobile application contained in the single-point mobile application group so as to enable each encapsulated single-point mobile application to run in a VSA client; the VSA is a virtual security domain and is used for realizing a security protection function through a virtual machine technology, and the VSA encapsulation processing is to encapsulate the mobile application through the VSA virtual machine technology so that the mobile application runs in the virtual machine, and therefore the mobile application can be controlled through the VSA virtual machine conveniently;
when a login request triggered by at least one single-point mobile application is received, transmitting user account information to the at least one single-point mobile application through a VSA client, and sending the user account information from the VSA client to a target server corresponding to the at least one single-point mobile application by the at least one single-point mobile application, wherein the target server acquires user registration account data from a preset user center server for verification;
and when receiving the verification passing notification message returned by the target server, starting the login operation of the at least one single-point mobile application.
2. The method of claim 1, wherein the transmitting, by the VSA client, user account information to the at least one standalone mobile application comprises:
and obtaining pre-stored user account information through a VSA client, and transmitting the user account information to an account input interface of the at least one single-point mobile application.
3. The method of claim 1, wherein the user center server is connected to a plurality of target servers and VSA servers, respectively; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data.
4. A single sign-on apparatus for a mobile application, comprising:
the packaging module is suitable for carrying out VSA packaging processing aiming at each single-point mobile application;
the transmission module is suitable for transmitting user account information to at least one single-point mobile application through a VSA client when a login request triggered by the single-point mobile application is received, so that the user account information from the VSA client can be sent to a server side for verification by the single-point mobile application;
and the login module is suitable for starting the login operation of the at least one single-point mobile application when receiving the verification passing notification message returned by the server.
5. The apparatus of claim 4, wherein the encapsulation module is specifically adapted to:
and performing VSA encapsulation processing on each single-point mobile application contained in the single-point mobile application group so as to enable each encapsulated single-point mobile application to run in a VSA client.
6. A single sign-on system for mobile applications, comprising: the single sign-on device, the user center server, the VSA server, and the target server for the mobile application of claim 4 or 5;
the user center server is respectively connected with a plurality of target servers and VSA servers; the VSA server is used for storing user registration account data to the user center server so that each target server can acquire the user registration account data from the user center server to verify the user registration account data.
7. An electronic device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the single sign-on method of the mobile application as claimed in any one of claims 1-3.
8. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the single sign-on method for a mobile application of any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911421847.6A CN111191202B (en) | 2019-12-31 | 2019-12-31 | Single sign-on method, device and system for mobile application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911421847.6A CN111191202B (en) | 2019-12-31 | 2019-12-31 | Single sign-on method, device and system for mobile application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111191202A CN111191202A (en) | 2020-05-22 |
| CN111191202B true CN111191202B (en) | 2022-08-02 |
Family
ID=70710591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911421847.6A Active CN111191202B (en) | 2019-12-31 | 2019-12-31 | Single sign-on method, device and system for mobile application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111191202B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500074B (en) * | 2022-02-11 | 2024-04-12 | 京东科技信息技术有限公司 | Single-point system security access method and device and related equipment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7496755B2 (en) * | 2003-07-01 | 2009-02-24 | International Business Machines Corporation | Method and system for a single-sign-on operation providing grid access and network access |
| CN101651666A (en) * | 2008-08-14 | 2010-02-17 | 中兴通讯股份有限公司 | Method and device for identity authentication and single sign-on based on virtual private network |
| CN105323291A (en) * | 2014-08-04 | 2016-02-10 | 中兴通讯股份有限公司 | Method and device for processing unified login of mobile applications |
| CN106209726B (en) * | 2015-04-30 | 2020-06-05 | 中兴通讯股份有限公司 | Mobile application single sign-on method and device |
| CN109347864B (en) * | 2018-11-22 | 2021-05-28 | 杭州迪普科技股份有限公司 | Single sign-on method and device based on virtual private network |
| GB2582180A (en) * | 2019-03-15 | 2020-09-16 | Securenvoy Ltd | Distributed authentication |
-
2019
- 2019-12-31 CN CN201911421847.6A patent/CN111191202B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111191202A (en) | 2020-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11477641B2 (en) | System and method for authentication session transfer using application download links | |
| US12035416B2 (en) | ESIM card change method and related device | |
| US20190176037A1 (en) | Dynamic resource allocation for gaming applications | |
| US20120331536A1 (en) | Seamless sign-on combined with an identity confirmation procedure | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| US10834067B2 (en) | Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| US9922181B2 (en) | Security model for network information service | |
| CN107292176A (en) | Method and system for accessing a trusted platform module of a computing device | |
| CN111064708B (en) | Authorization authentication method and device and electronic equipment | |
| US20210073373A1 (en) | Automating password change management | |
| CN111191202B (en) | Single sign-on method, device and system for mobile application | |
| US20220405357A1 (en) | Method, system and computer program for registering a user with a third-party service | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| CN107707550B (en) | Method, device and system for accessing virtual machine | |
| CN112346888B (en) | Data communication method and device based on software application and server equipment | |
| CN109729087B (en) | Method for lending account to other people and corresponding system | |
| CN113904774A (en) | Block chain address authentication method and device and computer equipment | |
| CN111736830A (en) | Page integration method based on symbolic path analysis | |
| CN111200579A (en) | User login method, client and system | |
| CN112311716A (en) | Data access control method and device based on openstack and server | |
| CN113949562B (en) | Portal authentication method, device, system, electronic equipment and storage medium | |
| US11336438B2 (en) | Remote approval and execution of restricted operations | |
| CN115086393B (en) | Interface calling method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |