CN105790945B - An authentication method, device and system for realizing unique user identity authentication - Google Patents
An authentication method, device and system for realizing unique user identity authentication Download PDFInfo
- Publication number
- CN105790945B CN105790945B CN201410806348.XA CN201410806348A CN105790945B CN 105790945 B CN105790945 B CN 105790945B CN 201410806348 A CN201410806348 A CN 201410806348A CN 105790945 B CN105790945 B CN 105790945B
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- mobile terminal
- platform
- app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种实现用户唯一身份认证的认证方法,认证设备在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端,认证设备将唯一身份认证信息及APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用;本发明同时还公开了一种实现用户唯一身份认证的认证装置和系统。
The invention discloses an authentication method for realizing unique identity authentication of a user. After an authentication device is connected to a mobile terminal, it authenticates with an authentication platform. After passing the authentication, it logs in the client of the authentication device on the mobile terminal, and the authentication device The unique identity authentication information and APP application information are sent to the authentication platform, so that the authentication platform determines the identity identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP platform issues the corresponding login information to the client to log in the APP application; the present invention also discloses an authentication device and system for realizing unique user identity authentication.
Description
技术领域technical field
本发明涉及网络安全技术,尤其涉及一种实现用户唯一身份认证的认证方法、装置和系统。The invention relates to network security technology, in particular to an authentication method, device and system for realizing unique user identity authentication.
背景技术Background technique
当前运营商的移动终端认证体系多采用(全球)用户识别卡(U)SIM的认证,而该认证模式主要是针对用户卡的认证,在用户一机一卡的时代,(U)SIM卡认证较好的解决了“用户身份”认证问题。但随着用户多机多卡多号时代的到来,(U)SIM卡认证已无法解决“用户身份”认证的问题。网络需要一个全新的标识用户唯一身份的方法。The current mobile terminal authentication system of operators mostly adopts (global) subscriber identity card (U)SIM authentication, and this authentication mode is mainly for user card authentication. Better solved the "user identity" authentication problem. However, with the advent of the era of multi-device, multi-card and multi-number users, (U)SIM card authentication can no longer solve the problem of "user identity" authentication. The web needs a whole new way of uniquely identifying users.
此外,随着4G时代的到来,移动互联网行业进入了高速发展的阶段,智能终端(以下简称终端)上安装的各类APP也不断丰富着人们的工作生活。身份识别方式和认证系统层出不穷。很多常见热门APP都拥有大量的用户,且有各自独立的用户身份认证方案。根据用户使用习惯,用户需要记忆大量不同的个人账号信息,应用越多,用户记住相关用户名和密码的可能性就越低,这既浪费了网络资源,也给用户带来频繁记忆等不必要的麻烦。如何在保证用户的个人隐私的前提下实现快捷认证显得尤为重要。In addition, with the advent of the 4G era, the mobile Internet industry has entered a stage of rapid development, and various APPs installed on smart terminals (hereinafter referred to as terminals) are also continuously enriching people's work and life. Identification methods and authentication systems emerge in endlessly. Many common popular apps have a large number of users and have their own independent user identity authentication schemes. According to user usage habits, users need to memorize a large number of different personal account information. The more applications there are, the less likely users are to remember relevant user names and passwords. This not only wastes network resources, but also brings unnecessary frequent memory to users. Trouble. How to realize fast authentication under the premise of ensuring the user's personal privacy is particularly important.
当前的互联网应用的认证系统不能解决用户快捷认证的需要。如即时通信平台、社交平台等业务为确保安全性,在用户重装系统或更换手机重新登录时,需要用户重新注册或登录。当用户经常使用某应用而已忘记密码时,找回密码的方式也会降低用户的体验。The current authentication system for Internet applications cannot solve the needs of users for fast authentication. To ensure security, such as instant messaging platforms, social platforms, etc., users need to re-register or log in when users reinstall the system or change mobile phones to log in again. When the user frequently uses an application and forgets the password, the method of retrieving the password will also reduce the user experience.
发明内容Contents of the invention
为解决现有存在的技术问题,本发明主要提供一种实现用户唯一身份认证的认证方法、装置和系统。In order to solve the existing technical problems, the present invention mainly provides an authentication method, device and system for realizing unique user identity authentication.
本发明的技术方案是这样实现的:Technical scheme of the present invention is realized like this:
本发明提供一种实现用户唯一身份认证的认证方法,该方法包括:The present invention provides an authentication method for realizing unique identity authentication of a user, and the method includes:
认证设备在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端;After the authentication device is connected to the mobile terminal, it authenticates with the authentication platform, and after passing the authentication, logs in to the client of the authentication device on the mobile terminal;
认证设备将唯一身份认证信息及APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用。The authentication device sends the unique identity authentication information and the information of the APP application to the authentication platform, so that the authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP platform issues a corresponding The login information to the client is used to log in to the APP.
上述方案中,该方法还包括:认证设备存储认证平台为认证设备分配的设备ID值,并将签约信息存储到认证平台,还通过与认证平台交互设定密码。In the above solution, the method further includes: the authentication device stores the device ID value assigned by the authentication platform to the authentication device, stores the signing information on the authentication platform, and sets a password through interaction with the authentication platform.
上述方案中,所述与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端,包括:认证设备接收用户输入的密码,向认证平台发送携带设备ID值和密码的第一认证请求,接收认证平台根据设备ID值和密码的认证结果,在认证结果为认证通过时,在移动终端当前程序中查找对应的客户端,如果找到,则登录认证设备的客户端,如果没找到,则运行客户端的安装包,安装成功后,登录认证设备的客户端。In the above solution, the authentication with the authentication platform is performed, and after the authentication is passed, logging in to the client of the authentication device on the mobile terminal includes: the authentication device receives the password input by the user, and sends a message carrying the device ID value and password to the authentication platform. The first authentication request is to receive the authentication result of the authentication platform according to the device ID value and password. When the authentication result is that the authentication is passed, search for the corresponding client in the current program of the mobile terminal. If found, log in to the client of the authentication device. If If not found, run the installation package of the client. After the installation is successful, log in to the client of the authentication device.
上述方案中,所述认证设备将唯一身份认证信息及APP应用的信息发送给认证平台,包括:认证设备通过移动终端显示当前是否为绑定的移动终端的提示,当收到为绑定的移动终端的选择时,认证设备向认证平台发送第二认证请求,所述第二认证请求携带设备ID值和/或当前移动终端号码、及使用认证设备认证的APP应用的信息,所述认证设备还对设备ID值和/或当前移动终端号码、及所述APP应用的信息进行加密;当收到不为绑定的移动终端的选择时,显示是否绑定当前移动终端的提示,当收到绑定当前移动终端的选择时,认证设备获取当前移动终端的用户识别卡SIM中的国际移动用户识别码IMSI号或移动终端号码,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值、所述IMSI号或移动终端号码、绑定指示、及所述APP应用的信息;当收到不绑定当前移动终端的选择时,认证设备向认证平台发送第二认证请求,所述第二认证请求携带设备ID值及所述APP应用的信息。In the above solution, the authentication device sends the unique identity authentication information and APP application information to the authentication platform, including: the authentication device displays a prompt whether it is currently a bound mobile terminal through the mobile terminal, and when receiving a bound mobile terminal When selecting a terminal, the authentication device sends a second authentication request to the authentication platform, the second authentication request carries the device ID value and/or the current mobile terminal number, and the information of the APP application authenticated by the authentication device, and the authentication device also Encrypt the device ID value and/or current mobile terminal number, and the information of the APP application; when receiving the selection of a mobile terminal that is not bound, display a prompt whether to bind the current mobile terminal; When selecting the current mobile terminal, the authentication device obtains the IMSI number or mobile terminal number in the subscriber identity card SIM of the current mobile terminal, and sends a second authentication request to the authentication platform, and the second authentication request carries the device ID value, the IMSI number or mobile terminal number, binding indication, and information of the APP application; when receiving the selection of not binding the current mobile terminal, the authentication device sends a second authentication request to the authentication platform, and the The second authentication request carries the device ID value and the APP application information.
上述方案中,该方法还包括:In the above-mentioned scheme, the method also includes:
认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果第二认证请求中不携带绑定指示、且有移动终端号码,则向所述APP平台发送所述移动终端号码及APP应用的信息;When the authentication platform determines that the identification information shared with the corresponding APP application is the mobile terminal number according to the information of the APP application carried in the second authentication request, if the second authentication request does not carry a binding instruction and has a mobile terminal number, then send the The APP platform sends the information of the mobile terminal number and APP application;
如果第二认证请求中不携带绑定指示、且没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding indication, and there is no mobile terminal number and IMSI number, find the corresponding bound mobile terminal number in the subscription information through the carried device ID value, and send the mobile terminal number to the APP platform. Describe the mobile terminal number and APP application information;
如果第二认证请求中不携带绑定指示、且没有移动终端号码但有IMSI号,则通过所述IMSI号向归属用户服务器HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding instruction, and there is no mobile terminal number but an IMSI number, then use the IMSI number to search the corresponding mobile terminal number from the home subscriber server HSS, and after finding the corresponding mobile terminal number, Send the mobile terminal number and the information of the APP application to the APP platform;
如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;If the binding instruction is carried in the second authentication request, store the carried mobile terminal number in the subscription information corresponding to the device ID value, and send the mobile terminal number and APP application information to the APP platform, or, through The IMSI number searches for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, stores the mobile terminal number in the contract information corresponding to the device ID value, and sends the mobile terminal number and APP application information;
所述APP平台根据APP应用的信息查找到对应APP应用的所述移动终端号码的登录信息,将所述登录信息转发给认证平台,所述认证平台将所述登录信息下发到对应的客户端,用于所述APP应用的登录。The APP platform finds the login information of the mobile terminal number corresponding to the APP application according to the information of the APP application, forwards the login information to the authentication platform, and the authentication platform sends the login information to the corresponding client , used to log in the APP.
上述方案中,该方法还包括:In the above-mentioned scheme, the method also includes:
认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给所述APP平台;所述APP平台根据所述APP应用的信息查找到对应APP应用的所述设备ID值的登录信息,将所述登录信息转发给认证平台,所述认证平台将所述登录信息下发到对应的客户端,用于所述APP应用的登录。When the authentication platform determines that the identity information shared with the corresponding APP application is the device ID value according to the information of the APP application carried in the second authentication request, it sends the device ID value and the information of the APP application carried in the second authentication request to the APP. platform; the APP platform finds the login information corresponding to the device ID value of the APP application according to the information of the APP application, forwards the login information to the authentication platform, and the authentication platform sends the login information to The corresponding client is used for logging in the APP.
上述方案中,所述APP平台包括:运营商自有的APP应用的平台和第三方APP应用的平台。In the above solution, the APP platform includes: an operator's own APP application platform and a third-party APP application platform.
本发明提供一种实现用户唯一身份认证的认证方法,该方法包括:The present invention provides an authentication method for realizing unique identity authentication of a user, and the method includes:
认证设备的客户端在认证设备与认证平台认证通过后允许登录,在客户端界面显示与认证设备绑定的APP应用的列表,在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台下载并安装所述APP应用的安装包;The client of the authentication device is allowed to log in after the authentication device and the authentication platform are authenticated, and the client interface displays a list of APP applications bound to the authentication device. After receiving the message that the user clicks on the APP application in the list, confirm The mobile terminal does not have the APP installed, and the installation package of the APP is downloaded and installed through the authentication platform;
认证设备的客户端接收APP平台通过认证平台下发的所述APP应用对应的登录信息,调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求。The client of the authentication device receives the login information corresponding to the APP application issued by the APP platform through the authentication platform, calls the interface of the APP application, puts the login information into the APP application, and sends the APP application to the APP application. The platform initiates a login request.
上述方案中,该方法还包括:所述认证设备的客户端记录APP应用对应的登录信息,在认证设备与移动终端连接,并再次启动所述APP应用时,所述认证设备的客户端直接将登录信息置入所述APP应用。In the above solution, the method further includes: the client of the authentication device records the login information corresponding to the APP application, and when the authentication device is connected to the mobile terminal and starts the APP application again, the client of the authentication device directly records the The login information is put into the APP application.
上述方案中,该方法还包括:所述认证设备的客户端在检测到认证设备与移动终端断开连接时,清除移动终端中与所述认证设备相关的所有操作信息。In the solution above, the method further includes: when the client of the authentication device detects that the authentication device is disconnected from the mobile terminal, clearing all operation information related to the authentication device in the mobile terminal.
本发明提供一种实现用户唯一身份认证的认证方法,该方法包括:The present invention provides an authentication method for realizing unique identity authentication of a user, and the method includes:
认证平台对连接到移动终端的认证设备进行认证,在认证通过后,认证平台接收唯一身份认证信息及APP应用的信息;The authentication platform authenticates the authentication device connected to the mobile terminal. After the authentication is passed, the authentication platform receives the unique identity authentication information and APP application information;
认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,用于登录所述APP应用。The authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and forwards the corresponding login information issued by the APP platform to the client of the authentication device for logging into the APP application .
上述方案中,所述认证平台对连接到移动终端的认证设备进行认证包括:In the above solution, the authentication platform for authenticating the authentication device connected to the mobile terminal includes:
认证平台存储认证设备的签约信息,通过与认证设备交互设定认证设备的密码,接收认证设备发送的携带设备ID值和密码的第一认证请求,根据设备ID值和密码对所述认证设备进行认证。The authentication platform stores the signing information of the authentication device, interacts with the authentication device to set the password of the authentication device, receives the first authentication request carrying the device ID value and password sent by the authentication device, and performs authentication on the authentication device according to the device ID value and password. certified.
上述方案中,所述认证平台接收唯一身份认证信息及APP应用的信息包括:认证平台接收认证设备发送的携带唯一身份认证信息及APP应用的信息的第二认证请求,所述唯一身份认证信息包括:认证设备的设备ID值和/或移动终端号码。In the above solution, the authentication platform receiving unique identity authentication information and APP application information includes: the authentication platform receiving a second authentication request that carries unique identity authentication information and APP application information sent by an authentication device, and the unique identity authentication information includes : The device ID value and/or mobile terminal number of the authenticated device.
上述方案中,所述认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,包括:In the above solution, the authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and forwards the corresponding login information issued by the APP platform to the client of the authentication device, including :
认证平台接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果第二认证请求中不携带绑定指示、且有移动终端号码,则向所述APP平台发送所述移动终端号码及APP应用的信息;When the authentication platform receives the second authentication request sent by the authentication device, and according to the APP application information carried in the second authentication request, determines that the identity information shared with the corresponding APP application is the mobile terminal number, if the second authentication request does not carry the binding Instruct and have a mobile terminal number, then send the mobile terminal number and APP application information to the APP platform;
如果第二认证请求中不携带绑定指示、且没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding indication, and there is no mobile terminal number and IMSI number, find the corresponding bound mobile terminal number in the subscription information through the carried device ID value, and send the mobile terminal number to the APP platform. Describe the mobile terminal number and APP application information;
如果第二认证请求中不携带绑定指示、且没有移动终端号码但有IMSI号,则通过所述IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding instruction and does not have a mobile terminal number but has an IMSI number, use the IMSI number to search for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, send to the The APP platform sends the information of the mobile terminal number and APP application;
如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;If the binding instruction is carried in the second authentication request, store the carried mobile terminal number in the subscription information corresponding to the device ID value, and send the mobile terminal number and APP application information to the APP platform, or, through The IMSI number searches for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, stores the mobile terminal number in the contract information corresponding to the device ID value, and sends the mobile terminal number and APP application information;
APP平台根据所述APP应用的信息查找到对应APP应用的所述移动终端号码的登录信息,认证平台接收所述APP平台发送的所述登录信息,将所述登录信息下发到认证设备的客户端。The APP platform finds the login information of the mobile terminal number corresponding to the APP application according to the information of the APP application, the authentication platform receives the login information sent by the APP platform, and sends the login information to the client of the authentication device end.
上述方案中,所述认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,包括:认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给所述APP平台;所述APP平台根据所述APP应用的信息查找到对应APP应用的所述设备ID值的登录信息,认证平台接收所述APP平台发送的所述登录信息,将所述登录信息下发到认证设备的客户端。In the above solution, the authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and forwards the corresponding login information issued by the APP platform to the client of the authentication device, including : The authentication platform sends the device ID value and APP application information carried in the second authentication request to the APP platform; the APP platform finds the login information corresponding to the device ID value of the APP application according to the information of the APP application, the authentication platform receives the login information sent by the APP platform, and sends the login information to the client side of the authenticated device.
上述方案中,该方法还包括:认证平台接收到客户端的下载APP应用的安装包的申请后,将所述APP应用的安装包在云存储中的下载地址返回给所述客户端。In the above solution, the method further includes: after the authentication platform receives the application from the client for downloading the installation package of the APP application, returning the download address of the installation package of the APP application in the cloud storage to the client.
本发明提供一种认证设备,该认证设备包括:设备认证模块、APP认证模块;其中,The present invention provides an authentication device, which includes: a device authentication module and an APP authentication module; wherein,
设备认证模块,用于在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端;The device authentication module is used to authenticate with the authentication platform after being connected to the mobile terminal, and log in to the client of the authentication device on the mobile terminal after passing the authentication;
APP认证模块,用于将唯一身份认证信息及APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用。The APP authentication module is used to send the unique identity authentication information and APP application information to the authentication platform, so that the authentication platform determines the identity identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP The platform issues corresponding login information to the client for logging into the APP.
上述方案中,所述设备认证模块,具体用于接收用户输入的密码,向认证平台发送携带设备ID值和密码的第一认证请求,接收认证平台根据设备ID值和密码的认证结果,在认证结果为认证通过时,在移动终端当前程序中查找对应的客户端,如果找到,则登录认证设备的客户端,如果没找到,则运行客户端的安装包,安装成功后,登录认证设备的客户端。In the above solution, the device authentication module is specifically configured to receive the password input by the user, send the first authentication request carrying the device ID value and password to the authentication platform, and receive the authentication result of the device ID value and password according to the authentication platform. When the result is that the authentication is passed, search for the corresponding client in the current program of the mobile terminal. If found, log in to the client of the authentication device. If not, run the installation package of the client. After the installation is successful, log in to the client of the authentication device. .
上述方案中,所述APP认证模块,具体用于通过移动终端显示当前是否为绑定的移动终端的提示,当收到为绑定的移动终端的选择时,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值和/或当前移动终端号码、及使用认证设备认证的APP应用的信息;当收到不为绑定的移动终端的选择时,显示是否绑定当前移动终端的提示,当收到绑定当前移动终端的选择时,获取当前移动终端的SIM卡中的IMSI号或移动终端号码,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值、所述IMSI号或移动终端号码、绑定指示、及所述APP应用的信息;当收到不绑定当前移动终端的选择时,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值及所述APP应用的信息。In the above solution, the APP authentication module is specifically used to display a prompt of whether the mobile terminal is currently a bound mobile terminal through the mobile terminal, and when receiving the selection of the bound mobile terminal, send a second authentication request to the authentication platform, The second authentication request carries the device ID value and/or the current mobile terminal number, and the information of the APP application authenticated by the authentication device; when receiving the selection of a mobile terminal that is not bound, it displays whether to bind the current mobile terminal prompt, when receiving the option to bind the current mobile terminal, obtain the IMSI number or mobile terminal number in the SIM card of the current mobile terminal, and send a second authentication request to the authentication platform, and the second authentication request carries the device ID value , the IMSI number or mobile terminal number, the binding indication, and the information of the APP application; when receiving an option not to bind the current mobile terminal, send a second authentication request to the authentication platform, and the second authentication request Carry the device ID value and the information of the APP application.
本发明提供一种客户端,该客户端包括:界面模块、下载模块、登录模块;其中,The present invention provides a client, which includes: an interface module, a download module, and a login module; wherein,
界面模块,用于在认证设备与认证平台认证通过后允许登录,在客户端界面显示与认证设备绑定的APP应用的列表;The interface module is used to allow login after the authentication device and the authentication platform pass the authentication, and display a list of APP applications bound to the authentication device on the client interface;
下载模块,用于在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台下载并安装所述APP应用的安装包;The download module is used to determine that the mobile terminal has not installed the APP application after receiving the message that the user clicks on the APP application in the list, and download and install the installation package of the APP application through the authentication platform;
登录模块,用于接收APP平台通过认证平台下发的所述APP应用对应的登录信息,调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求。The login module is used to receive the login information corresponding to the APP application issued by the APP platform through the authentication platform, call the interface of the APP application, put the login information into the APP application, and send the APP application to the APP application by the APP application. The platform initiates a login request.
上述方案中,该客户端还包括:信息存储模块,用于记录APP应用对应的登录信息,在认证设备与移动终端连接,并再次启动所述APP应用时,直接将所述登录信息发送给登录模块。In the above solution, the client further includes: an information storage module, configured to record the login information corresponding to the APP application, and when the authentication device is connected to the mobile terminal and the APP application is started again, the login information is directly sent to the login module.
上述方案中,该客户端还包括:信息清除模块,用于在检测到认证设备与移动终端断开连接时,清除移动终端中与所述认证设备相关的所有操作信息。In the solution above, the client further includes: an information clearing module, configured to clear all operation information related to the authentication device in the mobile terminal when it is detected that the authentication device is disconnected from the mobile terminal.
本发明提供一种认证平台,该认证平台包括:第一认证模块、第二认证模块;其中,The present invention provides an authentication platform, which includes: a first authentication module and a second authentication module; wherein,
第一认证模块,用于对连接到移动终端的认证设备进行认证;The first authentication module is used for authenticating the authentication device connected to the mobile terminal;
第二认证模块,用于接收唯一身份认证信息及APP应用的信息,根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,用于登录所述APP应用。The second authentication module is used to receive the unique identity authentication information and the information of the APP application, determine the identity identification information shared with the APP application according to the unique identity authentication information, and send it to the APP platform, and send the corresponding login information issued by the APP platform. The information is forwarded to the client of the authentication device for logging into the APP.
上述方案中,该认证平台还包括:签约信息存储模块,用于存储认证设备的签约信息。In the above solution, the authentication platform further includes: a contract information storage module, configured to store the contract information of the authentication device.
上述方案中,所述第一认证模块,具体用于通过与认证设备交互设定认证设备的密码,接收认证设备发送的携带设备ID值和密码的第一认证请求,根据设备ID值和密码对所述认证设备进行认证。In the above solution, the first authentication module is specifically configured to interact with the authentication device to set the password of the authentication device, receive the first authentication request carrying the device ID value and password sent by the authentication device, and pair the The authentication device performs authentication.
上述方案中,所述第二认证模块,具体用于接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果第二认证请求中不携带绑定指示、且有移动终端号码,则向APP平台发送所述移动终端号码及APP应用的信息;In the above solution, the second authentication module is specifically configured to receive the second authentication request sent by the authentication device, and determine that the identification information shared with the corresponding APP application is the mobile terminal number according to the information of the APP application carried in the second authentication request. , if the second authentication request does not carry a binding indication and has a mobile terminal number, then send the mobile terminal number and APP application information to the APP platform;
如果第二认证请求中不携带绑定指示、且没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding indication, and there is no mobile terminal number and IMSI number, find the corresponding bound mobile terminal number in the subscription information through the carried device ID value, and send the mobile terminal number to the APP platform. Describe the mobile terminal number and APP application information;
如果第二认证请求中不携带绑定指示、且没有移动终端号码但有IMSI号,则通过所述IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;If the second authentication request does not carry a binding instruction and does not have a mobile terminal number but has an IMSI number, use the IMSI number to search for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, send to the The APP platform sends the information of the mobile terminal number and APP application;
如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;If the binding instruction is carried in the second authentication request, store the carried mobile terminal number in the subscription information corresponding to the device ID value, and send the mobile terminal number and APP application information to the APP platform, or, through The IMSI number searches for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, stores the mobile terminal number in the contract information corresponding to the device ID value, and sends the mobile terminal number and APP application information;
之后,接收所述APP平台发送的对应APP应用的所述移动终端号码的登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录。Afterwards, receiving the login information of the mobile terminal number corresponding to the APP application sent by the APP platform, and sending the login information to the client of the authentication device for the login of the APP application.
上述方案中,所述第二认证模块,具体用于接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给APP平台;接收所述APP平台发送的对应APP应用的所述设备ID值的登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录。In the above solution, the second authentication module is specifically configured to receive the second authentication request sent by the authentication device, and determine the identity information shared with the corresponding APP application as the device ID value according to the information of the APP application carried in the second authentication request. , send the device ID value and APP application information carried in the second authentication request to the APP platform; receive the login information of the device ID value corresponding to the APP application sent by the APP platform, and send the login information to The client side of the authentication device is used for the login of the APP application.
上述方案中,该认证平台还包括:云存储模块,用于存储客户端显示的APP应用的安装包,在接收到客户端的下载APP应用的安装包的申请后,将所述APP应用的安装包在云存储中的下载地址返回给所述客户端。In the above solution, the authentication platform further includes: a cloud storage module, which is used to store the installation package of the APP application displayed by the client, after receiving the application from the client for downloading the installation package of the APP application, the installation package of the APP application The download address in cloud storage is returned to the client.
上述方案中,该认证平台还包括:HSS查询模块,用于根据IMSI号查找对应的移动终端号码。In the above solution, the authentication platform further includes: an HSS query module, which is used to search for the corresponding mobile terminal number according to the IMSI number.
本发明提供一种实现用户唯一身份认证的认证系统,该系统包括:认证设备、客户端、认证平台;其中,The present invention provides an authentication system for realizing unique user identity authentication, the system includes: an authentication device, a client, and an authentication platform; wherein,
认证设备,用于在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端,以及将唯一身份认证信息及APP应用的信息发送给认证平台;The authentication device is used to authenticate with the authentication platform after connecting to the mobile terminal, log in to the client of the authentication device on the mobile terminal after the authentication is passed, and send the unique identity authentication information and APP application information to the authentication platform ;
客户端,用于显示与认证设备绑定的APP应用的列表,在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台下载并安装所述APP应用的安装包;接收APP平台通过认证平台下发的所述APP应用对应的登录信息;调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求;The client is used to display a list of APP applications bound to the authentication device. After receiving the message that the user clicks on the APP application in the list, it is determined that the APP application is not installed on the mobile terminal, and the APP application is downloaded and installed through the authentication platform. The installation package of the APP application; receiving the login information corresponding to the APP application issued by the APP platform through the authentication platform; calling the interface of the APP application, putting the login information into the APP application, and the APP application Initiate a login request to the APP platform;
认证平台,用于对连接到移动终端的认证设备进行认证,在认证通过后,接收唯一身份认证信息及APP应用的信息,根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端。The authentication platform is used to authenticate the authentication device connected to the mobile terminal. After the authentication is passed, it receives the unique identity authentication information and the information of the APP application, and determines the identity identification information shared with the APP application according to the unique identity authentication information, and Send it to the APP platform, and forward the corresponding login information issued by the APP platform to the client of the authentication device.
本发明提供了一种实现用户唯一身份认证的认证方法、装置和系统,认证设备在连接到移动终端后,与认证平台进行认证,在认证通过后,登录认证设备的客户端,认证设备将唯一身份认证信息及APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用;如此,实现了认证设备与认证平台之间的认证,并成功解决了认证平台与其他APP平台之间的认证信息交互共享问题,较好的解决了用户使用多APP时,需要频繁输入登录信息的问题,能够保证登录信息的安全和用户隐私不受侵犯,并避免了用户会忘记密码的问题。The present invention provides an authentication method, device and system for realizing the user's unique identity authentication. After the authentication device is connected to the mobile terminal, it authenticates with the authentication platform. Identity authentication information and APP application information are sent to the authentication platform, so that the authentication platform determines the identity identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP platform sends the corresponding login information to The client is used to log in the APP application; in this way, the authentication between the authentication device and the authentication platform is realized, and the problem of interactive sharing of authentication information between the authentication platform and other APP platforms is successfully solved, which is a better solution It solves the problem that users need to frequently input login information when using multiple APPs, ensures the security of login information and the privacy of users, and avoids the problem that users will forget their passwords.
附图说明Description of drawings
图1为本发明实施例一实现用户唯一身份认证的认证方法的流程示意图;FIG. 1 is a schematic flow diagram of an authentication method for realizing unique user identity authentication according to Embodiment 1 of the present invention;
图2为本发明实施例二实现用户唯一身份认证的认证方法的流程示意图;FIG. 2 is a schematic flowchart of an authentication method for realizing unique user identity authentication in Embodiment 2 of the present invention;
图3为本发明实施例三实现用户唯一身份认证的认证方法的流程示意图;FIG. 3 is a schematic flowchart of an authentication method for realizing unique user identity authentication in Embodiment 3 of the present invention;
图4为本发明实施例四提供的认证设备的组成结构示意图;FIG. 4 is a schematic diagram of the composition and structure of the authentication device provided by Embodiment 4 of the present invention;
图5为本发明实施例五提供的客户端的组成结构示意图;FIG. 5 is a schematic diagram of the composition and structure of the client provided by Embodiment 5 of the present invention;
图6为本发明实施例六提供的认证平台的组成结构示意图;FIG. 6 is a schematic diagram of the composition and structure of the authentication platform provided by Embodiment 6 of the present invention;
图7为本发明实施例七实现用户唯一身份认证的认证系统的组成结构示意图。FIG. 7 is a schematic diagram of the composition and structure of an authentication system for implementing unique user identity authentication according to Embodiment 7 of the present invention.
具体实施方式Detailed ways
本发明实施例中,认证设备在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端,认证设备将唯一身份认证信息及APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用。这里,所述认证设备可以是“和”键。In the embodiment of the present invention, after the authentication device is connected to the mobile terminal, it authenticates with the authentication platform. After passing the authentication, it logs in to the client of the authentication device on the mobile terminal, and the authentication device sends the unique identity authentication information and the information of the APP application Send it to the authentication platform, so that the authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP platform sends the corresponding login information to the client for login The APP application. Here, the authentication device may be an "and" key.
下面通过附图及具体实施例对本发明做进一步的详细说明。The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
实施例一Embodiment one
本实施例一种实现用户唯一身份认证的认证方法,如图1所示,该方法包括以下几个步骤:A kind of authentication method that realizes user's unique identity authentication in this embodiment, as shown in Figure 1, this method comprises the following several steps:
步骤101:认证设备连接到移动终端;Step 101: the authentication device is connected to the mobile terminal;
具体的,认证设备可通过耳机插孔或USB接口与移动终端连接,在支持无线接入时,也可以通过蓝牙、WiFi等短距技术与移动终端连接;Specifically, the authentication device can be connected to the mobile terminal through an earphone jack or a USB interface, and can also be connected to the mobile terminal through short-distance technologies such as Bluetooth and WiFi when wireless access is supported;
这里,所述认证设备具备硬件加密和计算的能力,至少可以提供按键触控、声纹录入、指纹识别等多种操作方式,并可与移动终端键盘和对应客户端结合,提供密码输入能力;Here, the authentication device has hardware encryption and calculation capabilities, and can at least provide multiple operation modes such as key touch, voiceprint entry, and fingerprint recognition, and can be combined with a mobile terminal keyboard and a corresponding client to provide password input capabilities;
所述认证设备内置配套客户端的安装包,配套客户端支持登录输密界面、支持存储用户APP使用情况记录、支持呈现与认证设备有合作或绑定关系的APP应用列表以及其他所需的绑定操作的功能。The authentication device has a built-in installation package of the supporting client, and the supporting client supports logging into the password input interface, supports storing user APP usage records, supports presenting a list of APP applications that have a cooperative or binding relationship with the authentication device, and other required bindings function of the operation.
在本步骤之前,该方法还包括:用户在购买认证设备时,认证设备存储认证平台为认证设备分配的设备ID值,并将签约信息存储到认证平台,所述签约信息包括:用户真实姓名、身份信息、设备ID值、用户所需绑定的移动终端号码等,其中,移动终端号码可以有多个,有多个时,需指定主号码,认证设备还通过与认证平台交互设定密码,所述密码可以是声纹、指纹、数字、字符等;Before this step, the method also includes: when the user purchases the authentication device, the authentication device stores the device ID value assigned by the authentication platform to the authentication device, and stores the signing information on the authentication platform, and the signing information includes: the user's real name, Identity information, device ID value, mobile terminal number to be bound by the user, etc. Among them, there can be multiple mobile terminal numbers. If there are multiple mobile terminal numbers, the main number needs to be specified. The authentication device also sets a password through interaction with the authentication platform. The password can be voiceprint, fingerprint, number, character, etc.;
所述设备ID值可以选择为手机号码形式的ID值或随机序列的ID值,若选择手机号码形式的ID值,并绑定了一个主号码时,设备ID值将成为用户的副号码,用户可选择是否接收所述副号码的来电或短信(一般短信默认必选),当认证平台所属的运营商与APP应用的APP平台合作时,若用户未告知APP平台所述APP应用绑定的主号码时,所述副号码将作为与所述APP应用共享的身份识别信息,可方便用户在后续使用过程中,接收APP应用向副号码发送的短信或来电,如:短信密码验证等信息。The device ID value can be selected as an ID value in the form of a mobile phone number or a random sequence of ID values. If the ID value in the form of a mobile phone number is selected and a primary number is bound, the device ID value will become the user's secondary number. You can choose whether to receive calls or text messages from the secondary number (normal text messages must be selected by default). When the operator of the authentication platform cooperates with the APP platform of the APP application, if the user does not inform the APP platform number, the secondary number will be used as identification information shared with the APP application, which can facilitate the user to receive text messages or incoming calls sent by the APP application to the secondary number during subsequent use, such as SMS password verification and other information.
步骤102:认证设备与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端;Step 102: the authentication device authenticates with the authentication platform, and logs in to the client of the authentication device on the mobile terminal after passing the authentication;
具体的,认证设备连接到移动终端后,接收用户输入的密码,向认证平台发送携带设备ID值和密码的第一认证请求,接收认证平台根据设备ID值和密码的认证结果,在认证结果为认证通过时,在移动终端当前程序中查找对应的客户端,如果找到,则登录认证设备的客户端,如果没找到,则运行认证设备内置的客户端的安装包,安装成功后,登录认证设备的客户端。这里,所述认证设备还可以对第一认证请求中的设备ID值和密码进行加密,加密后将所述第一认证请求发送给认证平台。所述用户输入的密码可以是认证设备连接到移动终端后在移动终端界面显示输入密码窗口,由用户在移动终端上输入密码,或者,用户通过认证设备提供的按键触控、声纹录入、指纹识别等多种操作方式输入密码;所述登录是指利用认证设备的ID值登录到认证设备的客户端。Specifically, after the authentication device is connected to the mobile terminal, it receives the password input by the user, sends the first authentication request carrying the device ID value and password to the authentication platform, and receives the authentication result of the authentication platform based on the device ID value and password. When the authentication is passed, search for the corresponding client in the current program of the mobile terminal. If found, log in to the client of the authentication device. If not found, run the installation package of the built-in client of the authentication device. client. Here, the authentication device may also encrypt the device ID value and password in the first authentication request, and send the first authentication request to the authentication platform after encryption. The password input by the user may be that after the authentication device is connected to the mobile terminal, the password input window is displayed on the mobile terminal interface, and the user enters the password on the mobile terminal, or the user touches the keys provided by the authentication device, enters the voiceprint, or fingerprints. Inputting passwords in various operation modes such as identification; the login refers to logging in to the client side of the authentication device using the ID value of the authentication device.
步骤103:当启动APP应用并选择使用认证设备认证时,认证设备将唯一身份认证信息及所述APP应用的信息发送给认证平台;Step 103: When starting the APP application and choosing to use the authentication device for authentication, the authentication device sends the unique identity authentication information and the information of the APP application to the authentication platform;
本步骤中,所述唯一身份认证信息包括:设备ID值和/或移动终端号码;In this step, the unique identity authentication information includes: device ID value and/or mobile terminal number;
所述认证设备还可以对唯一身份认证信息及所述APP应用的信息进行加密,加密后发送给认证平台;The authentication device can also encrypt the unique identity authentication information and the information of the APP application, and send it to the authentication platform after encryption;
所述APP应用包括:客户端呈现的APP应用和桌面上其他非客户端呈现的APP应用;所述客户端呈现的APP应用为客户端记录的已经与认证设备绑定的APP应用;The APP application includes: the APP application presented by the client and other non-client presented APP applications on the desktop; the APP application presented by the client is the APP application recorded by the client and bound to the authentication device;
具体的,当启动APP应用并选择使用认证设备认证时,认证设备通过移动终端显示当前是否为绑定的移动终端的提示,当收到为绑定的移动终端的选择时,认证设备向认证平台发送第二认证请求,所述第二认证请求携带设备ID值和/或当前移动终端号码、及所述APP应用的信息,所述认证设备还可以对设备ID值和/或当前移动终端号码、及所述APP应用的信息进行加密;当收到不为绑定的移动终端的选择时,显示是否绑定当前移动终端的提示,当收到绑定当前移动终端的选择时,认证设备获取当前移动终端的SIM卡中的IMSI号或移动终端号码,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值、所述IMSI号或移动终端号码、绑定指示、及所述APP应用的信息;当收到不绑定当前移动终端的选择时,认证设备向认证平台发送第二认证请求,所述第二认证请求携带设备ID值及所述APP应用的信息。Specifically, when the APP application is started and the authentication device is selected for authentication, the authentication device will display a prompt indicating whether it is currently a bound mobile terminal through the mobile terminal. Send a second authentication request, the second authentication request carries the device ID value and/or the current mobile terminal number, and the information of the APP application, and the authentication device can also check the device ID value and/or the current mobile terminal number, and the information of the APP application is encrypted; when receiving the selection of a mobile terminal that is not bound, a prompt indicating whether to bind the current mobile terminal is displayed; when receiving the selection of binding the current mobile terminal, the authentication device obtains the current The IMSI number or mobile terminal number in the SIM card of the mobile terminal sends a second authentication request to the authentication platform, and the second authentication request carries the device ID value, the IMSI number or mobile terminal number, a binding indication, and the APP application information; when receiving the selection of not binding the current mobile terminal, the authentication device sends a second authentication request to the authentication platform, and the second authentication request carries the device ID value and the information of the APP application.
步骤104:认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录APP应用;Step 104: The authentication platform determines the identification information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and the APP platform sends corresponding login information to the client for logging into the APP application;
这里,所述共享的身份识别信息为认证平台与APP应用约定的与用户的登录信息对应的身份识别信息,如:移动终端号码、设备ID值等;Here, the shared identification information is identification information corresponding to the user's login information agreed upon by the authentication platform and the APP application, such as: mobile terminal number, device ID value, etc.;
具体的,认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果不携带绑定指示的第二认证请求中有移动终端号码,则向所述APP平台发送所述移动终端号码及APP应用的信息;如果不携带绑定指示的第二认证请求中没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;如果不携带绑定指示的第二认证请求中没有移动终端号码但有IMSI号,则通过所述IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;然后,所述APP平台根据所述APP应用的信息查找到对应APP应用的所述移动终端号码的登录信息,将所述登录信息转发给认证平台,所述认证平台将所述登录信息下发到对应的客户端,用于所述APP应用的登录;Specifically, when the authentication platform determines that the identification information shared with the corresponding APP application is the mobile terminal number according to the APP application information carried in the second authentication request, if the mobile terminal number is included in the second authentication request that does not carry the binding instruction, Then send the mobile terminal number and APP application information to the APP platform; if there is no mobile terminal number and IMSI number in the second authentication request that does not carry the binding indication, then the carried device ID value is included in the subscription information Find the corresponding bound mobile terminal number, and send the mobile terminal number and APP application information to the APP platform; if there is no mobile terminal number but an IMSI number in the second authentication request that does not carry the binding indication, then pass The IMSI number searches the HSS for the corresponding mobile terminal number, and after finding the corresponding mobile terminal number, sends the mobile terminal number and APP application information to the APP platform; if the second authentication request carries a binding indication , then store the carried mobile terminal number into the subscription information corresponding to the device ID value, send the mobile terminal number and APP application information to the APP platform, or search the corresponding mobile terminal number from the HSS through the IMSI number , after finding the corresponding mobile terminal number, storing the mobile terminal number in the contract information corresponding to the device ID value, and sending the mobile terminal number and APP application information to the APP platform; then, the APP The platform finds the login information of the mobile terminal number corresponding to the APP application according to the information of the APP application, forwards the login information to the authentication platform, and the authentication platform sends the login information to the corresponding client, For the login of the APP application;
认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给所述APP平台;所述APP平台根据所述APP应用的信息查找到对应APP应用的所述设备ID值的登录信息,将所述登录信息转发给认证平台,所述认证平台将所述登录信息下发到对应的客户端,用于所述APP应用的登录。When the authentication platform determines that the identity information shared with the corresponding APP application is the device ID value according to the information of the APP application carried in the second authentication request, it sends the device ID value and the information of the APP application carried in the second authentication request to the APP. platform; the APP platform finds the login information corresponding to the device ID value of the APP application according to the information of the APP application, forwards the login information to the authentication platform, and the authentication platform sends the login information to The corresponding client is used for logging in the APP.
这里,所述APP平台包括:运营商自有的APP应用的平台和第三方APP应用的平台。Here, the APP platform includes: an operator's own APP platform and a third-party APP platform.
实施例二Embodiment two
本实施例一种实现用户唯一身份认证的认证方法,如图2所示,该方法包括以下几个步骤:A kind of authentication method that realizes user's unique identity authentication in this embodiment, as shown in Figure 2, this method comprises the following several steps:
步骤201:认证设备的客户端在认证设备与认证平台认证通过后允许登录,在客户端界面显示与认证设备绑定的APP应用的列表,在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台下载并安装所述APP应用的安装包;Step 201: The client of the authentication device is allowed to log in after the authentication device and the authentication platform pass the authentication, and the client interface displays a list of APP applications bound to the authentication device, and receives a message that the user clicks on the APP application in the list After that, it is determined that the mobile terminal has not installed the APP application, and the installation package of the APP application is downloaded and installed through the authentication platform;
具体的,认证设备的客户端在认证设备与移动终端连接并与认证平台认证通过后允许登录,在客户端界面显示与认证设备绑定的APP应用的列表,在收到用户点击所述列表中的APP应用的消息后,在当前移动终端查找是否安装有所述APP应用,在确定没有安装所述APP应用时,向认证平台申请下载所述APP应用的安装包,接收认证平台返回的所述APP应用的安装包在云存储中的下载地址,通过所述下载地址下载并安装所述APP应用;所述与认证设备绑定的APP应用的列表包含运营商自有APP应用,如:飞信、139邮箱、和彩云等,也可根据合作情况包含第三方APP应用,如:微信、微博等,用户可根据自己需求,勾选运营商自有APP应用或与运营商有合作的第三方APP应用,加入所述列表,用户也可以添加新的APP应用到列表,所述新的APP应用需要与认证平台、认证设备预先绑定共享的身份识别信息,如:移动终端号码、设备ID值等。Specifically, the client of the authentication device allows login after the authentication device is connected to the mobile terminal and passed the authentication with the authentication platform, and displays a list of APP applications bound to the authentication device on the client interface. After the message of the APP application, check whether the APP application is installed in the current mobile terminal, and when it is determined that the APP application is not installed, apply to the authentication platform for downloading the installation package of the APP application, and receive the return of the APP application from the authentication platform. The download address of the installation package of the APP application in the cloud storage, download and install the APP application through the download address; the list of APP applications bound to the authentication device includes the operator's own APP applications, such as: Fetion, 139 Mailbox, He Caiyun, etc. can also include third-party APP applications according to the cooperation situation, such as: WeChat, Weibo, etc. Users can check the operator's own APP application or the third-party APP that has cooperated with the operator according to their own needs Application, adding to the list, the user can also add a new APP application to the list, the new APP application needs to be pre-bound with the authentication platform and authentication equipment to share identification information, such as: mobile terminal number, device ID value, etc. .
本步骤中,如果认证设备的客户端确定移动终端已经安装用户点击的APP应用或确定用户点击非客户端显示的APP应用,则直接执行步骤202。In this step, if the client side of the authentication device determines that the mobile terminal has installed the APP application clicked by the user or determines that the user clicks the APP application not displayed on the client side, step 202 is directly performed.
步骤202:认证设备的客户端接收APP平台通过认证平台下发的所述APP应用对应的登录信息;Step 202: The client of the authentication device receives the login information corresponding to the APP application issued by the APP platform through the authentication platform;
步骤203:认证设备的客户端调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求;Step 203: The client of the authentication device invokes the interface of the APP application, puts the login information into the APP application, and the APP application initiates a login request to the APP platform;
该方法还包括:所述认证设备的客户端记录APP应用对应的登录信息,在认证设备与移动终端连接,并再次启动所述APP应用时,所述认证设备的客户端直接将登录信息置入所述APP应用;The method also includes: the client of the authentication device records the login information corresponding to the APP application, and when the authentication device is connected to the mobile terminal and starts the APP application again, the client of the authentication device directly puts the login information into The APP application;
另外,所述认证设备的客户端在检测到认证设备与移动终端断开连接时,清除移动终端中与所述认证设备相关的所有操作信息,这样,用户在借用他人手机,暂时使用自己的业务时,他人手机里不留使用痕迹。In addition, when the client of the authentication device detects that the authentication device is disconnected from the mobile terminal, it clears all operation information related to the authentication device in the mobile terminal. When using it, there will be no traces of use in other people's mobile phones.
实施例三Embodiment three
本实施例一种实现用户唯一身份认证的认证方法,如图3所示,该方法包括以下几个步骤:A kind of authentication method of this embodiment realizes user's unique identity authentication, as shown in Figure 3, this method comprises the following several steps:
步骤301:认证平台对连接到移动终端的认证设备进行认证;Step 301: the authentication platform authenticates the authentication device connected to the mobile terminal;
具体的,认证平台存储用户在购买认证设备时的签约信息,所述签约信息包括:用户真实姓名、身份信息、设备ID值、用户所需绑定的移动终端号码等,认证平台通过与认证设备交互设定认证设备的密码,接收认证设备发送的携带设备ID值和密码的第一认证请求,根据设备ID值和密码对所述认证设备进行认证。Specifically, the authentication platform stores the signing information of the user when purchasing the authentication device. The signing information includes: the user's real name, identity information, device ID value, mobile terminal number to be bound by the user, etc. Set the password of the authentication device interactively, receive the first authentication request carrying the device ID value and password sent by the authentication device, and authenticate the authentication device according to the device ID value and password.
本步骤中,当第一认证请求中设备ID值和密码被加密时,认证平台还根据预先约定的加密方式进行解密。In this step, when the device ID value and password in the first authentication request are encrypted, the authentication platform also decrypts it according to the pre-agreed encryption method.
步骤302:在认证通过后,认证平台接收唯一身份认证信息及APP应用的信息;Step 302: After passing the authentication, the authentication platform receives the unique identity authentication information and APP application information;
本步骤中,所述唯一身份认证信息包括:设备ID值和/或移动终端号码;In this step, the unique identity authentication information includes: device ID value and/or mobile terminal number;
所述认证平台接收认证设备发送的携带唯一身份认证信息及APP应用的信息的第二认证请求;The authentication platform receives the second authentication request sent by the authentication device and carries unique identity authentication information and APP application information;
当所述唯一身份认证信息及所述APP应用的信息被加密时,认证平台还根据预先约定的加密方式进行解密。When the unique identity authentication information and the APP application information are encrypted, the authentication platform also decrypts them according to the pre-agreed encryption method.
步骤303:认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,用于登录所述APP应用。Step 303: The authentication platform determines the identity information shared with the APP application according to the unique identity authentication information, and sends it to the APP platform, and forwards the corresponding login information issued by the APP platform to the client of the authentication device for logging in to the APP platform. Describe the APP application.
这里,所述共享的身份识别信息为认证平台与APP应用约定的与用户的登录信息对应的身份识别信息,如:移动终端号码、设备ID值等;Here, the shared identification information is identification information corresponding to the user's login information agreed upon by the authentication platform and the APP application, such as: mobile terminal number, device ID value, etc.;
具体的,认证平台接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果第二认证请求中不携带绑定指示、且有移动终端号码,则向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中不携带绑定指示、且没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中不携带绑定指示、且没有移动终端号码但有IMSI号,则通过所述IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;然后,所述APP平台根据所述APP应用的信息查找到对应APP应用的所述移动终端号码的登录信息,认证平台接收所述APP平台发送的所述登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录;Specifically, when the authentication platform receives the second authentication request sent by the authentication device, and determines that the identification information shared with the corresponding APP application is the mobile terminal number according to the APP application information carried in the second authentication request, if the second authentication request does not include Carry a binding indication and have a mobile terminal number, then send the mobile terminal number and APP application information to the APP platform; if the second authentication request does not carry a binding indication, and there is no mobile terminal number and IMSI number, Then find the corresponding bound mobile terminal number in the subscription information through the carried device ID value, and send the mobile terminal number and APP application information to the APP platform; if the second authentication request does not carry the binding indication , and there is no mobile terminal number but an IMSI number, then use the IMSI number to search the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, send the mobile terminal number and the APP application to the APP platform information; if the second authentication request carries a binding instruction, then store the carried mobile terminal number in the contract information corresponding to the device ID value, and send the mobile terminal number and APP application information to the APP platform, Or, search the HSS for the corresponding mobile terminal number through the IMSI number, and after finding the corresponding mobile terminal number, store the mobile terminal number in the subscription information corresponding to the device ID value, and send the mobile terminal number to the APP platform. terminal number and APP application information; then, the APP platform finds the login information of the mobile terminal number corresponding to the APP application according to the APP application information, and the authentication platform receives the login information sent by the APP platform, Sending the login information to the client of the authentication device for the login of the APP application;
认证平台根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给所述APP平台;所述APP平台根据所述APP应用的信息查找到对应APP应用的所述设备ID值的登录信息,认证平台接收所述APP平台发送的所述登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录。When the authentication platform determines that the identity information shared with the corresponding APP application is the device ID value according to the information of the APP application carried in the second authentication request, it sends the device ID value and the information of the APP application carried in the second authentication request to the APP. platform; the APP platform finds the login information corresponding to the device ID value of the APP application according to the information of the APP application, the authentication platform receives the login information sent by the APP platform, and sends the login information to The client side of the authentication device is used for the login of the APP application.
本实施例的方法还包括:认证平台接收到客户端的下载APP应用的安装包的申请后,将所述APP应用的安装包在云存储中的下载地址返回给所述客户端。The method in this embodiment further includes: after the authentication platform receives the application from the client for downloading the installation package of the APP application, returning the download address of the installation package of the APP application in the cloud storage to the client.
实施例四Embodiment four
本实施例提供一种认证设备,如图4所示,该认证设备包括:设备认证模块41、APP认证模块42;其中,This embodiment provides an authentication device. As shown in FIG. 4 , the authentication device includes: a device authentication module 41 and an APP authentication module 42; wherein,
设备认证模块41,用于认证设备在连接到移动终端后,与认证平台进行认证,在认证通过后,登录移动终端上所述认证设备的客户端;The device authentication module 41 is used for authenticating the device after it is connected to the mobile terminal, and authenticates with the authentication platform, and after the authentication is passed, logs in the client of the authentication device on the mobile terminal;
APP认证模块42,用于当启动APP应用并选择使用认证设备认证时,将唯一身份认证信息及所述APP应用的信息发送给认证平台,以使认证平台根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,由APP平台下发对应的登录信息到所述客户端,用于登录所述APP应用。The APP authentication module 42 is used to send the unique identity authentication information and the information of the APP application to the authentication platform when starting the APP application and selecting to use the authentication device for authentication, so that the authentication platform determines the identity authentication information with the APP according to the unique identity authentication information. The identification information shared by the application is sent to the APP platform, and the APP platform sends the corresponding login information to the client for logging into the APP.
所述设备认证模块41,具体用于接收用户输入的密码,向认证平台发送携带设备ID值和密码的第一认证请求,接收认证平台根据设备ID值和密码的认证结果,在认证结果为认证通过时,在移动终端当前程序中查找对应的客户端,如果找到,则登录认证设备的客户端,如果没找到,则运行认证设备内置的客户端的安装包,安装成功后,登录认证设备的客户端。这里,所述设备认证模块41还可以对第一认证请求中的设备ID值和密码进行加密,加密后将所述第一认证请求发送给认证平台。The device authentication module 41 is specifically used to receive the password input by the user, send the first authentication request carrying the device ID value and the password to the authentication platform, receive the authentication result of the authentication platform according to the device ID value and the password, and verify that the authentication result is an authentication result. When passing, search for the corresponding client in the current program of the mobile terminal. If found, log in to the client of the authentication device. If not found, run the installation package of the built-in client of the authentication device. After successful installation, log in to the client of the authentication device. end. Here, the device authentication module 41 may also encrypt the device ID value and password in the first authentication request, and send the first authentication request to the authentication platform after encryption.
所述唯一身份认证信息包括:设备ID值和/或移动终端号码;The unique identity authentication information includes: device ID value and/or mobile terminal number;
所述APP认证模块42,具体用于当启动APP应用并选择使用认证设备认证时,通过移动终端显示当前是否为绑定的移动终端的提示,当收到为绑定的移动终端的选择时,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值和/或当前移动终端号码、及所述APP应用的信息,所述APP认证模块42还可以对设备ID值和/或当前移动终端号码、及所述APP应用的信息进行加密;当收到不为绑定的移动终端的选择时,显示是否绑定当前移动终端的提示,当收到绑定当前移动终端的选择时,获取当前移动终端的SIM卡中的IMSI号或移动终端号码,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值、所述IMSI号或移动终端号码、绑定指示、及所述APP应用的信息;当收到不绑定当前移动终端的选择时,向认证平台发送第二认证请求,所述第二认证请求携带设备ID值及所述APP应用的信息。The APP authentication module 42 is specifically used for when starting the APP application and selecting to use the authentication device for authentication, displaying through the mobile terminal whether it is currently a bound mobile terminal prompt, when receiving the selection of the bound mobile terminal, Send the second authentication request to the authentication platform, the second authentication request carries the device ID value and/or the current mobile terminal number and the information of the APP application, and the APP authentication module 42 can also perform the device ID value and/or Encrypt the current mobile terminal number and the information of the APP application; when receiving the selection of a mobile terminal that is not bound, display a prompt whether to bind the current mobile terminal, and when receiving the selection of binding the current mobile terminal , obtaining the IMSI number or mobile terminal number in the SIM card of the current mobile terminal, and sending a second authentication request to the authentication platform, the second authentication request carrying the device ID value, the IMSI number or mobile terminal number, binding indication, and the information of the APP application; when receiving an option not to bind the current mobile terminal, send a second authentication request to the authentication platform, the second authentication request carrying the device ID value and the information of the APP application.
实施例五Embodiment five
本实施例实现一种客户端,如图5所示,该客户端包括:界面模块51、下载模块52、登录模块53;其中,This embodiment implements a client, as shown in Figure 5, the client includes: an interface module 51, a download module 52, a login module 53; wherein,
界面模块51,用于在认证设备与认证平台认证通过后允许登录,在客户端界面显示与认证设备绑定的APP应用的列表;The interface module 51 is used to allow login after the authentication device and the authentication platform pass the authentication, and display a list of APP applications bound to the authentication device on the client interface;
下载模块52,用于在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台下载并安装所述APP应用的安装包;The download module 52 is used to determine that the mobile terminal does not install the APP application after receiving the message that the user clicks on the APP application in the list, and download and install the installation package of the APP application through the authentication platform;
登录模块53,用于接收APP平台通过认证平台下发的所述APP应用对应的登录信息,调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求;The login module 53 is configured to receive the login information corresponding to the APP application issued by the APP platform through the authentication platform, call the interface of the APP application, put the login information into the APP application, and send the APP application to the APP application. The APP platform initiates a login request;
该客户端还包括:信息存储模块54,用于记录APP应用对应的登录信息,在认证设备与移动终端连接,并再次启动所述APP应用时,直接将所述登录信息发送给登录模块53;The client also includes: an information storage module 54, which is used to record the login information corresponding to the APP application, and when the authentication device is connected to the mobile terminal and starts the APP application again, the login information is directly sent to the login module 53;
该客户端还包括:信息清除模块55,用于在检测到认证设备与移动终端断开连接时,清除移动终端中与所述认证设备相关的所有操作信息,这样,用户在借用他人手机,暂时使用自己的业务时,他人手机里不留使用痕迹。The client also includes: an information clearing module 55, which is used to clear all operation information related to the authentication device in the mobile terminal when it is detected that the authentication device is disconnected from the mobile terminal. When using your own business, there will be no traces of use on other people's mobile phones.
实施例六Embodiment six
本实施例还提供一种认证平台,如图6所示,该认证平台包括:第一认证模块61、第二认证模块62;其中,This embodiment also provides an authentication platform, as shown in Figure 6, the authentication platform includes: a first authentication module 61, a second authentication module 62; wherein,
第一认证模块61,用于对连接到移动终端的认证设备进行认证;The first authentication module 61 is used for authenticating the authentication device connected to the mobile terminal;
第二认证模块62,用于接收唯一身份认证信息及APP应用的信息,根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备的客户端,用于登录所述APP应用;The second authentication module 62 is used to receive the unique identity authentication information and the information of the APP application, determine the identity identification information shared with the APP application according to the unique identity authentication information, and send it to the APP platform, and send the corresponding information issued by the APP platform. The login information is forwarded to the client of the authentication device for logging into the APP;
所述APP应用包括:客户端呈现的APP应用和桌面上其他非客户端呈现的APP应用;所述客户端呈现的APP应用为客户端记录的已经与认证设备绑定的APP应用;The APP application includes: the APP application presented by the client and other non-client presented APP applications on the desktop; the APP application presented by the client is the APP application recorded by the client and bound to the authentication device;
所述唯一身份认证信息包括:设备ID值和/或移动终端号码;The unique identity authentication information includes: device ID value and/or mobile terminal number;
该认证平台还包括:签约信息存储模块63,用于存储用户在购买认证设备时的签约信息,所述签约信息包括:用户真实姓名、身份信息、设备ID值、用户所需绑定的移动终端号码等;The authentication platform also includes: a subscription information storage module 63, which is used to store the subscription information of the user when purchasing the authentication device. The subscription information includes: the user's real name, identity information, device ID value, and the mobile terminal that the user needs to bind number, etc.;
所述第一认证模块61,具体用于通过与认证设备交互设定认证设备的密码,接收认证设备发送的携带设备ID值和密码的第一认证请求,根据设备ID值和密码对所述认证设备进行认证;The first authentication module 61 is specifically configured to interact with the authentication device to set the password of the authentication device, receive the first authentication request carrying the device ID value and password sent by the authentication device, and perform the authentication according to the device ID value and password. The device is authenticated;
所述第二认证模块62,具体用于接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为移动终端号码时,如果第二认证请求中不携带绑定指示、且有移动终端号码,则向APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中不携带绑定指示、且没有移动终端号码和IMSI号,则通过所携带的设备ID值在签约信息中查找到对应绑定的移动终端号码,向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中不携带绑定指示、且没有移动终端号码但有IMSI号,则通过所述IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,向所述APP平台发送所述移动终端号码及APP应用的信息;如果第二认证请求中携带绑定指示,则将所携带的移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息,或者,通过IMSI号向HSS查找对应的移动终端号码,在查找到对应的移动终端号码后,将所述移动终端号码存入设备ID值对应的签约信息中,向所述APP平台发送所述移动终端号码及APP应用的信息;然后,接收所述APP平台发送的对应APP应用的所述移动终端号码的登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录;The second authentication module 62 is specifically configured to receive the second authentication request sent by the authentication device, and determine that the identification information shared with the corresponding APP application is the mobile terminal number according to the information of the APP application carried in the second authentication request, if The second authentication request does not carry a binding instruction and has a mobile terminal number, then send the mobile terminal number and APP application information to the APP platform; if the second authentication request does not carry a binding instruction and does not have a mobile terminal number and IMSI number, find the corresponding bound mobile terminal number in the subscription information through the carried device ID value, and send the mobile terminal number and APP application information to the APP platform; if the second authentication request does not Carry the binding instruction and have no mobile terminal number but have an IMSI number, then use the IMSI number to search for the corresponding mobile terminal number from the HSS, and after finding the corresponding mobile terminal number, send the mobile terminal number to the APP platform number and APP application information; if the second authentication request carries a binding instruction, then store the carried mobile terminal number in the contract information corresponding to the device ID value, and send the mobile terminal number and APP to the APP platform application information, or search the corresponding mobile terminal number from the HSS through the IMSI number, and after finding the corresponding mobile terminal number, store the mobile terminal number in the subscription information corresponding to the device ID value, and send the mobile terminal number to the APP platform Send the mobile terminal number and APP application information; then, receive the login information of the mobile terminal number corresponding to the APP application sent by the APP platform, and send the login information to the client of the authentication device for The login of the APP application;
所述第二认证模块62,具体用于接收认证设备发送的第二认证请求,根据第二认证请求携带的APP应用的信息,确定与相应APP应用共享的身份识别信息为设备ID值时,将第二认证请求携带的设备ID值及APP应用的信息发送给APP平台;接收所述APP平台发送的对应APP应用的所述设备ID值的登录信息,将所述登录信息下发到认证设备的客户端,用于所述APP应用的登录。The second authentication module 62 is specifically configured to receive the second authentication request sent by the authentication device, and when determining that the identification information shared with the corresponding APP application is the device ID value according to the information of the APP application carried in the second authentication request, set Send the device ID value and APP application information carried by the second authentication request to the APP platform; receive the login information of the device ID value corresponding to the APP application sent by the APP platform, and send the login information to the authentication device The client is used for logging in the APP.
所述APP平台包括:运营商自有的APP应用的平台和第三方APP应用的平台;The APP platform includes: an operator's own APP application platform and a third-party APP application platform;
该认证平台还包括:云存储模块64,用于存储客户端显示的APP应用的安装包,在接收到客户端的下载APP应用的安装包的申请后,将所述APP应用的安装包在云存储中的下载地址返回给所述客户端;The authentication platform also includes: a cloud storage module 64, which is used to store the installation package of the APP application displayed by the client. After receiving the application for downloading the installation package of the APP application from the client, the installation package of the APP application is stored in the cloud storage The download address in is returned to the client;
该认证平台还包括:HSS查询模块65,用于根据IMSI号查找对应的移动终端号码。The authentication platform also includes: an HSS query module 65, which is used to search the corresponding mobile terminal number according to the IMSI number.
实施例七Embodiment seven
本实施例一种实现用户唯一身份认证的认证系统,如图7所示,该系统包括:认证设备71、客户端72、认证平台73;其中,In this embodiment, an authentication system for realizing unique identity authentication of a user, as shown in FIG. 7 , the system includes: an authentication device 71, a client 72, and an authentication platform 73; wherein,
认证设备71,用于在连接到移动终端后,与认证平台73进行认证,在认证通过后,登录移动终端上所述认证设备的客户端72,以及将唯一身份认证信息及所述APP应用的信息发送给认证平台73;The authentication device 71 is used to authenticate with the authentication platform 73 after being connected to the mobile terminal, log in the client 72 of the authentication device on the mobile terminal after the authentication is passed, and pass the unique identity authentication information and the APP application The information is sent to the authentication platform 73;
客户端72设置在移动终端上,用于显示与认证设备71绑定的APP应用的列表,在收到用户点击所述列表中的APP应用的消息后,确定移动终端没有安装所述APP应用,通过认证平台73下载并安装所述APP应用的安装包;接收APP平台通过认证平台73下发的所述APP应用对应的登录信息;调用所述APP应用的接口,将所述登录信息置入所述APP应用,由所述APP应用向APP平台发起登录请求;The client 72 is set on the mobile terminal and is used to display the list of APP applications bound to the authentication device 71. After receiving the message that the user clicks on the APP application in the list, it is determined that the APP application is not installed in the mobile terminal, Download and install the installation package of the APP application through the authentication platform 73; receive the login information corresponding to the APP application issued by the APP platform through the authentication platform 73; call the interface of the APP application, and put the login information into the The APP application, the APP application initiates a login request to the APP platform;
认证平台73,用于对连接到移动终端的认证设备进行认证,在认证通过后,接收唯一身份认证信息及APP应用的信息,根据所述唯一身份认证信息确定与APP应用共享的身份识别信息,并发送给APP平台,将APP平台下发的对应的登录信息转发到认证设备71的客户端72;The authentication platform 73 is used to authenticate the authentication device connected to the mobile terminal. After the authentication is passed, it receives the unique identity authentication information and the information of the APP application, and determines the identification information shared with the APP application according to the unique identity authentication information. And send it to the APP platform, and forward the corresponding login information issued by the APP platform to the client 72 of the authentication device 71;
所述认证设备71具有图4所示的具体结构,所述客户端72具有图5所示的具体结构,认证平台73具有图6所示的具体结构,这里不再重复描述。The authentication device 71 has a specific structure shown in FIG. 4 , the client 72 has a specific structure shown in FIG. 5 , and the authentication platform 73 has a specific structure shown in FIG. 6 , which will not be described again here.
通过本发明实施例提供的认证设备、客户端、及认证平台,实现了认证设备与认证平台之间的认证,并成功解决了认证平台与其他APP平台之间的认证信息交互共享问题,较好的解决了用户使用多APP时,需要频繁输入登录信息的问题,能够保证登录信息的安全和用户隐私不受侵犯。Through the authentication device, client, and authentication platform provided by the embodiment of the present invention, the authentication between the authentication device and the authentication platform is realized, and the problem of interactive sharing of authentication information between the authentication platform and other APP platforms is successfully solved, preferably It solves the problem that users need to frequently input login information when using multiple APPs, and can ensure the security of login information and the privacy of users from being violated.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above description is only a preferred embodiment of the present invention, and is not used to limit the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included in the within the protection scope of the present invention.
Claims (30)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410806348.XA CN105790945B (en) | 2014-12-22 | 2014-12-22 | An authentication method, device and system for realizing unique user identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410806348.XA CN105790945B (en) | 2014-12-22 | 2014-12-22 | An authentication method, device and system for realizing unique user identity authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105790945A CN105790945A (en) | 2016-07-20 |
| CN105790945B true CN105790945B (en) | 2019-09-03 |
Family
ID=56386360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410806348.XA Active CN105790945B (en) | 2014-12-22 | 2014-12-22 | An authentication method, device and system for realizing unique user identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105790945B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108197458A (en) * | 2018-01-10 | 2018-06-22 | 四川阵风科技有限公司 | terminal device safe starting method and device |
| CN108696870B (en) * | 2018-04-26 | 2021-04-09 | 越亮传奇科技股份有限公司 | Mobile terminal identity authentication method based on SWP-SIM technology |
| CN108648286B (en) * | 2018-04-26 | 2021-04-20 | 常州信息职业技术学院 | Parking lot charging system and working method thereof |
| CN111459525A (en) * | 2020-04-14 | 2020-07-28 | 潘传迪 | Application update data processing system, application update data processing method, storage medium, and computer |
| CN115694958A (en) * | 2022-10-27 | 2023-02-03 | 武汉禾店科技有限公司 | A method and system for user identification and data sharing between different APPs |
| CN115801360B (en) * | 2022-11-07 | 2024-07-02 | 裴志敏 | Information security protection method based on real-name information package and real-name information security protection method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103249045A (en) * | 2013-05-13 | 2013-08-14 | 华为技术有限公司 | Identification method, device and system |
| CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103795716A (en) * | 2014-01-21 | 2014-05-14 | 宇龙计算机通信科技(深圳)有限公司 | Network account login method and device, and terminal |
| CN103930897A (en) * | 2011-09-29 | 2014-07-16 | 甲骨文国际公司 | Mobile app, single sign-on management |
| CN104065616A (en) * | 2013-03-20 | 2014-09-24 | 中国移动通信集团公司 | Single sign-on method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102038964B1 (en) * | 2013-03-18 | 2019-11-26 | 삼성전자주식회사 | Method and apparatus for mutual authenticating between applications |
-
2014
- 2014-12-22 CN CN201410806348.XA patent/CN105790945B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103930897A (en) * | 2011-09-29 | 2014-07-16 | 甲骨文国际公司 | Mobile app, single sign-on management |
| CN104065616A (en) * | 2013-03-20 | 2014-09-24 | 中国移动通信集团公司 | Single sign-on method and system |
| CN103249045A (en) * | 2013-05-13 | 2013-08-14 | 华为技术有限公司 | Identification method, device and system |
| CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103795716A (en) * | 2014-01-21 | 2014-05-14 | 宇龙计算机通信科技(深圳)有限公司 | Network account login method and device, and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105790945A (en) | 2016-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11323260B2 (en) | Method and device for identity verification | |
| CN111917773B (en) | Service data processing method and device and server | |
| CN103095457B (en) | A kind of login of application program, verification method | |
| CN105790945B (en) | An authentication method, device and system for realizing unique user identity authentication | |
| JP2019075161A (en) | Service processing method, device, and server | |
| US8484707B1 (en) | Secure changing auto-generated keys for wireless access | |
| US10127317B2 (en) | Private cloud API | |
| JP2019204519A (en) | Portal authentication | |
| US9179312B2 (en) | Registration and login method and mobile terminal | |
| CN107623690B (en) | Login method, device and storage medium | |
| US8959653B2 (en) | Automatic license key injection | |
| CN106716956B (en) | Method, related device and system for sharing cloud operation interface | |
| US20150278504A1 (en) | User authentication based on established network activity | |
| CN107222460B (en) | A kind of method and device that server data memory space is shared | |
| CN108134787A (en) | A kind of identity identifying method and authentication device | |
| CN104025539A (en) | Methods And Apparatus To Facilitate Single Sign-On Services | |
| CN104579671A (en) | Authentication method and system | |
| CN107742067A (en) | An identity verification method, device and system | |
| CN106534102A (en) | Device access method and device and electronic device | |
| CN103036852B (en) | A kind of method and device realizing network entry | |
| US8739259B1 (en) | Multilayer wireless mobile communication device authentication | |
| CN112738046A (en) | One-key login method, terminal and system server | |
| CN110730446A (en) | Login method, terminal and computer storage medium | |
| CN104639519B (en) | A verification method and device | |
| KR20090124668A (en) | Method of sharing storage space on the web and apparatus for performing the method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |