CN112822222A - Login verification method, automatic login verification method, server side and client side - Google Patents
Login verification method, automatic login verification method, server side and client side Download PDFInfo
- Publication number
- CN112822222A CN112822222A CN202110344525.7A CN202110344525A CN112822222A CN 112822222 A CN112822222 A CN 112822222A CN 202110344525 A CN202110344525 A CN 202110344525A CN 112822222 A CN112822222 A CN 112822222A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- login
- token
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Abstract
An embodiment of the present specification provides a login verification method, including: firstly, receiving equipment information of equipment where a client side is located, which is sent by the client side in response to a starting instruction, and generating a first equipment token aiming at the equipment information; then, determining an equipment identifier corresponding to the equipment information, establishing a first mapping relation between the equipment identifier and a first equipment token, and sending the first equipment token to the client; then, receiving a login authentication request sent by a client, wherein the login authentication request at least comprises a first equipment token, a user name and a password; then, under the condition that the user name and the password pass the verification, acquiring an equipment identifier corresponding to the first equipment token according to the first mapping relation, and acquiring a user identifier corresponding to the user name; the user identification is correspondingly generated based on the user name which is successfully registered; then, returning the user identification to the client, and generating an authorization record, wherein the authorization record at least comprises the equipment identification and the user identification.
Description
The application is a divisional application of invention patent application 'login authentication method, automatic login authentication method, server and client' with application number 201810664036.8, submitted on 25/6/2018.
Technical Field
The embodiment of the specification relates to the technical field of internet, in particular to a login verification method, an automatic login verification method, a server and a client.
Background
With the development of internet technology, people frequently use mobile terminals, such as mobile phones and tablet computers, to meet various requirements in life and work. In order to use various functions provided in an application, such as a transfer function in a pay pal, a user is typically required to log in to the application using a username and password. Based on this, in order to enable the user to complete login more quickly, most applications provide an automatic login function, that is, after the user successfully logs in at a certain time, the user does not need to input the user name and the password again in the follow-up process, but the application is directly opened to realize login.
However, the existing automatic login method is low in security. Therefore, it is necessary to provide a more secure and reliable automatic login method to better ensure the information and property security of the user.
Disclosure of Invention
The present specification describes an authentication method for automatic login, which completes authentication of login information by combining device information, thereby improving the security of automatic login.
According to a first aspect, a login authentication method is provided, where an execution subject is a server, the method includes: receiving equipment information of equipment where the client is located, which is sent by the client in response to the starting instruction, and generating a first equipment token aiming at the equipment information; determining a device identifier corresponding to the device information, and establishing a first mapping relation between the device identifier and the first device token; sending the first device token to the client; receiving a login authentication request sent by the client, wherein the login authentication request at least comprises the first equipment token, a user name and a password; under the condition that the user name and the password pass verification, acquiring the equipment identifier corresponding to the first equipment token according to the first mapping relation, and acquiring the user identifier corresponding to the user name; the user identification is correspondingly generated based on the user name which is successfully registered; returning the user identification to the client; generating an authorization record, the authorization record including at least the device identification and the user identification.
According to one embodiment, the determining the device identifier corresponding to the device information includes: generating the device identification based on the device information.
According to one embodiment, the determining the device identifier corresponding to the device information includes: determining the equipment identifier corresponding to the equipment information based on a pre-established second mapping relation between the equipment information and the equipment identifier; wherein the second mapping relationship is established in response to the first reporting of the device information by the client, and the device identifier in the second mapping relationship is generated based on the first reporting of the device information by the client.
According to one embodiment, the login authentication request further comprises a client identifier, the client identifier being generated when the client is first started; the generating an authorization record includes: and storing the device identifier, the user identifier and the client identifier in an associated manner as the authorization record.
According to a second aspect, there is provided an authentication method for automatic login, where an execution subject is a server, the method including: receiving equipment information of equipment where the client is located, which is sent by the client in response to the starting instruction, and generating a second equipment token aiming at the equipment information; determining the equipment identifier corresponding to the equipment information according to a pre-established second mapping relation between the equipment information and the equipment identifier, and establishing a third mapping relation between the equipment identifier and the second equipment token; sending the second device token to the client; receiving an automatic login request sent by the client, wherein the automatic login request at least comprises the second equipment token and a user identifier returned to the client by the server under the condition of successful login; acquiring the device identifier corresponding to the second device token based on the third mapping relation; the obtained device identification and the user identification are verified based on an authorization record generated according to the method provided by the first aspect.
According to an embodiment, the second mapping relationship is established by the server in response to the client reporting the device information for the first time, and the device identifier in the second mapping relationship is generated by the server for the device information reported by the client for the first time.
According to one embodiment, the establishing a third mapping relationship between the device identifier and the second device token includes: updating an existing device token stored in association with the device identification with the second device token.
According to one embodiment, the automatic login request further comprises a client identifier, and the client identifier is generated when the client is started for the first time; the authorization record also comprises the client identification received from the client when the prior login is successful.
According to a third aspect, there is provided a login authentication method, where an execution subject is a client, the method including: responding to a starting instruction, and sending equipment information of equipment where the client is located to a server; receiving a first device token from the server, the first device token being generated by the server for the device information; sending a login authentication request to the server, wherein the login authentication request at least comprises the first equipment token, a user name and a password; receiving a user identification from a server, wherein the user identification is correspondingly generated by the server based on the user name which is successfully registered under the condition that the user name and the password are verified; and generating a login-free record based on the user identification.
According to one embodiment, the login authentication request further comprises a client identification, the client identification being generated by the client when the client is first started.
According to a fourth aspect, there is provided an authentication method for automatic login, where an execution subject is a client, the method including: responding to a starting instruction, and sending equipment information of equipment where the client is located to a server; receiving a second device token from the server, the second device token being generated by the server for the device information; acquiring a user identifier based on the login-free record generated according to the method provided by the third aspect; and sending an automatic login request to a server, wherein the automatic login request at least comprises the second equipment token and the user identifier. According to one embodiment, the automatic login request further includes a client identifier, and the client identifier is generated when the client is started for the first time.
According to a fifth aspect, there is provided a server, comprising: the receiving unit is used for receiving the equipment information of the equipment where the client side is positioned, which is sent by the client side in response to the starting instruction; a generating unit configured to generate a first device token for the device information; a determining unit, configured to determine a device identifier corresponding to the device information; the establishing unit is used for establishing a first mapping relation between the equipment identifier and the first equipment token; the sending unit is further configured to send the first device token to the client; the receiving unit is further configured to receive a login authentication request sent by the client, where the login authentication request at least includes the first device token, a user name, and a password; the obtaining unit is used for obtaining the equipment identifier corresponding to the first equipment token according to the first mapping relation under the condition that the user name and the password pass verification, and obtaining the user identifier corresponding to the user name; the user identification is correspondingly generated based on the user name which is successfully registered; the sending unit is further configured to return the user identifier to the client; a second generating unit, configured to generate an authorization record, where the authorization record includes at least the device identifier and the user identifier.
According to a sixth aspect, there is provided a server, comprising: the receiving unit is used for receiving the equipment information of the equipment where the client side is positioned, which is sent by the client side in response to the starting instruction; a generating unit configured to generate a second device token for the device information; the determining unit is used for determining the equipment identifier corresponding to the equipment information according to a pre-established second mapping relation between the equipment information and the equipment identifier; the establishing unit is used for establishing a third mapping relation between the equipment identifier and the second equipment token; a sending unit, configured to send the second device token to the client; the receiving unit is further configured to receive an automatic login request sent by the client, where the automatic login request at least includes the second device token and a user identifier returned to the client by the server when login is successful; an obtaining unit, configured to obtain, based on the third mapping relationship, the device identifier corresponding to the second device token; a verification unit for verifying the obtained device identification and the user identification based on an authorization record generated according to the method provided in the first aspect.
According to a seventh aspect, there is provided a client comprising: the sending unit is used for responding to the starting instruction and sending the equipment information of the equipment where the client is located to the server; a receiving unit, configured to receive a first device token from the server, where the first device token is generated by the server for the device information; the sending unit is further configured to send a login authentication request to the server, where the login authentication request at least includes the first device token, the user name, and the password; the receiving unit is further configured to receive a user identifier from a server, where the user identifier is correspondingly generated by the server based on the user name successfully registered under the condition that the user name and the password are verified; and the generating unit is used for generating a login-free record based on the user identification.
According to an eighth aspect, there is provided a client comprising: the sending unit is used for responding to the starting instruction and sending the equipment information of the equipment where the client is located to the server; a receiving unit, configured to receive a second device token from the server, where the second device token is generated by the server for the device information; the acquiring unit is used for acquiring a user identifier based on the login-free record generated according to the method provided by the third aspect; the sending unit is configured to send an automatic login request to a server, where the automatic login request at least includes the second device token and the user identifier.
According to a ninth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first, or second, or third, or fourth aspect.
According to a tenth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory has stored therein executable code, which when executed by the processor, implements the method of the first, or second, or third, or fourth aspect.
In the method for verifying automatic login disclosed in the embodiments of the present specification, the automatic login request sent by the client includes the device token returned by the server, where the device token is dynamically generated by the server for the device information reported when the client is started each time, and after receiving the automatic login request, the server does not directly verify the device token therein, but needs to invoke the device identifier corresponding to the device token and then verifies the device identifier based on the pre-generated authorization record, so that the safety of automatic login is greatly improved, and the information and property safety of the user can be better guaranteed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments disclosed in the present specification, the drawings needed to be used in the description of the embodiments will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments disclosed in the present specification, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 illustrates an implementation scenario diagram according to one embodiment;
FIG. 2 illustrates a schematic diagram of client-server interaction during a login process, according to one embodiment;
FIG. 3 illustrates a schematic diagram of client-server interaction during an auto-login process, according to one embodiment;
FIG. 4 illustrates a three-party interaction diagram during an automatic login process, according to an example;
FIG. 5 illustrates a server side architecture diagram according to one embodiment;
FIG. 6 illustrates a client architecture diagram according to one embodiment;
FIG. 7 illustrates a server side architecture diagram according to one embodiment;
FIG. 8 illustrates a client architecture diagram according to one embodiment.
Detailed Description
Embodiments disclosed in the present specification are described below with reference to the accompanying drawings.
First, the inventive concept and application scenario of the authentication method for automatic login provided in the embodiments of the present specification are described. The method is based mainly on the following observations and statistics:
at present, most mobile clients (hereinafter referred to as clients), that is, application programs running on a mobile terminal, provide an automatic login mechanism for improving user experience, that is, when a user successfully logs in by inputting authentication information, such as a user name and a password, and the user needs to log in again, the user only needs to open the client, but does not need to input the authentication information again, so as to complete login. However, in the conventional automatic login mechanism, referring to the application scenario shown in fig. 1, what the client needs to submit, and what the server (i.e., serving the client, the content of the service such as providing resources to the client, saving client data, etc.) needs to verify, is the automatic login verification information, which usually involves client credentials generated by the client and/or server credentials generated by the server. Because the verification information is not changed after being generated, the verification information is easy to be cracked and embezzled by lawbreakers, and further the information and property safety of users is threatened.
Based on the above observation and statistics, in the verification method for automatic login provided in the embodiments of the present specification, the server generates the device identifier according to the device information reported when the client is started for the first time, dynamically generates the corresponding device Token (Token) for the device information reported when the client is started for each time, and uses the device identifier and the device Token as the related verification information in the automatic login process, thereby improving the security of automatic login.
It should be noted that, in the embodiments disclosed in the present specification, the authentication method for automatic login may be implemented based on a login authentication method. In the following, the login authentication method and the automatic login authentication method are described with reference to fig. 2 and fig. 3, respectively, according to specific embodiments.
First, a login authentication method disclosed in the present embodiment will be described. FIG. 2 illustrates a schematic diagram of client-server interaction during a login process according to an embodiment. As shown in fig. 2, the interactive process may include the following steps:
step S210, the client sends the device information of the device to which the client is located to the server in response to the start instruction.
In one embodiment, the launch instruction may be generated based on an open operation to the client. In one example, the opening operation for the client may include: and clicking the icon corresponding to the client in the mobile terminal by the user. In another example, the opening operation may include: the user inputs a voice control instruction in the mobile terminal, for example, please open the pay bank APP to enter the relevant operation of the client.
In one embodiment, the device information may include a Media Access Control (MAC) address of the device, an operating system such as an android system, an IOS system, a Windows system, a screen resolution, and the like.
In step S220, the server generates a first device token for the device information.
It should be noted that, in this embodiment of the present specification, since the server may generate a new device token in response to an action of reporting the device information by the client each time, the device token is a dynamically updated temporary index string.
In one embodiment, the server may generate the first device token based on the device information, that is, the content of the first device token may be related to the content of the device information, for example, the first device token may be composed of a MAC address in the device information and a random number generated by the server. In another embodiment, the content of the first device token may be independent of the content of the device information, for example, the server may generate a random number in response to the report of the device information by the client, and store the random number in association with the device information.
In this way, the server may generate the first device token for reporting the device information by the client, and associate the device information with the first device token.
In step S230, the server determines the device identifier corresponding to the device information, and establishes a first mapping relationship between the device identifier and the first device token.
In one embodiment, the device identification may be a unique identification code for distinguishing the respective devices.
In one embodiment, the reporting of the device information in step S210 is that the client reports the device information to the server for the first time. At this time, the device identifier corresponding to the device information does not exist in the server. Accordingly, determining the device identifier corresponding to the device information in step S230 may include: generating the device identification based on device information. In one example, the corresponding device identification may be determined based on the MAC address and resolution in the device information. In one embodiment, on the basis of generating the device identifier, a mapping relationship between the device information and the device identifier is also established, which is referred to herein as a second mapping relationship.
In another embodiment, the ue has already reported the device information to the server before reporting the device information in step S210, that is, the device information is not reported for the first time in step S210. As described above, when the client reports the device information for the first time, the server generates the device identifier based on the device information, and establishes the second mapping relationship between the device information and the device identifier. Therefore, if the device information is not reported for the first time in S210, the server already has the device identifier, and accordingly, determining the device identifier corresponding to the device information may include: determining the equipment identifier corresponding to the equipment information based on a second mapping relation between the pre-established equipment information and the equipment identifier; the second mapping relation is established in response to the first reporting of the device information by the client, and the device identifier in the second mapping relation is generated based on the first reporting of the device information by the client.
And after the device identification corresponding to the device information is determined, establishing a first mapping relation between the device identification and the generated first device token. In one embodiment, establishing the first mapping relationship may include: based on the association relationship between the device identifier and the device information in this step and the association relationship between the device information and the first device token in step S220, a first mapping relationship between the device identifier and the first device token is established by using the device information as a bridge. It should be noted that, in this embodiment of the present specification, the client reports the device information to the server every time the client is started, and accordingly, the server generates a device token associated with the device information in response to each reporting action. Based on this, according to a specific embodiment, establishing the first mapping relationship may include: an existing device token stored in association with the device identification is updated with the first device token.
In the above, a first mapping relationship between the device identifier and the first device token may be established.
In step S240, the server sends the first device token to the client.
Specifically, the server sends the first device token generated in step S220 to the client.
After step S220 is executed, step S230 and step S240 may be executed at the same time, or step S230 or step S240 may be executed first, which is not limited to this.
Step S250, the client sends a login authentication request to the server, where the login authentication request at least includes the first device token, the user name, and the password.
In one embodiment, before step S250, the method may further include: the client receives a user name and a password input by a user. In another embodiment, before step S250, the method may further include: the client acquires a pre-stored user name and password. For example, the client may store the username and password entered by the user in response to the user's previous checking of the "remember password" option at the client interface.
In one embodiment, the login authentication request may further include a client identifier, and the client identifier is generated when the client is started for the first time. In one example, the client identification may be a random number generated when the client first boots.
Step S260, under the condition that the user name and the password are verified, the server side obtains the equipment identification corresponding to the first equipment token according to the first mapping relation, and obtains the user identification corresponding to the user name; wherein the user identification is correspondingly generated based on the user name successfully registered.
Step S270, the server sends the user identification to the client.
In one embodiment, this step may include: and the server side sends a verification success notification to the client side, wherein the notification comprises the user identification.
In step 280, after the client obtains the user identifier, a login-free record may be generated based on the user identifier. The check-in is used to show that the client has been authenticated and successfully logged in, from which automatic login can then be initiated. That is, after receiving the start instruction, the client may first search whether there is a registration-exempt entry therein, and when the registration-exempt entry is confirmed, may attempt to automatically log in.
In one embodiment, the client stores the received user identification as a log-free record. In another embodiment, the authentication success notification is used as a log-free record. In other embodiments, the unregistered record may also include other information, such as the client identification described above.
On the other hand, in step S290, the server generates an authorization record, which is used for the server to record information that the client successfully logs in, where the authorization record at least includes the device identifier and the user identifier.
In one embodiment, generating the authorization record may include: and storing the association of the equipment identification and the user identification as the authorization record.
In another embodiment, in step S250, the login authentication request sent by the client to the server further includes a client identifier, and accordingly, generating the authorization record may include: and storing the device identifier, the user identifier and the client identifier as the authorization record in an associated manner.
After step S260 is executed, the server may execute step S270 and step S290 at the same time, or may execute step S270 first or step S290 first, which is not limited.
The first login verification of the client is completed, meanwhile, under the condition of successful verification, the server returns the user identification corresponding to the user name to the client, and the client generates the login-free record according to the user identification, so that an automatic login request can be initiated according to the login-free record during subsequent starting; meanwhile, an authorization record at least comprising the equipment identifier and the user identifier is generated in the server, and when an automatic login request initiated by the client is subsequently received, the automatic login request can be processed according to the generated authorization record.
Next, a description will be given of an authentication method of automatic login disclosed in the present embodiment. FIG. 3 illustrates a schematic diagram of client-server interaction during an auto-login process, according to one embodiment. As shown in fig. 3, the interactive process may include the steps of:
step S310, the client responds to the starting instruction and sends the equipment information of the equipment where the client is located to the server.
It should be noted that, for the description of this step, reference may be made to the description of step S210 in the foregoing embodiment, and details are not described here.
In step S320, the server generates a second device token for the device information.
It should be noted that, for the description of this step, reference may be made to the description of step S220 in the foregoing embodiment, and details are not described here.
Step S330, the server determines the device identifier corresponding to the device information according to a pre-established second mapping relationship between the device information and the device identifier, and establishes a third mapping relationship between the device identifier and the second device token.
In one embodiment, the second mapping relationship is established by the server in response to the first reporting of the device information by the client, and the device identifier in the second mapping relationship is generated by the server for the device information first reported by the client.
In one embodiment, establishing a third mapping relationship between the device identifier and the second device token includes: the existing device token stored in association with the device identification is updated with the second device token.
It should be noted that, for the description of step S330, reference may also be made to the description of step S230 in the foregoing embodiment, which is not described herein again.
Step S340, the server sends the second device token to the client.
It should be noted that, for the description of step S340, reference may be made to the description of step S240 in the foregoing embodiment, and details are not described herein.
And step S350, acquiring the user identification based on the registration-free record under the condition that the registration-free record exists. The login-free record is generated according to the login authentication method of fig. 2 in case of successful login. Thus, the logbook may show that the client has a record of successful login, from which automatic login may be initiated. As previously mentioned, the enrolment exempt may include a user identification, and in this step, the user identification may then be obtained based on the enrolment exempt for initiating an automatic login.
Step S360, the client sends an automatic login request to the server, wherein the automatic login request at least comprises a second equipment token and the user identification.
In one embodiment, the automatic login request may further include a client identifier, and the client identifier is generated when the client is started for the first time.
It should be noted that, for the introduction of the user identifier, reference may be made to the related description of the user identifier in step S260 and step S270 in the foregoing embodiment, and details are not described here.
Step S370, the server obtains the device identifier corresponding to the second device token based on the third mapping relationship.
Specifically, based on the third mapping relationship between the device identifier and the second device token established in step S330, the device identifier corresponding to the second device token received in step S360 is obtained.
In step S380, the server verifies the obtained device identifier and the user identifier based on the pre-generated authorization record.
It should be noted that the authorization record may be generated based on the method shown in fig. 2, and specifically, the description of the authorization record may refer to step S290 in the above embodiment. As can be seen from step S290, in one embodiment, the authorization record includes the device identifier and the user identifier. In another embodiment, the authorization record includes a device identification, a user identification, and a client identification.
In one embodiment, the verifying the obtained device identifier and the user identifier by the server based on the pre-generated authorization record may include: the server determines whether a corresponding authorization record exists according to the user identifier obtained in step S360 and the device identifier obtained in step S370. Specifically, if present, the verification passes; if not, the verification fails.
In another embodiment, in step S360, the automatic login request may further include a client identifier, and accordingly, this step may further be: and the server judges whether corresponding authorization records exist according to the acquired client identifier, the user identifier and the equipment identifier.
After step S380, step S390 may be further included: and the server side sends a verification result notice to the client side. Therefore, the client successfully realizes automatic login according to the information passing the verification; alternatively, the user may be prompted based on a message that the authentication failed.
Therefore, in the method for verifying automatic login disclosed in the embodiments of the present specification, the automatic login request sent by the client includes the device token returned by the server, where the device token is dynamically generated by the server for the device information reported when the client is started each time, and after receiving the automatic login request, the server does not directly verify the device token therein, but needs to invoke the device identifier corresponding to the device token and then verifies the device identifier based on the pre-generated authorization record, so that the security of automatic login is greatly improved, and the information and property security of the user can be better guaranteed.
The login authentication method and the automatic login authentication method disclosed in the embodiments of the present specification will be further described according to a specific example with reference to fig. 4. The interaction steps shown in fig. 4 relate to an application scenario where the client successfully logs in through a username and password when logging in for the first time, and automatically logs in when restarting. As shown in fig. 4, the method specifically includes the following steps:
step S411, the client is started for the first time and sends the equipment information of the equipment where the client is located to the server.
In step S412, the client generates a client identifier.
In step S413, the server generates a device identifier and a device token a for the received device information.
Step S414, establishing a mapping relationship between the device information, the device identifier and the device token a.
In step S415, the server sends the device token a to the client.
In step S416, the client receives the user name and password input by the user.
Step S417, the client logs in for the first time, and sends an authentication request, where the request includes the device token a, the client identifier, the user name, and the password.
And step S418, the server side verifies the user name and the password, and acquires the user identification corresponding to the user name after the verification is passed.
Step S419, the server stores the device identifier, the client identifier, and the user identifier as corresponding authorization records.
Step S420, the server sends a verification success notification to the client, where the notification includes the user identifier.
In step S421, the client records the user identifier as a login-free record.
Step S422, the client starts again and sends the device information to the server.
In step S423, the server generates a device token B for the device information.
In step S424, the server replaces the device token a stored in association with the device identifier with the device token B.
In step S425, the server sends the device token B to the client.
In step S426, the client reads the user identifier in the login-free record.
Step S427, the client initiates automatic login and sends an authentication request to the server, wherein the request carries the user identifier, the client identifier and the device token B.
In step S428, the server obtains the device identifier stored in association with the device token B.
In step S429, the server verifies the obtained device identifier, user identifier and client identifier based on the authorization record generated in step S419.
Step S430, the server side sends a verification result notice to the client side.
Based on the above, the safety of automatic login can be greatly improved, so that the information and property safety of the user can be better guaranteed.
According to another embodiment, corresponding to the login authentication method, a server is further provided. Fig. 5 shows a schematic structural diagram of a server according to an embodiment. As shown in fig. 5, the server 500 includes:
a receiving unit 510, configured to receive device information of a device where the client is located, where the device information is sent by the client in response to the start instruction;
a first generating unit 520, configured to generate a first device token for the device information;
a determining unit 530 configured to determine a device identifier corresponding to the device information;
an establishing unit 540, configured to establish a first mapping relationship between the device identifier and the first device token;
a sending unit 550, configured to send the first device token to the client;
a receiving unit 510, configured to receive a login authentication request sent by a client, where the login authentication request at least includes a first device token, a user name, and a password;
an obtaining unit 560, configured to obtain, according to the first mapping relationship, an apparatus identifier corresponding to the first apparatus token and obtain a user identifier corresponding to the user name when the user name and the password are verified; the user identification is correspondingly generated based on the user name which is successfully registered;
the sending unit 550 is further configured to return a user identifier to the client;
a second generating unit 570 configured to generate an authorization record, where the authorization record includes at least a device identifier and a user identifier.
According to an embodiment, the determining unit 530 is specifically configured to: a device identification is generated based on the device information.
According to an embodiment, the determining unit 530 is specifically configured to: determining an equipment identifier corresponding to the equipment information based on a second mapping relation between the pre-established equipment information and the equipment identifier; the second mapping relationship is established in response to the first reporting of the device information by the client, and the device identifier in the second mapping relationship is generated based on the first reporting of the device information by the client.
According to one embodiment, the login authentication request further comprises a client identifier, the client identifier being generated when the client is first started; the second generating unit 570 is specifically configured to: and storing the device identification, the user identification and the client identification in an associated manner as an authorization record.
According to another embodiment, corresponding to the login authentication method, a client is further provided. Fig. 6 shows a schematic structural diagram of a client according to an embodiment. As shown in fig. 6, the client 600 includes:
a sending unit 610, configured to send, in response to the start instruction, device information of a device where the client is located to the server;
a receiving unit 620, configured to receive a first device token from the server, where the first device token is generated by the server for the device information;
the sending unit 610 is further configured to send a login authentication request to the server, where the login authentication request at least includes a first device token, a user name, and a password;
the receiving unit 620 is further configured to receive a user identifier from the server, where the user identifier is correspondingly generated by the server based on the user name successfully registered when the user name and the password are verified;
a generating unit 630, configured to generate a login-free record based on the user identifier.
According to one embodiment, the login authentication request further comprises a client identification, the client identification being generated by the client when it is first started.
According to an embodiment of a further aspect, corresponding to the aforementioned verification method for automatic login, a server is also provided. Fig. 7 shows a schematic structural diagram of a server according to an embodiment. As shown in fig. 7, the server 700 includes:
a receiving unit 710, configured to receive device information of a device where the client is located, where the device information is sent by the client in response to the start instruction;
a generating unit 720, configured to generate a second device token for the device information;
a determining unit 730, configured to determine, according to a second mapping relationship between pre-established device information and a device identifier, a device identifier corresponding to the device information;
the establishing unit 740 is configured to establish a third mapping relationship between the device identifier and the second device token;
a sending unit 750, configured to send the second device token to the client;
the receiving unit 710 is further configured to receive an automatic login request sent by the client, where the automatic login request at least includes a second device token and a user identifier returned to the client by the server when login is successful;
an obtaining unit 760, configured to obtain, based on the third mapping relationship, a device identifier corresponding to the second device token;
a verification unit 770 for verifying the obtained device identification and user identification based on the authorization record generated according to the method of claim 1.
According to one embodiment, the second mapping relationship is established by the server in response to the first reporting of the device information by the client, and the device identifier in the second mapping relationship is generated by the server for the device information first reported by the client.
According to an embodiment, the establishing unit 740 is specifically configured to:
the existing device token stored in association with the device identification is updated with the second device token.
According to one embodiment, the automatic login request further comprises a client identifier, and the client identifier is generated when the client is started for the first time; the authorization record also includes a client identifier received from the client upon successful prior login.
According to an embodiment of a further aspect, corresponding to the foregoing authentication method for automatic login, a client is also provided. Fig. 8 shows a schematic structural diagram of a client according to an embodiment. As shown in fig. 8, the client 800 includes:
a sending unit 810, configured to send, in response to the start instruction, device information of a device where the client is located to the server;
a receiving unit 820, configured to receive a second device token from the server, where the second device token is generated by the server for the device information;
an obtaining unit 830, configured to obtain a user identifier based on the login-free record generated according to the method of claim 9;
the sending unit 810 is further configured to send an automatic login request to the server, where the automatic login request at least includes the second device token and the user identifier.
According to one embodiment, the automatic login request further includes a client identifier, and the client identifier is generated when the client is started for the first time.
As above, according to an embodiment of a further aspect, there is also provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2, or fig. 3, or fig. 4.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory and a processor, the memory having stored therein executable code, the processor, when executing the executable code, implementing the method described in connection with fig. 2, or fig. 3, or fig. 4.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments disclosed herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the embodiments disclosed in the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the embodiments disclosed in the present specification, and are not intended to limit the scope of the embodiments disclosed in the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the embodiments disclosed in the present specification should be included in the scope of the embodiments disclosed in the present specification.
Claims (16)
1. A login authentication method, an execution subject is a server, the method comprises:
receiving equipment information of equipment where the client is located, wherein the equipment information is sent by the client;
generating a device identifier and a first device token aiming at the device information, and establishing a mapping relation among the device information, the device identifier and the first device token;
sending the first device token to the client;
receiving a login authentication request sent by the client, wherein the login authentication request at least comprises the first equipment token and identity authentication information;
and under the condition that the authentication information passes the authentication, generating an authorization record for authentication exemption according to the first device token and the mapping relation, wherein the authorization record comprises the device identification and the user identification corresponding to the authentication information.
2. The method of claim 1, further comprising returning the user identification to a client for which a log-free record of the client is generated.
3. The method of claim 1, wherein the mapping relationship comprises: a second mapping relationship between the device information and a device identifier, and a first mapping relationship between the device identifier and the first device token.
4. The method of claim 1, wherein the login-authentication request further comprises a client identification;
the generating an authorization record includes: and storing the device identifier, the user identifier and the client identifier in an associated manner as the authorization record.
5. An authentication method for automatic login, wherein an execution subject is a server, and the method comprises the following steps:
receiving equipment information of equipment where the client is located, which is sent by the client, and generating a second equipment token aiming at the equipment information;
determining a device identifier corresponding to the device information, and replacing an original device token stored in association with the device identifier with a second device token;
sending the second device token to the client;
receiving an automatic login request sent by the client, wherein the automatic login request at least comprises the second equipment token and a user identifier returned to the client by the server under the condition of successful login;
obtaining the device identification stored in association with the second device token;
acquiring a previously generated authorization record, wherein the authorization record comprises a device identifier and a user identifier which pass verification;
verifying the obtained device identification and the received user identification according to the authorization record.
6. The method of claim 5, wherein the auto-login request further includes a client identification; the authorization record also comprises the client identification received from the client when the prior login is successful.
7. A login verification method, the execution subject is a client, the method comprises:
responding to a starting instruction, and sending equipment information of equipment where the client is located to a server;
receiving a first device token from the server, the first device token being generated by the server for the device information;
sending a login authentication request to the server, wherein the login authentication request at least comprises the first equipment token and identity authentication information;
receiving a user identifier corresponding to the identity authentication information from a server under the condition that the identity authentication information passes the authentication;
and generating a login-free record based on the user identification.
8. The method of claim 7, wherein the login-authentication request further comprises a client identification, the client identification being generated by the client when it first boots up.
9. An authentication method for automatic login, the execution subject is a client, the method comprises:
responding to a starting instruction, and sending equipment information of equipment where the client is located to a server;
receiving a second device token from the server, the second device token being generated by the server for the device information;
acquiring a pre-generated login-free record, wherein the login-free record comprises a user identifier returned by a server under the condition that the pre-login is successful;
and sending an automatic login request to a server, wherein the automatic login request at least comprises the second equipment token and the user identifier, so that the server performs automatic login verification.
10. The method of claim 9, wherein the auto-login request further includes a client identifier, the client identifier being generated when the client is first started.
11. A server, comprising:
the receiving unit is used for receiving the equipment information of the equipment where the client is located, which is sent by the client;
the establishing unit is used for generating a device identifier and a first device token aiming at the device information and establishing a mapping relation between the device information, the device identifier and the first device token;
a sending unit, configured to send the first device token to the client;
the receiving unit is further configured to receive a login authentication request sent by the client, where the login authentication request at least includes the first device token and authentication information;
and the generating unit is used for generating an authorization record for login-free authentication according to the first device token and the mapping relation under the condition that the authentication information passes the authentication, wherein the authorization record comprises the device identification and the user identification corresponding to the authentication information.
12. A server, comprising:
the receiving unit is used for receiving the equipment information of the equipment where the client is located, which is sent by the client;
a generating unit configured to generate a second device token for the device information;
a determining unit, configured to determine a device identifier corresponding to the device information, and replace an original device token stored in association with the device identifier with a second device token;
a sending unit, configured to send the second device token to the client;
the receiving unit is further configured to receive an automatic login request sent by the client, where the automatic login request at least includes the second device token and a user identifier returned to the client by the server when login is successful;
a first obtaining unit, configured to obtain the device identifier stored in association with the second device token;
a second obtaining unit, configured to obtain a previously generated authorization record, where the authorization record includes a device identifier and a user identifier that pass verification;
and the verification unit is used for verifying the acquired equipment identification and the received user identification according to the authorization record.
13. A client, comprising:
the sending unit is used for responding to the starting instruction and sending the equipment information of the equipment where the client is located to the server;
a receiving unit, configured to receive a first device token from the server, where the first device token is generated by the server for the device information;
the sending unit is further configured to send a login authentication request to the server, where the login authentication request at least includes the first device token and authentication information;
the receiving unit is further configured to receive, from the server, a user identifier corresponding to the authentication information when the authentication information passes the authentication;
and the generating unit is used for generating a login-free record based on the user identification.
14. A client, comprising:
the sending unit is used for responding to the starting instruction and sending the equipment information of the equipment where the client is located to the server;
a receiving unit, configured to receive a second device token from the server, where the second device token is generated by the server for the device information;
the system comprises an acquisition unit, a log-on processing unit and a log-on processing unit, wherein the acquisition unit is used for acquiring a previously generated log-on free record, wherein the log-on free record comprises a user identifier returned by a server under the condition that the previous log-on is successful;
the sending unit is further configured to send an automatic login request to the server, where the automatic login request at least includes the second device token and the user identifier, so that the server performs authentication of automatic login.
15. A computer-readable storage medium having stored thereon a computer program which, when executed in a computer processor, causes the computer processor to perform the method of any of claims 1-10.
16. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110344525.7A CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110344525.7A CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
| CN201810664036.8A CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810664036.8A Division CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112822222A true CN112822222A (en) | 2021-05-18 |
| CN112822222B CN112822222B (en) | 2023-04-25 |
Family
ID=64538159
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110344525.7A Active CN112822222B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server and client |
| CN201810664036.8A Active CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810664036.8A Active CN108989291B (en) | 2018-06-25 | 2018-06-25 | Login verification method, automatic login verification method, server side and client side |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN112822222B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746857A (en) * | 2021-09-09 | 2021-12-03 | 深圳市腾讯网域计算机网络有限公司 | Login method, device, equipment and computer readable storage medium |
| CN114500090A (en) * | 2022-02-24 | 2022-05-13 | 特赞(上海)信息科技有限公司 | Information processing method and device for secret-free login |
| CN114978675A (en) * | 2022-05-20 | 2022-08-30 | 辽宁华盾安全技术有限责任公司 | Access authentication method and device, electronic equipment and storage medium |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112087411B (en) * | 2019-06-12 | 2022-11-29 | 阿里巴巴集团控股有限公司 | System, method and device for authorization processing and electronic equipment |
| CN110516429A (en) * | 2019-09-04 | 2019-11-29 | 贵阳动视云科技有限公司 | A kind of cloud computer control method, managing device and storage medium |
| CN110601852B (en) * | 2019-09-16 | 2022-02-18 | 思必驰科技股份有限公司 | Authentication and authorization method and system for electronic equipment of voice conversation platform |
| CN111898101A (en) * | 2020-06-23 | 2020-11-06 | 海南新软软件有限公司 | Application security equipment verification method and device |
| CN111898110A (en) * | 2020-08-05 | 2020-11-06 | 苏州朗动网络科技有限公司 | Method, device, server and storage medium for acquiring user identity information |
| CN112187465B (en) * | 2020-08-21 | 2023-09-01 | 招联消费金融有限公司 | Non-inductive login method, device, computer equipment and storage medium |
| CN112788061B (en) * | 2021-01-29 | 2023-09-01 | 百度在线网络技术(北京)有限公司 | Authentication method, authentication device, authentication apparatus, authentication storage medium, and authentication program product |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013073780A1 (en) * | 2011-11-18 | 2013-05-23 | 주식회사 네오위즈인터넷 | Method and server for providing automatic login function |
| US20150089621A1 (en) * | 2013-09-24 | 2015-03-26 | Cellco Partnership (D/B/A Verizon Wireless) | Secure login for subscriber devices |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN106105091A (en) * | 2013-12-13 | 2016-11-09 | T移动美国公司 | Identification and Access Management Access |
| CN106888202A (en) * | 2016-12-08 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Authorize login method and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8185938B2 (en) * | 2001-03-29 | 2012-05-22 | International Business Machines Corporation | Method and system for network single-sign-on using a public key certificate and an associated attribute certificate |
| CN102790674B (en) * | 2011-05-20 | 2016-03-16 | 阿里巴巴集团控股有限公司 | Auth method, equipment and system |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
| CN105323222B (en) * | 2014-07-11 | 2018-08-24 | 博雅网络游戏开发(深圳)有限公司 | Login validation method and system |
| CN104113552B (en) * | 2014-07-28 | 2017-06-16 | 百度在线网络技术(北京)有限公司 | A kind of platform authorization method, platform service end and applications client and system |
-
2018
- 2018-06-25 CN CN202110344525.7A patent/CN112822222B/en active Active
- 2018-06-25 CN CN201810664036.8A patent/CN108989291B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013073780A1 (en) * | 2011-11-18 | 2013-05-23 | 주식회사 네오위즈인터넷 | Method and server for providing automatic login function |
| US20150089621A1 (en) * | 2013-09-24 | 2015-03-26 | Cellco Partnership (D/B/A Verizon Wireless) | Secure login for subscriber devices |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN106105091A (en) * | 2013-12-13 | 2016-11-09 | T移动美国公司 | Identification and Access Management Access |
| CN106888202A (en) * | 2016-12-08 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Authorize login method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746857A (en) * | 2021-09-09 | 2021-12-03 | 深圳市腾讯网域计算机网络有限公司 | Login method, device, equipment and computer readable storage medium |
| CN114500090A (en) * | 2022-02-24 | 2022-05-13 | 特赞(上海)信息科技有限公司 | Information processing method and device for secret-free login |
| CN114978675A (en) * | 2022-05-20 | 2022-08-30 | 辽宁华盾安全技术有限责任公司 | Access authentication method and device, electronic equipment and storage medium |
| CN114978675B (en) * | 2022-05-20 | 2023-06-20 | 辽宁华盾安全技术有限责任公司 | Access authentication method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112822222B (en) | 2023-04-25 |
| CN108989291A (en) | 2018-12-11 |
| CN108989291B (en) | 2021-02-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108989291B (en) | Login verification method, automatic login verification method, server side and client side | |
| KR102307665B1 (en) | identity authentication | |
| US9781105B2 (en) | Fallback identity authentication techniques | |
| US9246897B2 (en) | Method and system of login authentication | |
| EP2929479B1 (en) | Method and apparatus of account login | |
| CN109218260B (en) | Trusted environment-based authentication protection system and method | |
| CN106779716B (en) | Authentication method, device and system based on block chain account address | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| US20120331536A1 (en) | Seamless sign-on combined with an identity confirmation procedure | |
| US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
| CN110365483B (en) | Cloud platform authentication method, client, middleware and system | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN107086979B (en) | User terminal verification login method and device | |
| US20180343118A1 (en) | Method employed in user authentication system and information processing apparatus included in user authentication system | |
| CN107241336B (en) | Identity verification method and device | |
| CN105763520A (en) | Network account password recovery method and device, client terminal device and server | |
| CN110336870B (en) | Method, device and system for establishing remote office operation and maintenance channel and storage medium | |
| CN110175448B (en) | Trusted device login authentication method and application system with authentication function | |
| US11777942B2 (en) | Transfer of trust between authentication devices | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| US20180039771A1 (en) | Method of and server for authorizing execution of an application on an electronic device | |
| CN106921626B (en) | User registration method and device | |
| US11128638B2 (en) | Location assurance using location indicators modified by shared secrets | |
| CN115941217A (en) | Method for secure communication and related product | |
| JP2014164672A (en) | Authentication device and authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230403 Address after: 801-10, Section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Applicant after: Ant financial (Hangzhou) Network Technology Co.,Ltd. Address before: 27 Hospital Road, George Town, Grand Cayman ky1-9008 Applicant before: Innovative advanced technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |