HK1235562B - Authentication method and apparatus - Google Patents
Authentication method and apparatus Download PDFInfo
- Publication number
- HK1235562B HK1235562B HK17109031.3A HK17109031A HK1235562B HK 1235562 B HK1235562 B HK 1235562B HK 17109031 A HK17109031 A HK 17109031A HK 1235562 B HK1235562 B HK 1235562B
- Authority
- HK
- Hong Kong
- Prior art keywords
- identity information
- terminal
- openurl
- server
- target application
- Prior art date
Links
Description
技术领域Technical Field
本申请涉及计算机技术领域,尤其涉及一种认证方法及装置。The present application relates to the field of computer technology, and in particular to an authentication method and device.
背景技术Background Art
目前,终端的各种应用(Application,APP)得到了广泛的使用,用户可以基于针对应用预先注册的账号和密码,接受该应用的服务器的认证,在认证通过后可成功登录该应用。其中,所述终端包括但不限于:智能手机、平板电脑、智能手表、车载移动台,等等。Currently, various terminal applications (APPs) are widely used. Users can authenticate with the application server using a pre-registered account and password, and successfully log in to the application after passing the authentication. These terminals include, but are not limited to, smartphones, tablets, smartwatches, and in-car mobile devices.
在现有技术中,很多应用的服务器也提供了基于终端标识和验证码对用户进行认证的方法,使得用户无需针对每个应用分别注册账号,其中,所述终端标识可以是手机号码等。需要说明的是,目前,手机号码并不限于手机使用,上述的其他终端也可以使用手机号码实现收发短信(Short Message Service,SMS)等功能。In the prior art, many application servers also provide methods for authenticating users based on terminal identifiers and verification codes, eliminating the need for users to register accounts for each application. The terminal identifier can be a mobile phone number, etc. It should be noted that mobile phone numbers are not limited to mobile phones. The aforementioned other terminals can also use mobile phone numbers to implement functions such as sending and receiving short message services (SMS).
以所述终端标识是手机号码为例,对现有技术中基于终端标识和验证码的认证方法进行说明,主要包括以下操作步骤:启动手机上的应用;用户在该应用的登录界面中输入该手机的手机号码,并通过点击该登录页面提供的特定按钮,向该应用的服务器发送携带该手机号码的验证码获取请求,该服务器接收到该验证码获取请求后,生成验证码(一般为4位数或6位数的随机数字串),并通过短信的方式,返回给该验证码获取请求携带的手机号码所属的手机(也即,该用户的手机),用户可以在手机接收到的短信中查看到该验证码,并将该验证码在登录页面输入,该手机则可以将用户输入的验证码发送给该服务器,以请求登录该应用,该服务器当确定接收到的该验证码与该服务器发送给该手机号码所属的手机的验证码相同时,确定对该用户认证通过,进而允许该手机用该手机号码登录该应用,相应的,手机上的登录界面跳转至登录成功页面。Taking the terminal identifier as a mobile phone number as an example, the authentication method based on the terminal identifier and verification code in the prior art is explained, which mainly includes the following operating steps: starting the application on the mobile phone; the user enters the mobile phone number of the mobile phone in the login interface of the application, and sends a verification code acquisition request carrying the mobile phone number to the server of the application by clicking a specific button provided on the login page. After receiving the verification code acquisition request, the server generates a verification code (generally a 4-digit or 6-digit random number string) and returns it to the mobile phone to which the mobile phone number carried in the verification code acquisition request belongs (that is, the user's mobile phone) via SMS. The user can view the verification code in the SMS received by the mobile phone and enter the verification code on the login page. The mobile phone can then send the verification code entered by the user to the server to request to log in to the application. When the server determines that the verification code received is the same as the verification code sent by the server to the mobile phone to which the mobile phone number belongs, it determines that the user is authenticated and allows the mobile phone to log in to the application with the mobile phone number. Correspondingly, the login interface on the mobile phone jumps to the login success page.
但是,在上述认证过程中,手机在接收到验证码短信后,需要等待用户手动查看验证码短信,以及手动输入并发送验证码后,进而服务器才能对用户进行认证,因此,操作步骤繁琐,认证效率较低。However, in the above authentication process, after receiving the verification code SMS, the mobile phone needs to wait for the user to manually check the verification code SMS, and manually enter and send the verification code before the server can authenticate the user. Therefore, the operation steps are cumbersome and the authentication efficiency is low.
发明内容Summary of the Invention
本申请实施例提供一种认证方法及装置,用以解决现有技术中服务器对用户进行认证的效率较低的问题。The embodiments of the present application provide an authentication method and device to solve the problem of low efficiency of server authentication of users in the prior art.
本申请实施例提供另一种认证方法及装置,用以解决现有技术中服务器对用户进行认证的效率较低的问题。The embodiments of the present application provide another authentication method and device to solve the problem of low efficiency of server authentication of users in the prior art.
本申请实施例提供的一种认证方法,包括:An authentication method provided in an embodiment of the present application includes:
终端向目标应用的服务器发送携带终端标识和身份信息的操作请求;The terminal sends an operation request carrying the terminal identification and identity information to the server of the target application;
接收所述服务器根据所述终端标识返回的开放链接(OpenURL),其中,所述OpenURL携带所述服务器加密后的身份信息;Receiving an open link (OpenURL) returned by the server according to the terminal identifier, wherein the OpenURL carries the encrypted identity information of the server;
根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,使所述服务器根据接收到的身份信息以及所述加密后的身份信息进行认证。According to the OpenURL, the identity information is obtained through the target application, and the obtained identity information and the encrypted identity information are sent to the server, so that the server performs authentication based on the received identity information and the encrypted identity information.
本申请实施例提供的另一种认证方法,包括:Another authentication method provided in an embodiment of the present application includes:
目标应用的服务器接收终端发送的、携带终端标识和身份信息的操作请求;The server of the target application receives the operation request sent by the terminal, which carries the terminal identification and identity information;
根据所述身份信息,生成携带所述服务器加密后的身份信息的OpenURL;Generate an OpenURL carrying the encrypted identity information of the server based on the identity information;
根据所述终端标识,将所述OpenURL返回给所述终端;Returning the OpenURL to the terminal according to the terminal identifier;
接收所述终端根据所述OpenURL,通过所述目标应用获取并发送给所述服务器的所述身份信息以及所述加密后的身份信息;receiving the identity information and the encrypted identity information obtained by the terminal through the target application according to the OpenURL and sent to the server;
根据接收到的身份信息以及所述加密后的身份信息进行认证。Authentication is performed based on the received identity information and the encrypted identity information.
本申请实施例提供的一种认证装置,包括:An authentication device provided in an embodiment of the present application includes:
发送模块,用于为终端向目标应用的服务器发送携带终端标识和身份信息的操作请求;A sending module, configured to send an operation request carrying terminal identification and identity information to a target application server on behalf of the terminal;
接收模块,用于接收所述服务器根据所述终端标识返回的OpenURL,其中,所述OpenURL携带所述服务器加密后的身份信息;A receiving module, configured to receive an OpenURL returned by the server according to the terminal identifier, wherein the OpenURL carries the encrypted identity information of the server;
认证模块,用于根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,使所述服务器根据接收到的身份信息以及所述加密后的身份信息进行认证。The authentication module is used to obtain the identity information through the target application according to the OpenURL, and send the obtained identity information and the encrypted identity information to the server, so that the server performs authentication based on the received identity information and the encrypted identity information.
本申请实施例提供的另一种认证装置,包括:Another authentication device provided in an embodiment of the present application includes:
第一接收模块,用于为目标应用的服务器接收终端发送的、携带终端标识和身份信息的操作请求;A first receiving module is configured to receive, for a server of a target application, an operation request sent by a terminal and carrying a terminal identifier and identity information;
生成模块,用于根据所述身份信息,生成携带所述服务器加密后的身份信息的OpenURL;A generating module, configured to generate an OpenURL carrying the encrypted identity information of the server according to the identity information;
返回模块,用于根据所述终端标识,将所述OpenURL返回给所述终端;A returning module, configured to return the OpenURL to the terminal according to the terminal identifier;
第二接收模块,用于接收所述终端根据所述OpenURL,通过所述目标应用获取并发送给所述服务器的所述身份信息以及所述加密后的身份信息;A second receiving module is configured to receive the identity information and the encrypted identity information that the terminal obtains through the target application according to the OpenURL and sends to the server;
认证模块,用于根据接收到的身份信息以及所述加密后的身份信息进行认证。The authentication module is used to perform authentication based on the received identity information and the encrypted identity information.
本申请实施例通过上述至少一种技术方案,用户可以通过点击所述OpenURL触发服务器进行用户认证,操作步骤简单,认证效率较高。In the embodiment of the present application, through at least one of the above technical solutions, the user can trigger the server to perform user authentication by clicking the OpenURL. The operation steps are simple and the authentication efficiency is high.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide a further understanding of the present application and constitute a part of the present application. The illustrative embodiments of the present application and their descriptions are used to explain the present application and do not constitute an improper limitation on the present application. In the drawings:
图1为本申请实施例提供的认证方法的过程;FIG1 illustrates the process of the authentication method provided in an embodiment of the present application;
图2为本申请实施例提供的另一种认证方法的过程;FIG2 is a process of another authentication method provided in an embodiment of the present application;
图3为本申请实施例提供的、在实际应用场景下,一种认证登录的详细过程;FIG3 is a detailed process of authentication login in an actual application scenario provided by an embodiment of the present application;
图4为本申请实施例提供的对应于图1的认证装置结构示意图;FIG4 is a schematic diagram of the structure of an authentication device corresponding to FIG1 provided in an embodiment of the present application;
图5为本申请实施例提供的对应于图2的认证装置结构示意图。FIG5 is a schematic diagram of the structure of the authentication device corresponding to FIG2 provided in an embodiment of the present application.
具体实施方式DETAILED DESCRIPTION
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。To make the purpose, technical solutions, and advantages of this application more clear, the technical solutions of this application will be clearly and completely described below in conjunction with the specific embodiments of this application and the corresponding drawings. Obviously, the embodiments described are only part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by ordinary technicians in this field without making creative efforts are within the scope of protection of this application.
图1为本申请实施例提供的认证方法的过程,具体包括以下步骤:FIG1 illustrates the authentication method according to an embodiment of the present invention, which specifically includes the following steps:
S101:终端向目标应用的服务器发送携带终端标识和身份信息的操作请求。S101: A terminal sends an operation request carrying a terminal identifier and identity information to a server of a target application.
在本申请实施例中,图1中的认证方法的执行主体可以是搭载有所述目标应用的终端,所述终端包括但不限于:手机、平板电脑、智能手表、车载移动台、个人计算机等。所述目标应用可以是搭载在所述终端上的任一应用。In the embodiment of the present application, the execution subject of the authentication method in Figure 1 can be a terminal equipped with the target application, and the terminal includes but is not limited to: a mobile phone, a tablet computer, a smart watch, a vehicle-mounted mobile station, a personal computer, etc. The target application can be any application installed on the terminal.
在本申请实施例中,终端可以向服务器发送所述操作请求,以请求获得所述服务器提供的、与所述操作请求对应的服务。In an embodiment of the present application, the terminal may send the operation request to the server to request the service provided by the server and corresponding to the operation request.
在实际应用中,为了提高终端和服务器的交互安全性,可以在服务器对终端(使用该终端的用户)认证通过后,才准许终端从服务器获得所述对应的服务,所述认证的过程本身也属于所述对应的服务的一种。在这种情况下,所述操作请求可以是:认证请求,以及包含所述认证请求的其他请求(所述其他请求可以是登录请求、支付请求、用户信息变更请求等),等等。以上是对所述操作请求的举例说明,本申请对所述操作请求并不做限定。In actual applications, to improve the security of interactions between the terminal and the server, the terminal may be allowed to obtain the corresponding service from the server only after the server has authenticated the terminal (the user using the terminal). The authentication process itself is also a type of the corresponding service. In this case, the operation request may be: an authentication request, and other requests containing the authentication request (the other requests may be login requests, payment requests, user information change requests, etc.). The above is an example of the operation request, and this application does not limit the operation request.
在本申请实施例中,所述终端标识可以是所述终端与服务器进行交互时使用的通信地址(用于对所述终端寻址),如所述终端标识可以是所述终端的手机号码、所述终端当前使用的邮箱地址,等等。In an embodiment of the present application, the terminal identifier can be a communication address used when the terminal interacts with the server (used to address the terminal), such as the terminal identifier can be the mobile phone number of the terminal, the email address currently used by the terminal, and so on.
所述身份信息可以唯一标识所述终端,由于在实际应用中,一个终端一般由一个用户固定使用,因此,可以认为所述身份信息不仅可以表示所述终端的身份,也可以表示使用所述终端的用户的身份。所述身份信息可以是所述终端的国际移动设备身份码(International Mobile Equipment Identity,IMEI)、国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)和介质访问控制(Media Access Control,MAC)地址,等等。The identity information can uniquely identify the terminal. Since, in actual applications, a terminal is generally used by a fixed user, it can be considered that the identity information not only represents the identity of the terminal, but also the identity of the user using the terminal. The identity information can be the International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identification Number (IMSI), and Media Access Control (MAC) address of the terminal, etc.
S102:接收所述服务器根据所述终端标识返回的开放链接OpenURL,其中,所述OpenURL携带所述服务器加密后的身份信息。S102: Receive an open link OpenURL returned by the server according to the terminal identifier, wherein the OpenURL carries the encrypted identity information of the server.
为了便于理解,对OpenURL进行说明。OpenURL是一种可以携带元数据和资源地址信息,可以运行的统一资源定位符(Uniform Resource Locator,URL),可以用于实现唤醒应用,以及在不同应用之间传递预定参数和预定数据等功能。可以利用OpenURL的上述特性,解决背景技术中提及的问题。To facilitate understanding, the following describes OpenURL. OpenURL is a runnable Uniform Resource Locator (URL) that can carry metadata and resource address information. It can be used to implement functions such as waking up applications and transferring predefined parameters and data between different applications. These features of OpenURL can be used to address the issues mentioned in the background technology.
在本申请实施例中,所述加密后的身份信息是服务器对接收到的终端发送的所述身份信息进行加密后生成的。需要说明的是,服务器在对所述身份信息进行加密时,还可以一同加密当前时间戳以及接收到终端发送的所述终端标识,在这种情况下,所述加密后的身份信息中还可以包含有加密后的所述终端标识、加密后的所述当前时间戳等信息。In this embodiment of the present application, the encrypted identity information is generated by the server after encrypting the identity information received from the terminal. It should be noted that when encrypting the identity information, the server may also encrypt the current timestamp and the terminal identifier sent by the receiving terminal. In this case, the encrypted identity information may also include the encrypted terminal identifier, the encrypted current timestamp, and other information.
进一步的,由于服务器是根据所述终端标识返回OpenURL的,因此,假定有攻击者冒充使用该终端的用户,只要该攻击者未拿到该终端,则无法接收到服务器返回的所述OpenURL,进而也无法通过后续认证,因此,提高了本申请提高的认证方法的安全性。Furthermore, since the server returns the OpenURL based on the terminal identifier, even if an attacker impersonates a user using the terminal, as long as the attacker does not have the terminal, he or she will not be able to receive the OpenURL returned by the server and will not be able to pass subsequent authentication. Therefore, the security of the authentication method improved by this application is improved.
S103:根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,使所述服务器根据接收到的身份信息以及所述加密后的身份信息进行认证。S103: According to the OpenURL, the identity information is obtained through the target application, and the obtained identity information and the encrypted identity information are sent to the server, so that the server performs authentication according to the received identity information and the encrypted identity information.
在本申请实施例中,所述OpenURL是可运行的,用户可以通过点击所述OpenURL,触发终端和服务器自动执行后续认证过程,相比于现有技术用户手动查看、输入以及提交验证码的方式,操作简单,认证效率较高。In the embodiment of the present application, the OpenURL is executable, and the user can click on the OpenURL to trigger the terminal and server to automatically execute the subsequent authentication process. Compared with the existing technology in which users manually view, enter and submit verification codes, the operation is simple and the authentication efficiency is high.
在本申请实施例中,在正常情况下,由于步骤S101和步骤S103是同一个终端执行的,因此,步骤S101中的身份信息与步骤S103中终端获取的身份信息是相同的,所述终端可以通过服务器的认证。而在异常情况下,例如,假定终端A通过执行步骤S101,获得OpenURL,而终端B从终端A上拷贝到该OpenURL,然后不由终端A而是由终端B执行步骤S103,这种情况下,步骤S101中的身份信息(由终端A获取)与步骤S103中终端B获取的身份信息不相同,终端B无法冒充终端A通过服务器的认证。In the embodiment of the present application, under normal circumstances, since step S101 and step S103 are executed by the same terminal, the identity information in step S101 is the same as the identity information obtained by the terminal in step S103, and the terminal can pass the server's authentication. In abnormal circumstances, for example, assuming that terminal A obtains the OpenURL by executing step S101, and terminal B copies the OpenURL from terminal A, and then step S103 is executed by terminal B instead of terminal A, in this case, the identity information in step S101 (obtained by terminal A) is different from the identity information obtained by terminal B in step S103, and terminal B cannot impersonate terminal A to pass the server's authentication.
因此,本申请实施例提供的认证方法,可以防止攻击者盗用服务器为合法终端生成的OpenURL用于认证。Therefore, the authentication method provided in the embodiment of the present application can prevent attackers from stealing the OpenURL generated by the server for the legitimate terminal for authentication.
通过上述方法,由于用户可以通过点击所述OpenURL触发服务器进行用户认证,操作步骤简单,认证效率较高,因此,可以解决中服务器对用户进行认证的效率较低的问题。Through the above method, since the user can trigger the server to perform user authentication by clicking the OpenURL, the operation steps are simple and the authentication efficiency is high. Therefore, the problem of low efficiency of the server in authenticating users can be solved.
在本申请实施例中,终端向服务器发送的操作请求中携带的终端标识和身份信息可以由用户手动输入,也可以由终端自动获取。In an embodiment of the present application, the terminal identification and identity information carried in the operation request sent by the terminal to the server can be manually input by the user or automatically obtained by the terminal.
例如,对于步骤S101,终端向目标应用的服务器发送携带终端标识和身份信息的操作请求,具体可以包括:终端接收用户输入的终端标识;通过所述目标应用获取身份信息;向所述目标应用的服务器发送携带所述终端标识和所述身份信息的操作请求。For example, for step S101, the terminal sends an operation request carrying the terminal identification and identity information to the server of the target application, which may specifically include: the terminal receives the terminal identification input by the user; obtains the identity information through the target application; and sends an operation request carrying the terminal identification and the identity information to the server of the target application.
更具体的,终端上的所述目标应用可以为用户提供特定操作界面和操作控件,以便于用户可以通过在该操作界面中输入终端标识,以及点击该操作控件触发终端获取到终端标识和身份信息并执行步骤S101。More specifically, the target application on the terminal can provide a specific operation interface and operation control for the user, so that the user can input the terminal identification in the operation interface and click the operation control to trigger the terminal to obtain the terminal identification and identity information and execute step S101.
需要说明的是,以上只是举例说明了步骤S101的一种具体实施方式,在实际应用中,当采用不同的方法获取终端标识和身份信息时,步骤S101的具体实施方式相应地也可以不同。It should be noted that the above is only an example of a specific implementation of step S101. In actual applications, when different methods are used to obtain the terminal identifier and identity information, the specific implementation of step S101 may also be different accordingly.
在本申请实施例中,服务器可以通过所述终端标识对所述终端寻址,进而向所述终端发送OpenURL。为了使用户可以正常使用(包括但不限于:可以看见、可以点击运行、可以复制等操作中的至少一种)终端接收到的OpenURL,服务器可以将所述OpenURL携带在预定格式的消息中进行发送,所述预定格式可以根据所述终端标识确定。In an embodiment of the present application, the server may address the terminal using the terminal identifier and then send an OpenURL to the terminal. To enable the user to normally use (including but not limited to at least one of viewing, clicking to run, and copying) the OpenURL received by the terminal, the server may send the OpenURL in a message with a predetermined format, wherein the predetermined format is determined based on the terminal identifier.
以所述终端标识是手机号码为例进行说明,在这种情况下,对于步骤S102,接收所述服务器根据所述终端标识返回的开放链接OpenURL,具体包括:接收所述服务器采用所述终端标识对应的信息发送方式,向所述终端标识对应的终端返回的、包含有OpenURL的特定信息,其中,所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。本申请实施例主要针对这种场景进行说明。For example, the terminal identifier is a mobile phone number. In this case, step S102 includes receiving the open link OpenURL returned by the server based on the terminal identifier, specifically including receiving specific information including the OpenURL returned by the server to the terminal corresponding to the terminal identifier using the information sending method corresponding to the terminal identifier, wherein the information sending method corresponding to the terminal identifier includes a short message service (SMS) method, and the specific information includes a text message. The embodiments of the present application are primarily illustrative of this scenario.
当然,在实际应用中,所述终端标识还可以是其他信息,如用户在所述终端上使用的邮箱地址,在这种情况下,所述终端标识对应的信息发送方式包括邮件服务方式,所述特定信息包括邮件。Of course, in actual applications, the terminal identifier may also be other information, such as an email address used by the user on the terminal. In this case, the information sending method corresponding to the terminal identifier includes an email service method, and the specific information includes email.
另外,在使用短信或邮件作为服务器向终端发送OpenURL的情况下,由于短信服务和邮件服务已经是终端上很普及的应用服务,因此,在实施所述认证方法时,发送OpenURL的这一步骤的实施成本很小,而且可靠性较高。In addition, when using SMS or email as the server to send OpenURL to the terminal, since SMS service and email service are already very popular application services on the terminal, when implementing the authentication method, the implementation cost of sending OpenURL is very low and the reliability is high.
在本申请实施例中,为了实现步骤S103中的认证过程,服务器并非是随意生成一个OpenURL返回给终端,而是要生成可以适用于该认证过程OpenURL,以使得终端可以基于该OpenURL唤醒目标应用,以及通过目标应用向服务器传递用于所述认证需要用到的相关信息,下面对服务器生成的OpenURL进行详细说明。In an embodiment of the present application, in order to implement the authentication process in step S103, the server does not arbitrarily generate an OpenURL and return it to the terminal, but generates an OpenURL that can be applied to the authentication process so that the terminal can wake up the target application based on the OpenURL, and pass the relevant information needed for the authentication to the server through the target application. The OpenURL generated by the server is described in detail below.
所述OpenURL不仅携带有所述服务器加密后的身份信息,还可以携带有所述目标应用的统一资源定位符方案(URL Schemes)字段信息、所述目标应用的对应于所述操作请求的处理标识。The OpenURL not only carries the encrypted identity information of the server, but also may carry the Uniform Resource Locator Schemes (URL Schemes) field information of the target application and the processing identifier of the target application corresponding to the operation request.
在这种情况下,对于步骤S103,根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,具体可以包括:当接收到到针对所述OpenURL的解析请求时,根据所述OpenURL包含的所述URLSchemes字段信息,唤醒所述目标应用,其中,所述解析请求是由用户通过点击所述特定信息中的所述OpenURL发送的;将所述OpenURL包含的所述加密后的身份信息和所述处理标识发送给唤醒后的所述目标应用,以便于所述目标应用执行以下操作:根据所述处理标识获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器。In this case, for step S103, according to the OpenURL, the identity information is obtained through the target application, and the obtained identity information and the encrypted identity information are sent to the server, which may specifically include: when a resolution request for the OpenURL is received, according to the URLSchemes field information contained in the OpenURL, waking up the target application, wherein the resolution request is sent by the user by clicking the OpenURL in the specific information; sending the encrypted identity information and the processing identifier contained in the OpenURL to the awakened target application, so that the target application performs the following operations: obtaining the identity information according to the processing identifier, and sending the obtained identity information and the encrypted identity information to the server.
可以看到,当所述特定信息是短信时,用户只需点击该短信中的OpenURL就可以出发步骤S103的执行,操作简单,用户体验较好。It can be seen that when the specific information is a text message, the user only needs to click the OpenURL in the text message to initiate the execution of step S103, which is simple to operate and provides a good user experience.
为了便于理解,对URL Schemes字段信息和处理标识进行说明。To facilitate understanding, the URL Schemes field information and processing identifiers are explained.
对于URL Schemes字段信息,每个应用都可以有一个URL Schemes字段信息,该URLSchemes字段信息可以由该应用的服务器或开发者自行定义,该URL Schemes字段信息可以唯一标识该应用。因此,在本申请实施例中,终端可以根据目标应用的URL Schemes字段信息,寻址到终端上的目标应用的位置,进而从终端上的其他位置,唤醒目标应用以及跳转至目标应用中。For URL Schemes field information, each application can have a URL Schemes field information, which can be defined by the server or developer of the application. The URL Schemes field information can uniquely identify the application. Therefore, in the embodiment of the present application, the terminal can address the location of the target application on the terminal based on the URL Schemes field information of the target application, and then wake up the target application and jump to the target application from other locations on the terminal.
对于处理标识,每个应用都可以有多个处理标识,每个处理标识可以分别对应于终端针对该应用的一种操作请求,可以由该应用的服务器或开发者自行定义针对每种操作请求进行相应处理的业务逻辑,目标应用或服务器可以根据操作请求对应的处理标识,确定该操作请求对应的业务逻辑的入口,进而执行该业务逻辑。对于在本申请实施例中,所述业务逻辑可以是用于实现认证、登录等过程的业务逻辑。Each application can have multiple processing identifiers, each of which can correspond to an operation request from the terminal for that application. The application's server or developer can define the business logic for each operation request. The target application or server can determine the entry point for the business logic corresponding to the operation request based on the processing identifier corresponding to the operation request, and then execute the business logic. In the embodiments of the present application, the business logic can be the business logic used to implement processes such as authentication and login.
在本申请实施例中,前面已经提及,所述操作请求可以是包含认证请求的其他请求,在这种情况下,服务器在对终端认证通过后,还可以进一步地执行所述其他请求涉及的其他业务逻辑。In the embodiment of the present application, as mentioned above, the operation request may be other requests including an authentication request. In this case, after successfully authenticating the terminal, the server may further execute other business logic involved in the other requests.
例如,当所述操作请求包括登录请求时,服务器在对终端认证通过后,还可以根据所述终端标识,生成登录成功页面并返回给所述终端,则终端可以从当前页面跳转至所述目标应用的登录成功页面,从而成功地完成登录过程。For example, when the operation request includes a login request, after the server authenticates the terminal, it can also generate a login success page based on the terminal identifier and return it to the terminal. The terminal can then jump from the current page to the login success page of the target application, thereby successfully completing the login process.
以上对服务器生成的OpenURL进行了详细说明。为了便于理解,进一步地举例对在某实际应用场景下,服务器生成的OpenURL进行说明。假定所述操作请求时登录请求,目标应用是某电商应用,该电商应用的URL Schemes字段信息是“alipay”,该电商应用的对应于登录请求的处理标识是“phoneMsgLogin”,服务器加密后的身份信息表示为“sdasdqwe123213sadasdas”。则服务器可以生成OpenURL如下:The above describes in detail the OpenURL generated by the server. For ease of understanding, we will further illustrate the OpenURL generated by the server in a certain actual application scenario with an example. Assuming that the operation request is a login request, the target application is an e-commerce application, the URL Schemes field information of the e-commerce application is "alipay", and the processing identifier corresponding to the login request of the e-commerce application is "phoneMsgLogin". The encrypted identity information of the server is represented as "sdasdqwe123213sadasdas". Then the server can generate the OpenURL as follows:
“alipay:phoneMsgLogin?token=sdasdqwe123213sadasdas”;"alipay:phoneMsgLogin?token=sdasdqwe123213sadasdas";
其中,“token”是用于保存服务器加密后的身份信息的参数的预定名称,在实际应用中,对该参数的预定名称并不做限定,也可以用其他字符串作为该参数的预定名称。Here, "token" is a predetermined name of a parameter used to store the encrypted identity information of the server. In actual applications, there is no limitation on the predetermined name of the parameter, and other character strings may also be used as the predetermined name of the parameter.
以上是以终端执行主体,本申请实施例提供的认证方法的过程。基于同样的思路,本申请实施例还提供了一种以目标应用的服务器为执行主体的认证方法,如图2所述。The above is the process of the authentication method provided by the embodiment of the present application with the terminal as the execution subject. Based on the same idea, the embodiment of the present application also provides an authentication method with the server of the target application as the execution subject, as shown in Figure 2.
图2为本申请实施例提供的另一种认证方法的过程,具体包括以下步骤:FIG2 is a process of another authentication method provided in an embodiment of the present application, which specifically includes the following steps:
S201:目标应用的服务器接收终端发送的、携带终端标识和身份信息的操作请求。S201: The server of the target application receives an operation request sent by a terminal, which carries the terminal identification and identity information.
在本申请实施例中,图2中的认证方法的执行主体可以是所述目标应用的服务器,所述服务器包括但不限于:个人计算机、大中型计算机、计算机集群等。In the embodiment of the present application, the execution subject of the authentication method in FIG2 may be the server of the target application, and the server includes but is not limited to: a personal computer, a large or medium-sized computer, a computer cluster, etc.
202:根据所述身份信息,生成携带所述服务器加密后的身份信息的开放链接OpenURL。202: Generate an open link OpenURL carrying the encrypted identity information of the server according to the identity information.
203:根据所述终端标识,将所述OpenURL返回给所述终端。203: Return the OpenURL to the terminal according to the terminal identifier.
204:接收所述终端根据所述OpenURL,通过所述目标应用获取并发送给所述服务器的所述身份信息以及所述加密后的身份信息。204: Receive the identity information and the encrypted identity information that the terminal obtains through the target application according to the OpenURL and sends to the server.
205:根据接收到的身份信息以及所述加密后的身份信息进行认证。205: Perform authentication based on the received identity information and the encrypted identity information.
通过上述方法,用户可以通过点击所述OpenURL触发服务器进行用户认证,操作步骤简单,认证效率较高。因此,可以解决中服务器对用户进行认证的效率较低的问题。Through the above method, the user can trigger the server to perform user authentication by clicking the OpenURL, the operation steps are simple, and the authentication efficiency is high. Therefore, the problem of low efficiency of the server in authenticating users can be solved.
在本申请实施例中,对于步骤S202,根据所述身份信息,生成携带所述服务器加密后的身份信息的开放链接OpenURL,具体可以包括:将所述终端标识、所述身份信息和当前时间戳组合为字符串,并采用预定的可逆算法,对所述字符串进行加密,生成加密后的身份信息;根据所述目标应用和所述操作请求,获取所述目标应用的统一资源定位符方案URLSchemes字段信息和对应于所述操作请求的处理标识;生成携带所述加密后的身份信息、所述URL Schemes字段信息和所述处理标识的OpenURL。In an embodiment of the present application, for step S202, based on the identity information, an open link OpenURL carrying the encrypted identity information of the server is generated, which can specifically include: combining the terminal identifier, the identity information and the current timestamp into a character string, and using a predetermined reversible algorithm to encrypt the character string to generate encrypted identity information; based on the target application and the operation request, obtaining the Uniform Resource Locator Scheme URLSchemes field information of the target application and the processing identifier corresponding to the operation request; generating an OpenURL carrying the encrypted identity information, the URL Schemes field information and the processing identifier.
对于所述当前时间戳,可以用于服务器后续验证所述OpenURL是否超时失效。在这种情况下,服务器在生成所述OpenURL时,可以设置所述OpenURL的最大生存时间(可以是1分钟、3分钟、5分钟等),在该OpenURL生成后经过该最大生存时间后,服务器可以判定该OpenURL失效,进而可以拒绝执行根据该OpenURL触发的认证过程,需要终端重新获取服务器重新生成的OpenURL用于认证。因此,所述当前时间戳有助于提高所述认证方法的安全性。The current timestamp can be used by the server to subsequently verify whether the OpenURL has timed out. In this case, when generating the OpenURL, the server can set a maximum lifetime for the OpenURL (which can be 1 minute, 3 minutes, 5 minutes, etc.). After the maximum lifetime has expired, the server can determine that the OpenURL is invalid and refuse to execute the authentication process triggered by the OpenURL, requiring the terminal to re-acquire the OpenURL generated by the server for authentication. Therefore, the current timestamp helps improve the security of the authentication method.
上述的加密过程可以防止终端的终端标识、身份信息和当前时间戳在传输过程中被攻击者篡改,可以提高所述认证方法的安全性。The above encryption process can prevent the terminal identification, identity information and current timestamp of the terminal from being tampered with by an attacker during transmission, thereby improving the security of the authentication method.
本申请实施例对组合生成所述字符串所采用的组合方法,以及加密所述字符串所采用可逆算法并不做限定。下面举例说明在实际应用中的一种组合方法。The embodiment of the present application does not limit the combination method used to generate the character string and the reversible algorithm used to encrypt the character string. The following example illustrates a combination method in actual application.
例如,假定所述终端标识是手机号码“186XXXXXXXX”,所述身份信息是所述终端的MAC地址、IMEI和IMSI,当前时间戳为2015年9月6日01:25(换算为毫秒数为:1441473914543)。将该终端标识、身份信息、当前时间戳通过串接的组合方式,生成字符串,可以将该字符串表示为“186XXXXXXXX+MAC+IMEI+IMSI+1441473914543”,进而可以对该字符串加密生成加密后的身份信息,可以看到,在这种情况下,所述加密后的身份信息不仅包含了加密的身份信息,也包含了加密的终端标识和加密的当前时间戳。需要说明的是,由于终端的MAC、IMEI、IMSI的位数较长,因此,未在上述的字符串中详细表示,仅直接用名称代替表示。For example, assuming the terminal identifier is the mobile phone number "186XXXXXXXX," the identity information is the terminal's MAC address, IMEI, and IMSI, and the current timestamp is 01:25 on September 6, 2015 (converted to milliseconds: 1441473914543). The terminal identifier, identity information, and current timestamp are concatenated to generate a string, which can be represented as "186XXXXXXXX+MAC+IMEI+IMSI+1441473914543." This string can then be encrypted to generate encrypted identity information. It can be seen that in this case, the encrypted identity information includes not only the encrypted identity information, but also the encrypted terminal identifier and the encrypted current timestamp. It should be noted that due to the long number of digits in the terminal's MAC, IMEI, and IMSI, they are not represented in detail in the above string and are instead represented directly by their names.
进一步的,在本申请实施例中,对于步骤S203,根据所述终端标识,将所述OpenURL返回给所述终端,具体可以包括:采用所述终端标识对应的信息发送方式,向所述终端标识对应的终端返回包含有OpenURL的特定信息,其中,所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。Furthermore, in an embodiment of the present application, for step S203, returning the OpenURL to the terminal according to the terminal identifier may specifically include: adopting the information sending method corresponding to the terminal identifier, returning specific information containing the OpenURL to the terminal corresponding to the terminal identifier, wherein the information sending method corresponding to the terminal identifier includes a short message service SMS method, and the specific information includes a text message.
在本申请实施例中,对于步骤205,具体包括:In the embodiment of the present application, step 205 specifically includes:
采用所述可逆算法,对接收到的所述加密后的身份信息进行解密,获得所述字符串;当确定接收到的身份信息与所述字符串中包含的身份信息相同、且所述字符串中包含的时间戳与当前时间之间的间隔不大于预设阈值时,确定认证通过;当确定接收到的身份信息与所述字符串中包含的身份信息不相同、或所述字符串中包含的时间戳与当前时间之间的间隔大于预设阈值时,确定认证不通过。The reversible algorithm is used to decrypt the received encrypted identity information to obtain the character string; when it is determined that the received identity information is the same as the identity information contained in the character string, and the interval between the timestamp contained in the character string and the current time is not greater than a preset threshold, the authentication is determined to be successful; when it is determined that the received identity information is not the same as the identity information contained in the character string, or the interval between the timestamp contained in the character string and the current time is greater than a preset threshold, the authentication is determined to be unsuccessful.
其中,所述预设阈值可以是上面提及的OpenURL的最大生存时间。The preset threshold may be the maximum lifetime of the OpenURL mentioned above.
类似于图1中的认证过程,当所述操作请求包括登录请求时,在步骤S205之后,若服务器确定所述认证通过,则可以根据所述终端标识,生成登录成功页面并返回给所述终端。在这种情况下,服务器是将所述终端标识作为了用户成功登录目标应用后所使用的账号,因此,用户并不需要预先针对每个应用预分别注册账号,而是可以使用同一终端标识登录各应用,提高了用户登录的便利性。Similar to the authentication process in Figure 1, when the operation request includes a login request, after step S205, if the server determines that the authentication is successful, it can generate a login success page based on the terminal identifier and return it to the terminal. In this case, the server uses the terminal identifier as the account used by the user after successfully logging into the target application. Therefore, the user does not need to pre-register an account for each application. Instead, they can use the same terminal identifier to log in to each application, improving user login convenience.
以上分别从终端角度和服务器角度,对本申请提供的认证方法进行了说明。本申请实施例还结合图1和图2中的过程,提供了一个双端(终端、目标应用的服务器)交互流程图,以举例说明在实际应用中,本申请提供的认证方法的一种详细实施过程,如图3所示,假定所述终端标识是手机号码,所述操作请求是登录请求,所述身份信息包括IMEI、IMSI和MAC地址中的至少一种,所述详细实施过程具体可以包括以下步骤:The above describes the authentication method provided by this application from the perspective of the terminal and the server respectively. The embodiment of this application also provides a two-end (terminal, target application server) interaction flow chart in combination with the process in Figures 1 and 2 to illustrate a detailed implementation process of the authentication method provided by this application in actual application. As shown in Figure 3, assuming that the terminal identifier is a mobile phone number, the operation request is a login request, and the identity information includes at least one of IMEI, IMSI and MAC address, the detailed implementation process may specifically include the following steps:
S301:用户在终端上的目标应用中输入该终端的手机号码,点击目标应用提供的登录按钮。S301: The user enters the mobile phone number of the terminal in the target application on the terminal and clicks the login button provided by the target application.
S302:目标应用检测到用户的点击登录按钮操作后,获取终端的身份信息,并向目标应用的服务器发送携带该身份信息和用户输入的手机号码的登录请求。S302: After detecting that the user clicks the login button, the target application obtains the identity information of the terminal and sends a login request carrying the identity information and the mobile phone number input by the user to the server of the target application.
S303:服务器将接收到的终端标识、身份信息和确定的当前时间戳组合为字符串,并采用预定的可逆算法,对所述字符串进行加密,生成加密后的身份信息。S303: The server combines the received terminal identification, identity information and the determined current timestamp into a character string, and encrypts the character string using a predetermined reversible algorithm to generate encrypted identity information.
S304:服务器根据目标应用和该登录请求,获取目标应用的URL Schemes字段信息和对应于该登录请求的处理标识。S304: The server obtains the URL Schemes field information of the target application and the processing identifier corresponding to the login request according to the target application and the login request.
S305:服务器生成携带该加密后的身份信息、该URL Schemes字段信息和该处理标识的OpenURL。S305: The server generates an OpenURL that carries the encrypted identity information, the URL Schemes field information, and the processing identifier.
S306:服务器通过短信方式,向该手机号码对应的终端发送包含该OpenURL的短信。S306: The server sends a text message containing the OpenURL to the terminal corresponding to the mobile phone number via text message.
S307:终端通过短信应用接收到该短信,用户点击该短信中的OpenURL。S307: The terminal receives the SMS message through the SMS application, and the user clicks the OpenURL in the SMS message.
S308:终端从该OpenURL中解析出该加密后的身份信息、该URL Schemes字段信息和该处理标识。S308: The terminal parses the OpenURL to obtain the encrypted identity information, the URL Schemes field information, and the processing identifier.
S309:终端根据该URL Schemes字段信息,唤醒目标应用,并该加密后的身份信息和该处理标识发送给目标应用。S309: The terminal wakes up the target application according to the URL Schemes field information, and sends the encrypted identity information and the processing identifier to the target application.
S310:目标应用根据该处理标识获取终端的身份信息,并将获取的身份信息以及该加密后的身份信息发送给服务器。S310: The target application obtains the identity information of the terminal according to the processing identifier, and sends the obtained identity information and the encrypted identity information to the server.
S311:服务器采用该可逆算法,对接收到的该加密后的身份信息进行解密,获得该字符串。S311: The server uses the reversible algorithm to decrypt the received encrypted identity information to obtain the character string.
S312:服务器当确定接收到的身份信息与该字符串中包含的身份信息相同、且该字符串中包含的时间戳与当前时间之间的间隔不大于预设阈值时,确定认证通过。S312: When the server determines that the received identity information is the same as the identity information included in the character string, and the interval between the timestamp included in the character string and the current time is not greater than a preset threshold, the server determines that the authentication is successful.
S313:服务器在确定认证通过后,根据该字符串中包含的手机号码,生成登录成功页面并返回给终端。S313: After confirming that the authentication is successful, the server generates a login success page based on the mobile phone number contained in the character string and returns it to the terminal.
S314:终端跳转至目标应用的登录成功页面。S314: The terminal jumps to the target application's login success page.
需要说明的是,本申请实施例提供的认证方法同样也可以用于无线网站,将所述认证方法中的目标应用替换为无线网站即可。在这种情况下,用户可以基于所述认证方法,接收无线网站的服务器的认证,进而在认证通过后登录该无线网站,以及向所述网线网站的服务器请求获得其他服务。It should be noted that the authentication method provided in the embodiments of the present application can also be used for wireless websites by replacing the target application in the authentication method with the wireless website. In this case, the user can receive authentication from the wireless website's server based on the authentication method, and then log in to the wireless website after passing the authentication, and request other services from the server of the network website.
以上为本申请实施例提供的认证方法,基于同样的思路,本申请实施例还提供相应的认证装置,如图4、图5所示。The above is the authentication method provided in the embodiment of the present application. Based on the same idea, the embodiment of the present application also provides a corresponding authentication device, as shown in Figures 4 and 5.
图4为本申请实施例提供的对应于图1的认证装置结构示意图,具体包括:FIG4 is a schematic diagram of the structure of the authentication device corresponding to FIG1 provided in an embodiment of the present application, specifically including:
发送模块401,用于为终端向目标应用的服务器发送携带终端标识和身份信息的操作请求;The sending module 401 is used to send an operation request carrying the terminal identification and identity information to the server of the target application on behalf of the terminal;
接收模块402,用于接收所述服务器根据所述终端标识返回的OpenURL,其中,所述OpenURL携带所述服务器加密后的身份信息;A receiving module 402 is configured to receive an OpenURL returned by the server according to the terminal identifier, wherein the OpenURL carries the encrypted identity information of the server;
认证模块403,用于根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,使所述服务器根据接收到的身份信息以及所述加密后的身份信息进行认证。The authentication module 403 is configured to obtain the identity information through the target application according to the OpenURL, and send the obtained identity information and the encrypted identity information to the server, so that the server performs authentication based on the received identity information and the encrypted identity information.
所述发送模块401具体用于:为终端接收用户输入的终端标识;通过所述目标应用获取身份信息;向所述目标应用的服务器发送携带所述终端标识和所述身份信息的操作请求。The sending module 401 is specifically configured to: receive a terminal identifier input by a user for the terminal; obtain identity information through the target application; and send an operation request carrying the terminal identifier and the identity information to the server of the target application.
所述接收模块402具体用于:接收所述服务器采用所述终端标识对应的信息发送方式,向所述终端标识对应的终端返回的、包含有OpenURL的特定信息,其中,所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。The receiving module 402 is specifically used to: receive the specific information containing OpenURL returned by the server to the terminal corresponding to the terminal identifier using the information sending method corresponding to the terminal identifier, wherein the information sending method corresponding to the terminal identifier includes the SMS method, and the specific information includes text messages.
所述OpenURL还携带有所述目标应用的URL Schemes字段信息、所述目标应用的对应于所述操作请求的处理标识;The OpenURL also carries the URL Schemes field information of the target application and the processing identifier of the target application corresponding to the operation request;
所述认证模块403具体用于:当接收到到针对所述OpenURL的解析请求时,根据所述OpenURL包含的所述URL Schemes字段信息,唤醒所述目标应用,其中,所述解析请求是由用户通过点击所述特定信息中的所述OpenURL发送的;将所述OpenURL包含的所述加密后的身份信息和所述处理标识发送给唤醒后的所述目标应用,以便于所述目标应用执行以下操作:根据所述处理标识获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器。The authentication module 403 is specifically used to: when receiving a resolution request for the OpenURL, wake up the target application according to the URL Schemes field information contained in the OpenURL, wherein the resolution request is sent by the user by clicking the OpenURL in the specific information; send the encrypted identity information and the processing identifier contained in the OpenURL to the awakened target application, so that the target application performs the following operations: obtain the identity information according to the processing identifier, and send the obtained identity information and the encrypted identity information to the server.
所述操作请求包括登录请求;The operation request includes a login request;
所述装置还包括:The device further comprises:
登录模块404,用于在通过所述认证后,跳转至所述目标应用的登录成功页面;其中,所述登录成功页面是所述服务器根据所述终端标识,生成并返回给所述终端的。The login module 404 is used to jump to the login success page of the target application after passing the authentication; wherein the login success page is generated by the server according to the terminal identifier and returned to the terminal.
所述终端标识包括手机号码,所述身份信息包括国际移动设备身份码IMEI、国际移动用户识别码IMSI和介质访问控制MAC地址中的至少一种;The terminal identification includes a mobile phone number, and the identity information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), and a Media Access Control (MAC) address;
所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。The information sending mode corresponding to the terminal identifier includes a short message service (SMS) mode, and the specific information includes a short message.
具体的上述如图4所示的装置可以位于终端上。Specifically, the device shown in FIG. 4 may be located on a terminal.
图5为本申请实施例提供的对应于图2的认证装置结构示意图,具体包括:FIG5 is a schematic diagram of the structure of the authentication device provided in an embodiment of the present application, corresponding to FIG2 , specifically including:
第一接收模块501,用于为目标应用的服务器接收终端发送的、携带终端标识和身份信息的操作请求;The first receiving module 501 is configured to receive an operation request sent by a terminal and carrying terminal identification and identity information for a server of a target application;
生成模块502,用于根据所述身份信息,生成携带所述服务器加密后的身份信息的OpenURL;A generating module 502 is configured to generate an OpenURL carrying the encrypted identity information of the server according to the identity information;
返回模块503,用于根据所述终端标识,将所述OpenURL返回给所述终端;A returning module 503 is configured to return the OpenURL to the terminal according to the terminal identifier;
第二接收模块504,用于接收所述终端根据所述OpenURL,通过所述目标应用获取并发送给所述服务器的所述身份信息以及所述加密后的身份信息;A second receiving module 504 is configured to receive the identity information and the encrypted identity information that the terminal obtains through the target application according to the OpenURL and sends to the server;
认证模块505,用于根据接收到的身份信息以及所述加密后的身份信息进行认证。The authentication module 505 is configured to perform authentication based on the received identity information and the encrypted identity information.
所述生成模块502具体用于:将所述终端标识、所述身份信息和当前时间戳组合为字符串,并采用预定的可逆算法,对所述字符串进行加密,生成加密后的身份信息;根据所述目标应用和所述操作请求,获取所述目标应用的URL Schemes字段信息和对应于所述操作请求的处理标识;生成携带所述加密后的身份信息、所述URL Schemes字段信息和所述处理标识的OpenURL。The generation module 502 is specifically used to: combine the terminal identification, the identity information and the current timestamp into a character string, and use a predetermined reversible algorithm to encrypt the character string to generate encrypted identity information; obtain the URL Schemes field information of the target application and the processing identifier corresponding to the operation request according to the target application and the operation request; generate an OpenURL carrying the encrypted identity information, the URL Schemes field information and the processing identifier.
所述返回模块503具体用于:采用所述终端标识对应的信息发送方式,向所述终端标识对应的终端返回包含有OpenURL的特定信息,其中,所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。The return module 503 is specifically used to: use the information sending method corresponding to the terminal identifier to return specific information including the OpenURL to the terminal corresponding to the terminal identifier, wherein the information sending method corresponding to the terminal identifier includes the SMS method, and the specific information includes text messages.
所述认证模块505具体用于:采用所述可逆算法,对接收到的所述加密后的身份信息进行解密,获得所述字符串;当确定接收到的身份信息与所述字符串中包含的身份信息相同、且所述字符串中包含的时间戳与当前时间之间的间隔不大于预设阈值时,确定认证通过;当确定接收到的身份信息与所述字符串中包含的身份信息不相同、或所述字符串中包含的时间戳与当前时间之间的间隔大于预设阈值时,确定认证不通过。The authentication module 505 is specifically used to: use the reversible algorithm to decrypt the received encrypted identity information to obtain the character string; when it is determined that the received identity information is the same as the identity information contained in the character string, and the interval between the timestamp contained in the character string and the current time is not greater than the preset threshold, determine that the authentication is successful; when it is determined that the received identity information is not the same as the identity information contained in the character string, or the interval between the timestamp contained in the character string and the current time is greater than the preset threshold, determine that the authentication is unsuccessful.
所述操作请求包括登录请求;The operation request includes a login request;
所述装置还包括:The device further comprises:
登录模块506,用于在确定所述认证通过后,根据所述终端标识,生成登录成功页面并返回给所述终端。The login module 506 is configured to generate a login success page according to the terminal identifier and return the page to the terminal after determining that the authentication is successful.
所述终端标识包括手机号码,所述身份信息包括国际移动设备身份码IMEI、国际移动用户识别码IMSI和介质访问控制MAC地址中的至少一种;The terminal identification includes a mobile phone number, and the identity information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), and a Media Access Control (MAC) address;
所述终端标识对应的信息发送方式包括短信服务SMS方式,所述特定信息包括短信。The information sending mode corresponding to the terminal identifier includes a short message service (SMS) mode, and the specific information includes a short message.
具体的上述如图5所示的装置可以位于服务器上。Specifically, the device shown in FIG. 5 may be located on a server.
本申请实施例提供一种应用登录方法及装置,该方法包括:终端向目标应勇的服务器发送携带终端标识和身份信息的操作请求;接收所述服务器根据所述终端标识返回的OpenURL,其中,所述OpenURL携带所述服务器加密后的身份信息;根据所述OpenURL,通过所述目标应用获取所述身份信息,并将获取的所述身份信息以及所述加密后的身份信息发送给所述服务器,使所述服务器根据接收到的身份信息以及所述加密后的身份信息进行认证。通过上述方法,用户可以通过点击所述OpenURL触发服务器进行用户认证,操作步骤简单,认证效率较高。The embodiment of the present application provides an application login method and device, which includes: a terminal sending an operation request carrying a terminal identifier and identity information to a target application's server; receiving an OpenURL returned by the server based on the terminal identifier, wherein the OpenURL carries the encrypted identity information of the server; obtaining the identity information through the target application based on the OpenURL, and sending the obtained identity information and the encrypted identity information to the server, so that the server performs authentication based on the received identity information and the encrypted identity information. Through the above method, a user can trigger the server to perform user authentication by clicking on the OpenURL, which has simple operation steps and high authentication efficiency.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It will be understood by those skilled in the art that embodiments of the present invention may be provided as methods, systems, or computer program products. Thus, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Furthermore, the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to magnetic disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to the flowcharts and/or block diagrams of the methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of processes and/or boxes in the flowchart and/or block diagram, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to operate in a specific manner, so that the instructions stored in the computer-readable memory produce a product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device so that a series of operating steps are executed on the computer or other programmable device to produce a computer-implemented process, so that the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flashRAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in a computer-readable medium, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. The information can be computer-readable instructions, data structures, program modules or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined herein, computer-readable media does not include transitory computer-readable media (transitory media), such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprises," "includes," or any other variations thereof are intended to encompass non-exclusive inclusion, such that a process, method, commodity, or apparatus that includes a series of elements includes not only those elements but also other elements not explicitly listed, or includes elements inherent to such process, method, commodity, or apparatus. In the absence of further limitations, an element defined by the phrase "comprises a ..." does not exclude the presence of other identical elements in the process, method, commodity, or apparatus that includes the element.
本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Furthermore, the present application may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to magnetic disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The foregoing is merely an embodiment of the present application and is not intended to limit the present application. For those skilled in the art, the present application may have various changes and variations. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application should all be included within the scope of the claims of the present application.
Claims (24)
Publications (3)
| Publication Number | Publication Date |
|---|---|
| HK1235562A1 HK1235562A1 (en) | 2018-03-09 |
| HK1235562A HK1235562A (en) | 2018-03-09 |
| HK1235562B true HK1235562B (en) | 2020-09-11 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11323260B2 (en) | Method and device for identity verification | |
| US12250209B2 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
| US10348715B2 (en) | Computer-implemented systems and methods of device based, internet-centric, authentication | |
| US10659454B2 (en) | Service authorization using auxiliary device | |
| CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
| KR102242218B1 (en) | User authentication method and apparatus, and wearable device registration method and apparatus | |
| US10754941B2 (en) | User device security manager | |
| CN104539701A (en) | Working method of equipment and system for online activating mobile terminal token | |
| WO2019019887A1 (en) | Server authentication method, apparatus and system for terminal access, server and computer readable storage medium | |
| CN103095457A (en) | Login and verification method for application program | |
| CN105701423B (en) | Date storage method and device applied to high in the clouds payment transaction | |
| CN109842616B (en) | Account binding method and device and server | |
| CN106559386B (en) | A kind of authentication method and device | |
| US20250238559A1 (en) | Establishing a trust relationship between a peripheral device and a server | |
| JP2018519596A (en) | Application download method and apparatus | |
| CN108848079A (en) | Method, system, device and computer system for realizing information verification | |
| CN106911628A (en) | A kind of user registers the method and device of application software on the client | |
| CN110457959B (en) | An information transmission method and device based on Trust application | |
| CN118842617A (en) | Cross-device login method, device and storage medium | |
| CN115884181A (en) | Application login method, device, equipment and storage medium based on 5G message | |
| HK1235562B (en) | Authentication method and apparatus | |
| US20210135863A1 (en) | Method, device and system for encrypting interactive data | |
| CN114462015B (en) | Distributed two-way authentication method, device and storage medium based on blockchain | |
| US20250233856A1 (en) | Systems and methods for authenticating account changes in a wireless network | |
| HK1235562A (en) | Authentication method and apparatus |