WO2014201636A1 - Procédé et dispositif de connexion selon l'identité - Google Patents

Procédé et dispositif de connexion selon l'identité Download PDF

Info

Publication number
WO2014201636A1
WO2014201636A1 PCT/CN2013/077473 CN2013077473W WO2014201636A1 WO 2014201636 A1 WO2014201636 A1 WO 2014201636A1 CN 2013077473 W CN2013077473 W CN 2013077473W WO 2014201636 A1 WO2014201636 A1 WO 2014201636A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
server
user
management terminal
account management
Prior art date
Application number
PCT/CN2013/077473
Other languages
English (en)
Chinese (zh)
Inventor
王占东
赖景愚
王向众
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201710349035.XA priority Critical patent/CN107070945B/zh
Priority to CN201380000876.XA priority patent/CN103609090B/zh
Priority to PCT/CN2013/077473 priority patent/WO2014201636A1/fr
Publication of WO2014201636A1 publication Critical patent/WO2014201636A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present invention relates to communication technologies, and in particular, to an identity login method and device.
  • BACKGROUND With the advent of the Internet era, the Internet has become more and more open, and users have joined communities and circles, and more and more web applications are used. In different communities, circles, and applications, because users such as usernames have been registered, users need to register more and more different users, which leads to the cumbersome user name and password memory, which needs to be remembered and matched. Username and password for the community, circles, and apps.
  • the embodiment of the invention provides an identity login method and device, so as to implement unified management of user accounts and improve network application security.
  • an embodiment of the present invention provides an identity login method, including:
  • the account management terminal acquires an application description of the application server to be logged in on the application client device.
  • the account management terminal sends the user identity information and the application description information to the identity verification server, so that the identity verification server obtains the user authorization, and after authenticating the application server, the account management terminal is corresponding to the account management terminal.
  • the user account is logged in on the application server.
  • the account management terminal acquires application description information of an application server to be logged in on the application client device, including:
  • the account management terminal Obtaining, by the account management terminal, the application client device from the application client device The address of the application server that is logged in; the account management terminal acquires the application description information from the application server according to the address of the application server; or
  • the account management terminal acquires, from the application client device, application description information of the application server to be logged in on the application client device.
  • the account management terminal acquires, from the application client device, the application server to be logged in on the application client device Address, including:
  • the account management terminal scans the identifier displayed by the application client device, and obtains an address of the application server to be logged in the application client device from the identifier;
  • the identifier includes: a two-dimensional code , 3D code, color code, barcode, black and white code or bull's eye code; or
  • the account management terminal acquires, from the application client device, the application to be logged in on the application client device Server application description information, including:
  • the account management terminal scans the identifier displayed by the application client device, and obtains application description information of the application server to be logged in the application client device from the identifier; the identifier includes: Dimension code, 3D code, color code, barcode, black and white code or bull's eye code; or
  • the account management terminal sends the user identity information and the application description information to the identity
  • the authentication server obtains the user authorization and authenticates the application server
  • the user account corresponding to the account management terminal is logged in to the application server, including:
  • the account management terminal sends the user identity information and the application description information to the identity verification server to obtain an authorization code; Sending, by the account management terminal, the authorization code to the application server, so that the application server obtains an access token from the identity verification server by using the authorization code, and the identity verification server
  • the user account corresponding to the account management terminal is logged in on the application server.
  • the account management terminal sends the user identity information and the application description information to the identity verification server to obtain authorization Code, including:
  • the account management terminal sends the user identity information and the application description information to the identity verification server; the application description information includes an application identifier and a user information permission list; and the account management terminal receives the identity verification server.
  • the account management terminal receives an authorization code sent by the identity verification server according to the authorization confirmation message.
  • the account management terminal sends the authorization code to the application server, including:
  • the account management terminal sends the authorization code to the application client device in an NFC manner, so that the application client device sends the authorization code to the application server.
  • an embodiment of the present invention provides an identity login method, including:
  • the identity verification server receives the user identity information sent by the account management terminal and the application description information of the application server to be logged in on the application client device;
  • the authentication server obtains the user authorization according to the user identity information and the application description information, and performs authentication on the application server. After the authentication succeeds, the user account corresponding to the account management terminal is on the application server. log in.
  • the identity verification server is configured according to the user identity
  • the application description information is used to obtain the user authorization, and the application server is authenticated. After the authentication is successful, the user account corresponding to the account management terminal is logged in to the application server, including:
  • the identity verification server sends an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server;
  • the identity verification server sends an access token to the application server according to the authorization code provided by the application server, and logs the user account corresponding to the account management terminal on the application server.
  • the identity verification server sends an authorization code to the account management terminal according to the user identity information and the application description information, Includes:
  • the authentication server authenticates the user account according to the user identity information, and after the authentication succeeds, sends a user authorization request message to the account management terminal, and receives an authorization confirmation message sent by the account management terminal;
  • the identity verification server sends an authorization code to the account management terminal according to the authorization confirmation message.
  • the identity verification server sends an access token to the application server according to the authorization code provided by the application server, Logging in the user account corresponding to the account management terminal on the application server, including:
  • the identity verification server receives the identity authentication request message sent by the application server, where the identity authentication request message carries the application identifier, the authorization code, and an application key; the identity verification server is configured according to the application The identifier, the authorization code, and the application key authenticate the application server, and after the authentication succeeds, send the access token to the application server;
  • the identity verification server receives an account acquisition request message sent by the application server, where the account acquisition request message carries the access token;
  • an embodiment of the present invention provides an account management terminal, including:
  • An obtaining unit configured to acquire application description information of an application server to be logged in on the application client device
  • a processing unit configured to send the user identity information and the application description information acquired by the acquiring unit to the identity verification server, so that the identity verification server obtains user authorization, and after authenticating the application server, The user account corresponding to the account management terminal is logged in on the application server.
  • the acquiring unit is specifically configured to: obtain, from the application client device, an address of the application server to be logged in on the application client device, according to an address of the application server Obtaining the application description information from the application server; or acquiring application description information of the application server to be logged in on the application client device from the application client device.
  • the acquiring unit acquires, from the application client device, the application server to be logged in to the application client device
  • the address is specifically used for:
  • the identifier includes: a two-dimensional code, a three-dimensional code, and a color Code, barcode, black and white code or bull's eye code; or
  • the NFC electronic tag is obtained from the application client device by the NFC mode, and the address of the application server to be logged in on the application client device is obtained from the NFC electronic tag.
  • the acquiring unit acquires, from the application client device, the application to be logged in on the application client device
  • the server's application description information it is specifically used to:
  • the identifier includes: a two-dimensional code, a three-dimensional code , color code, bar code, black and white code or bull's eye code; or
  • the NFC electronic tag is obtained from the application client device by using the NFC, and the application description information of the application server to be logged in on the application client device is obtained from the NFC electronic tag.
  • the processing unit is specifically configured to:
  • the processing unit sends the user identity information and the application description information to the identity verification server to obtain authorization
  • the code it is specifically used to:
  • the application description information includes an application identifier and a user information permission list
  • Receiving an authorization indication message sending an authorization confirmation message to the identity verification server according to the authorization indication message, where the authorization confirmation message carries user information authorized by the user, and the user information authorized by the user is the user information. Part or all of the permission list, the user information authorized by the user includes the user account;
  • the processing unit when the processing unit sends the authorization code to the application server, the processing unit is specifically configured to:
  • an embodiment of the present invention provides an identity verification server, including:
  • a receiving unit configured to receive user identity information sent by the account management terminal and application description information of the application server to be logged in on the application client device;
  • a processing unit configured to acquire a user authorization according to the user identity information and the application description information received by the receiving unit, and perform authentication on the application server, after the authentication succeeds,
  • the user account corresponding to the account management terminal is logged in on the application server.
  • the processing unit is specifically configured to:
  • the processing unit when sending the authorization code to the account management terminal according to the user identity information and the application description information , specifically for:
  • the processing unit sends an access token to the application server according to the authorization code provided by the application server,
  • the authorization code provided by the application server
  • the user account corresponding to the account management terminal is sent to the application server.
  • an embodiment of the present invention provides an account management terminal, including: a processor, a communication interface, a memory, and a bus;
  • processors the communication interface and the memory are interconnected by the bus;
  • the memory is configured to store instructions or data;
  • the processor calls an instruction stored in the memory to implement acquisition at an application client
  • the application description information of the application server to be logged in on the device, the user identity information and the application description information are sent to the identity verification server by using the communication interface, so that the identity verification server obtains user authorization, and the application server is obtained.
  • the user account corresponding to the account management terminal is logged in to the application server.
  • the processor is specifically configured to: obtain, from the application client device, an address of the application server to be logged in on the application client device, according to an address of the application server
  • the application description information is obtained from the application server by using the communication interface; or the application description information of the application server to be logged in on the application client device is obtained from the application client device.
  • the account management terminal further includes: a scanner or a short-range wireless communication NFC transmitter, the scanner or the Interfacing the NFC transmitter with the processor via the bus;
  • the processor When the processor obtains the address of the application server to be logged in on the application client device from the application client device, the processor is specifically configured to:
  • the scanner And scanning, by the scanner, an identifier displayed by the application client device, and acquiring an address of the application server to be logged in the application client device from the identifier;
  • the identifier includes: a two-dimensional code , 3D code, color code, barcode, black and white code or bull's eye code; or
  • the account management terminal further includes: a scanner or an NFC transmitter, the scanner or the NFC transmitter Interconnecting with the processor through the bus;
  • the processor When the processor obtains the application description information of the application server to be logged in the application client device from the application client device, the processor is specifically configured to:
  • the scanner And scanning, by the scanner, an identifier that is displayed by the application client device, and acquiring application description information of the application server to be logged in the application client device from the identifier;
  • the identifier includes: a dimension code, a three-dimensional code, a color code, a barcode, a black and white code, or a bull's eye code; or acquiring an NFC electronic tag from the application client device in an NFC manner by the NFC transmitter, and obtaining the NFC electronic tag from the NFC electronic tag
  • the site to be logged in on the application client device The application description information of the application server.
  • the processor is specifically configured to:
  • the processor sends the user identity information and the application description information to the identity verification server to obtain authorization
  • the code it is specifically used to:
  • the application description information includes an application identifier and a user information permission list; and receiving the identity verification server by using the communication interface Sending a user authorization request message; receiving an authorization indication message by using the communication interface, and sending an authorization confirmation message to the identity verification server according to the authorization indication message; wherein the authorization confirmation message carries user information authorized by the user, The user information authorized by the user is part or all of the user information permission list, and the user information authorized by the user includes the user account;
  • the account management terminal further includes: an NFC transmitter, the NFC transmitter and the processing by using the bus Interconnect
  • the method is specifically configured to: send the authorization code to the identity verification server by using the communication interface, so that the identity verification server Sending an authorization code to the application client device, where the authorization code is sent by the application client device to the application server; or
  • an embodiment of the present invention provides an identity verification server, including: a processor, a communication interface, a memory, and a bus;
  • the processor, the communication interface, and the memory are interconnected by the bus; the communication interface is configured to receive user identity information sent by the account management terminal and an application description of the application server to be logged in on the application client device.
  • the memory is configured to store instructions or data
  • the processor calls an instruction stored in the memory to obtain a user authorization according to the user identity information and the application description information, and authenticates the application server. After the authentication succeeds, the account management terminal is The corresponding user account is logged in on the application server.
  • the processor is specifically configured to:
  • the processor sends an access token to the application server according to the authorization code provided by the application server,
  • the authorization code provided by the application server
  • an identity authentication request message sent by the application server where the identity authentication request message carries the application identifier, the authorization code, and an application key;
  • the application identifier, the authorization code, and the application key are used to authenticate the application server.
  • the access token is sent to the application server by using the communication interface.
  • the user account corresponding to the account management terminal is sent to the application server through the communication interface.
  • the identity registration method and device provided by the embodiments of the present invention implement unified management of user accounts, and the user can complete the login process through the account management terminal without remembering the account password, thereby reducing the user identity verification as a whole.
  • the complexity avoids the complexity of operation and the risk of information leakage caused by multiple input of password account, memory password account, registration of new account, etc., and improves the security of network applications.
  • FIG. 1 is a flowchart of an identity login method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another identity registration method according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of another identity registration method according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of another identity login method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an account management terminal according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of an identity verification server according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of another account management terminal according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of another account management terminal according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of another identity verification server according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flowchart of an identity login method according to an embodiment of the present invention. As shown in FIG. 1 , the identity login method provided in this embodiment may be specifically applied to an identity login process in an Internet application, where the identity login method specifically includes:
  • Step A10 The account management terminal acquires application description information of an application server to be logged in on the application client device;
  • Step A20 The account management terminal sends the user identity information and the application description information to the identity verification server, so that the identity verification server obtains the user authorization, and after authenticating the application server, the account is The user account corresponding to the management terminal is logged in on the application server.
  • the account management terminal may be, for example, a mobile terminal such as a mobile phone, a tablet or a PDA (Personal Digital Assistant), and the application client device may be a terminal device such as a mobile phone, a tablet computer, a PDA, a personal computer, or a notebook computer.
  • the application client device may be configured with an application client to implement a specific application, and an application server is set corresponding to the application client.
  • the application client device can also set a browser to implement various applications through webpages. In this case, different applications can have corresponding application servers.
  • the account management terminal can cooperate with the identity verification server to implement unified management of the user account.
  • the user pre-registers the user account and logs in the user account on the account management terminal.
  • the identity verification in the login process can refer to the prior art.
  • the authentication process for example, the account management terminal sends the user account and password to the identity verification server, and the identity verification server verifies the user account and password. After the verification succeeds, the account management terminal is notified to log in successfully, and sends the account management terminal to the account management terminal.
  • User identity information such as a service token (ServiceToken).
  • ServiceToken service token
  • the application that the user wants to use is also registered on the authentication server. After the user account is successfully logged in the account management terminal, the user who holds the account management terminal can use the identity registration method provided in this embodiment to log in to the user.
  • the account management terminal obtains the application description information of the application server, and the application description information may specifically include an application identifier (AppID), and may also include information such as a user information permission list.
  • the application identifier is used to identify the application, and the content of the user information permission list is different for different applications.
  • the user information permission list may include a user name, a new event, and a microblog publishing right.
  • the implementation manner of the account management terminal for obtaining the application description information may also be multiple:
  • the application client device may provide the address of the application server by using an identifier or NFCXNear Field Communication, short-range wireless communication.
  • the account management terminal accesses the application server according to the address to obtain the application description information.
  • the application client device may obtain the application description information from the application server, and The NFC method provides the application description information to the account management terminal.
  • the account management terminal may obtain the application description information in other manners, which is not limited to this embodiment.
  • the account management terminal sends the user identity information and the application description information to the identity verification server.
  • the identity verification server logs the user account corresponding to the account management terminal on the application server.
  • the user can log in to the application by using the method provided in this embodiment.
  • the SP can log in to all applications through a user account.
  • the account management terminal acquires application description information of the application server to be logged in on the application client device, and sends the user identity information and the application description information to the identity verification server, so that the identity verification server acquires the user.
  • Authorize, and after authenticating the application server log in the user account corresponding to the account management terminal on the application server.
  • the unified management of the user account is realized, and the user can complete the login process through the account management terminal without remembering the account password, thereby reducing the complexity of the user identity verification, avoiding entering the password account number, remembering the password account, registering new times.
  • the operational complexity and risk of information leakage caused by operations such as account numbers improve the security of network applications.
  • step A10 the account management terminal obtains the application description information of the application server to be logged in on the application client device, which may include:
  • the account management terminal acquires, from the application client device, an address of the application server to be logged in to the application client device; the account management terminal acquires the application server from the application server according to the address of the application server. Description of the application description; or
  • the account management terminal obtains, from the application client device, the address of the application server to be logged in to the application client device, which may include:
  • the account management terminal scans the identifier displayed by the application client device, and obtains an address of the application server to be logged in the application client device from the identifier;
  • the identifier includes: a two-dimensional code , 3D code, color code, barcode, black and white code or bull's eye code; or
  • the account management terminal obtains an NFC electronic tag from the application client device by using the NFC, and obtains an address of the application server to be logged in on the application client device from the NFC electronic tag.
  • the account management terminal acquires the application description information of the application server to be logged in to the application client device from the application client device, and specifically includes: the account management terminal scanning the location The application description information displayed by the application client device is obtained, and the application description information of the application server to be logged in the application client device is obtained from the identifier;
  • the identifier includes: a two-dimensional code, a three-dimensional code, and a color Code, barcode, black and white code or bull's eye code; or
  • the following is a description of the process of the application management device acquiring the application description information of the application server to be logged in on the application client device by using the browser set on the client device as an example to access the website or the web application.
  • the invention is not limited thereto.
  • the user when the user accesses the website or the web application through the browser, when the user needs to log in, the user can actively click the login option to trigger the login process, or the user triggers the login process by a specific event during the browsing process.
  • the browser sends an identifier acquisition request message to the authentication server through the interface call, and the website address of the website accessed by the user is transmitted as a parameter to the identity verification server, and the website address is the address of the application server that carries the website, such as a URL (Uniform/Universal) Resource Locator, Uniform Resource Locator or IP (Internet Protocol) address.
  • the browser can also pass the connection code (ConnectionCode) as a parameter to the authentication server.
  • the connection code is used to uniquely identify the identifier acquisition request, which can be calculated by the session ID (SessionID).
  • the authentication server is based on the received application server
  • the address generation identification code includes the address of the application server.
  • the identification code can be, but is not limited to, a two-dimensional code, a three-dimensional code, a color code, a barcode, a black and white code, or a bull's eye code.
  • the identity verification server When the received information further includes the foregoing connection code, the identity verification server generates an identification code according to the address of the application server and the connection code, where the identifier includes the address of the application server and the connection code.
  • the authentication server sends the identification code to the browser of the application client device.
  • the browser After receiving the identification code sent by the authentication server, the browser displays the identification code to the user.
  • the user scans the identification code through the scanner of the account management terminal, parses the scanned identification code, and obtains the address of the application server.
  • the identification code further includes the connection code
  • the connection code is also parsed.
  • the application client device may directly obtain an identifier or an electronic tag including the address according to the address of the application server. If the obtained electronic tag is obtained, the NFC transmitter may be set in the application client device. And sending the electronic tag to the account management terminal through the NFC transmitter, and the account management terminal acquires the address of the application server from the received electronic tag.
  • the account management terminal accesses the corresponding application server according to the address, and obtains the application description information from the application server.
  • the account management terminal may send an application description information acquisition request message to the application server indicated by the obtained address, and the application server returns the application description information to the account management terminal according to the application description information acquisition request message.
  • the application client device may directly request the application server to obtain the application description information, generate an identifier or an electronic tag that includes the application description information, and display the identifier through the browser.
  • the application client device may directly request the application server to obtain the application description information, generate an identifier or an electronic tag that includes the application description information, and display the identifier through the browser.
  • the identity management terminal can scan the identification code or receive the electronic tag to realize the identity login, and the user does not need to memorize the account password, which simplifies the operation process.
  • FIG. 2 is a flowchart of another method for identity login according to an embodiment of the present invention. The embodiment is based on the embodiment shown in FIG. 1. As shown in FIG. 2, in the embodiment, the step A20 in the embodiment shown in FIG. 1 may specifically include:
  • Step A201 The account management terminal sends the user identity information and the application description information to the identity verification server to obtain an authorization code.
  • Step A202 The account management terminal sends the authorization code to the application server, to And causing the application server to obtain an access token from the identity verification server by using the authorization code, and register, by the identity verification server, a user account corresponding to the account management terminal to log in to the application server.
  • the account management terminal sends the user identity information and the application information to the identity verification server, and the identity verification server can authenticate the corresponding user account according to the user identity information, obtain the user authorization, generate the authorization code, and send the authorization code to the account management terminal.
  • the account management terminal sends the authorization code to the application server, and the application server obtains an access token (AccessToken) between the application server and the authentication server by using the authorization code, and the identity verification server can authenticate the application server according to the access token.
  • AccessToken access token
  • the account management terminal sends the user identity information and the application description information to the identity verification server to obtain an authorization code, which may include: The user identity information and the application description information are sent to the identity verification server; the application description information includes an application identifier and a user information permission list; and the account management terminal receives a user authorization request message sent by the identity verification server; The account management terminal receives the authorization indication message, and sends an authorization confirmation message to the identity verification server according to the authorization indication message.
  • the authorization confirmation message carries the user information authorized by the user, and the user information authorized by the user For some or all of the user information permission list, the user information authorized by the user includes the user account;
  • the account management terminal receives an authorization code sent by the identity verification server according to the authorization confirmation message.
  • the process of obtaining the user authorization by the identity verification server may be: the identity verification server sends a user authorization request message to the account management terminal, where the user authorization request message may be implemented in the form of a user authorization confirmation interface, and the user authorization confirmation interface may be displayed.
  • the user information may be information included in the privilege list.
  • the user may select some or all of the user information for authorization by means of a check, that is, the user inputs the authorization indication information.
  • the user authorization can also be implemented in a default manner, that is, in the initial application configuration, the user can set the authorization range.
  • the authorization confirmation message is automatically generated and sent to the identity verification server.
  • step A202 the account management terminal sends the authorization code to the
  • the application server can include:
  • the account management terminal sends the authorization code to the application client device in an NFC manner, so that the application client device sends the authorization code to the application server.
  • the callback address (CallbackURL) is simultaneously sent to the identity verification server, so that the identity verification server is
  • the account management terminal returns the authorization code, it returns together with the callback address, and the account management terminal can locally call according to the callback address, and the thread is started to execute the subsequent process.
  • the application client device may send an authorization code heterogeneous request message to the identity verification server to notify the identity verification server to return the authorization code after generating the authorization code.
  • the authorization code is not immediately returned to the application client device, but after receiving the authorization code sent by the account management terminal, the authorization code is sent to the application client device to respond to the authorization code.
  • the account management terminal sends the authorization code to the authentication server, the connection code can be sent at the same time, and the identity verification server matches the unanswered heterogeneous data request according to the connection code and performs corresponding processing.
  • the authentication server sends the authorization code to the application client device, and the application client device sends the authorization code to the application server, and the application server sends the authorization code to the identity verification server to obtain the access token, and the application server sends the application token.
  • the authentication server is authenticated. After the authentication is successful, the authentication server returns a user account to the application server to implement login. After the login is successful, the application server can notify the application client device to log in successfully.
  • the account management terminal can directly send the authorization code to the application client device by using the NFC method, and the application client device sends the authorization code to the application server, and the application server sends the authorization code to the identity verification.
  • the server obtains the access token, and the application server sends the application token to the authentication server for authentication.
  • the identity verification server returns a user account to the application server to implement the login.
  • the application server can notify the application client device to log in successfully.
  • FIG. 3 is a flowchart of another identity login method according to an embodiment of the present invention. As shown in Figure 3, The identity registration method provided in this embodiment may be implemented in conjunction with the identity registration method applied to the account management terminal, and the specific implementation process is not described herein.
  • the identity login method provided in this embodiment specifically includes:
  • Step B10 The identity verification server receives the user identity information sent by the account management terminal and application description information of the application server to be logged in the application client device.
  • Step B20 The identity verification server obtains a user authorization according to the user identity information and the application description information, and performs authentication on the application server. After the authentication succeeds, the user account corresponding to the account management terminal is located in the office. Log in on the application server.
  • the identity login method provided in this embodiment realizes unified management of the user account, and the user can complete the login process through the account management terminal without remembering the account password, thereby reducing the complexity of the user identity verification and avoiding multiple input.
  • the complexity of the operation and the risk of information leakage caused by the operation of the password account, the memory password account, and the registration of the new account improve the security of the network application.
  • FIG. 4 is a flowchart of another identity registration method according to an embodiment of the present invention.
  • the embodiment is based on the embodiment shown in FIG. 3.
  • the step B20 in the embodiment shown in FIG. 3 may specifically include:
  • Step B201 The identity verification server sends an authorization code to the account management terminal according to the user identity information and the application description information, so that the account management terminal sends the authorization code to the application server.
  • Step B202 The identity verification server sends an access token to the application server according to the authorization code provided by the application server, and logs the user account corresponding to the account management terminal on the application server.
  • step B201 the identity verification server sends an authorization code to the account management terminal according to the user identity information and the application description information, which may include:
  • the authentication server authenticates the user account according to the user identity information, and after the authentication succeeds, sends a user authorization request message to the account management terminal, and receives an authorization confirmation message sent by the account management terminal;
  • the identity verification server sends an authorization code to the account management terminal according to the authorization confirmation message.
  • step B202 may specifically include:
  • the identity verification server receives an identity authentication request message sent by the application server, where
  • the identity authentication request message carries the application identifier, the authorization code, and an application key; the identity verification server pairs the application server according to the application identifier, the authorization code, and the application key. After the authentication succeeds, the access token is sent to the application server;
  • the identity verification server receives an account acquisition request message sent by the application server, where the account acquisition request message carries the access token;
  • the identity verification service verifies the access token, and after the verification succeeds, sends the user account corresponding to the account management terminal to the application server.
  • the application server sends an identity authentication request message to the identity verification server, where the identity authentication request message carries information such as an authorization code, an application identifier, and an application key (AppSecret).
  • the authentication server authenticates the application server. If the authentication succeeds, the access token is sent to the application server.
  • the application server sends an account acquisition request message to the identity verification server, and carries an access token in the account acquisition request message to obtain a user account.
  • the authentication server verifies the access token. If the verification succeeds, the user account is returned to the application server to implement login.
  • the application server is a forum server, and a browser is set on the application client device, and the user can access the forum through a browser.
  • Step 1 After the user opens the forum login page through the browser, the browser sends an identifier acquisition request message to the identity verification server through the interface, and carries the URL of the forum server corresponding to the forum;
  • Step 2 The authentication server returns an identifier to the browser
  • Step 3 The browser sends an authorization code heterogeneous request message to the authentication server.
  • Step 4 The account management terminal scans the identification code displayed in the browser
  • Step 6 The account management terminal parses the identification code to obtain information such as a URL and a connection code (ConnectionCode);
  • Step 7 The account management terminal sends an application description information acquisition request message to the forum server according to the obtained URL;
  • Step 8 The forum server returns application description information to the account management terminal, where the application description information includes information such as an application identifier (AppID) and a user permission list (Scope);
  • AppID application identifier
  • Sccope user permission list
  • Step 9 The account management terminal sends an AppID, a Scope, a service token (ServiceToken), and a callback address (CallbackURL) to the identity verification server to the identity verification server;
  • AppID an AppID
  • Scope a service token
  • CallbackURL a callback address
  • Step 10 The identity verification server performs the validity check of the AppID, the Scope, and the ServiceToken, and returns a user authorization confirmation interface to the account management terminal after the verification succeeds;
  • Step 11 The account management terminal submits the user authorization (Option) and the device identifier (DevicelD) authorized by the user to the identity verification server according to the user input, to apply for an authorization code (AuthCode);
  • Step 12 The identity verification server checks DevicelD And generate a unique AuthCode, which is returned to the account management terminal according to the CallbackURL link;
  • Step 13 The account management terminal submits an AuthCode and a connection code (ConnectionCode) to the authentication server, and the command authentication server responds to the authorization code request initiated by the browser;
  • Step 14 The authentication server matches the unanswered heterogeneous data request according to the ConnectionCode, and sends an AuthCode to the browser.
  • Step 15 The browser initiates a connection to submit AuthCode to the forum server;
  • Step 16 The forum server extracts its own related data, and sends a token acquisition request message to the identity verification server, where the token acquisition request message carries an AuthCode, an AppID, and an application key (Ap Secret);
  • Step 17 The authentication server verifies the validity of the AuthCode, AppID, and AppSecret. If the verification succeeds, the access token (AccessToken) is returned to the forum server.
  • Step 18 The forum server sends an account acquisition request message to the identity verification server, where the account acquisition request message carries an AccessToken;
  • Step 19 The authentication server verifies the validity of the AccessToken. If the verification is successful, the user account (usemame) is returned to the forum server;
  • Step 20 The forum server submits the result of successful login to the browser, and the browser performs corresponding refresh processing of the application client device to end the login session.
  • the application server is a group purchase website server
  • the application client device is provided with a browser
  • the user can access the group purchase website through a browser.
  • the user can refer to Step 1 to Step 20 of the first application scenario, and replace the forum server in the above step with the group purchase website server, and details are not described herein.
  • Acode group purchase product ticket
  • Step 21 The user operates the group to purchase the product A through the browser, and the browser sends the operation information to the group purchase website server;
  • Step 22 The group purchase website server pushes the usemeame and the Acode of the group purchase product A to the authentication server;
  • FIG. 5 is a schematic structural diagram of an account management terminal according to an embodiment of the present invention. As shown in FIG. 5, the account management terminal provided in this embodiment may implement various steps of the identity registration method applied to the account management terminal provided by any embodiment of the present invention, and the specific implementation process is not described herein.
  • the account management terminal provided in this embodiment specifically includes:
  • the obtaining unit 11 is configured to obtain application description information of an application server to be logged in on the application client device;
  • the processing unit 12 is configured to send the user identity information and the application description information acquired by the obtaining unit 11 to the identity verification server, so that the identity verification server obtains user authorization, and authenticates the application server. And logging in the user account corresponding to the account management terminal on the application server.
  • the account management terminal provided in this embodiment realizes unified management of the user account, and the user can complete the login process through the account management terminal without remembering the account password, thereby reducing the complexity of the user identity verification and avoiding multiple input.
  • the complexity of the operation and the risk of information leakage caused by the operation of the password account, the memory password account, and the registration of the new account improve the security of the network application.
  • the acquiring unit 11 is specifically configured to: obtain, from the application client device, an address of the application server to be logged in on the application client device, according to an address of the application server, The application server obtains the application description information; or, the application description information of the application server to be logged in on the application client device is obtained from the application client device.
  • the acquiring unit 11 when the acquiring unit 11 obtains the address of the application server to be logged in on the application client device from the application client device, the acquiring unit may be specifically configured to:
  • identification code includes: a two-dimensional code, 3D code, color code, barcode, black and white code or bull's eye code; or
  • the NFC electronic tag is obtained from the application client device by the NFC mode, and the address of the application server to be logged in on the application client device is obtained from the NFC electronic tag.
  • the acquiring unit 11 may be configured to: scan the application when acquiring the application description information of the application server to be logged in on the application client device from the application client device.
  • the application description information of the application server to be logged in on the application client device is obtained in the NFC electronic tag.
  • processing unit 12 may be specifically configured to:
  • the processing unit 12 when the processing unit 12 sends the user identity information and the application description information to the identity verification server to obtain an authorization code, the processing unit 12 may be specifically configured to:
  • the application description information includes an application identifier and a user information permission list
  • Receiving an authorization indication message sending an authorization confirmation message to the identity verification server according to the authorization indication message, where the authorization confirmation message carries user information authorized by the user, and the user information authorized by the user is the user information. Part or all of the permission list, the user information authorized by the user includes the user account;
  • the processing unit 12 when the processing code is sent to the application server, the processing unit 12 may be specifically configured to: Sending the authorization code to the identity verification server, so that the identity verification server sends the authorization code to the application client device, and the application client device sends the authorization code to the Application server; or
  • FIG. 6 is a schematic structural diagram of an identity verification server according to an embodiment of the present invention.
  • the identity verification server provided in this embodiment may implement various steps of the identity registration method applied to the identity verification server provided by any embodiment of the present invention, and the specific implementation process is not described herein.
  • the identity verification server provided in this embodiment specifically includes:
  • the receiving unit 21 is configured to receive user identity information sent by the account management terminal and application description information of the application server to be logged in on the application client device;
  • the processing unit 22 is configured to acquire a user authorization according to the user identity information and the application description information received by the receiving unit 21, and perform authentication on the application server. After the authentication succeeds, the account management terminal is correspondingly The user account is logged in on the application server.
  • the identity verification server provided by the embodiment implements unified management of the user account, and the user can complete the login process through the account management terminal without remembering the account password, thereby reducing the complexity of the user identity verification and avoiding multiple input.
  • the complexity of operation and the risk of information leakage caused by password account, memory password account, and registration of new account have improved the security of network applications.
  • processing unit 22 may be specifically configured to:
  • the processing unit 22 when the processing unit 22 sends an authorization code to the account management terminal according to the user identity information and the application description information, the processing unit 22 may be specifically configured to:
  • the processing unit 22 sends an access token to the application server according to the authorization code provided by the application server, and the user account corresponding to the account management terminal is on the application server.
  • the processing unit 22 can be used to:
  • the user account corresponding to the account management terminal is sent to the application server.
  • FIG. 7 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention.
  • the account management terminal 700 provided in this embodiment may implement various steps of the identity login method applied to the account management terminal provided by any embodiment of the present invention, and the specific implementation process is not described herein.
  • the account management terminal 700 provided in this embodiment specifically includes: a processor 710, a communication interface 720, a memory 730, and a bus 740;
  • the processor 710, the communication interface 720, and the memory 730 are interconnected by the bus 740;
  • the memory 730 is configured to store instructions or data
  • the processor 710 invokes an instruction stored in the memory 730 to implement application description information of an application server to be logged on the application client device, and the user identity information and the application description information are communicated through the communication interface 720. Sending to the authentication server, the authentication server obtains the user authorization, and after authenticating the application server, logs the user account corresponding to the account management terminal on the application server.
  • the processor 710 is specifically configured to: obtain an address of the application server to be logged in the application client device from the application client device, and pass the address of the application server according to the address of the application server.
  • the communication interface 720 acquires the application description information from the application server; or acquires application description information of the application server to be logged in on the application client device from the application client device.
  • FIG. 8 is a schematic structural diagram of another account management terminal according to an embodiment of the present invention
  • FIG. 9 is a schematic diagram A schematic diagram of a fourth account management terminal structure provided by an embodiment of the invention.
  • the account management terminal 700 may further include: a scanner 750 or a short-range wireless communication NFC transmitter 760, and the scanner 750 or the NFC transmitter 760 passes
  • the bus 740 is interconnected with the processor 710.
  • FIG. 8 shows an implementation manner of setting the scanner 750 in the account management terminal
  • FIG. 9 shows an implementation manner of setting the NFC transmitter 760 in the account management terminal, and those skilled in the art can also set the same in the account management terminal as needed.
  • Scanner 750 and NFC transmitter 760 can also set the same in the account management terminal as needed.
  • the processor 710 When the processor 710 obtains the address of the application server to be logged in on the application client device from the application client device, the processor 710 may be specifically configured to:
  • the scanner 750 And scanning, by the scanner 750, an identifier displayed by the application client device, and acquiring, from the identifier, an address of the application server to be logged in the application client device;
  • the identifier includes: Code, 3D code, color code, barcode, black and white code or bull's eye code; or
  • the NFC electronic tag is obtained from the application client device by using the NFC transmitter 760, and the address of the application server to be logged in on the application client device is obtained from the NFC electronic tag.
  • the account management terminal 700 may further include: a scanner 750 or an NFC transmitter 760, wherein the scanner 750 or the NFC transmitter 760 is interconnected with the processor 710 via the bus 740;
  • the processor 710 may be specifically configured to:
  • the scanner 750 scans the identifier displayed by the application client device, and obtains the application description information of the application server to be logged in the application client device from the identifier; the identifier includes: QR code, 3D code, color code, barcode, black and white code or bull's eye code; or
  • the processor 710 may be specifically configured to:
  • the processor 710 when the processor 710 sends the user identity information and the application description information to the identity verification server to obtain an authorization code, the processor 710 may be specifically configured to:
  • the application description information includes an application identifier and a user information permission list; and receiving the identity by using the communication interface 720 Verify the user authorization request message sent by the server;
  • the authorization confirmation message carries user information authorized by the user, and the user authorized by the user The information is part or all of the user information permission list, and the user information authorized by the user includes the user account;
  • the account management terminal 700 may further include an NFC transmitter 760, and the NFC transmitter 760 is interconnected with the processor 710 via the bus 740;
  • the processor 710 is configured to: send, by using the communication interface 720, the authorization code to the identity verification server, when the authorization code is sent to the application server, so that the identity verification server Sending the authorization code to the application client device, and sending, by the application client device, the authorization code to the application server; or
  • FIG. 10 is a schematic structural diagram of another identity verification server according to an embodiment of the present invention.
  • the authentication server 800 provided in this embodiment may implement various steps of the identity registration method applied to the identity verification server according to any embodiment of the present invention. The specific implementation process is not described herein.
  • the identity verification server 800 provided in this embodiment specifically includes: a processor 810, a communication interface 820, a memory 830, and a bus 840;
  • processor 810 the communication interface 820, and the memory 830 pass the total Line 840 is interconnected;
  • the communication interface 820 is configured to receive user identity information sent by the account management terminal and application description information of the application server to be logged in on the application client device;
  • the memory 830 is configured to store instructions or data
  • the processor 810 invokes an instruction stored in the memory 830 to obtain a user authorization according to the user identity information and the application description information, and performs authentication on the application server. After the authentication succeeds, the account is used. The user account corresponding to the management terminal is logged in on the application server.
  • the processor 810 may be specifically configured to:
  • the processor 810 when the processor 810 sends an authorization code to the account management terminal according to the user identity information and the application description information, the processor 810 is specifically configured to:
  • an authorization code is sent to the account management terminal through the communication interface 820.
  • the processor 810 sends an access token to the application server according to the authorization code provided by the application server, and the user account corresponding to the account management terminal is on the application server.
  • the processor 810 When logging in, it is used to:
  • the authorization code and the application key are used to authenticate the application server, and after the authentication succeeds, the access token is sent to the application server through the communication interface 820;
  • the user account corresponding to the account management terminal is sent to the application server through the communication interface 820.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé et un dispositif de connexion selon l'identité. Le procédé de connexion selon l'identité consiste en ce que : un terminal de gestion de comptes acquiert des informations de description d'application relatives à un serveur d'application qui doit se connecter à un dispositif client d'application; et le terminal de gestion de comptes envoie des informations d'identité d'utilisateur et les informations de description d'application à un serveur d'authentification d'identité de sorte que le serveur d'authentification d'identité se connecte à un compte d'utilisateur correspondant au terminal de gestion de comptes sur le serveur d'application après qu'il a acquis une autorisation d'utilisateur et certifié le serveur d'application. Le procédé et le dispositif de connexion selon l'identité décrits dans les modes de réalisation de la présente invention accomplissent la gestion unifiée du compte de l'utilisateur, améliorant de cette façon la sécurité de l'application de réseau.
PCT/CN2013/077473 2013-06-19 2013-06-19 Procédé et dispositif de connexion selon l'identité WO2014201636A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201710349035.XA CN107070945B (zh) 2013-06-19 2013-06-19 身份登录方法及设备
CN201380000876.XA CN103609090B (zh) 2013-06-19 2013-06-19 身份登录方法及设备
PCT/CN2013/077473 WO2014201636A1 (fr) 2013-06-19 2013-06-19 Procédé et dispositif de connexion selon l'identité

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077473 WO2014201636A1 (fr) 2013-06-19 2013-06-19 Procédé et dispositif de connexion selon l'identité

Publications (1)

Publication Number Publication Date
WO2014201636A1 true WO2014201636A1 (fr) 2014-12-24

Family

ID=50126082

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/077473 WO2014201636A1 (fr) 2013-06-19 2013-06-19 Procédé et dispositif de connexion selon l'identité

Country Status (2)

Country Link
CN (2) CN107070945B (fr)
WO (1) WO2014201636A1 (fr)

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986720B (zh) 2014-05-26 2017-11-17 网之易信息技术(北京)有限公司 一种登录方法及装置
CN105323291A (zh) * 2014-08-04 2016-02-10 中兴通讯股份有限公司 移动应用统一登录处理方法及装置
CN105049410B (zh) * 2015-05-28 2018-08-07 北京奇艺世纪科技有限公司 一种账号登录方法、装置及***
CN104869175B (zh) * 2015-06-16 2018-07-27 腾讯科技(北京)有限公司 跨平台的账号资源共享实现方法、装置及***
CN104902028B (zh) * 2015-06-19 2019-02-15 广州密码科技有限公司 一种一键登录认证方法、装置及***
CN106603469B (zh) * 2015-10-16 2019-11-29 腾讯科技(深圳)有限公司 登录应用的方法和装置
CN105656922A (zh) * 2016-02-04 2016-06-08 腾讯科技(深圳)有限公司 一种应用程序的登录方法、装置及智能设备
CN106060032B (zh) * 2016-05-26 2019-11-15 深圳市中润四方信息技术有限公司 用户数据整合与再分配方法及***
CN105978994B (zh) * 2016-06-22 2019-01-18 武汉理工大学 一种面向Web***的登录方法
CN106791037B (zh) * 2016-11-30 2021-01-15 腾讯科技(深圳)有限公司 操作触发方法、***、移动终端及电磁场发生设备
CN106790240B (zh) * 2017-01-22 2021-04-23 常卫华 基于第三方认证的无密码登录方法、装置和***
CN106973041B (zh) * 2017-03-02 2019-10-08 飞天诚信科技股份有限公司 一种颁发身份认证凭据的方法、***及认证服务器
US10637664B2 (en) * 2017-07-14 2020-04-28 NortonLifeLock Inc. User-directed identity verification over a network
CN107437010A (zh) * 2017-07-25 2017-12-05 合肥红铭网络科技有限公司 一种基于nfc的服务器安全启动***
CN109753022A (zh) * 2017-11-07 2019-05-14 智能云科信息科技有限公司 一种机床操作权限管理方法、***、综合***及机床
CN108200089B (zh) * 2018-02-07 2022-06-07 腾讯云计算(北京)有限责任公司 信息安全的实现方法、装置、***以及存储介质
CN108768953B (zh) * 2018-05-03 2020-12-18 深圳市简工智能科技有限公司 调度过程的控制方法、服务器及存储介质
CN108830099A (zh) * 2018-05-04 2018-11-16 平安科技(深圳)有限公司 调用api接口的验证方法、装置、计算机设备和存储介质
CN110505184B (zh) * 2018-05-18 2022-02-22 深圳企业云科技股份有限公司 一种企业网盘安全登录认证***及方法
CN108959904A (zh) * 2018-06-14 2018-12-07 平安科技(深圳)有限公司 终端设备的应用登录方法及终端设备
CN109325339A (zh) * 2018-08-28 2019-02-12 北京点七二创意互动传媒文化有限公司 用于终端的交互方法以及终端
CN109274652B (zh) * 2018-08-30 2021-06-11 腾讯科技(深圳)有限公司 身份信息验证***、方法及装置及计算机存储介质
CN111107036B (zh) * 2018-10-25 2023-08-25 博泰车联网科技(上海)股份有限公司 登录方法、登录***、车载终端及计算机可读存储介质
TWI725352B (zh) 2018-11-05 2021-04-21 緯創資通股份有限公司 驗證及授權的方法及驗證伺服器
CN110401767B (zh) 2019-05-30 2021-08-31 华为技术有限公司 信息处理方法和设备
CN110311786A (zh) * 2019-06-19 2019-10-08 努比亚技术有限公司 一种数据传输方法、终端、服务器及计算机存储介质
CN110572388B (zh) * 2019-09-05 2022-01-04 北京宝兰德软件股份有限公司 对接统一认证服务器的方法及统一认证适配器
CN110913275B (zh) * 2019-11-19 2021-11-16 腾讯科技(深圳)有限公司 目标对象的属性信息添加方法、***及存储介质
CN111491295B (zh) * 2020-04-13 2024-02-27 佛山职业技术学院 基于nfc的身份授权及身份验证方法、装置和***
CN111596843A (zh) * 2020-04-29 2020-08-28 维沃移动通信有限公司 应用登录方法及第一电子设备、第二电子设备
CN111625810B (zh) * 2020-05-28 2023-09-05 百度在线网络技术(北京)有限公司 设备登录方法、设备及***
CN112929388B (zh) * 2021-03-10 2022-11-01 广东工业大学 网络身份跨设备应用快速认证方法和***、用户代理设备
CN113505353A (zh) * 2021-07-09 2021-10-15 绿盟科技集团股份有限公司 一种认证方法、装置、设备和存储介质
CN114978702B (zh) * 2022-05-24 2024-03-19 上海哔哩哔哩科技有限公司 账户管理方法、平台及***、计算设备和可读存储介质
CN115150154B (zh) * 2022-06-30 2023-05-26 深圳希施玛数据科技有限公司 用户登录认证方法及相关装置
CN115604039B (zh) * 2022-12-15 2023-03-10 江苏金智教育信息股份有限公司 一种第三方辅助身份验证的登录方法和***

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238007A (zh) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 第三方应用获得用户的会话令牌的方法、装置及***
CN102769531A (zh) * 2012-08-13 2012-11-07 鹤山世达光电科技有限公司 身份认证装置及其方法
CN102801713A (zh) * 2012-07-23 2012-11-28 中国联合网络通信集团有限公司 网站登录方法、***和访问管理平台
CN102868670A (zh) * 2011-07-08 2013-01-09 北京亿赞普网络技术有限公司 一种移动用户统一注册登录的***及注册、登录方法

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212457A (zh) * 2006-12-27 2008-07-02 鸿富锦精密工业(深圳)有限公司 网页权限管控***及方法
US7845558B2 (en) * 2007-09-28 2010-12-07 First Data Corporation Accessing financial accounts with 3D bar code
CN101217368A (zh) * 2007-12-29 2008-07-09 亿阳安全技术有限公司 一种网络登录***及其配置方法以及登录应用***的方法
CN102625297B (zh) * 2011-01-27 2016-01-13 腾讯科技(深圳)有限公司 用于移动终端的身份管理方法及装置
CN102497635B (zh) * 2011-11-28 2015-07-08 宇龙计算机通信科技(深圳)有限公司 服务器、终端和账户密码获取方法
JP2013114526A (ja) * 2011-11-30 2013-06-10 Hitachi Ltd ユーザ認証方法及びwebシステム
CN102685093B (zh) * 2011-12-08 2015-12-09 陈易 一种基于移动终端的身份认证***及方法
CN102638473B (zh) * 2012-05-04 2014-12-10 盛趣信息技术(上海)有限公司 一种用户数据授权方法、装置及***
US8332238B1 (en) * 2012-05-30 2012-12-11 Stoneeagle Services, Inc. Integrated payment and explanation of benefits presentation method for healthcare providers
CN102821104B (zh) * 2012-08-09 2014-04-16 腾讯科技(深圳)有限公司 授权的方法、装置和***
CN103023918B (zh) * 2012-12-26 2016-08-31 百度在线网络技术(北京)有限公司 为多个网络服务统一提供登录的方法、***和装置
CN103023919A (zh) * 2012-12-26 2013-04-03 百度在线网络技术(北京)有限公司 基于二维码的登录控制方法和***
CN103067381B (zh) * 2012-12-26 2015-11-25 百度在线网络技术(北京)有限公司 使用平台方账号登录第三方服务的方法、***和装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238007A (zh) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 第三方应用获得用户的会话令牌的方法、装置及***
CN102868670A (zh) * 2011-07-08 2013-01-09 北京亿赞普网络技术有限公司 一种移动用户统一注册登录的***及注册、登录方法
CN102801713A (zh) * 2012-07-23 2012-11-28 中国联合网络通信集团有限公司 网站登录方法、***和访问管理平台
CN102769531A (zh) * 2012-08-13 2012-11-07 鹤山世达光电科技有限公司 身份认证装置及其方法

Also Published As

Publication number Publication date
CN107070945B (zh) 2021-06-22
CN107070945A (zh) 2017-08-18
CN103609090A (zh) 2014-02-26
CN103609090B (zh) 2017-06-06

Similar Documents

Publication Publication Date Title
WO2014201636A1 (fr) Procédé et dispositif de connexion selon l'identité
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US10050952B2 (en) Smart phone login using QR code
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
US9781105B2 (en) Fallback identity authentication techniques
KR101214836B1 (ko) 인증 방법 및 그 시스템
US20160269181A1 (en) Method and Device for Information System Access Authentication
US20150222435A1 (en) Identity generation mechanism
US9979725B1 (en) Two-way authentication using two-dimensional codes
WO2015154488A1 (fr) Procédé et dispositif d'accès à un routeur
JP6141041B2 (ja) 情報処理装置及びプログラム、制御方法
JP4960738B2 (ja) 認証システム、認証方法および認証プログラム
US11165768B2 (en) Technique for connecting to a service
CN110336870A (zh) 远程办公运维通道的建立方法、装置、***及存储介质
CN115022047B (zh) 基于多云网关的账户登录方法、装置、计算机设备及介质
KR101133167B1 (ko) 보안이 강화된 사용자 인증 처리 방법 및 장치
KR20130078842A (ko) 이미지 코드와 일회용 패스워드를 이용한 이중 인증처리 서버와 기록매체
TWM635540U (zh) 使用者登入及權限管理之系統
KR102123405B1 (ko) 보안 회원가입 및 로그인 호스팅 서비스 제공 시스템 및 그 방법
KR101595099B1 (ko) 보안코드 서비스 제공 방법
CN114650142B (zh) 5g消息身份认证方法、***及计算机可读存储介质
KR20130024934A (ko) 스마트폰에서 음성정보를 이용한 일회용 패스워드 기반 사용자 인증 방법
KR20130093793A (ko) 이미지 코드를 이용한 로그인 인증 방법 및 시스템과 기록매체
US20240046252A1 (en) Device and systems for provisioning and verifying tokens with strong identity and strong authentication
WO2023288037A1 (fr) Dispositif et systèmes de mise à disposition à distance d'un profil sim avec une identité forte et une authentification forte

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13887580

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13887580

Country of ref document: EP

Kind code of ref document: A1