CN105812138B - Processing method, device, user terminal and the login system of login - Google Patents
Processing method, device, user terminal and the login system of login Download PDFInfo
- Publication number
- CN105812138B CN105812138B CN201410849669.8A CN201410849669A CN105812138B CN 105812138 B CN105812138 B CN 105812138B CN 201410849669 A CN201410849669 A CN 201410849669A CN 105812138 B CN105812138 B CN 105812138B
- Authority
- CN
- China
- Prior art keywords
- authentication
- application client
- verification
- client
- identity information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
本发明实施例提供一种登录的处理方法、装置、用户终端及登录系统,该方法包括:校验装置接收认证客户端发送的所述用户终端对应的用户身份信息和所述用户终端的认证状态;所述校验装置接收所述应用客户端发送的注册请求;所述校验装置根据所述属性信息,对所述应用客户端进行校验,并在校验通过后,向所述应用客户端发送注册成功消息,以通知所述应用客户端进行登录;所述校验装置接收所述应用客户端发送的登录消息之后,向所述应用客户端发送所述认证状态和所述用户身份信息,以使所述应用客户端在确认认证通过后,向应用服务器发送包括所述用户身份信息的登录成功消息以登录到所述应用服务器,从而降低了认证服务器的负荷。
Embodiments of the present invention provide a login processing method, device, user terminal, and login system. The method includes: a verification device receives user identity information corresponding to the user terminal and an authentication state of the user terminal sent by an authentication client. ; The verification device receives the registration request sent by the application client; the verification device verifies the application client according to the attribute information, and after the verification is passed, sends a request to the application client The terminal sends a registration success message to notify the application client to log in; the verification device sends the authentication status and the user identity information to the application client after receiving the login message sent by the application client , so that the application client sends a login success message including the user identity information to the application server to log in to the application server after confirming that the authentication is passed, thereby reducing the load of the authentication server.
Description
技术领域technical field
本发明实施例涉及通信技术,尤其涉及一种登录的处理方法、装置、用户终端及登录系统。Embodiments of the present invention relate to communication technologies, and in particular, to a login processing method, device, user terminal, and login system.
背景技术Background technique
单点登录(Single Sign On,简称为SSO)是在多个应用系统中,例如,微博系统、邮件系统、淘宝系统、微信系统等,用户只需要在一个系统中登录一次,就可以访问所有相互信任的应用系统,是目前比较流行的企业业务整合的解决方案之一。Single Sign On (Single Sign On, referred to as SSO) is used in multiple application systems, such as Weibo system, mail system, Taobao system, WeChat system, etc., users only need to log in once in one system to access all The application system of mutual trust is one of the more popular solutions for enterprise business integration.
图1为现有技术中单点登录方法的应用场景示意图。如图1所示,该场景包括认证服务器1、应用服务器2、认证客户端3和应用客户端4,其中,认证客户端3和应用客户端4位于同一个用户终端中。认证客户端3将用户终端的用户身份信息发送给认证服务器1,认证服务器1将用户身份信息和用户信息库相比较,对用户进行登录认证,认证成功后,认证服务,1生成统一的认证标志(token),并将token发送给认证客户端3,认证客户端3将token发送给应用客户端4,当应用客户端4登录时,将token发送给应用服务器2,应用服务器2将token发送给认证服务器,认证服务器1对发过来的token进行校验及识别,校验通过后,将认证结果发送给应用服务器2,应用服务器2再将认证结果发送给应用客户端4。FIG. 1 is a schematic diagram of an application scenario of a single sign-on method in the prior art. As shown in FIG. 1 , the scenario includes an authentication server 1, an application server 2, an authentication client 3 and an application client 4, wherein the authentication client 3 and the application client 4 are located in the same user terminal. The authentication client 3 sends the user identity information of the user terminal to the authentication server 1, and the authentication server 1 compares the user identity information with the user information database, and performs login authentication for the user. After the authentication is successful, the authentication service 1 generates a unified authentication mark (token), and send the token to the authentication client 3, the authentication client 3 sends the token to the application client 4, when the application client 4 logs in, the token is sent to the application server 2, and the application server 2 sends the token to The authentication server, the authentication server 1 verifies and identifies the sent token, and after the verification passes, sends the authentication result to the application server 2, and the application server 2 sends the authentication result to the application client 4.
但是,由于一个用户终端存在多个应用客户端,当每个应用客户端登录时,都需要到认证服务器中校验token,使得认证服务器的负荷大,认证速度慢。However, since there are multiple application clients in a user terminal, when each application client logs in, it needs to verify the token in the authentication server, which makes the authentication server load heavily and the authentication speed is slow.
发明内容SUMMARY OF THE INVENTION
本发明实施例提供一种登录的处理方法、装置、用户终端和登录系统,有效减少了认证服务器的工作量,从而降低了认证服务器的负荷,加快了单点登录认证的速度。The embodiments of the present invention provide a login processing method, device, user terminal and login system, which effectively reduce the workload of the authentication server, thereby reducing the load of the authentication server and accelerating the speed of single sign-on authentication.
本发明实施例第一方面提供一种登录的处理方法,所述处理方法应用于校验装置,所述校验装置、认证客户端和应用客户端位于同一用户终端,包括:A first aspect of the embodiments of the present invention provides a login processing method, the processing method is applied to a verification device, and the verification device, the authentication client and the application client are located in the same user terminal, including:
所述校验装置接收所述认证客户端发送的所述用户终端对应的用户身份信息和所述用户终端的认证状态,所述认证状态表明认证服务器对所述用户身份信息进行认证的结果;The verification device receives the user identity information corresponding to the user terminal and the authentication state of the user terminal sent by the authentication client, where the authentication state indicates the result of the authentication server performing the authentication on the user identity information;
所述校验装置接收所述应用客户端发送的注册请求;其中,所述注册请求中包括所述应用客户端的属性信息;The verification device receives a registration request sent by the application client; wherein, the registration request includes attribute information of the application client;
所述校验装置根据所述属性信息,对所述应用客户端进行校验,并在校验通过后,向所述应用客户端发送注册成功消息,以通知所述应用客户端进行登录;The verification device verifies the application client according to the attribute information, and after the verification is passed, sends a registration success message to the application client to notify the application client to log in;
所述校验装置接收所述应用客户端发送的登录消息之后,向所述应用客户端发送所述认证状态和所述用户身份信息,以使所述应用客户端在确认认证通过后,向应用服务器发送包括所述用户身份信息的登录成功消息以登录到所述应用服务器。After receiving the login message sent by the application client, the verification device sends the authentication status and the user identity information to the application client, so that the application client can send the application client to the application client after confirming that the authentication is passed. The server sends a login success message including the user identity information to log in to the application server.
在第一方面的第一种可能实现方式中,所述校验装置根据所述属性信息,对所述应用客户端进行校验,具体包括:In a first possible implementation manner of the first aspect, the verification device performs verification on the application client according to the attribute information, specifically including:
所述校验装置查询校验方式与属性信息的映射关系,获取与所述应用客户端的属性信息对应的校验方式;其中,所述映射关系为通过认证客户端从认证服务器获取的映射关系;The verification device queries the mapping relationship between the verification mode and the attribute information, and obtains the verification mode corresponding to the attribute information of the application client; wherein, the mapping relationship is the mapping relationship obtained from the authentication server through the authentication client;
所述校验装置根据所述与所述应用客户端的属性信息对应的校验方式对所述应用客户端进行校验。The verification device verifies the application client according to the verification method corresponding to the attribute information of the application client.
结合第一方面的第一种可能实现方式,在第一方面的第二种可能实现方式中,所述属性信息为消息摘要算法MD5值、进程名或者进程的签名信息。With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the attribute information is a message digest algorithm MD5 value, a process name, or process signature information.
本发明实施例第二方面提供一种登录的处理方法,所述处理方法应用于认证客户端,所述认证客户端、校验装置和应用客户端位于同一用户终端,包括:A second aspect of an embodiment of the present invention provides a login processing method, where the processing method is applied to an authentication client, where the authentication client, the verification device and the application client are located in the same user terminal, including:
所述认证客户端向认证服务器发送所述用户终端对应的用户身份信息,以使所述认证服务器对所述用户身份信息进行认证;The authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information;
所述认证客户端接收所述认证服务器发送的所述用户终端的认证状态,其中,所述认证状态表明认证服务器对所述用户身份信息进行认证的结果;receiving, by the authentication client, the authentication state of the user terminal sent by the authentication server, wherein the authentication state indicates a result of authentication of the user identity information by the authentication server;
所述认证客户端将所述用户身份信息和所述认证状态发送给校验装置,以使所述校验装置在对所述应用客户端校验通过后,向所述应用客户端发送所述用户身份信息和所述认证状态。The authentication client sends the user identity information and the authentication status to the verification device, so that the verification device sends the application client the verification after passing the verification on the application client. User identity information and the authentication status.
在第二方面的第一种可能实现方式中,所述认证客户端接收所述认证服务器发送的所述用户终端的认证状态之后,所述方法还包括:In a first possible implementation manner of the second aspect, after the authentication client receives the authentication status of the user terminal sent by the authentication server, the method further includes:
所述认证客户端向认证服务器获取校验方式和属性信息的映射关系;The authentication client obtains the mapping relationship between the verification method and the attribute information from the authentication server;
所述认证客户端将所述检验方式和属性信息的映射关系发送给所述校验装置,以使所述校验装置根据与应用客户端的属性信息对应的校验方式,对所述应用客户端进行校验。The authentication client sends the mapping relationship between the verification method and the attribute information to the verification device, so that the verification device can verify the application client according to the verification method corresponding to the attribute information of the application client. Check it out.
结合第二方面的第一种可能实现方式,在第二方面的第二种可能实现方式中,所述属性信息为消息摘要算法MD5值、进程名或者进程的签名信息。With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the attribute information is a message digest algorithm MD5 value, a process name, or process signature information.
本发明实施例第三方面提供一种登录的处理装置,包括:A third aspect of the embodiments of the present invention provides a login processing device, including:
接收模块,用于接收认证客户端发送的用户终端对应的用户身份信息和所述用户终端的认证状态;所述认证状态表明认证服务器对所述用户身份信息进行认证的结果;a receiving module, configured to receive the user identity information corresponding to the user terminal and the authentication state of the user terminal sent by the authentication client; the authentication state indicates the result of the authentication server performing the authentication on the user identity information;
所述接收模块,还用于接收应用客户端发送的注册请求;其中,所述注册请求中包括所述应用客户端的属性信息;The receiving module is further configured to receive a registration request sent by an application client; wherein, the registration request includes attribute information of the application client;
校验模块,用于根据所述属性信息,对所述应用客户端进行校验,并在校验通过后,触发发送模块向所述应用客户端发送注册成功消息,以使所述应用客户端进行登录;a verification module, configured to verify the application client according to the attribute information, and after the verification is passed, trigger the sending module to send a registration success message to the application client, so that the application client to log in;
所述接收模块,还用于接收所述应用客户端发送的登录消息;The receiving module is further configured to receive a login message sent by the application client;
所述发送模块,还用于向所述应用客户端发送所述认证状态和所述用户身份信息,以使所述应用客户端在确认认证通过后,向应用服务器发送包括所述用户身份信息的登录成功消息以登录到所述应用服务器。The sending module is further configured to send the authentication status and the user identity information to the application client, so that the application client sends the user identity information to the application server after confirming that the authentication is passed. Login success message to log in to the application server.
在第三方面的第一种可能实现方式中,所述校验模块包括查询单元和处理单元;In a first possible implementation manner of the third aspect, the verification module includes a query unit and a processing unit;
所述查询单元,用于查询校验方式与属性信息的映射关系,获取与所述应用客户端的属性信息对应的校验方式;其中,所述映射关系为通过认证客户端从认证服务器获取的映射关系;The query unit is used to query the mapping relationship between the verification method and the attribute information, and obtain the verification method corresponding to the attribute information of the application client; wherein, the mapping relationship is a mapping obtained from the authentication server through the authentication client relation;
所述处理单元,用于根据所述与所述应用客户端的属性信息对应的校验方式对所述应用客户端进行校验。The processing unit is configured to verify the application client according to the verification method corresponding to the attribute information of the application client.
本发明实施例第四方面提供一种登录的处理装置,包括:发送模块、接收模块和认证模块;其中,A fourth aspect of the embodiments of the present invention provides a login processing device, including: a sending module, a receiving module, and an authentication module; wherein,
所述认证模块通过所述发送模块向认证服务器发送用户终端对应的用户身份信息,以使所述认证服务器对所述用户身份信息进行认证;The authentication module sends the user identity information corresponding to the user terminal to the authentication server through the sending module, so that the authentication server authenticates the user identity information;
所述认证模块通过所述接收模块接收所述认证服务器发送的所述用户终端的认证状态,其中,所述认证状态表明认证服务器对所述用户身份信息进行认证的结果;The authentication module receives, through the receiving module, the authentication state of the user terminal sent by the authentication server, wherein the authentication state indicates a result of authentication of the user identity information by the authentication server;
所述认证模块还通过所述发送模块将所述用户身份信息和所述认证状态发送给所述校验装置,以使所述校验装置在对所述应用客户端校验通过后,向所述应用客户端发送所述用户身份信息和所述认证状态。The authentication module also sends the user identity information and the authentication status to the verification device through the sending module, so that the verification device sends the verification device to the verification device after passing the verification on the application client. The application client sends the user identity information and the authentication status.
在第四方面的第一种可能实现方式中,所述认证模块还通过所述接收模块向认证服务器获取检验方式和属性信息的映射关系;In a first possible implementation manner of the fourth aspect, the authentication module further obtains the mapping relationship between the verification method and the attribute information from the authentication server through the receiving module;
所述认证模块还通过所述发送模块将所述检验方式和属性信息的映射关系发送给校验装置,以使所述校验装置根据与应用客户端的属性信息对应的校验方式,对所述应用客户端进行校验。The authentication module also sends the mapping relationship between the verification method and the attribute information to the verification device through the sending module, so that the verification device can verify the verification method according to the verification method corresponding to the attribute information of the application client. Application client to verify.
本发明实施例第五方面提供一种用户终端,包括认证客户端、校验装置和应用客户端;A fifth aspect of the embodiments of the present invention provides a user terminal, including an authentication client, a verification device, and an application client;
所述认证客户端,用于向认证服务器发送用户终端对应的用户身份信息,并接收认证服务器发送的所述用户终端的认证状态,将所述用户身份信息和所述认证状态发送所述给校验装置;其中,所述认证状态表明认证服务器对所述用户身份信息进行认证的结果;The authentication client is configured to send the user identity information corresponding to the user terminal to the authentication server, receive the authentication state of the user terminal sent by the authentication server, and send the user identity information and the authentication state to the school. an authentication device; wherein, the authentication state indicates the result of authentication of the user identity information by an authentication server;
所述校验装置,用于接收所述认证客户端发送的所述用户身份信息和所述用户终端的认证状态,在接收到所述应用客户端发送的注册请求之后,根据所述注册请求中包括的属性信息,对所述应用客户端进行校验,并在校验通过后,向所述应用客户端发送注册成功消息,在接收所述应用客户端发送的登录消息之后,向所述应用客户端发送所述用户身份信息和所述认证状态;The verification device is configured to receive the user identity information and the authentication state of the user terminal sent by the authentication client, and after receiving the registration request sent by the application client, according to the registration request include attribute information, verify the application client, and after the verification is passed, send a registration success message to the application client, after receiving the login message sent by the application client, send to the application The client sends the user identity information and the authentication status;
所述应用客户端,用于向所述校验装置发送所述注册请求,并在接收所述校验装置发送的注册成功消息之后,向所述校验装置发送登录消息,接收所述校验装置发送的所述用户身份信息和所述认证状态后,向应用服务器发送包括所述用户身份信息的登录成功消息以登录到所述应用服务器。The application client is configured to send the registration request to the verification device, and after receiving the registration success message sent by the verification device, send a login message to the verification device, and receive the verification device After sending the user identity information and the authentication state, the device sends a login success message including the user identity information to the application server to log in to the application server.
在第五方面的第一种可能实现方式中,所述认证客户端还用于向认证服务器获取校验方式和属性信息的映射关系,并将所述检验方式和属性信息的映射关系发送给所述校验装置;In a first possible implementation manner of the fifth aspect, the authentication client is further configured to obtain the mapping relationship between the verification mode and the attribute information from the authentication server, and send the mapping relationship between the verification mode and the attribute information to the authentication server. the calibration device;
所述校验装置还用于查询校验方式与属性信息的映射关系,获取与所述应用客户端的属性信息对应的校验方式,并根据所述与所述应用客户端的属性信息对应的校验方式对所述应用客户端进行校验。The verification device is further configured to query the mapping relationship between the verification method and the attribute information, obtain the verification method corresponding to the attribute information of the application client, and obtain the verification method corresponding to the attribute information of the application client according to the verification method corresponding to the attribute information of the application client. way to verify the application client.
本发明实施例第六方面提供一种登录系统,包括第五方面提供的任意一种用户终端和认证服务器;A sixth aspect of the embodiments of the present invention provides a login system, including any one of the user terminals and the authentication server provided in the fifth aspect;
所述认证服务器,用于根据接收到的所述用户终端发送的用户身份信息,对所述用户终端进行认证,并在认证通过过后,将认证状态发送给所述用户终端;其中,所述认证状态表明认证服务器对所述用户身份信息进行认证的结果。The authentication server is configured to authenticate the user terminal according to the received user identity information sent by the user terminal, and after passing the authentication, send the authentication status to the user terminal; wherein the authentication The status indicates the result of authentication of the user identity information by the authentication server.
在第六方面的第一种可能实现方式中,所述登录系统还包括应用服务器,用于接收所述用户终端发送的登录成功消息,并根据所述登录成功消息中包括的用户身份信息,获取与所述用户身份信息关联的账号,并允许所述账号对应的应用客户端上线;其中,所述应用服务器中存储所述应用客户端的账号与用户身份信息之间的关联关系。In a first possible implementation manner of the sixth aspect, the login system further includes an application server, configured to receive a login success message sent by the user terminal, and obtain the login success message according to the user identity information included in the login success message. an account associated with the user identity information, and allow the application client corresponding to the account to go online; wherein, the application server stores the association relationship between the account of the application client and the user identity information.
结合第一方面的第一种可能实现方式,在第一方面的第二种可能实现方式中,所述认证服务器,还用于配置所述用户终端的应用客户端的属性信息和校验方式之间的映射关系,并将所述映射关系发送给所述用户终端。With reference to the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, the authentication server is further configured to configure the relationship between the attribute information of the application client of the user terminal and the verification method. and send the mapping relationship to the user terminal.
本实施例提供的登录的处理方法,通过校验装置接收认证客户端发送的用户终端对应的用户身份信息和用户终端的认证状态,当接收到应用客户端发送的包括应用客户端的属性信息的注册请求后,根据属性信息,对应用客户端进行校验,并在校验通过后,向应用客户端发送注册成功消息,以通知应用客户端进行登录,然后接收应用客户端发送的登录消息之后,向应用客户端发送用户身份信息和认证状态,以使应用客户端在确认认证通过后,向应用服务器发送包括用户身份信息的登录成功消息以登录到应用服务器。本实施例中,由于认证服务器只需要对用户终端的用户身份信息进行认证,并将认证结果发送给认证客户端,再由认证客户端发送给校验装置,当用户终端的应用客户端登录时,不需要到认证服务器中进行认证,只需要校验装置对应用客户端的属性信息进行校验即可实现登录,有效减轻了认证服务器的负荷,加快了认证速度。In the login processing method provided in this embodiment, the user identity information corresponding to the user terminal and the authentication status of the user terminal sent by the authentication client are received by the verification device. After the request, the application client is verified according to the attribute information, and after the verification is passed, a registration success message is sent to the application client to notify the application client to log in, and after receiving the login message sent by the application client, The user identity information and the authentication status are sent to the application client, so that the application client sends a login success message including the user identity information to the application server to log in to the application server after confirming that the authentication is passed. In this embodiment, since the authentication server only needs to authenticate the user identity information of the user terminal, and sends the authentication result to the authentication client, and then the authentication client sends it to the verification device, when the application client of the user terminal logs in It does not need to go to the authentication server for authentication, and only needs the verification device to verify the attribute information of the application client to realize the login, which effectively reduces the load of the authentication server and accelerates the authentication speed.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为现有技术中单点登录方法的应用场景示意图;1 is a schematic diagram of an application scenario of a single sign-on method in the prior art;
图2为本发明实施例提供的登录的处理方法的应用场景示意图;2 is a schematic diagram of an application scenario of a login processing method provided by an embodiment of the present invention;
图3为本发明实施例一提供的登录的处理方法流程图;FIG. 3 is a flowchart of a login processing method provided by Embodiment 1 of the present invention;
图4为本发明实施例二提供的登录的处理方法流程图;FIG. 4 is a flowchart of a login processing method provided by Embodiment 2 of the present invention;
图5为本发明实施例三提供的登录的处理方法流程图;5 is a flowchart of a method for processing login provided by Embodiment 3 of the present invention;
图6为本发明实施例四提供的登录的处理方法流程图;6 is a flowchart of a processing method for logging in provided in Embodiment 4 of the present invention;
图7为本发明实施例五提供的登录的处理方法一实例的信令交互示意图;7 is a schematic diagram of signaling interaction of an example of a login processing method provided in Embodiment 5 of the present invention;
图8为本发明实施例六提供的登录的处理装置的结构示意图;FIG. 8 is a schematic structural diagram of a logging processing apparatus provided in Embodiment 6 of the present invention;
图9为本发明实施例七提供的登录的处理装置的结构示意图;FIG. 9 is a schematic structural diagram of a login processing apparatus provided in Embodiment 7 of the present invention;
图10为本发明实施例八提供的校验装置的结构;FIG. 10 is a structure of a verification device provided in Embodiment 8 of the present invention;
图11为本发明实施例九提供的登录的处理装置的结构示意图;FIG. 11 is a schematic structural diagram of a login processing apparatus provided in Embodiment 9 of the present invention;
图12为本发明实施例十提供的认证客户端的结构示意图;12 is a schematic structural diagram of an authentication client according to Embodiment 10 of the present invention;
图13为本发明实施例十一提供的用户终端的结构示意图;13 is a schematic structural diagram of a user terminal according to Embodiment 11 of the present invention;
图14为本发明实施例十二提供的登录系统的结构示意图。FIG. 14 is a schematic structural diagram of a login system according to Embodiment 12 of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
图2为本发明实施例提供的登录的处理方法的应用场景示意图。如图2所示,该应用场景包括认证服务器10、用户终端15和应用服务器14,其中,用户终端15包括认证客户端11、校验装置12和应用客户端13。需要说明的是,本实施例中,该用户终端15可以包括多个应用客户端,并不以图2为限。FIG. 2 is a schematic diagram of an application scenario of a login processing method provided by an embodiment of the present invention. As shown in FIG. 2 , the application scenario includes an authentication server 10 , a user terminal 15 and an application server 14 , where the user terminal 15 includes an authentication client 11 , a verification device 12 and an application client 13 . It should be noted that, in this embodiment, the user terminal 15 may include multiple application clients, which is not limited to FIG. 2 .
图3为本发明实施例一提供的登录的处理方法流程图。该登录的处理方法应用于校验装置,校验装置、认证客户端和应用客户端位于同一用户终端,如图3所示,该方法包括以下步骤:FIG. 3 is a flowchart of a login processing method provided by Embodiment 1 of the present invention. The login processing method is applied to a verification device, and the verification device, the authentication client and the application client are located in the same user terminal. As shown in FIG. 3 , the method includes the following steps:
步骤101、校验装置接收认证客户端发送的用户终端对应的用户身份信息和用户终端的认证状态。Step 101: The verification device receives the user identity information corresponding to the user terminal and the authentication status of the user terminal sent by the authentication client.
在本实施例中,认证状态表明认证服务器对用户身份信息进行认证的结果,即该用户终端对应的用户身份信息是否通过认证。认证客户端向认证服务器发送用户终端对应的用户身份信息,认证服务器对该用户身份信息进行认证,并在认证完成之后,将用户终端的认证状态发送给认证客户端,再由认证客户端将用户终端的认证状态和通过认证的用户身份信息下发给校验装置进行保存。In this embodiment, the authentication status indicates the result of authentication of the user identity information by the authentication server, that is, whether the user identity information corresponding to the user terminal has passed the authentication. The authentication client sends the user identity information corresponding to the user terminal to the authentication server, the authentication server authenticates the user identity information, and after the authentication is completed, the authentication status of the user terminal is sent to the authentication client, and the authentication client sends the user The authentication state of the terminal and the authenticated user identity information are delivered to the verification device for storage.
步骤102、校验装置接收应用客户端发送的注册请求。Step 102: The verification apparatus receives the registration request sent by the application client.
其中,注册请求中包括应用客户端的属性信息。The registration request includes attribute information of the application client.
在本实施例中,应用客户端具体可以为微博客户端、邮件客户端、淘宝客户端、微信客户端等,当应用客户端需要进行单点登录时,先向校验装置发送注册请求,该注册请求中包括应用客户端的属性信息。In this embodiment, the application client may specifically be a Weibo client, an email client, a Taobao client, a WeChat client, etc. When the application client needs to perform single sign-on, it first sends a registration request to the verification device, The registration request includes attribute information of the application client.
步骤103、校验装置根据属性信息,对应用客户端进行校验,并在校验通过后,向应用客户端发送注册成功消息,以通知应用客户端进行登录。Step 103: The verification device verifies the application client according to the attribute information, and after the verification is passed, sends a registration success message to the application client to notify the application client to log in.
在本实施例中,校验装置可以根据应用客户端的属性信息,任意选择一种校验方式对应用客户端进行校验,也可以根据预先规定的校验方式对应用客户端进行校验。校验通过后,校验装置向应用客户端发送注册成功消息,通知应用客户端开始登录。若校验失败,则向应用客户端发送注册失败消息,或者,不向应用客户端发送任何消息,则应用客户端不会进行单点登录。In this embodiment, the verification device can arbitrarily select a verification method to verify the application client according to the attribute information of the application client, or can verify the application client according to a predetermined verification method. After the verification is passed, the verification device sends a registration success message to the application client, notifying the application client to start logging in. If the verification fails, a registration failure message will be sent to the application client, or if no message is sent to the application client, the application client will not perform single sign-on.
步骤104、校验装置接收应用客户端发送的登录消息之后,向应用客户端发送认证状态和用户身份信息,以使应用客户端在确认认证通过后,向应用服务器发送包括用户身份信息的登录成功消息以登录到应用服务器。Step 104: After receiving the login message sent by the application client, the verification device sends the authentication status and user identity information to the application client, so that the application client sends a successful login including the user identity information to the application server after confirming that the authentication is passed. message to log in to the application server.
在本实施例中,登录成功消息包括用户身份信息,用户身份信息具体为用户终端对应的标识、编码等,例如,手机号码。应用服务器中保存该应用客户端的账号和该用户的用户身份信息之间的关联关系,应用服务器在收到该登录成功消息后,根据登录成功消息中的用户身份信息获取该用户身份信息所关联的账号,并允许该账号对应的应用客户端上线。In this embodiment, the login success message includes user identity information, and the user identity information is specifically the identifier, code, etc. corresponding to the user terminal, for example, a mobile phone number. The application server saves the association relationship between the account of the application client and the user identity information of the user. After receiving the login success message, the application server obtains the user identity information associated with the user identity information according to the user identity information in the login success message. account, and allow the application client corresponding to the account to go online.
本实施例提供的登录的处理方法,通过校验装置接收认证客户端发送的用户终端对应的用户身份信息和用户终端的认证状态,当接收到应用客户端发送的包括应用客户端的属性信息的注册请求后,根据属性信息,对应用客户端进行校验,并在校验通过后,向应用客户端发送注册成功消息,以通知应用客户端进行登录,然后接收应用客户端发送的登录消息之后,向应用客户端发送用户身份信息和认证状态,以使应用客户端在确认认证通过后,向应用服务器发送包括用户身份信息的登录成功消息以登录到应用服务器。本实施例中,由于认证服务器只需要对用户终端的用户身份信息进行认证,并将认证结果发送给认证客户端,再由认证客户端发送给校验装置,当用户终端的应用客户端登录时,不需要到认证服务器中进行认证,只需要校验装置对应用客户端的属性信息进行校验即可实现登录,有效减轻了认证服务器的负荷,加快了认证速度。In the login processing method provided in this embodiment, the user identity information corresponding to the user terminal and the authentication status of the user terminal sent by the authentication client are received by the verification device. After the request, the application client is verified according to the attribute information, and after the verification is passed, a registration success message is sent to the application client to notify the application client to log in, and after receiving the login message sent by the application client, The user identity information and the authentication status are sent to the application client, so that the application client sends a login success message including the user identity information to the application server to log in to the application server after confirming that the authentication is passed. In this embodiment, since the authentication server only needs to authenticate the user identity information of the user terminal, and sends the authentication result to the authentication client, and then the authentication client sends it to the verification device, when the application client of the user terminal logs in It does not need to go to the authentication server for authentication, and only needs the verification device to verify the attribute information of the application client to realize the login, which effectively reduces the load of the authentication server and accelerates the authentication speed.
图4为本发明实施例二提供的登录的处理方法流程图。在上述实施例一的基础上,如图4所示,步骤“校验装置根据属性信息,对应用客户端进行校验”的具体实现方式包括以下步骤:FIG. 4 is a flowchart of a login processing method provided by Embodiment 2 of the present invention. On the basis of the above-mentioned Embodiment 1, as shown in FIG. 4 , the specific implementation of the step “the verification device verifies the application client according to the attribute information” includes the following steps:
步骤201、校验装置查询校验方式与校验属性信息的映射关系,获取与应用客户端的属性信息对应的校验方式。Step 201: The verification device queries the mapping relationship between the verification method and the verification attribute information, and obtains the verification method corresponding to the attribute information of the application client.
其中,映射关系为通过认证客户端从认证服务器获取的映射关系。The mapping relationship is a mapping relationship obtained from the authentication server through the authentication client.
在本实施例中,校验方式与校验属性信息的映射关系由认证服务器配置,认证服务器可以根据应用客户端的属性信息灵活的配置对应的校验方式。认证客户端从认证服务器获取用户终端的所有应用客户端的校验方式与校验属性信息的映射关系之后,将应用客户端的校验方式与校验属性信息发送给校验装置进行存储。In this embodiment, the mapping relationship between the verification mode and the verification attribute information is configured by the authentication server, and the authentication server can flexibly configure the corresponding verification mode according to the attribute information of the application client. After the authentication client obtains the mapping relationship between the verification methods and verification attribute information of all application clients of the user terminal from the authentication server, the verification client sends the verification methods and verification attribute information of the application clients to the verification device for storage.
步骤202、校验装置根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验。Step 202: The verification device verifies the application client according to the verification method corresponding to the attribute information of the application client.
可选地,在本实施例中,属性信息为消息摘要算法第五版(Message DigestAlgorithm 5,简称MD5)值、进程名或者进程的签名信息。Optionally, in this embodiment, the attribute information is a Message Digest Algorithm 5 (Message Digest Algorithm 5, MD5 for short) value, a process name, or signature information of the process.
需要说明的是,本实施例中其他方法步骤的实现原理和实施例中的方法步骤原理相同,此处不再赘述。It should be noted that the implementation principles of other method steps in this embodiment are the same as those of the method steps in this embodiment, and are not repeated here.
在本实施例中,属性信息具体为MD5值、进程名或者进行的签名信息,认证服务器为不同的属性信息配置不同的校验方式,其中,根据进程名进行合法性校验的校验方式最简单,根据进程的签名信息进行合法性校验的校验方式最严格,认证服务器可根据不同的应用客户端的要求,根据应用客户端的属性信息灵活的配置不同的校验方式,有效保证校验过程的安全性。In this embodiment, the attribute information is specifically the MD5 value, the process name or the signature information performed, and the authentication server configures different verification methods for different attribute information. Simple, the verification method of validity verification is the strictest based on the signature information of the process. The authentication server can flexibly configure different verification methods according to the requirements of different application clients and the attribute information of the application clients to effectively ensure the verification process. security.
本实施例提供的登录的处理方法,校验装置接收包含应用客户端的属性信息的注册请求,查询校验方式与校验属性信息的映射关系,获取与应用客户端的属性信息对应的校验方式,并根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验,使得用户终端的应用客户端登录时不需要到认证服务器中进行认证,仅由校验装置对应用客户端的属性信息进行校验即可实现登录,有效减少了认证服务器的工作量,从而降低了认证服务器的负荷,加快了单点登录认证的速度。并且,认证服务器可根据不同的应用客户端的要求,根据应用客户端的属性信息灵活的配置不同的校验方式,有效保证校验过程的安全性。In the login processing method provided by this embodiment, the verification device receives the registration request including the attribute information of the application client, queries the mapping relationship between the verification method and the verification attribute information, and obtains the verification method corresponding to the attribute information of the application client, And according to the verification method corresponding to the attribute information of the application client, the application client is verified, so that the application client of the user terminal does not need to be authenticated in the authentication server when logging in, and the verification device only checks the attributes of the application client. The login can be realized by verifying the information, which effectively reduces the workload of the authentication server, thereby reducing the load of the authentication server and accelerating the speed of single sign-on authentication. In addition, the authentication server can flexibly configure different verification methods according to the requirements of different application clients and attribute information of the application clients, thereby effectively ensuring the security of the verification process.
图5为本发明实施例三提供的登录的处理方法流程图。该登录的处理方法应用于认证客户端,认证客户端、校验装置和应用客户端位于同一用户终端,如图5所示,该方法包括以下步骤:FIG. 5 is a flowchart of a login processing method provided by Embodiment 3 of the present invention. The login processing method is applied to the authentication client, and the authentication client, the verification device and the application client are located in the same user terminal. As shown in FIG. 5 , the method includes the following steps:
步骤301、认证客户端向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证。Step 301: The authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information.
在本实施例中,用户身份信息具体为用户终端对应的标识、编码等,例如,手机号码。In this embodiment, the user identity information is specifically the identification, code, etc. corresponding to the user terminal, for example, a mobile phone number.
步骤302、认证客户端接收认证服务器发送的用户终端的认证状态。Step 302: The authentication client receives the authentication status of the user terminal sent by the authentication server.
在本实施例中,认证服务器对用户终端对应的用户身份信息进行认证,认证通过后,认证服务器将认证状态发送给认证客户端。In this embodiment, the authentication server authenticates the user identity information corresponding to the user terminal, and after the authentication is passed, the authentication server sends the authentication status to the authentication client.
步骤303、认证客户端将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。Step 303: The authentication client sends the user identity information and the authentication state to the verification device, so that the verification device sends the user identity information and the authentication state to the application client after the verification of the application client is passed.
在本实施例中,认证客户端将用户终端的认证状态和通过认证的用户身份信息发送给校验装置进行保存,当校验装置对应用客户端进行校验通过后,并收到应用客户端发送的登录消息之后,校验装置将该用户终端的用户身份信息和认证状态该应用客户端,应用客户端确认用户终端通过认证后,向应用服务器发送包括用户身份信息的登录成功消息,以登录到应用服务器。In this embodiment, the authentication client sends the authentication state of the user terminal and the authenticated user identity information to the verification device for storage. After the verification device passes the verification of the application client, it receives the application client After sending the login message, the verification device sends the user identity information and authentication status of the user terminal to the application client. After the application client confirms that the user terminal has passed the authentication, it sends a login success message including the user identity information to the application server to log in. to the application server.
本实施例提供的登录的处理方法,由认证客户端向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证,接收认证服务器发送的用户终端的认证状态,并将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。本实施例中,由于认证服务器只对用户终端对应的用户身份信息进行认证,并将用户身份信息和认证状态发送给认证客户端,再由认证客户端转发给校验装置,用户终端的各应用客户端只需要由校验装置进行校验即可实现登录,有效减少了认证服务器的工作量,从而降低了认证服务器的负荷,加快了单点登录认证的速度。In the login processing method provided by this embodiment, the authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information, receives the authentication status of the user terminal sent by the authentication server, and sends the authentication server to the authentication server. The user identity information and the authentication state are sent to the verification device, so that after the verification device passes the verification on the application client, the user identity information and the authentication state are sent to the application client. In this embodiment, since the authentication server only authenticates the user identity information corresponding to the user terminal, and sends the user identity information and authentication status to the authentication client, which is then forwarded to the verification device by the authentication client. The client only needs to be verified by the verification device to realize the login, which effectively reduces the workload of the authentication server, thereby reducing the load of the authentication server and accelerating the speed of single sign-on authentication.
图6为本发明实施例四提供的登录的处理方法流程图。如图6所示,该方法包括以下步骤:FIG. 6 is a flowchart of a login processing method according to Embodiment 4 of the present invention. As shown in Figure 6, the method includes the following steps:
步骤401、认证客户端向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证。Step 401: The authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information.
步骤402、认证客户端接收认证服务器发送的用户终端的认证状态。Step 402: The authentication client receives the authentication status of the user terminal sent by the authentication server.
在本实施例中,步骤401和步骤402分别和上述实施例三中的步骤301和步骤302的实现原理相同,此处不再赘述。In this embodiment, the implementation principles of step 401 and step 402 are respectively the same as that of step 301 and step 302 in the above-mentioned third embodiment, which will not be repeated here.
步骤403、认证客户端向认证服务器获取校验方式和属性信息的映射关系。Step 403: The authentication client obtains the mapping relationship between the verification method and the attribute information from the authentication server.
在本实施例中,认证客户端可以向认证服务器发送映射关系请求,以使认证服务器在接收到该映射关系请求之后,向认证客户端下发预先配置的检验方式和属性信息的映射关系;或者,认证服务器在配置好检验方式和属性信息的映射关系之后,主动下发给认证客户端。In this embodiment, the authentication client can send a mapping relationship request to the authentication server, so that after receiving the mapping relationship request, the authentication server sends the preconfigured mapping relationship between the inspection method and the attribute information to the authentication client; or , after the authentication server configures the mapping relationship between the inspection method and the attribute information, it will send it to the authentication client actively.
步骤404、认证客户端将检验方式和属性信息的映射关系发送给校验装置,以使校验装置根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验。Step 404: The authentication client sends the mapping relationship between the verification mode and the attribute information to the verification device, so that the verification device can verify the application client according to the verification mode corresponding to the attribute information of the application client.
在本实施例中,认证客户端将检验方式和属性信息的映射关系发送给校验装置进行保存,当该校验装置接收到应用客户端发送的注册请求之后,根据注册请求中的应用客户端的属性信息选择对应的校验方式,对应用客户端进行校验。In this embodiment, the authentication client sends the mapping relationship between the verification mode and the attribute information to the verification device for storage. After the verification device receives the registration request sent by the application client, The attribute information selects the corresponding verification method to verify the application client.
可选地,在本实施例中,属性信息为MD5值、进程名或者进程的签名信息。Optionally, in this embodiment, the attribute information is an MD5 value, a process name, or signature information of a process.
在本实施例中,属性信息具体为MD5值、进程名或者进行的签名信息,认证服务器为不同的属性信息配置不同的校验方式,其中,根据进程名进行合法性校验的校验方式最简单,根据进程的签名信息进行合法性校验的校验方式最严格,认证服务器可根据不同的应用客户端的要求,根据应用客户端的属性信息灵活的配置不同的校验方式,有效保证校验过程的安全性。In this embodiment, the attribute information is specifically the MD5 value, the process name or the signature information performed, and the authentication server configures different verification methods for different attribute information. Simple, the verification method of validity verification is the strictest based on the signature information of the process. The authentication server can flexibly configure different verification methods according to the requirements of different application clients and the attribute information of the application clients to effectively ensure the verification process. security.
步骤405、认证客户端将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。Step 405: The authentication client sends the user identity information and the authentication state to the verification device, so that the verification device sends the user identity information and the authentication state to the application client after the verification of the application client is passed.
在本实施例中,步骤405和上述实施例三中的步骤303的实现原理相同,此处不再赘述。In this embodiment, the implementation principle of step 405 is the same as that of step 303 in the above-mentioned third embodiment, and details are not repeated here.
需要说明的是,在本实施例中,步骤404和步骤405可同时执行,也可先后执行,并且不限制先后顺序。It should be noted that, in this embodiment, step 404 and step 405 may be executed simultaneously or sequentially, and the sequence is not limited.
本实施例提供的登录的处理方法,认证客户端向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证,接收认证服务器发送的用户终端的认证状态,并向认证服务器获取校验方式和属性信息的映射关系,将检验方式和属性信息的映射关系发送给校验装置,以使校验装置根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验,并将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。本实施例中,由于认证服务器只对用户终端对应的用户身份信息进行认证,并将认证结果发送给认证客户端,再由认证客户端转发给校验装置,用户终端的各应用客户端只需要由校验装置进行校验即可实现登录,有效减少而且了认证服务器的工作量,从而降低了认证服务器的负荷,加快了单点登录认证的速度。而且,认证服务器可根据不同的应用客户端的要求,根据应用客户端的属性信息灵活的配置不同的校验方式,有效保证校验过程的安全性。In the login processing method provided by this embodiment, the authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information, receives the authentication status of the user terminal sent by the authentication server, and sends the authentication server to the authentication server. The server obtains the mapping relationship between the verification method and the attribute information, and sends the mapping relationship between the verification method and the attribute information to the verification device, so that the verification device performs the verification on the application client according to the verification method corresponding to the attribute information of the application client. verification, and send the user identity information and authentication status to the verification device, so that the verification device sends the user identity information and the verification status to the application client after passing the verification on the application client. In this embodiment, since the authentication server only authenticates the user identity information corresponding to the user terminal, and sends the authentication result to the authentication client, which is then forwarded to the verification device by the authentication client, each application client of the user terminal only needs to The verification can be performed by the verification device to realize login, which effectively reduces the workload of the authentication server, thereby reduces the load of the authentication server and accelerates the speed of single sign-on authentication. Moreover, the authentication server can flexibly configure different verification methods according to the requirements of different application clients and attribute information of the application clients, thereby effectively ensuring the security of the verification process.
图7为本发明实施例五提供的登录的处理方法一实例的信令交互示意图。基于上述图2所示的架构示意图,如图7所示,该方法包括以下步骤:FIG. 7 is a schematic diagram of signaling interaction of an example of a login processing method according to Embodiment 5 of the present invention. Based on the schematic diagram of the architecture shown in FIG. 2, as shown in FIG. 7, the method includes the following steps:
步骤501、认证客户端首先向认证服务器发送用户终端对应的用户的身份信息。Step 501: The authentication client first sends the identity information of the user corresponding to the user terminal to the authentication server.
步骤502、认证服务器接收到用户身份信息后,对用户身份信息进行认证,认证通过后发送认证状态给认证客户端。Step 502: After receiving the user identity information, the authentication server authenticates the user identity information, and after passing the authentication, sends the authentication status to the authentication client.
步骤503、认证客户端接收到认证状态后,向认证服务器获取用户终端的所有的应用客户端的校验方式和属性信息的映射关系。Step 503: After receiving the authentication status, the authentication client obtains the mapping relationship between the verification methods and attribute information of all application clients of the user terminal from the authentication server.
步骤504、认证服务器将预先配置的校验方式和属性信息的映射关系发送给认证客户端。Step 504: The authentication server sends the preconfigured mapping relationship between the verification method and the attribute information to the authentication client.
步骤505、认证客户端将用户身份信息和用户终端的认证状态发送给校验装置。Step 505: The authentication client sends the user identity information and the authentication status of the user terminal to the verification device.
步骤506、校验装置接收并保存用户身份信息和用户终端的认证状态。Step 506: The verification device receives and saves the user identity information and the authentication state of the user terminal.
步骤507、认证客户端将校验方式和属性信息的映射关系发送给校验装置。Step 507: The authentication client sends the mapping relationship between the verification mode and the attribute information to the verification device.
步骤508、校验装置接收并保存校验方式和属性信息的映射关系。Step 508: The verification apparatus receives and saves the mapping relationship between the verification mode and the attribute information.
步骤509、当应用客户端进行单点登录时,向校验装置发送包括应用客户端的属性信息的注册消息。Step 509: When the application client performs single sign-on, send a registration message including attribute information of the application client to the verification apparatus.
步骤510、校验装置选择与应用客户端的属性信息对应的校验方式,对应用客户端的接入合法性进行校验。Step 510: The verification device selects a verification method corresponding to the attribute information of the application client to verify the access validity of the application client.
步骤511、校验通过后,校验装置向应用客户端发送注册成功消息,即允许应用客户端进行单点登录认证,若不返回注册成功消息则注册失败。Step 511: After the verification is passed, the verification device sends a registration success message to the application client, that is, allows the application client to perform single sign-on authentication. If the registration success message is not returned, the registration fails.
步骤512、应用客户端接收到注册成功消息后,向校验装置发送登录消息。Step 512: After receiving the registration success message, the application client sends a login message to the verification device.
步骤513、校验装置接收到登录消息后,向应用客户端发送用户身份信息和认证状态。Step 513: After receiving the login message, the verification device sends the user identity information and the authentication status to the application client.
步骤514、应用客户端在接收到认证状态后,发送登录成功消息到应用服务器,完成单点登录。Step 514: After receiving the authentication status, the application client sends a login success message to the application server to complete the single sign-on.
本实施例提供的登录的处理方法,将认证服务器配置的检验方式和属性信息的映射关系、用户身份信息和用户终端的认证状态存储到校验装置中,当应用客户端进行单点登录时,直接由校验装置根据与应用客户端的属性信息获取对应的校验方式,对应用客户端进行校验,有效减少了认证服务器的工作量,从而降低了认证服务器的负荷,加快了单点登录认证的速度。In the login processing method provided by this embodiment, the mapping relationship between the verification method configured by the authentication server and the attribute information, the user identity information and the authentication state of the user terminal are stored in the verification device. When the application client performs single sign-on, The verification device directly obtains the corresponding verification method according to the attribute information of the application client, and verifies the application client, which effectively reduces the workload of the authentication server, thereby reducing the load of the authentication server and speeding up the single sign-on authentication. speed.
图8为本发明实施例六提供的登录的处理装置的结构示意图。如图8所示,该装置包括接收模块21、发送模块22和校验模块23。其中,接收模块21用于接收认证客户端发送的用户终端对应的用户身份信息和用户终端的认证状态,认证状态表明认证服务器对用户身份信息进行认证的结果;接收模块21用于接收应用客户端发送的注册请求;其中,注册请求中包括应用客户端的属性信息;校验模块23用于根据属性信息,对应用客户端进行校验,并在校验通过后,触发发送模块22向应用客户端发送注册成功消息,以使应用客户端进行登录;接收模块21还用于接收应用客户端发送的登录消息;发送模块22还用于向应用客户端发送认证状态和用户身份信息,以使应用客户端在确认认证通过后,向应用服务器发送包括用户身份信息的登录成功消息以登录到应用服务器。FIG. 8 is a schematic structural diagram of a login processing apparatus according to Embodiment 6 of the present invention. As shown in FIG. 8 , the device includes a receiving module 21 , a sending module 22 and a checking module 23 . The receiving module 21 is used to receive the user identity information corresponding to the user terminal and the authentication state of the user terminal sent by the authentication client, and the authentication state indicates the result of authentication of the user identity information by the authentication server; the receiving module 21 is used to receive the application client The registration request sent; wherein, the registration request includes the attribute information of the application client; the verification module 23 is used to verify the application client according to the attribute information, and after the verification is passed, the sending module 22 is triggered to the application client. Send the registration success message to make the application client log in; the receiving module 21 is also used to receive the login message sent by the application client; the sending module 22 is also used to send the authentication status and user identity information to the application client, so that the application client After confirming that the authentication is passed, the terminal sends a login success message including user identity information to the application server to log in to the application server.
本实施例的装置,可以用于执行图3所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The apparatus of this embodiment can be used to execute the technical solution of the method embodiment shown in FIG. 3 , and its implementation principle and technical effect are similar, and details are not repeated here.
图9为本发明实施例七提供的登录的处理装置的结构示意图。在上述实施例六的基础上,如图9所示,校验模块23包括查询单元24和处理单元25。其中,查询单元24用于查询校验方式与属性信息的映射关系,获取与应用客户端的属性信息对应的校验方式;其中,映射关系为通过认证客户端从认证服务器获取的映射关系;处理单元25用于根据与应用客户端的属性信息对应的校验方式对应用客户端进行校验。FIG. 9 is a schematic structural diagram of a login processing apparatus according to Embodiment 7 of the present invention. On the basis of the sixth embodiment above, as shown in FIG. 9 , the verification module 23 includes a query unit 24 and a processing unit 25 . Wherein, the query unit 24 is used to query the mapping relationship between the verification method and the attribute information, and obtain the verification method corresponding to the attribute information of the application client; wherein, the mapping relationship is the mapping relationship obtained from the authentication server through the authentication client; the processing unit 25 is used to verify the application client according to the verification method corresponding to the attribute information of the application client.
本实施例的装置,可以用于执行图4所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The apparatus in this embodiment can be used to execute the technical solution of the method embodiment shown in FIG. 4 , and the implementation principle and technical effect thereof are similar, and are not repeated here.
图10为本发明实施例八提供的校验装置的结构示意图。如图10所示,该校验装置包括接收器31、发射器32和处理器33。接收器31用于接收认证客户端发送的用户终端的认证状态和用户身份信息;接收器31用于接收应用客户端发送的注册请求;其中,注册请求中包括应用客户端的属性信息;处理器33用于根据属性信息,对应用客户端进行校验,并在校验通过后,触发发射器32向应用客户端发送注册成功消息,以使应用客户端进行登录;接收器31还用于接收应用客户端发送的登录消息;发射器32还用于向应用客户端发送认证状态和用户身份信息,以使应用客户端在确认认证通过后,向应用服务器发送包括用户身份信息登录成功消息以登录到应用服务器。FIG. 10 is a schematic structural diagram of a verification apparatus according to Embodiment 8 of the present invention. As shown in FIG. 10 , the verification device includes a receiver 31 , a transmitter 32 and a processor 33 . The receiver 31 is used to receive the authentication status and user identity information of the user terminal sent by the authentication client; the receiver 31 is used to receive the registration request sent by the application client; wherein, the registration request includes the attribute information of the application client; the processor 33 It is used to verify the application client according to the attribute information, and after the verification is passed, trigger the transmitter 32 to send a registration success message to the application client, so that the application client can log in; the receiver 31 is also used to receive the application The login message sent by the client; the transmitter 32 is also used to send the authentication status and user identity information to the application client, so that after the application client confirms that the authentication is passed, the application server sends a login success message including the user identity information to log in to the application server. application server.
进一步地,在本实施例中,处理器33还用于查询校验方式与属性信息的映射关系,获取与应用客户端的属性信息对应的校验方式,并根据与应用客户端的属性信息对应的校验方式对应用客户端进行校验。Further, in this embodiment, the processor 33 is further configured to query the mapping relationship between the verification method and the attribute information, obtain the verification method corresponding to the attribute information of the application client, and obtain the verification method corresponding to the attribute information of the application client according to the verification method corresponding to the attribute information of the application client. The application client is verified by the verification method.
更近一步地,在本实施例中,校验客户端还可包括存储器(图中未示出),用于存储应用客户端发送认证状态和校验方式与属性信息的映射关系。Further, in this embodiment, the verification client may further include a memory (not shown in the figure) for storing the mapping relationship between the authentication state sent by the application client and the verification method and the attribute information.
本实施例的校验客户端,可以用于执行本发明图3或图4所提供的登录的处理方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The verification client in this embodiment can be used to execute the technical solution of the login processing method provided in FIG. 3 or FIG. 4 of the present invention, and its implementation principle and technical effect are similar, and will not be repeated here.
图11为本发明实施例九提供的登录的处理装置的结构示意图。如图11所示,该装置包括发送模块41接收模块42和认证模块43。认证模块43通过发送模块41向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证;认证模块43通过接收模块42接收认证服务器发送的用户终端的认证状态;认证模块43通过发送模块41将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。FIG. 11 is a schematic structural diagram of a login processing apparatus according to Embodiment 9 of the present invention. As shown in FIG. 11 , the device includes a sending module 41 , a receiving module 42 and an authentication module 43 . The authentication module 43 sends the user identity information corresponding to the user terminal to the authentication server through the sending module 41, so that the authentication server authenticates the user identity information; the authentication module 43 receives the authentication status of the user terminal sent by the authentication server through the receiving module 42; the authentication module 43 Send the user identity information and the authentication state to the verification device through the sending module 41, so that the verification device sends the user identity information and the authentication state to the application client after passing the verification on the application client.
进一步地,在本实施例中,认证模块43还通过接收模块42向认证服务器获取检验方式和属性信息的映射关系;认证模块43还通过发送模块41将检验方式和属性信息的映射关系发送给校验装置,以使校验装置根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验。Further, in this embodiment, the authentication module 43 also obtains the mapping relationship between the inspection mode and the attribute information from the authentication server through the receiving module 42; the authentication module 43 also sends the mapping relationship between the inspection mode and the attribute information to the school through the sending module 41. The verification device is used to make the verification device verify the application client according to the verification method corresponding to the attribute information of the application client.
本实施例的装置,可以用于执行图5或图6所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The apparatus of this embodiment can be used to implement the technical solution of the method embodiment shown in FIG. 5 or FIG. 6 , and the implementation principle and technical effect thereof are similar, and are not repeated here.
图12为本发明实施例十提供的认证客户端的结构示意图。如图12所示,认证客户端包括发射器44、接收器45和处理器46。处理器46通过发射器44向认证服务器发送用户终端对应的用户身份信息,以使认证服务器对用户身份信息进行认证;处理器46通过接收器45接收认证服务器发送的用户终端的认证状态;处理器46通过发射器44将用户身份信息和认证状态发送给校验装置,以使校验装置在对应用客户端校验通过后,向应用客户端发送用户身份信息和认证状态。FIG. 12 is a schematic structural diagram of an authentication client according to Embodiment 10 of the present invention. As shown in FIG. 12 , the authentication client includes a transmitter 44 , a receiver 45 and a processor 46 . The processor 46 sends the user identity information corresponding to the user terminal to the authentication server through the transmitter 44, so that the authentication server authenticates the user identity information; the processor 46 receives the authentication state of the user terminal sent by the authentication server through the receiver 45; the processor 46 Send the user identity information and the authentication state to the verification device through the transmitter 44, so that the verification device sends the user identity information and the authentication state to the application client after passing the verification on the application client.
进一步地,在本实施例中,处理器46还通过接收器45向认证服务器获取检验方式和属性信息的映射关系;处理器46还通过发射器44将检验方式和属性信息的映射关系发送给校验装置,以使校验装置根据与应用客户端的属性信息对应的校验方式,对应用客户端进行校验。Further, in this embodiment, the processor 46 also obtains the mapping relationship between the inspection mode and the attribute information from the authentication server through the receiver 45; the processor 46 also sends the mapping relationship between the inspection mode and the attribute information to the authentication server through the transmitter 44. The verification device is used to make the verification device verify the application client according to the verification method corresponding to the attribute information of the application client.
本实施例的装置,可以用于执行图5或图6所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The apparatus of this embodiment can be used to implement the technical solution of the method embodiment shown in FIG. 5 or FIG. 6 , and the implementation principle and technical effect thereof are similar, and are not repeated here.
图13为本发明实施例十一提供的用户终端的结构示意图。如图12所示,用户终端包括认证客户端51、校验装置52和应用客户端53。认证客户端51用于向认证服务器发送用户终端对应的用户身份信息,并接收认证服务器发送的用户终端的认证状态,将用户身份信息和用户终端的认证状态发送给校验装置52;校验装置52用于接收认证客户端发51送的用户身份信息和用户终端的认证状态,在接收到应用客户端53发送的注册请求之后,根据注册请求中包括的属性信息,对应用客户端53进行校验,并在校验通过后,向应用客户端53发送注册成功消息,在接收应用客户端53发送的登录消息之后,向应用客户端53发送用户身份信息和认证状态;其中,注册请求中包括应用客户端53的属性信息;应用客户端53用于向校验装置52发送注册请求,并在接收校验装置52发送的注册成功消息之后,向校验装置52发送登录消息,接收校验装置52发送的用户身份信息和认证状态后,向应用服务器发送包括用户身份信息登录成功消息以登录到所述应用服务器。FIG. 13 is a schematic structural diagram of a user terminal according to Embodiment 11 of the present invention. As shown in FIG. 12 , the user terminal includes an authentication client 51 , a verification device 52 and an application client 53 . The authentication client 51 is used to send the user identity information corresponding to the user terminal to the authentication server, receive the authentication state of the user terminal sent by the authentication server, and send the user identity information and the authentication state of the user terminal to the verification device 52; the verification device 52 is used to receive the user identity information and the authentication status of the user terminal sent by the authentication client. After receiving the registration request sent by the application client 53, the application client 53 is verified according to the attribute information included in the registration request. After the verification is passed, a registration success message is sent to the application client 53, and after receiving the login message sent by the application client 53, the user identity information and authentication status are sent to the application client 53; wherein, the registration request includes The attribute information of the application client 53; the application client 53 is used to send a registration request to the verification device 52, and after receiving the registration success message sent by the verification device 52, send a login message to the verification device 52, and receive the verification device After sending the user identity information and authentication status at 52, send a login success message including the user identity information to the application server to log in to the application server.
进一步地,在本实施例中,认证客户端51还用于向认证服务器获取校验方式和属性信息的映射关系,并将检验方式和属性信息的映射关系发送给校验装置52;校验装置52还用于查询校验方式与属性信息的映射关系,获取与应用客户端53的属性信息对应的校验方式,并根据与应用客户端53的属性信息对应的校验方式对应用客户端53进行校验。Further, in this embodiment, the authentication client 51 is further configured to obtain the mapping relationship between the verification mode and the attribute information from the authentication server, and send the mapping relationship between the verification mode and the attribute information to the verification device 52; the verification device 52 is also used to query the mapping relationship between the verification method and the attribute information, obtain the verification method corresponding to the attribute information of the application client 53, and verify the application client 53 according to the verification method corresponding to the attribute information of the application client 53. Check it out.
本实施例的用户终端,可以用于执行本发明任意实施例所提供的登录的处理方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The user terminal in this embodiment can be used to execute the technical solution of the login processing method provided by any embodiment of the present invention, and the implementation principle and technical effect thereof are similar, and are not repeated here.
图14为本发明实施例十二提供的登录系统的结构示意图。如图14所示,该登录系统包括图13所示实施例提供的用户终端61和认证服务器62。其中,认证服务器62用于根据接收到的用户终端发送的用户身份信息,对用户终端进行认证,并在认证通过过后,将认证状态发送给用户终端,认证状态表明认证服务器对用户身份信息进行认证的结果。FIG. 14 is a schematic structural diagram of a login system according to Embodiment 12 of the present invention. As shown in FIG. 14 , the login system includes the user terminal 61 and the authentication server 62 provided in the embodiment shown in FIG. 13 . The authentication server 62 is configured to authenticate the user terminal according to the received user identity information sent by the user terminal, and after passing the authentication, send the authentication status to the user terminal. The authentication status indicates that the authentication server authenticates the user identity information. the result of.
进一步地,在本实施例中,登录系统还包括应用服务器(图中未示出)用于接收用户终端发送的登录成功消息,并根据登录成功消息中包括的用户身份信息,获取与用户身份信息关联的账号,并允许账号对应的用户终端61的应用客户端上线;其中,应用服务器中存储应用客户端的账号与用户身份信息之间的关联关系;认证服务器62还用于配置用户终端的应用客户端的属性信息和校验方式之间的映射关系,并将映射关系发送给用户终端。Further, in this embodiment, the login system further includes an application server (not shown in the figure) for receiving a login success message sent by the user terminal, and obtaining and user identity information according to the user identity information included in the login success message. The associated account, and allows the application client of the user terminal 61 corresponding to the account to go online; wherein, the application server stores the association relationship between the account of the application client and the user identity information; the authentication server 62 is also used to configure the application client of the user terminal. The mapping relationship between the attribute information of the terminal and the verification method, and the mapping relationship is sent to the user terminal.
本实施例的登录系统,可以用于执行本发明任意实施例所提供的登录的处理方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The login system of this embodiment can be used to execute the technical solution of the login processing method provided by any embodiment of the present invention, and its implementation principle and technical effect are similar, and are not repeated here.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the steps including the above method embodiments are executed; and the foregoing storage medium includes: ROM, RAM, magnetic disk or optical disk and other media that can store program codes.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. scope.
Claims (13)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849669.8A CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849669.8A CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105812138A CN105812138A (en) | 2016-07-27 |
| CN105812138B true CN105812138B (en) | 2019-05-28 |
Family
ID=56421506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410849669.8A Active CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105812138B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209905B (en) * | 2016-08-16 | 2020-01-24 | 新华三技术有限公司 | Network security management method and device |
| CN110572388B (en) * | 2019-09-05 | 2022-01-04 | 北京宝兰德软件股份有限公司 | Method for connecting unified authentication server and unified authentication adapter |
| CN114827692A (en) * | 2022-04-29 | 2022-07-29 | 深圳市瑞云科技有限公司 | System for operating cloud desktop based on smart television |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140012690A1 (en) * | 2012-07-05 | 2014-01-09 | Paynearme, Inc. | Systems and Methods for Facilitating Cash-Based Transactions |
| CN104065616B (en) * | 2013-03-20 | 2017-06-20 | 中国移动通信集团公司 | Single-point logging method and system |
| CN103501344B (en) * | 2013-10-10 | 2017-08-01 | 瑞典爱立信有限公司 | The method and system of single-sign-on are realized in many applications |
-
2014
- 2014-12-31 CN CN201410849669.8A patent/CN105812138B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN105812138A (en) | 2016-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10979427B2 (en) | Method and device for authenticating based on authenticating device | |
| US11201778B2 (en) | Authorization processing method, device, and system | |
| CN104917727B (en) | A kind of method, system and device of account's authentication | |
| US9292670B2 (en) | Systems and methods for generating and authenticating one time dynamic password based on context information | |
| US10218691B2 (en) | Single sign-on framework for browser-based applications and native applications | |
| US10320771B2 (en) | Single sign-on framework for browser-based applications and native applications | |
| AU2016219712B2 (en) | Method and devices for managing user accounts across multiple electronic devices | |
| CN112491776B (en) | Security authentication method and related equipment | |
| CN105847245B (en) | Electronic mailbox login authentication method and device | |
| US20120331536A1 (en) | Seamless sign-on combined with an identity confirmation procedure | |
| CN110365483B (en) | Cloud platform authentication method, client, middleware and system | |
| US9369286B2 (en) | System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications | |
| CN102811228B (en) | Network login method, equipment and system | |
| CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
| CN110958119A (en) | Identity verification method and device | |
| CN104378376A (en) | SOA-based single-point login method, authentication server and browser | |
| CN107086979B (en) | User terminal verification login method and device | |
| US20170034164A1 (en) | Multifactor authentication for mail server access | |
| CN109936579A (en) | Single sign-on method, device, equipment and computer readable storage medium | |
| CN105743650A (en) | Mobile office identity authentication method, platform and system, and mobile terminal | |
| CN110336870A (en) | Method, device, system and storage medium for establishing remote office operation and maintenance channel | |
| WO2015196817A1 (en) | Account number login method, apparatus and system | |
| CN109726531A (en) | A marketing terminal security control method based on blockchain smart contract | |
| CN111241523A (en) | Authentication processing method, apparatus, device and storage medium | |
| CN105812138B (en) | Processing method, device, user terminal and the login system of login |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |