[go: up one dir, main page]

WO2017050093A1 - Login information input method, login information storage method, and associated device - Google Patents

Login information input method, login information storage method, and associated device Download PDF

Info

Publication number
WO2017050093A1
WO2017050093A1 PCT/CN2016/097182 CN2016097182W WO2017050093A1 WO 2017050093 A1 WO2017050093 A1 WO 2017050093A1 CN 2016097182 W CN2016097182 W CN 2016097182W WO 2017050093 A1 WO2017050093 A1 WO 2017050093A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
information
login information
biometric information
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/097182
Other languages
French (fr)
Chinese (zh)
Inventor
陈天雄
甘强
李想
李朋
季昀
张明修
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2017050093A1 publication Critical patent/WO2017050093A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of terminal interaction, and in particular, to a login information input method, a login information storage method, and related devices.
  • the existing password management tool has poor ease of use.
  • the user first needs to input the management password to open the password box, and then copy and paste the account and password into the input field for inputting the account and password in the application, which is cumbersome to operate. .
  • the embodiment of the invention provides a login information input method, a login information storage method and a related device.
  • identifying a target input field in an application login page the target input field in the login page can be automatically filled, which simplifies.
  • the present invention discloses a login information input method, including:
  • biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;
  • the login information is populated into the target input domain.
  • the target input field includes at least two input fields; and the filling the login information into the target input domain includes: analyzing the at least Attributes of respective input fields in the two input fields; respectively, obtaining login information corresponding to attributes of the respective input fields from the login information according to attributes of the respective input fields; in each of the input fields The login information that matches the attributes of each input field is filled separately.
  • the filling the login information into the target input domain includes: receiving a user input selection operation, where the selecting operation is used to select a padding login a target input field of the information; analyzing an attribute of the target input field selected by the selecting operation; and obtaining, according to the attribute of the selected target input field, the attribute of the selected target input field from the login information Login information; filling the selected target input field with login information that matches the attribute of the selected target input field.
  • biometric information is preset biometric information
  • the user that is obtained by acquiring the biometric information from a preset database logs in to the application.
  • Program login information including:
  • the target operating system transmits the biometric information to a trusted execution environment
  • the trusted execution environment verifies whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, the trusted execution environment acquires the The user characterized by the biometric information logs in to the login information of the application and transmits the login information to the target operating system.
  • the login information in the preset database is The encryption rule is used to encrypt the login information.
  • the method further includes: decrypting the login information by using a decryption rule corresponding to the preset encryption rule.
  • the identifying the login page The target input fields used to enter login information, including:
  • the context is used to represent a control object and a resource referenced by the login page;
  • the target input domain is identified according to a preset context for identifying the target input domain.
  • the present invention discloses a method for saving login information, including:
  • the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • the biometric information is preset biometric information
  • the login information is used as a user represented by the biometric information to log in to the application.
  • the login information of the program saves the login information to the preset database, including:
  • the target operating system transmits the biometric information to a trusted execution environment
  • the target operating system sends the login information to the trusted execution environment
  • the trusted execution environment uses the login information as login information of the user that is characterized by the biometric information to log in to the application, and saves the login information to In the default database.
  • the method before the saving the login information into the preset database, the method further includes : Encrypt the login information according to a preset encryption rule.
  • the identifying, in the login page, a target input field for inputting login information including:
  • the context is used to represent a control object and a resource referenced by the login page;
  • the target input domain is identified according to a preset context for identifying the target input domain.
  • the present invention discloses a login information input device, including:
  • a first identifying unit configured to identify that the current page is a login page of the application
  • a second identifying unit configured to identify a target input field for inputting login information in the login page
  • a receiving unit configured to receive biometric information input by the user
  • an obtaining unit configured to: if the biometric information is preset biometric information, acquire, from a preset database, login information of a user that is characterized by the biometric information and log in to the application;
  • a padding unit configured to fill the login information into the target input domain.
  • the target input field includes at least two input fields
  • the filling unit is configured to: analyze each input domain in the at least two input domains According to the attributes of the respective input fields, the login information corresponding to the attributes of the input fields is respectively obtained from the login information; and the attributes of the input fields are respectively filled in the respective input fields. Compliance login information.
  • the filling unit is specifically configured to: receive a user input selection operation, where the selection operation is used to select a target input field that needs to be filled with login information; Selecting an attribute of the target input field selected by the operation; obtaining, according to the attribute of the selected target input field, the login information that matches the attribute of the selected target input field; and the selected target The input field is populated with login information that matches the attributes of the selected target input field.
  • the acquiring unit is specifically configured to:
  • the user characterized by the biometric information logs in to the login information of the application, and sends the login information to the target operating system.
  • the login information in the preset database is The encryption rule is used to encrypt the login information.
  • the device further includes: a decryption unit, configured to use the decryption rule corresponding to the preset encryption rule before the filling unit fills the login information into the target input domain Decrypt the login information.
  • the second identifying unit is specifically configured to: obtain the login page Corresponding context; the context is used to represent the control object and the resource referenced by the login page; in the context corresponding to the login page, the context is identified according to a preset context for identifying the target input domain Target input field.
  • the present invention discloses a login information storage device, including:
  • a first identifying unit configured to identify that the current page is a login page of the application
  • a second identifying unit configured to identify a target input field for inputting login information in the login page
  • a first receiving unit configured to receive login information input by the user in the target input field
  • a second receiving unit configured to receive biometric information input by the user
  • a saving unit configured to: if the biometric information is preset biometric information, use the login information as login information of a user that is represented by the biometric information to log in to the application, and save the login information to a pre Set in the database.
  • the saving unit is specifically configured to:
  • biometric information is preset biometric information, sending the login information to the trusted execution environment by using the target operating system;
  • the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • the apparatus further includes: an encryption unit, configured to: before the saving unit saves the login information to the preset database, according to the pre- The encryption rule is used to encrypt the login information.
  • the second identifying unit is specifically configured to: obtain a context corresponding to the login page; the context is used to represent a control object referenced by the login page And a resource; in the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.
  • the present invention discloses a terminal for implementing the method of the first aspect, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein:
  • the processor reads instructions stored in the memory for performing the following steps:
  • biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;
  • the login information is populated into the target input domain.
  • the target input field includes at least two input fields; and the step of filling the login information into the target input domain includes:
  • the processor analyzes attributes of respective input fields in the at least two input fields
  • the processor respectively acquires login information that matches the attributes of the respective input domains from the login information according to attributes of the respective input domains;
  • the processor fills each of the input fields with login information that matches the attributes of the respective input fields.
  • the step of filling the login information into the target input domain includes:
  • the selecting operation is for selecting a target input field that needs to be filled with login information; analyzing an attribute of the target input field selected by the selecting operation; The target of the target input domain, obtained from the login information The login information is matched with the attribute of the selected target input domain; and the selected target input domain is filled with the login information that matches the attribute of the selected target input domain.
  • the biometric information is preset biometric information
  • the user that is obtained by acquiring the biometric information from a preset database logs in to the application.
  • the steps of the program's login information including:
  • the login information in the preset database is preset
  • the encryption rule performs the encrypted login information.
  • the processor is further configured to decrypt the login information by using a decryption rule corresponding to the preset encryption rule before filling the login information into the target input domain.
  • the identifying the login page for inputting the login includes:
  • the processor acquires a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page;
  • the processor identifies the target input domain according to a preset context for identifying the target input domain in a context corresponding to the login page.
  • the present invention discloses a terminal for implementing the method of the second aspect, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein:
  • the processor reads instructions stored in the memory for performing the following steps:
  • the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • the biometric information is preset biometric information
  • the login information is used as a user represented by the biometric information to log in to the application.
  • the processor sends the login information to the trusted execution environment by using the target operating system;
  • the processor saves the login information as login information of the user that is represented by the biometric information to the application through the trusted execution environment, and saves the login information.
  • the login information is in a preset database.
  • the processor is further configured to: before saving the login information to the preset database
  • the login information is encrypted according to a preset encryption rule.
  • the step of identifying a target input field for inputting login information in the login page includes:
  • the context is used to represent a control object and a resource referenced by the login page;
  • the target input domain is identified according to a preset context for identifying the target input domain.
  • Embodiments of the present invention are configured to identify a target input field for inputting login information in a login page of an application, and verify biometric information input by the user, and if verified, obtain the user login from the preset database.
  • the login information of the application, and filling the login information into the target input domain can automatically fill the target input field in the login page, It simplifies the user's login operation and is widely applicable without the limitations of the application development platform.
  • FIG. 1 is a schematic flowchart of a method for saving login information according to an embodiment of the present invention
  • 2A is an exemplary login page of an application program according to an embodiment of the present invention.
  • 2B is an exemplary interface for saving login information according to an embodiment of the present invention.
  • 2C is an exemplary interface for saving identity verification of login information according to an embodiment of the present invention.
  • 3A is a schematic diagram of a login information encryption process according to an embodiment of the present invention.
  • FIG. 3B is a schematic diagram of a process for generating an encryption key according to an embodiment of the present invention.
  • FIG. 3C is a schematic diagram of another login information encryption process according to an embodiment of the present invention.
  • FIG. 3D is a schematic diagram of a process for generating a verification code according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a login information input method according to an embodiment of the present invention.
  • FIG. 5A is an exemplary interface of login information input according to an embodiment of the present invention.
  • FIG. 5B is an exemplary interface for inputting login authentication information according to an embodiment of the present invention.
  • FIG. 6A is a schematic diagram of a login information decryption process according to an embodiment of the present invention.
  • FIG. 6B is a schematic diagram of a process for generating a decryption key according to an embodiment of the present invention.
  • FIG. 6C is a schematic diagram of another login information decryption process according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a login information storage apparatus according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a login information input apparatus according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a terminal for implementing a method for saving login information according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of a terminal for implementing a login information input method according to an embodiment of the present invention.
  • the present invention can be implemented by a mobile terminal, and can also be implemented by a computing device such as a personal computer or a network device.
  • a computing device such as a personal computer or a network device.
  • the solution of the present invention can be implemented by an APP installed and running in a mobile terminal.
  • the solution of the present invention can be implemented by an APP that is always running in the background.
  • the solution of the present invention can be integrated as a function module in an APP that is always running in the background.
  • the mobile terminal includes, but is not limited to, any smart operating system-based handheld electronic product, which can perform human-computer interaction with a user through an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as intelligence.
  • an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as intelligence.
  • the smart operating system includes, but is not limited to, any operating system that enriches device functions by providing various mobile applications to mobile devices, such as Android, IOS, Windows Phone, and the like.
  • FIG. 1 is a schematic flowchart of a method for saving login information according to an embodiment of the present invention.
  • the mobile terminal identifies a target input field for inputting login information in the login page of the application, and if the biometric information input by the user passes the verification, the target is input into the domain.
  • the login information is used as the login information of the user to log in to the application, and is saved in the preset database, so that the login information input by the user on the login page is automatically saved in the preset data, which is a description of the present invention.
  • the login information input method provides support. As shown in Figure 1, the method includes:
  • S105 Receive login information input by the user in the target input field.
  • the biometric information is preset biometric information
  • the login information is used as login information of the user that is characterized by the biometric information, and the login information is saved in a preset database. .
  • the application program in the embodiment of the present invention refers to an application currently opened by the user, which may be a web application (Web App), or a hybrid application (Hybrid App), or a native application (Native). App).
  • the login page according to the embodiment of the present invention refers to a page for inputting login information provided by the application to the user.
  • the login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.
  • the mobile terminal may identify an application to which the current page belongs according to an interface element included in the current page.
  • the application to which the current page belongs is identified based on information such as text or image or trademark in the title bar of the current page.
  • the mobile terminal can also identify an application to which the current page belongs according to other information, such as a prompt in a pop-up window, which is not limited herein.
  • the mobile terminal needs to identify whether the current page is the login page.
  • the mobile terminal may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the mobile terminal can determine that the current page is the login page.
  • the terminal may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
  • the terminal may obtain a context corresponding to the login page, and identify the target input domain according to the context.
  • the context is used to characterize control objects and resources referenced by the login page.
  • the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.
  • control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android).
  • resources include, but are not limited to, text, images, and the like displayed in the output control.
  • the mobile terminal may first identify an input field in the current page for inputting text information according to the type of the control. For example, as shown in FIG. 2A, the mobile terminal may identify the control object in the login page 301 as a text input box as an input field, including: an input field 302, an input field 304, and an input field 306.
  • the login information related to the embodiment of the present invention does not include dynamic information that is temporarily generated to prevent malicious login, such as a dynamic verification code. Accordingly, the target input field does not include an input field for inputting temporary login information such as a dynamic verification code.
  • the mobile terminal may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the target according to a preset context for identifying the target input domain. Enter the domain.
  • the context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.
  • the adjacent control of the user name field is preset as a text display box, and the text resources referenced by the user include: “user name”, “account”, "mailbox” and the like. Then, the mobile terminal can recognize the input field after the text display box whose content is "user name” in FIG. 2A as the user name field.
  • the context corresponding to the target input domain may also be customized by the user.
  • third-party software needs to log in with an ID number. Then, the third party can display the text display box whose content is "ID card number" as the adjacent control of the user name field.
  • the mobile terminal may analyze an attribute of the target input domain according to a context corresponding to the target input domain.
  • the attribute of the target input field can be used to indicate the type of information received by the target input field.
  • the adjacent control of the input field 302 is a text display box whose display content is "user name", and the adjacent control of the input field 304 is a text display frame whose display content is "password”.
  • the mobile terminal can determine that the input field 302 is a username field for receiving the username; the input field 304 is a password domain for receiving the password.
  • the example is only one implementation manner of the embodiment of the present invention, which may be different in actual application and should not be construed as limiting.
  • the embodiment of the present invention identifies the target input domain by analyzing the context of the login page, which is not restricted by the development platform of the application program, and has wide application range and good compatibility.
  • the mobile terminal may monitor the target input domain, determine whether there is information input in the target input domain, and if information is input, The login information entered in the target input field is saved to a preset database for secure storage.
  • the mobile terminal when detecting that there is information input in the target input field, the mobile terminal may pop up a prompt box on the login page to prompt the user to save the login information input in the target input field.
  • the preset database is used to securely store login information of the user.
  • the mobile terminal needs to authenticate the user, and the authenticated user can: write the information into the preset database, or change the information in the preset database, or read the The information in the default database.
  • the mobile terminal may receive biometric information input by the user, and if the biometric information is preset biometric information, Then, the login information input in the target input field is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • the mobile terminal can verify the identity of the user by scanning the user's fingerprint.
  • the mobile terminal can also verify the identity of the user by means of face recognition, iris recognition, voice feature recognition, etc., and the user identity is verified.
  • the mobile terminal can verify the identity of the user by using other authentication methods, such as password verification, which is not limited in the embodiment of the present invention.
  • the preset database may be as shown in Table 1, and is only used to save login information of a single legal user:
  • the preset database shown in Table 1 stores the login information of the single legitimate user login "Application 1" and "Application 2".
  • the user corresponds to two login information (ie, two login accounts) for logging in “application 2”, namely: login information B and login information C.
  • the preset database may also be used to save login information of multiple legal users as shown in Table 2:
  • the preset database shown in Table 2 stores the legitimate users: "User 1" and “User 2", and logs in the login information of "Application 1" and "Application 2".
  • “user 1” corresponds to two registration information for "application 2", which are: login information B and login information C;
  • “user 2” corresponds to two login information for "application 1", respectively.
  • the single legal user may correspond to one (or more) preset biometric information.
  • Each of the plurality of legitimate users may also correspond to one (or more) preset biometric information. That is: one (or more) preset biometric information can be used to characterize a legitimate user.
  • the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.
  • biometric information such as a fingerprint
  • the preset database shown in Table 1 and Table 2 is only an implementation manner of the embodiment of the present invention, and may be different in actual application and should not be limited.
  • the data storage form of the preset database may include, but is not limited to, a database, a file, a table, and the like.
  • the mobile terminal may encrypt the login information according to a preset encryption rule, and encrypt the encrypted information.
  • the login information is saved to the database.
  • the encryption process of the login information according to the embodiment of the present invention may be as shown in FIG. 3A, and the mobile terminal encrypts the login information by using a symmetric encryption algorithm (such as AES256).
  • the encryption key may be a preset encryption key.
  • the mobile terminal may set an administrative password of the preset database,
  • the management password is used to generate the encryption and decryption key of the symmetric encryption algorithm, that is, the encryption and decryption key of the symmetric encryption algorithm is not required to be saved, and only the management password needs to be saved.
  • the mobile terminal may store the management password in a Trusted Execution Environment (TEE) corresponding to the preset biometric information, where the preset biometric information may be the acquired management password. Voucher.
  • TEE Trusted Execution Environment
  • the user can set the management password when using (or registering) the scheme of the present invention for the first time.
  • the mobile terminal may generate an encryption key for the management password by using a salting algorithm to increase encryption complexity and improve security.
  • the encryption process of the login information in the embodiment of the present invention may be as shown in FIG. 3C, including:
  • the management password is taken out from the TEE
  • the extracted management password is generated by the salt adding algorithm to generate data to be verified, wherein the salt value 2 may be preset;
  • E Encrypting the login information by a symmetric encryption algorithm (such as AES256) using the encryption key to generate encrypted login information.
  • a symmetric encryption algorithm such as AES256
  • the mobile terminal can verify whether the retrieved management password is correct, and if correct, use the retrieved management password to generate the encryption key.
  • the encryption of the login information ensures the correctness and security of the encryption, and provides a basis for subsequent decryption of the login information.
  • the encryption process of the login information involved in the embodiment of the present invention may also adopt other encryption algorithms, such as an asymmetric encryption algorithm, which is not limited herein.
  • the steps involved in user identity verification and login information preservation may preferably be performed by a Trusted Execution Environment (TEE), which will involve input and output of human-computer interaction (such as S101 to S107 above). ) is executed by the target operating system.
  • Trusted execution The line environment communicates with the target operating system.
  • the target operating system can typically be an open operating system.
  • the specific implementation manner of the foregoing S109 may include:
  • the target operating system may send the biometric information received in the foregoing S107 to a trusted execution environment;
  • the target operating system sends the login information to the trusted execution environment
  • the trusted execution environment uses the login information as login information of the user that is characterized by the biometric information to log in to the application, and saves the login information to In the default database.
  • the steps of performing the solution of the present invention by using the trusted execution environment and the target operating system respectively can prevent the steps of user identity verification and login information saving from being maliciously falsified due to malicious attacks on the target operating system, and the solution of the present invention can be enhanced. Security.
  • the mobile terminal can identify the target input field for inputting the login information in the login page of the application, and verify the biometric information input by the user, and if verified, input the target input field.
  • the login information is saved in the preset database as the login information of the user logging in to the application, and the login information input by the user on the login page is automatically saved, which provides support for the login information input method described later in the present invention.
  • FIG. 4 is a schematic flowchart of a login information input method according to an embodiment of the present invention.
  • the mobile terminal identifies a target input field for inputting login information in the login page of the application, and if the biometric information input by the user passes the verification, the current database is obtained from the preset database.
  • the login information of the user is registered in the application, and the login information is filled into the target input domain, so that the target input field in the login page is automatically populated, which simplifies the login operation of the user.
  • the method includes:
  • biometric information is the preset biometric information
  • the mobile terminal can identify the target input field in the login page through S401 and S403, and further analyze the attributes of the target input field.
  • the mobile terminal may query the preset database to determine whether the login information of the application is in the preset database. If yes, a prompt box is displayed on the login page to prompt the user to fill the target input field.
  • the preset database is used to securely store login information of the user. Before the user accesses the preset database, the mobile terminal needs to authenticate the user, and verify the passed user: write information to the preset database, or change the information in the preset database, or read The information in the preset database.
  • the mobile terminal may receive biometric information input by the user, and if the biometric information is preset biometric information,
  • the preset database is configured to acquire login information of the user that is characterized by the biometric information and log in to the application, and fill the acquired login information into the target input domain.
  • the mobile terminal can verify the identity of the user by scanning the user's fingerprint.
  • the mobile terminal can also verify the identity of the user by means of face recognition, iris recognition, voice feature recognition, etc., and the user identity is verified.
  • the mobile terminal can verify the identity of the user by using other authentication methods, such as password verification, which is not limited in the embodiment of the present invention.
  • the preset database may be used to save the login information of a single legal user, as shown in Table 1 in the embodiment of the present invention. In the embodiment of the present invention, the preset database may also be used to save login information of multiple legal users as shown in Table 2 in the embodiment of FIG. 1 .
  • the single legal user may correspond to one (or more) preset biometric information.
  • Each of the plurality of legitimate users may also correspond to one (or more) preset creatures Feature information. That is: one (or more) preset biometric information can be used to characterize a legitimate user.
  • the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.
  • biometric information such as a fingerprint
  • the target input field may include at least two input fields, such as a username field and a password field.
  • the mobile terminal may respectively obtain logins corresponding to the attributes of the respective input domains from the login information according to attributes of respective input domains in the at least two input domains. Information, and each of the input fields is filled with login information that matches the attributes of the respective input fields.
  • the attribute of the target input field can be used to indicate the type of information received by the target input field. That is to say, the username field is used to receive the username, and the password domain is used to receive the password.
  • the mobile terminal may obtain the user name and password of the user to log in to the application from the preset database according to the identifier of the application and the identifier of the user characterized by the biometric information, and fill the username Go to the blank username field and populate the password with a blank password field.
  • the mobile terminal may preferably pop up a selection interface to enable the user to select one of the plurality of login accounts to log in.
  • the mobile terminal may obtain, according to the identifier of the application, the identifier of the user represented by the biometric information, and the username entered in the username field, the user to obtain the login by using the username from the preset database. Describe the application's password and populate it with a blank password field.
  • the mobile terminal may selectively fill the target input domain according to a user's selection operation.
  • the mobile terminal may receive a selection operation input by the user, and log in from the login information (ie, the user characterized by the biometric information received by S405 to log in to the application according to the attribute of the target input field selected by the selection operation. Obtaining login information in accordance with an attribute of the selected target input field, and filling the selected target input field with the selected target input The attributes of the inbound domain match the login information.
  • the login information ie, the user characterized by the biometric information received by S405 to log in to the application according to the attribute of the target input field selected by the selection operation.
  • the user can select a target input field for filling by a single-finger touch on the login page.
  • the mobile terminal may perform the above S405 while receiving the single-finger touch selection of the user. That is to say, the mobile terminal can acquire the fingerprint information of the user while receiving the user's selection operation (touch operation). This can reduce the number of user operations and improve the user experience.
  • the user may also select a target input field to be filled by one finger on the login page, and input fingerprint information by another finger.
  • the user can also select the target input field to be filled by other means, such as long pressing the target input field, and there is no restriction here.
  • the login information in the preset database may be login information encrypted by using a preset encryption rule.
  • the mobile terminal needs to decrypt the login information obtained by S407.
  • the decryption rule may be a pre-set decryption rule corresponding to the preset encryption rule.
  • the mobile terminal can similarly decrypt the encrypted login information by a symmetric encryption algorithm.
  • the decryption key is the same as the encryption key.
  • the mobile terminal may set an administrative password of the preset database, where the management password is used to generate an encryption and decryption key of a symmetric encryption algorithm, that is, an encryption and decryption key that does not need to save a symmetric encryption algorithm. , only need to save the management password.
  • the mobile terminal may store the management password in a Trusted Execution Environment (TEE) corresponding to the preset biometric information, where the preset biometric information may be obtained by acquiring the management password. certificate.
  • TEE Trusted Execution Environment
  • the user can set the management password when using (or registering) the scheme of the present invention for the first time.
  • the mobile terminal can similarly generate the decryption key using the management password.
  • the decryption process of the encrypted login information may be as shown in FIG. 6C, including:
  • the management password is taken out from the TEE
  • the extracted management password is generated by the salt adding algorithm to generate data to be verified, wherein the salt value 2 may be preset;
  • E Decrypt the encrypted login information by a symmetric encryption algorithm (such as AES256) using the decryption key generated by D to obtain the original login information.
  • a symmetric encryption algorithm such as AES256
  • the mobile terminal needs to verify whether the extracted management password is correct, and if correct, the decryption key is generated by using the extracted management password.
  • the key is used to decrypt the login information to ensure the correctness and security of the entire encryption and decryption process.
  • the decryption rule of the encrypted login information may also be other decryption rules corresponding to the login information encryption rule, such as the decryption process agreed by the asymmetric encryption algorithm, which is not limited herein.
  • the steps involved in user identity verification and login information acquisition may preferably be performed by a Trusted Execution Environment (TEE), which involves steps of input and output of human-computer interaction (such as S401 to S405 described above). , S409) is executed by the target operating system.
  • TEE Trusted Execution Environment
  • the trusted execution environment and the target operating system communicate with each other.
  • the target operating system can typically be an open operating system.
  • the specific implementation manner of the foregoing S407 may include:
  • the target operating system sends the biometric information received in the above S405 to the trusted execution environment;
  • the trusted execution environment verifies whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, the trusted execution environment acquires the The user characterized by the biometric information logs in to the login information of the application and transmits the login information to the target operating system.
  • the target operating system acquires the login information sent by the trusted execution environment.
  • the foregoing steps of performing the solution of the present invention by using the trusted execution environment and the target operating system respectively can avoid user identity verification and the user authentication due to malicious attacks on the target operating system.
  • the steps of obtaining the login information are maliciously tampering, and the security of the solution of the present invention can be enhanced.
  • the mobile terminal can identify the target input field for inputting the login information in the login page of the application, and verify the biometric information input by the user. If the verification is successful, the user is obtained from the preset database. Logging in the login information of the application, and populating the login information into the target input domain, can automatically fill the target input field in the login page, simplify the login operation of the user, and have a wide application range. Not limited by the application development platform.
  • FIG. 7 is a schematic structural diagram of a login information storage apparatus according to an embodiment of the present invention.
  • the login information holding device 70 may include a first identifying unit 701, a second identifying unit 703, a first receiving unit 705, a second receiving unit 707, and a saving unit 709. among them:
  • the first identifying unit 701 is configured to identify that the current page is a login page of the application
  • a second identifying unit 703, configured to identify a target input field for inputting login information in the login page
  • the first receiving unit 705 is configured to receive login information input by the user in the target input field
  • a second receiving unit 707 configured to receive biometric information input by a user
  • the saving unit 709 is configured to use the login information as login information of the user that is characterized by the biometric information to log in to the application, and save the login information to a preset database.
  • the application program in the embodiment of the present invention refers to an application currently opened by the user, and may be a web application (Web App), a hybrid application (Hybrid App), or a native application (Native App).
  • the login page according to the embodiment of the present invention refers to a page for inputting login information provided by the application to the user.
  • the login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.
  • the login information storage device 70 may identify an application to which the current page belongs according to an interface element included in the current page.
  • the application to which the current page belongs is identified based on information such as text or image or trademark in the title bar of the current page.
  • the login information storage device 70 can also identify the application to which the current page belongs according to other information, such as a prompt in the pop-up window, which is not limited herein.
  • the first identifying unit 701 needs to identify whether the current page is the login page.
  • the first identifying unit 701 may be based on an interface element included in the current page. To analyze whether the current page is the login page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 701 can determine that the current page is the login page.
  • the first identifying unit 701 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
  • the second identifying unit 703 may acquire a context corresponding to the login page, and identify the target input domain according to the context.
  • the context is used to characterize control objects and resources referenced by the login page.
  • the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.
  • control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android).
  • resources include, but are not limited to, text, images, and the like displayed in the output control.
  • the second identifying unit 703 may preset a context for identifying the target input domain, and identify, according to a preset context for identifying the target input domain, in a context corresponding to the login page.
  • the context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.
  • the preset database is used to securely store login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the passed user can verify: the information is written into the preset database, or the information in the preset database is changed, or the read Preset the information in the database.
  • the second receiving unit 707 may receive biometric information input by the user, if the biometric information is Presetting the biometric information, the saving unit 709 uses the login information input in the target input field as login information of the user that is represented by the biometric information to log in to the application, and saves the login information to a preset. In the database.
  • one (or more) preset biometric information can be used to represent a legitimate user.
  • the user can set a preset when using (or registering) the scheme of the present invention for the first time.
  • Biometric information such as fingerprints).
  • the login information storage device 70 needs to perform encryption processing on the login information.
  • the login information holding device 70 may further include: an encryption unit, in addition to the first identification unit 701, the second identification unit 703, the first receiving unit 705, the second receiving unit 707, and the saving unit 709,
  • the saving unit 709 encrypts the login information according to a preset encryption rule before saving the login information to the preset database.
  • the saving unit 709 can preferably perform steps involving user identity verification and login information saving through a Trusted Execution Environment (TEE).
  • TEE Trusted Execution Environment
  • the trusted execution environment and the target operating system communicate with each other.
  • the target operating system can typically be an open operating system.
  • the saving unit 709 can be specifically configured to:
  • biometric information is preset biometric information, sending the login information to the trusted execution environment by using the target operating system;
  • the login information is used as login information of the user that is represented by the biometric information to log in to the application by the trusted execution environment, and the login information is saved. Go to the default database.
  • the saving unit 709 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information saving being maliciously falsified due to malicious attacks on the target operating system, and the present invention can be enhanced.
  • the security of the inventive solution is not limited to
  • each function module of the login information storage device 70 can also refer to the method in the embodiment of FIG. 1 , and details are not described herein again.
  • FIG. 8 is a schematic structural diagram of a login information input apparatus according to an embodiment of the present invention.
  • the login information input device 80 may include a first identification unit 801, a second recognition unit 803, a receiving unit 805, an acquisition unit 807, and a padding unit 809. among them:
  • the first identifying unit 801 is configured to identify that the current page is a login page of the application
  • a second identifying unit 803, configured to identify a target input field for inputting login information in the login page
  • the receiving unit 805 is configured to receive biometric information input by the user
  • the obtaining unit 807 is configured to: if the biometric information is the preset biometric information, acquire, from the preset database, login information of the user that is characterized by the biometric information and log in to the application;
  • the filling unit 809 is configured to fill the login information into the target input domain.
  • the first identifying unit 801 needs to identify whether the current page is the login page.
  • the first identifying unit 801 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 801 can determine that the current page is the login page.
  • the first identifying unit 801 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
  • the second identifying unit 803 may acquire a context corresponding to the login page, and identify the target input domain according to the context.
  • control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android).
  • resources include, but are not limited to, text, images, and the like displayed in the output control.
  • the second identifying unit 803 may preset a context for identifying the target input domain, and identify, according to a preset context for identifying the target input domain, in a context corresponding to the login page.
  • the context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.
  • the preset database is used to securely store login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the passed user can verify: the information is written into the preset database, or the information in the preset database is changed, or the read Preset the information in the database.
  • the receiving unit 805 may receive biometric information input by the user, if the biometric information is a preset biometric.
  • the information obtaining unit 807 acquires, from the preset database, login information of the user that is characterized by the biometric information and logs in to the application, and then the filling unit 809 fills the acquired login information into the target input domain. in.
  • one (or more) preset biometric information can be used to represent a legitimate user.
  • the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.
  • biometric information such as a fingerprint
  • the target input field may include at least two input fields, such as a username field and a password field.
  • the filling unit 809 fills the at least two input fields
  • the obtaining unit 807 may separately acquire attributes of the respective input domains from the login information according to attributes of respective input domains in the at least two input domains.
  • the matching login information, and the trigger padding unit 809 each fills the login information in accordance with the attributes of the respective input fields in the respective input fields.
  • the filling unit 809 may selectively fill the target input domain according to a user's selection operation.
  • the filling unit 809 can receive a selection operation input by the user, and obtain, according to the attribute of the target input field selected by the selection operation, the login information that matches the attribute of the selected target input domain from the login information, and The selected target input field is filled with login information that matches the attribute of the selected target input field.
  • the login information in the preset database may be login information encrypted by a preset encryption rule.
  • the login information input device 80 needs to decrypt the login information obtained by the acquisition unit 807.
  • the login information input device 80 includes a first identification unit 801, a second identification unit 803, a receiving unit 805, an obtaining unit 807, and a filling unit 809, and may further include: a decrypting unit, which is used in the filling unit 809 Before the login information is filled in the target input field, the login information is decrypted by using a decryption rule corresponding to the preset encryption rule.
  • the obtaining unit 807 can preferably perform user identity authentication and login information acquisition through a Trusted Execution Environment (TEE). step.
  • TEE Trusted Execution Environment
  • the trusted execution environment and the target operating system communicate with each other.
  • the target operating system can typically be an open operating system.
  • the obtaining unit 807 can be specifically configured to:
  • the user characterized by the biometric information logs in to the login information of the application, and sends the login information to the target operating system.
  • the obtaining unit 807 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information acquisition from being maliciously falsified due to malicious attacks on the target operating system, and the present invention may be enhanced.
  • the security of the inventive solution is not limited to, but rather to, but rather to, but rather to, but rather to, but rather to, but rather to, but rather to, the steps of user identity verification and login information acquisition from being maliciously falsified due to malicious attacks on the target operating system, and the present invention may be enhanced.
  • the security of the inventive solution is not limited to be used by using the trusted execution environment and the target operating system respectively.
  • each function module of the login information input device 80 can also refer to the method in the embodiment of FIG. 4, and details are not described herein again.
  • the present invention provides a terminal for implementing the login information saving method described in the embodiment of FIG.
  • the terminal 100 may include: a baseband chip 100, a memory 105 (which may include one or more computer readable storage media), a radio frequency (RF) module 106, a peripheral system 107, a display (LCD) 113, a camera 114, and audio. Circuit 115, touch screen 116, and sensor 117 (which may include one or more sensors).
  • the baseband chip 100 can be integrated to include: one or more processors 101, a clock module 102, and a power management module 103. These components can communicate over one or more communication buses 104.
  • terminal 100 is only an example of the present invention, and that the terminal 100 may have more or fewer components than those shown, two or more components may be combined, or may have different configurations of components. .
  • Memory 105 is coupled to processor 101 for storing various software programs and/or sets of instructions.
  • memory 105 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.
  • a radio frequency (RF) module 106 is operative to receive and transmit radio frequency signals.
  • Radio frequency (RF) module 106 communicates with the communication network and other communication devices via radio frequency signals.
  • the radio frequency (RF) module 106 may include, but is not limited to, an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, and a storage medium.
  • a radio frequency (RF) module 106 can be implemented on a separate chip.
  • the peripheral system 107 is mainly used to implement the interaction function between the terminal 100 and the user/external environment, and mainly includes the input and output devices of the terminal 200.
  • the peripheral system 107 can include a display (LCD) controller 108, a camera controller 109, an audio controller 110, a touch screen controller 111, and a sensor management module 112. Wherein, each controller can be coupled with a corresponding peripheral device.
  • peripheral system 107 may also include controllers for other I/O peripherals.
  • the clock module 102 integrated in the baseband chip 100 is primarily used to generate the clocks required for data transfer and timing control for the processor 101.
  • the power management module 103 integrated in the baseband chip 100 is mainly used to provide a stable, high-precision voltage for the processor 101, the radio frequency module 106, and the peripheral system.
  • the processor 101 integrated in the baseband chip 100 is mainly used to call a login information saving program stored in the memory 105, and performs the following steps:
  • the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • the biometric information may be fingerprint information.
  • the processor 101 can receive a fingerprint input by the user through the fingerprint sensor.
  • the biometric information may also be voice feature information.
  • the processor 101 can receive voice information input by the user through the audio circuit 115.
  • the biometric information may also be iris information.
  • the processor 101 can scan and acquire the iris information of the user through the camera 114.
  • the biometric information may also be other information, such as face information, which is not limited herein.
  • the processor 101 can acquire the face information of the user through the camera 114.
  • An application program refers to an application currently opened by a user.
  • the login page according to the embodiment of the present invention refers to the application for the user to input login information. page.
  • the login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.
  • the processor 101 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the processor 101 can determine that the current page is the login page.
  • the processor 101 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
  • the terminal may obtain a context corresponding to the login page, and identify the target input domain according to the context.
  • the context is used to characterize control objects and resources referenced by the login page.
  • the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.
  • control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android).
  • resources include, but are not limited to, text, images, and the like displayed in the output control.
  • the processor 101 may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the context according to a preset context for identifying the target input domain.
  • the context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.
  • the adjacent control of the user name field is preset as a text display box, and the text resources referenced by the user include: “user name”, “account”, "mailbox” and the like. Then, the processor 101 can recognize the input field after the text display box whose content is "user name” in FIG. 2A as the user name field.
  • a preset context for identifying the target input field may be stored in the memory 105.
  • the preset database is used to securely store login information of the user.
  • the preset database may be located in the memory 105.
  • the data storage form of the preset database may include, but is not limited to, a database, a file, a table, and the like.
  • the processor 101 needs to authenticate the user, verify the passed user: write information to the preset database, or change the information in the preset database, or read Taking the preset database information.
  • the processor 101 may receive biometric information input by the user, if the biometric information is preset biometric information. And the login information is used as the login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.
  • one (or more) preset biometric information can be used to represent a legitimate user.
  • the processor 101 may encrypt the login information according to a preset encryption rule, and after encrypting The login information is saved to the database.
  • the steps involved in user identity verification and login information preservation may preferably be performed by a Trusted Execution Environment (TEE), and the steps involving input and output of human-computer interaction are performed by the target operating system.
  • TEE Trusted Execution Environment
  • the trusted execution environment and the target operating system communicate with each other.
  • the target operating system can typically be an open operating system.
  • the processor 101 may send the biometric information to the trusted execution environment by using the target operating system, and then the processor 101 may verify, by the trusted execution environment, whether the biometric information is the preset. Biometric information and returning the verification result to the target operating system;
  • the processor 101 may send the login information to the trusted execution environment by using the target operating system;
  • the processor 101 may save the login information as the login information of the user that is represented by the biometric information to the application through the trusted execution environment, and save the login information.
  • the login information is in a preset database.
  • the processor 101 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information being saved from being maliciously falsified due to malicious attacks on the target operating system, and the present invention may be enhanced.
  • the security of the inventive solution is not limited to
  • the present invention provides a terminal for implementing the login information input method described in the embodiment of FIG.
  • the terminal 200 may include: a baseband chip 200, a memory 205 (which may include one or more computer readable storage media), a radio frequency (RF) module 206, a peripheral system 207, a display (LCD) 113, a camera 114, and audio. Circuit 115, touch screen 116, and sensor 117 (which may include one or more sensors).
  • the baseband chip 200 can be integrated to include: one or more processors 201, a clock module 202, and a power management module 203. These components can communicate over one or more communication buses 204.
  • terminal 200 is only one example of the present invention, and that the terminal 200 may have more or fewer components than those shown, two or more components may be combined, or may have different configurations of components. .
  • Memory 205 is coupled to processor 201 for storing various software programs and/or sets of instructions.
  • memory 205 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.
  • a radio frequency (RF) module 206 is used to receive and transmit radio frequency signals.
  • Radio frequency (RF) module 206 communicates with the communication network and other communication devices via radio frequency signals.
  • the radio frequency (RF) module 206 can include, but is not limited to: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, and Storage media, etc.
  • a radio frequency (RF) module 206 can be implemented on a separate chip.
  • the peripheral system 207 is mainly used to implement the interaction function between the terminal 200 and the user/external environment, and mainly includes the input and output devices of the terminal 200.
  • the peripheral system 207 can include a display (LCD) controller 208, a camera controller 209, an audio controller 210, a touch screen controller 111, and a sensor management module 112. Wherein, each controller can be coupled with a corresponding peripheral device.
  • peripheral system 207 may also include controllers for other I/O peripherals.
  • the clock module 202 integrated in the baseband chip 200 is primarily used to generate the clocks required for data transfer and timing control for the processor 201.
  • the power management module 203 integrated in the baseband chip 200 is mainly used to provide a stable, high-precision voltage for the processor 201, the radio frequency module 206, and the peripheral system.
  • the processor 201 integrated in the baseband chip 200 is mainly used to call a login information saving program stored in the memory 205, and performs the following steps:
  • biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;
  • the login information is populated into the target input domain.
  • the biometric information may be fingerprint information.
  • the processor 201 can receive a fingerprint input by the user through the fingerprint sensor.
  • the biometric information may also be voice feature information.
  • the processor 201 can receive voice information input by the user through the audio circuit 215.
  • the biometric information may also be iris information.
  • the processor 201 can scan and acquire the iris information of the user through the camera 214.
  • the biometric information may also be other information, such as face information, which is not limited herein.
  • the processor 201 can acquire the face information of the user through the camera 214.
  • the processor 201 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the processor 201 can determine that the current page is the login page.
  • the processor 201 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
  • control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android).
  • resources include, but are not limited to, text, images, and the like displayed in the output control.
  • the processor 201 may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the context according to a preset context for identifying the target input domain.
  • the context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.
  • the preset database is used to securely store login information of the user.
  • the preset database may be located in the memory 205, and the data storage form of the preset database may include But not limited to: databases, documents, tables, etc.
  • the processor 201 may need to authenticate the user, verify the passed user: write information into the preset database, or change the information in the preset database, or Reading the information in the preset database.
  • the processor 201 may receive biometric information input by the user, and if the biometric information is preset biometric information, Acquiring login information of the user that is characterized by the biometric information to log in to the application, and filling the acquired login information into the target input domain.
  • one (or more) preset biometric information can be used to represent a legitimate user.
  • the target input field may include at least two input fields, such as a username field and a password field.
  • the processor 201 may respectively obtain, from the login information, the attributes of the respective input domains according to the attributes of the respective input fields in the at least two input fields. Login information, and each of the input fields is filled with login information that matches the attributes of the respective input fields.
  • the processor 201 may selectively fill the target input domain according to a user's selection operation.
  • the processor 201 may receive a selection operation input by the user, and obtain, according to the attribute of the target input field selected by the selection operation, the login information that matches the attribute of the selected target input domain from the login information, and The selected target input field is filled with login information that matches the attribute of the selected target input field.
  • the login information in the preset database may be login information encrypted by using a preset encryption rule.
  • the processor 201 needs to decrypt the login information.
  • the decryption rule may be a pre-set decryption rule corresponding to the preset encryption rule.
  • the steps involved in user authentication and login information acquisition may preferably be performed by a Trusted Execution Environment (TEE), and the steps involving input and output of human-computer interaction are performed by the target operating system.
  • TEE Trusted Execution Environment
  • the trusted execution environment and the target operating system communicate with each other.
  • the target operating system can typically be an open operating system.
  • the processor sends the biometric information through a target operating system. Send to a trusted execution environment;
  • the processor 101 may verify, by the trusted execution environment, whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, may be from the trusted execution environment. Obtaining login information of the user that is characterized by the biometric information and logging in to the application, and sending the login information to the target operating system by using the trusted execution environment.
  • the processor 101 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information acquisition from being maliciously falsified due to malicious attacks on the target operating system, and the present invention can be enhanced.
  • the security of the inventive solution is not limited to
  • the embodiment of the present invention implements the target input field for inputting login information in the login page of the application, and verifies the biometric information input by the user. If the verification succeeds, the current database is obtained from the preset database.
  • the login information of the user logging in to the application, and populating the login information into the target input domain can automatically fill the target input domain in the login page, simplifying the login operation of the user, and the scope of application Wide, not limited by the application development platform.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • User Interface Of Digital Computer (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiments of the invention disclose a login information input method, login information storage method, and associated device. The login information input method comprises: identifying a current page to be a login page of an application; identifying a target input field in the login page where login information is input into; receiving biological characteristic information input by a user; if the biological characteristic information is preconfigured biological characteristic information, obtaining, from a preconfigured database, login information characterized by the biological characteristic information for the user to log in to the application; and filling the login information into the target input field. The exemplary approach can auto fill a target input field in a login page, simplifying a user login operation, having wide applications, and not being limited by a development platform of an application.

Description

登录信息输入方法、登录信息保存方法及相关装置Login information input method, login information storage method, and related device 技术领域Technical field

本发明涉及终端交互领域,尤其涉及一种登录信息输入方法、登录信息保存方法及相关装置。The present invention relates to the field of terminal interaction, and in particular, to a login information input method, a login information storage method, and related devices.

背景技术Background technique

随着电子技术与互联网技术的迅猛发展,存在大量的应用或网站需要用户注册、登录之后才能使用,因此,用户需要记忆大量的账号和密码等信息。为了保障账户安全,很多人都宁愿针对不同的应用或网站设置不同的密码,这样虽然安全了,但也带来了记忆上很大的负担。With the rapid development of electronic technology and Internet technology, there are a large number of applications or websites that require users to register and log in before they can be used. Therefore, users need to memorize a large number of accounts and passwords. In order to protect the security of the account, many people prefer to set different passwords for different applications or websites, which is safe, but it also brings a big burden on memory.

为了提供安全的密码等登录信息的管理,目前出现了很多密码管理工具,可实现帮助用户记住各种线上或线下的账户和密码等信息。用户仅需要设置一个密码箱的钥匙(即管理密码)就可以安全的访问存储于密码箱中的账户和密码等信息。In order to provide management of login information such as secure passwords, many password management tools have emerged to help users remember various online or offline accounts and passwords. The user only needs to set a key of the lock box (ie, the management password) to securely access information such as accounts and passwords stored in the lock box.

但是,现有的密码管理工具的易用性差,用户首先需要输入管理密码来打开密码箱,之后再将账户、密码拷贝粘贴到应用程序中的用于输入账户、密码的输入域中,操作比较繁琐。However, the existing password management tool has poor ease of use. The user first needs to input the management password to open the password box, and then copy and paste the account and password into the input field for inputting the account and password in the application, which is cumbersome to operate. .

现有技术中,在使用浏览器(如IE浏览器)登录一个网站时,用户可以通过设置“保存表单上用户名和密码”来自动保存登录信息,用以在后续登录该网站时,已保存的账户和密码可以自动填充到登录页面中,实现快速登录。但是,这种快速登录方式的兼容性差,只适用于实现了表单管理功能模块的应用程序,不能兼容其他应用程序。In the prior art, when a website (such as Internet Explorer) is used to log in to a website, the user can automatically save the login information by setting "save the user name and password on the form", which is saved when the website is subsequently logged into the website. Accounts and passwords can be automatically populated into the login page for quick login. However, this fast login method has poor compatibility and is only applicable to applications that implement the form management function module and cannot be compatible with other applications.

发明内容Summary of the invention

本发明实施例提供了一种登录信息输入方法、登录信息保存方法及相关装置,通过识别应用程序的登录页面中的目标输入域,可实现自动填充登录页面中的所述目标输入域,简化了用户的登录操作,并且适用范围广,不受应用程序开发平台的限制。The embodiment of the invention provides a login information input method, a login information storage method and a related device. By identifying a target input field in an application login page, the target input field in the login page can be automatically filled, which simplifies. User login operations, and a wide range of applications, not limited by the application development platform.

第一方面,本发明公开了一种登录信息输入方法,包括: In a first aspect, the present invention discloses a login information input method, including:

识别出当前页面为应用程序的登录页面;Identifying that the current page is the login page of the application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

接收用户输入的生物特征信息;Receiving biometric information input by the user;

如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And if the biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;

将所述登录信息填充到所述目标输入域中。The login information is populated into the target input domain.

结合第一方面,在第一种可能的实现方式中,所述目标输入域包括至少两个输入域;所述将所述登录信息填充到所述目标输入域中,包括:分析出所述至少两个输入域中的各个输入域的属性;根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;在所述各个输入域中分别填充与各个输入域的属性相符合的登录信息。With reference to the first aspect, in a first possible implementation, the target input field includes at least two input fields; and the filling the login information into the target input domain includes: analyzing the at least Attributes of respective input fields in the two input fields; respectively, obtaining login information corresponding to attributes of the respective input fields from the login information according to attributes of the respective input fields; in each of the input fields The login information that matches the attributes of each input field is filled separately.

结合第一方面,在第二种可能的实现方式中,所述将所述登录信息填充到所述目标输入域中,包括:接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。With reference to the first aspect, in a second possible implementation manner, the filling the login information into the target input domain includes: receiving a user input selection operation, where the selecting operation is used to select a padding login a target input field of the information; analyzing an attribute of the target input field selected by the selecting operation; and obtaining, according to the attribute of the selected target input field, the attribute of the selected target input field from the login information Login information; filling the selected target input field with login information that matches the attribute of the selected target input field.

结合第一方面,在第三种可能的实现方式中,所述如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,包括:With reference to the first aspect, in a third possible implementation, if the biometric information is preset biometric information, the user that is obtained by acquiring the biometric information from a preset database logs in to the application. Program login information, including:

目标操作系统将所述生物特征信息发送给可信执行环境;The target operating system transmits the biometric information to a trusted execution environment;

所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。The trusted execution environment verifies whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, the trusted execution environment acquires the The user characterized by the biometric information logs in to the login information of the application and transmits the login information to the target operating system.

结合第一方面,或者,结合第一方面的第一种至第三种中任一种可能的实现方式,在第四种可能的实现方式中,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述将所述登录信息填充到所述目标输入域之前,所述方法还包括:通过所述预设加密规则对应的解密规则解密所述登录信息。 With reference to the first aspect, or in combination with any one of the first to the third possible implementations of the first aspect, in a fourth possible implementation, the login information in the preset database is The encryption rule is used to encrypt the login information. Before the filling the login information into the target input field, the method further includes: decrypting the login information by using a decryption rule corresponding to the preset encryption rule.

结合第一方面的第四种可能的实现方式,或者,结合第一方面的第一种或第为种可能的实现方式,在第五种可能的实现方式中,所述识别出所述登录页面中用于输入登录信息的目标输入域,包括:In conjunction with the fourth possible implementation of the first aspect, or in combination with the first or the first possible implementation of the first aspect, in a fifth possible implementation, the identifying the login page The target input fields used to enter login information, including:

获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page;

在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.

第二方面,本发明公开了一种登录信息保存方法,包括:In a second aspect, the present invention discloses a method for saving login information, including:

识别出当前页面为应用程序的登录页面;Identifying that the current page is the login page of the application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

接收用户在所述目标输入域中输入的登录信息;Receiving login information input by the user in the target input field;

接收用户输入的生物特征信息;Receiving biometric information input by the user;

如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。And if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

结合第二方面,在第一种可能的实现方式中,所述如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中,包括:With reference to the second aspect, in a first possible implementation, if the biometric information is preset biometric information, the login information is used as a user represented by the biometric information to log in to the application. The login information of the program saves the login information to the preset database, including:

目标操作系统将所述生物特征信息发送给可信执行环境;The target operating system transmits the biometric information to a trusted execution environment;

所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则所述目标操作系统将所述登录信息发送给所述可信执行环境;If the biometric information is preset biometric information, the target operating system sends the login information to the trusted execution environment;

如果所述生物特征信息是预设生物特征信息,则所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the trusted execution environment uses the login information as login information of the user that is characterized by the biometric information to log in to the application, and saves the login information to In the default database.

结合第二方面,或,结合第二方面的第一种可能的实现方式,在第二种可能的实现方式中,在所述保存所述登录信息到预设数据库中之前,所述方法还包括:按照预设加密规则加密所述登录信息。 With reference to the second aspect, or in combination with the first possible implementation of the second aspect, in a second possible implementation, before the saving the login information into the preset database, the method further includes : Encrypt the login information according to a preset encryption rule.

结合第二方面,在第三种可能的实现方式中,所述识别出所述登录页面中用于输入登录信息的目标输入域,包括:With reference to the second aspect, in a third possible implementation manner, the identifying, in the login page, a target input field for inputting login information, including:

获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page;

在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.

第三方面,本发明公开了一种登录信息输入装置,包括:In a third aspect, the present invention discloses a login information input device, including:

第一识别单元,用于识别出当前页面为应用程序的登录页面;a first identifying unit, configured to identify that the current page is a login page of the application;

第二识别单元,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit, configured to identify a target input field for inputting login information in the login page;

接收单元,用于接收用户输入的生物特征信息;a receiving unit, configured to receive biometric information input by the user;

获取单元,用于如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And an obtaining unit, configured to: if the biometric information is preset biometric information, acquire, from a preset database, login information of a user that is characterized by the biometric information and log in to the application;

填充单元,用于将所述登录信息填充到所述目标输入域中。a padding unit, configured to fill the login information into the target input domain.

结合第三方面,在第一种可能的实现方式中,所述目标输入域包括至少两个输入域;所述填充单元,具体用于:分析出所述至少两个输入域中的各个输入域的属性;根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;在所述各个输入域中分别填充与各个输入域的属性相符合的登录信息。With reference to the third aspect, in a first possible implementation, the target input field includes at least two input fields, and the filling unit is configured to: analyze each input domain in the at least two input domains According to the attributes of the respective input fields, the login information corresponding to the attributes of the input fields is respectively obtained from the login information; and the attributes of the input fields are respectively filled in the respective input fields. Compliance login information.

结合第三方面,在第二种可能的实现方式中,所述填充单元,具体用于:接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。With reference to the third aspect, in a second possible implementation, the filling unit is specifically configured to: receive a user input selection operation, where the selection operation is used to select a target input field that needs to be filled with login information; Selecting an attribute of the target input field selected by the operation; obtaining, according to the attribute of the selected target input field, the login information that matches the attribute of the selected target input field; and the selected target The input field is populated with login information that matches the attributes of the selected target input field.

结合第三方面,在第三种可能的实现方式中,所述获取单元,具体用于:With reference to the third aspect, in a third possible implementation manner, the acquiring unit is specifically configured to:

通过目标操作系统将所述生物特征信息发送给可信执行环境; Transmitting the biometric information to the trusted execution environment by the target operating system;

通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, obtaining the preset biometric information from the preset database by using the trusted execution environment. The user characterized by the biometric information logs in to the login information of the application, and sends the login information to the target operating system.

结合第三方面,或者,结合第三方面的第一种至第三种中任一种可能的实现方式,在第四种可能的实现方式中,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述装置还包括:解密单元,用于在所述填充单元将所述登录信息填充到所述目标输入域之前,通过所述预设加密规则对应的解密规则解密所述登录信息。With reference to the third aspect, or in combination with any one of the first to the third possible implementation manners of the third aspect, in a fourth possible implementation manner, the login information in the preset database is The encryption rule is used to encrypt the login information. The device further includes: a decryption unit, configured to use the decryption rule corresponding to the preset encryption rule before the filling unit fills the login information into the target input domain Decrypt the login information.

结合第三方面,或者,结合第三方面的第一种或第二种可能的实现方式,在第五种可能的实现方式中,所述第二识别单元,具体用于:获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。With reference to the third aspect, or in combination with the first or second possible implementation of the third aspect, in a fifth possible implementation, the second identifying unit is specifically configured to: obtain the login page Corresponding context; the context is used to represent the control object and the resource referenced by the login page; in the context corresponding to the login page, the context is identified according to a preset context for identifying the target input domain Target input field.

第四方面,本发明公开了一种登录信息保存装置,包括:In a fourth aspect, the present invention discloses a login information storage device, including:

第一识别单元,用于识别出当前页面为应用程序的登录页面;a first identifying unit, configured to identify that the current page is a login page of the application;

第二识别单元,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit, configured to identify a target input field for inputting login information in the login page;

第一接收单元,用于接收用户在所述目标输入域中输入的登录信息;a first receiving unit, configured to receive login information input by the user in the target input field;

第二接收单元,用于接收用户输入的生物特征信息;a second receiving unit, configured to receive biometric information input by the user;

保存单元,用于如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。a saving unit, configured to: if the biometric information is preset biometric information, use the login information as login information of a user that is represented by the biometric information to log in to the application, and save the login information to a pre Set in the database.

结合第四方面,在第一种可能的实现方式中,所述保存单元,具体用于:With reference to the fourth aspect, in a first possible implementation manner, the saving unit is specifically configured to:

通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting the biometric information to the trusted execution environment by the target operating system;

通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Verifying, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则通过所述目标操作系统将所述登录信息发送给所述可信执行环境;And if the biometric information is preset biometric information, sending the login information to the trusted execution environment by using the target operating system;

如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境 将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。Passing the trusted execution environment if the biometric information is preset biometric information The login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

结合第四方面,或者,结合第四方面的第一种可能的实现方式,所述装置还包括:加密单元,用于在所述保存单元保存所述登录信息到预设数据库中之前,按照预设加密规则加密所述登录信息。With reference to the fourth aspect, or in combination with the first possible implementation manner of the fourth aspect, the apparatus further includes: an encryption unit, configured to: before the saving unit saves the login information to the preset database, according to the pre- The encryption rule is used to encrypt the login information.

结合第四方面,在第三种可能的实现方式中,所述第二识别单元,具体用于:获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。With reference to the fourth aspect, in a third possible implementation, the second identifying unit is specifically configured to: obtain a context corresponding to the login page; the context is used to represent a control object referenced by the login page And a resource; in the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.

第五方面,本发明公开了一种终端,用于实现第一方面所述的方法,包括:输入装置、输出装置、存储器和与所述存储器耦合的处理器,其中:In a fifth aspect, the present invention discloses a terminal for implementing the method of the first aspect, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein:

所述处理器读取所述存储器中存储的指令,用于执行以下步骤:The processor reads instructions stored in the memory for performing the following steps:

识别出显示于所述输出装置中的当前页面为应用程序的登录页面;Recognizing that the current page displayed in the output device is a login page of the application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

通过所述输入装置接收用户输入的生物特征信息;Receiving biometric information input by a user through the input device;

如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And if the biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;

将所述登录信息填充到所述目标输入域中。The login information is populated into the target input domain.

结合第五方面,在第一种可能的实现方式中,所述目标输入域包括至少两个输入域;所述将所述登录信息填充到所述目标输入域中的步骤,包括:With reference to the fifth aspect, in a first possible implementation, the target input field includes at least two input fields; and the step of filling the login information into the target input domain includes:

所述处理器分析出所述至少两个输入域中的各个输入域的属性;The processor analyzes attributes of respective input fields in the at least two input fields;

所述处理器根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;And the processor respectively acquires login information that matches the attributes of the respective input domains from the login information according to attributes of the respective input domains;

所述处理器在所述各个输入域中分别填充与各个输入域的属性相符合的登录信息。The processor fills each of the input fields with login information that matches the attributes of the respective input fields.

结合第五方面,在第二种可能的实现方式中,所述将所述登录信息填充到所述目标输入域中的步骤,包括:With reference to the fifth aspect, in a second possible implementation, the step of filling the login information into the target input domain includes:

所述处理器通过所述输入装置接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取 与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。Receiving, by the input device, a selection operation input by a user, the selecting operation is for selecting a target input field that needs to be filled with login information; analyzing an attribute of the target input field selected by the selecting operation; The target of the target input domain, obtained from the login information The login information is matched with the attribute of the selected target input domain; and the selected target input domain is filled with the login information that matches the attribute of the selected target input domain.

结合第五方面,在第三种可能的实现方式中,所述如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息的步骤,包括:With reference to the fifth aspect, in a third possible implementation, if the biometric information is preset biometric information, the user that is obtained by acquiring the biometric information from a preset database logs in to the application. The steps of the program's login information, including:

所述处理器通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting, by the target operating system, the biometric information to a trusted execution environment;

所述处理器通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并通过所述可信执行环境将所述登录信息发送给所述目标操作系统。Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, proceeding from the trusted execution environment And obtaining, by the database, login information of the user that is characterized by the biometric information and logging in to the application, and sending the login information to the target operating system by using the trusted execution environment.

结合第五方面,或者,结合第五方面的第一种至第三种任一种可能的实现方式,在第四种可能的实现方式中,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述处理器还用于:在将所述登录信息填充到所述目标输入域之前,通过所述预设加密规则对应的解密规则解密所述登录信息。With reference to the fifth aspect, or in combination with the first to the third possible implementation manners of the fifth aspect, in a fourth possible implementation manner, the login information in the preset database is preset The encryption rule performs the encrypted login information. The processor is further configured to decrypt the login information by using a decryption rule corresponding to the preset encryption rule before filling the login information into the target input domain.

结合第五方面,或者,结合第五方面的第一种或第二种任一种可能的实现方式,在第五种可能的实现方式中,所述识别出所述登录页面中用于输入登录信息的目标输入域的步骤,包括:With reference to the fifth aspect, or in combination with the first or the second possible implementation manner of the fifth aspect, in a fifth possible implementation, the identifying the login page for inputting the login The steps of entering the domain of the information include:

所述处理器获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;The processor acquires a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page;

所述处理器在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。The processor identifies the target input domain according to a preset context for identifying the target input domain in a context corresponding to the login page.

第六方面,本发明公开了一种终端,用于实现第二方面所述的方法,包括:输入装置、输出装置、存储器和与所述存储器耦合的处理器,其中:In a sixth aspect, the present invention discloses a terminal for implementing the method of the second aspect, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein:

所述处理器读取所述存储器中存储的指令,用于执行以下步骤:The processor reads instructions stored in the memory for performing the following steps:

识别出显示于所述输出装置中的当前页面为应用程序的登录页面;Recognizing that the current page displayed in the output device is a login page of the application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

通过所述输入装置接收用户在所述目标输入域中输入的登录信息; Receiving login information input by the user in the target input field by the input device;

通过所述输入装置接收用户输入的生物特征信息;Receiving biometric information input by a user through the input device;

如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。And if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

结合第六方面,在第一种可能的实现方式中,所述如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中的步骤,包括:With reference to the sixth aspect, in a first possible implementation, if the biometric information is preset biometric information, the login information is used as a user represented by the biometric information to log in to the application. The login information of the program, the step of saving the login information into the preset database, including:

所述处理器通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting, by the target operating system, the biometric information to a trusted execution environment;

所述处理器通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则所述处理器通过所述目标操作系统将所述登录信息发送给所述可信执行环境;And if the biometric information is preset biometric information, the processor sends the login information to the trusted execution environment by using the target operating system;

如果所述生物特征信息是预设生物特征信息,则所述处理器通过所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the processor saves the login information as login information of the user that is represented by the biometric information to the application through the trusted execution environment, and saves the login information. The login information is in a preset database.

结合第六方面,或者,结合第六方面的第一种可能的实现方式,在第二种可能的实现方式中,所述处理器还用于:在保存所述登录信息到预设数据库中之前,按照预设加密规则加密所述登录信息。With reference to the sixth aspect, or in combination with the first possible implementation manner of the sixth aspect, in a second possible implementation, the processor is further configured to: before saving the login information to the preset database The login information is encrypted according to a preset encryption rule.

结合第六方面,在第三种可能的实现方式中,所述识别出所述登录页面中用于输入登录信息的目标输入域的步骤,包括:With reference to the sixth aspect, in a third possible implementation, the step of identifying a target input field for inputting login information in the login page includes:

获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page;

在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.

实施本发明实施例,通过识别应用程序的登录页面中用于输入登录信息的目标输入域,并且验证用户输入的生物特征信息,如果通过验证,则从预设数据库中获取所述用户登录所述应用程序的登录信息,并将所述登录信息填充到所述目标输入域中,可实现自动填充登录页面中的所述目标输入域, 简化了用户的登录操作,并且适用范围广,不受应用程序开发平台的限制。Embodiments of the present invention are configured to identify a target input field for inputting login information in a login page of an application, and verify biometric information input by the user, and if verified, obtain the user login from the preset database. The login information of the application, and filling the login information into the target input domain, can automatically fill the target input field in the login page, It simplifies the user's login operation and is widely applicable without the limitations of the application development platform.

附图说明DRAWINGS

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below.

图1是本发明实施例提供的登录信息保存方法的流程示意图;1 is a schematic flowchart of a method for saving login information according to an embodiment of the present invention;

图2A是本发明实施例提供的一种应用程序的示例性登录页面;2A is an exemplary login page of an application program according to an embodiment of the present invention;

图2B是本发明实施例提供的一种登录信息保存的示例性界面;2B is an exemplary interface for saving login information according to an embodiment of the present invention;

图2C是本发明实施例提供的一种保存登录信息的身份验证的示例性界面;2C is an exemplary interface for saving identity verification of login information according to an embodiment of the present invention;

图3A是本发明实施例提供的一种登录信息加密过程的示意图;3A is a schematic diagram of a login information encryption process according to an embodiment of the present invention;

图3B是本发明实施例提供的一种加密密钥的生成过程的示意图;FIG. 3B is a schematic diagram of a process for generating an encryption key according to an embodiment of the present invention; FIG.

图3C是本发明实施例提供的另一种登录信息加密过程的示意图;FIG. 3C is a schematic diagram of another login information encryption process according to an embodiment of the present invention; FIG.

图3D是本发明实施例提供的一种验证码的生成过程的示意图;FIG. 3D is a schematic diagram of a process for generating a verification code according to an embodiment of the present invention; FIG.

图4是本发明实施例提供的登录信息输入方法的流程示意图;4 is a schematic flowchart of a login information input method according to an embodiment of the present invention;

图5A是本发明实施例提供的一种登录信息输入的示例性界面;FIG. 5A is an exemplary interface of login information input according to an embodiment of the present invention; FIG.

图5B是本发明实施例提供的一种输入登录信息的身份验证的示例性界面;FIG. 5B is an exemplary interface for inputting login authentication information according to an embodiment of the present invention; FIG.

图6A是本发明实施例提供的登录信息解密过程的示意图;FIG. 6A is a schematic diagram of a login information decryption process according to an embodiment of the present invention; FIG.

图6B是本发明实施例提供的一种解密密钥的生成过程的示意图;FIG. 6B is a schematic diagram of a process for generating a decryption key according to an embodiment of the present invention; FIG.

图6C是本发明实施例提供的另一种登录信息解密过程的示意图;FIG. 6C is a schematic diagram of another login information decryption process according to an embodiment of the present invention; FIG.

图7是本发明实施例提供的登录信息保存装置的结构示意图;FIG. 7 is a schematic structural diagram of a login information storage apparatus according to an embodiment of the present invention;

图8是本发明实施例提供的登录信息输入装置的结构示意图;FIG. 8 is a schematic structural diagram of a login information input apparatus according to an embodiment of the present invention;

图9是本发明实施例提供的一种用于实现登录信息保存方法的终端的结构示意图;FIG. 9 is a schematic structural diagram of a terminal for implementing a method for saving login information according to an embodiment of the present disclosure;

图10是本发明实施例提供的一种用于实现登录信息输入方法的终端的结构示意图。FIG. 10 is a schematic structural diagram of a terminal for implementing a login information input method according to an embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行 清楚地描述。显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solution in the embodiment of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention. Describe clearly. It is apparent that the described embodiments are only a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

本发明可以由移动终端实现,还可以由个人电脑、网络设备等计算设备来实现。下面以移动终端为例来进行说明。The present invention can be implemented by a mobile terminal, and can also be implemented by a computing device such as a personal computer or a network device. The following describes the mobile terminal as an example.

优选地,本发明的方案可以由一种安装并运行于移动终端中的APP来实现。具体如,本发明的方案可以由一个始终后台运行的APP来实现。进一步地,本发明的方案可以作为一个功能模块集成在一个始终后台运行的APP中。Preferably, the solution of the present invention can be implemented by an APP installed and running in a mobile terminal. Specifically, the solution of the present invention can be implemented by an APP that is always running in the background. Further, the solution of the present invention can be integrated as a function module in an APP that is always running in the background.

在此,移动终端包括但不限于任何一种基于智能操作系统的手持式电子产品,其可与用户通过键盘、虚拟键盘、触摸板、触摸屏以及声控设备等输入设备来进行人机交互,诸如智能手机、平板电脑等。其中,智能操作系统包括但不限于任何通过向移动设备提供各种移动应用来丰富设备功能的操作系统,诸如安卓(Android)、IOS、Windows Phone等。Here, the mobile terminal includes, but is not limited to, any smart operating system-based handheld electronic product, which can perform human-computer interaction with a user through an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as intelligence. Mobile phones, tablets, etc. Among them, the smart operating system includes, but is not limited to, any operating system that enriches device functions by providing various mobile applications to mobile devices, such as Android, IOS, Windows Phone, and the like.

参见图1,图1是本发明实施例提供的一种登录信息保存方法的流程示意图。在图1所示的登录信息保存方法中,移动终端识别出应用程序的登录页面中用于输入登录信息的目标输入域,如果用户输入的生物特征信息通过验证,则将所述目标输入域中输入的登录信息作为所述用户登录所述应用程序的登录信息,保存到预设数据库中,可实现将用户在登录页面输入的登录信息自动保存到所述预设数据中,为本发明后续描述的登录信息输入方法提供支撑。如图1所示,该方法包括:Referring to FIG. 1, FIG. 1 is a schematic flowchart of a method for saving login information according to an embodiment of the present invention. In the login information saving method shown in FIG. 1, the mobile terminal identifies a target input field for inputting login information in the login page of the application, and if the biometric information input by the user passes the verification, the target is input into the domain. The login information is used as the login information of the user to log in to the application, and is saved in the preset database, so that the login information input by the user on the login page is automatically saved in the preset data, which is a description of the present invention. The login information input method provides support. As shown in Figure 1, the method includes:

S101,识别出当前页面为应用程序的登录页面。S101. Identify that the current page is a login page of the application.

S103,识别出所述登录页面中用于输入登录信息的目标输入域。S103. Identify a target input field for inputting login information in the login page.

S105,接收用户在所述目标输入域中输入的登录信息。S105. Receive login information input by the user in the target input field.

S107,接收用户输入的生物特征信息。S107. Receive biometric information input by a user.

S109,如果生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息保存到预设数据库中。S109, if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information, and the login information is saved in a preset database. .

具体的,本发明实施例涉及的应用程序是指用户当前打开的应用程序,可以是网页应用(Web App),或混合应用(Hybrid App),或原生应用(Native  App)。本发明实施例涉及的登录页面是指所述应用程序提供给用户的用于输入登录信息的页面。本发明实施例涉及的登录信息是指用户登录所述应用程序所需要的信息,具体如用户名和密码等。Specifically, the application program in the embodiment of the present invention refers to an application currently opened by the user, which may be a web application (Web App), or a hybrid application (Hybrid App), or a native application (Native). App). The login page according to the embodiment of the present invention refers to a page for inputting login information provided by the application to the user. The login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.

具体实现中,移动终端可以根据当前页面包括的界面元素识别出当前页面所属的应用程序。例如,根据当前页面的标题栏中文字或图片或商标等信息识别出当前页面所属的应用程序。实际应用中,移动终端还可以根据其他信息,例如弹窗中的提示语,识别出当前页面所属的应用程序,这里不作限制。In a specific implementation, the mobile terminal may identify an application to which the current page belongs according to an interface element included in the current page. For example, the application to which the current page belongs is identified based on information such as text or image or trademark in the title bar of the current page. In an actual application, the mobile terminal can also identify an application to which the current page belongs according to other information, such as a prompt in a pop-up window, which is not limited herein.

进一步的,移动终端需要识别出当前页面是否是所述登录页面。Further, the mobile terminal needs to identify whether the current page is the login page.

一种实现方式中,移动终端可以根据当前页面包括的界面元素来分析出当前页面是否是所述登录页面。例如,如果当前页面包含有用于触发登录请求的“登录”控件,那么,移动终端可以判定当前页面是所述登录页面。In an implementation manner, the mobile terminal may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the mobile terminal can determine that the current page is the login page.

另一种实现方式中,终端可以判断当前页面是否存在所述目标输入域,如果存在所述目标输入域,则判定当前页面是所述登录页面。In another implementation manner, the terminal may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.

本发明实施例中,终端可以获取登录页面对应的上下文,根据所述上下文识别出所述目标输入域。In the embodiment of the present invention, the terminal may obtain a context corresponding to the login page, and identify the target input domain according to the context.

所述上下文用于表征所述登录页面所引用的控件对象和资源。例如,在Android中,界面上下文(Activity Context)在应用界面(Activity)启动的时候被创建,主要用于保存对当前界面控件和资源的引用。The context is used to characterize control objects and resources referenced by the login page. For example, in Android, the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.

这里,控件对象包括但不限于:用于接收用户输入的输入型控件,如按键(Button)、文本输入框(如Android中的EditText)等,以及用于向用户显示信息的输出型控件,如标签(Label)、文本显示框(如Android中的TextView)等。这里,资源包括但不限于:显示在输出型控件中的文字、图片等资源。Here, the control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android). Here, resources include, but are not limited to, text, images, and the like displayed in the output control.

具体实现中,移动终端可以首先根据控件类型识别出当前页面中的用于输入文本信息的输入域。例如,如图2A所示,移动终端可以将登录页面301中的控件类型为文本输入框的控件对象识别为输入域,包括:输入域302、输入域304以及输入域306。In a specific implementation, the mobile terminal may first identify an input field in the current page for inputting text information according to the type of the control. For example, as shown in FIG. 2A, the mobile terminal may identify the control object in the login page 301 as a text input box as an input field, including: an input field 302, an input field 304, and an input field 306.

需要说明的,本发明实施例涉及的登录信息不包括动态验证码等用于防止恶意登录而临时产生的动态信息。相应地,所述目标输入域不包括用于输入动态验证码等临时性的登录信息的输入域。 It should be noted that the login information related to the embodiment of the present invention does not include dynamic information that is temporarily generated to prevent malicious login, such as a dynamic verification code. Accordingly, the target input field does not include an input field for inputting temporary login information such as a dynamic verification code.

具体实现中,移动终端可预先设置用于识别所述目标输入域的上下文,并在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。所述目标输入域对应的上下文可包括:所述目标输入域在页面布局上的相邻控件,以及相邻控件所引用的资源。In a specific implementation, the mobile terminal may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the target according to a preset context for identifying the target input domain. Enter the domain. The context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.

例如,预先设置用户名域的相邻控件为文本显示框,其引用的文字资源包括:“用户名”、“账号”、“邮箱”等字符串。那么,移动终端可以将图2A中显示内容为“用户名”的文本显示框之后的输入域识别为用户名域。For example, the adjacent control of the user name field is preset as a text display box, and the text resources referenced by the user include: "user name", "account", "mailbox" and the like. Then, the mobile terminal can recognize the input field after the text display box whose content is "user name" in FIG. 2A as the user name field.

需要说明的,所述目标输入域对应的上下文也可以由用户自定义。例如,第三方软件需要利用身份证号码登录。那么,第三方可以将显示内容为“身份证号码”的文本显示框作为用户名域的相邻控件。It should be noted that the context corresponding to the target input domain may also be customized by the user. For example, third-party software needs to log in with an ID number. Then, the third party can display the text display box whose content is "ID card number" as the adjacent control of the user name field.

示例仅仅是本发明实施例的一种实现方式,实际应用中还可不同,不应构成限定。The example is only one implementation manner of the embodiment of the present invention, and may be different in practical applications, and should not be construed as limiting.

进一步的,移动终端可以根据所述目标输入域对应的上下文分析出所述目标输入域的属性。这里,所述目标输入域的属性可用于指示出所述目标输入域接收的信息类型。Further, the mobile terminal may analyze an attribute of the target input domain according to a context corresponding to the target input domain. Here, the attribute of the target input field can be used to indicate the type of information received by the target input field.

例如,在图2A中,输入域302的相邻控件是显示内容为“用户名”的文本显示框,输入域304的相邻控件是显示内容为“密码”的文本显示框。那么,移动终端可以判定:输入域302是用户名域,用于接收用户名;输入域304是密码域,用于接收密码。示例仅仅是本发明实施例的一种实现方式,实际应用中可以不同,不应构成限定。For example, in FIG. 2A, the adjacent control of the input field 302 is a text display box whose display content is "user name", and the adjacent control of the input field 304 is a text display frame whose display content is "password". Then, the mobile terminal can determine that the input field 302 is a username field for receiving the username; the input field 304 is a password domain for receiving the password. The example is only one implementation manner of the embodiment of the present invention, which may be different in actual application and should not be construed as limiting.

可以理解的,本发明实施例是通过分析所述登录页面的上下文识别出所述目标输入域的,不受应用程序的开发平台的限制,适用范围广,兼容性好。It can be understood that the embodiment of the present invention identifies the target input domain by analyzing the context of the login page, which is not restricted by the development platform of the application program, and has wide application range and good compatibility.

具体实现中,在识别出所述登录页面中的所述目标输入域之后,移动终端可监测所述目标输入域,判断所述目标输入域中是否有信息输入,若有信息输入,则将所述目标输入域中输入的登录信息保存到用于安全存储的预设数据库中。In a specific implementation, after identifying the target input field in the login page, the mobile terminal may monitor the target input domain, determine whether there is information input in the target input domain, and if information is input, The login information entered in the target input field is saved to a preset database for secure storage.

例如,如图2B所示,在检测到所述目标输入域中有信息输入时,移动终端可以在所述登录页面上弹出提示框,用以提示用户保存所述目标输入域中输入的登录信息。For example, as shown in FIG. 2B, when detecting that there is information input in the target input field, the mobile terminal may pop up a prompt box on the login page to prompt the user to save the login information input in the target input field. .

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。在用 户访问所述预设数据库之前,移动终端需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的信息。In the embodiment of the present invention, the preset database is used to securely store login information of the user. Using Before the user accesses the preset database, the mobile terminal needs to authenticate the user, and the authenticated user can: write the information into the preset database, or change the information in the preset database, or read the The information in the default database.

具体实现中,在将所述目标输入域中输入的登录信息保存到所述预设数据库中之前,移动终端可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,则将所述目标输入域中输入的登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。In a specific implementation, before the login information input in the target input field is saved in the preset database, the mobile terminal may receive biometric information input by the user, and if the biometric information is preset biometric information, Then, the login information input in the target input field is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

例如,如图2C所示,移动终端可以通过扫描用户指纹来验证用户身份。示例仅仅是本发明实施例的一种实现方式,实际应用中,移动终端也可以通过人脸识别、虹膜识别、语音特征识别等验证用户输入的生物特征信息的方式来验证用户身份,这里不作限制。当然,除了验证生物特征信息,移动终端还可以通过其他验证方式,例如密码验证,来验证用户身份,本发明实施例不作限制。For example, as shown in FIG. 2C, the mobile terminal can verify the identity of the user by scanning the user's fingerprint. The example is only an implementation manner of the embodiment of the present invention. In an actual application, the mobile terminal can also verify the identity of the user by means of face recognition, iris recognition, voice feature recognition, etc., and the user identity is verified. . Of course, in addition to verifying the biometric information, the mobile terminal can verify the identity of the user by using other authentication methods, such as password verification, which is not limited in the embodiment of the present invention.

本发明实施例中,所述预设数据库可以如表1所示,仅用于保存单个合法用户的登录信息:In the embodiment of the present invention, the preset database may be as shown in Table 1, and is only used to save login information of a single legal user:

Figure PCTCN2016097182-appb-000001
Figure PCTCN2016097182-appb-000001

表1Table 1

表1所示的预设数据库存储了所述单个合法用户登录“应用程序1”和“应用程序2”的登录信息。其中,所述用户对应有2份登录“应用程序2”的登录信息(即2个登录账号),分别是:登录信息B、登录信息C。The preset database shown in Table 1 stores the login information of the single legitimate user login "Application 1" and "Application 2". The user corresponds to two login information (ie, two login accounts) for logging in “application 2”, namely: login information B and login information C.

本发明实施例中,所述预设数据库也可以如表2所示,用于保存多个合法用户的登录信息:In the embodiment of the present invention, the preset database may also be used to save login information of multiple legal users as shown in Table 2:

Figure PCTCN2016097182-appb-000002
Figure PCTCN2016097182-appb-000002

Figure PCTCN2016097182-appb-000003
Figure PCTCN2016097182-appb-000003

表2Table 2

表2所示的预设数据库存储了合法用户:“用户1”和“用户2”,登录“应用程序1”和“应用程序2”的登录信息。其中,“用户1”对应有2份登录“应用程序2”的登录信息,分别是:登录信息B、登录信息C;“用户2”对应有2份登录“应用程序1”的登录信息,分别是:登录信息D、登录信息E。The preset database shown in Table 2 stores the legitimate users: "User 1" and "User 2", and logs in the login information of "Application 1" and "Application 2". Among them, "user 1" corresponds to two registration information for "application 2", which are: login information B and login information C; "user 2" corresponds to two login information for "application 1", respectively. Yes: login information D, login information E.

需要说明的,所述单个合法用户可以对应一个(或以上)预设生物特征信息。所述多个合法用户中的各个用户也可以对应一个(或以上)预设生物特征信息。即:一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that the single legal user may correspond to one (or more) preset biometric information. Each of the plurality of legitimate users may also correspond to one (or more) preset biometric information. That is: one (or more) preset biometric information can be used to characterize a legitimate user.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置预设生物特征信息(如指纹)。In practical applications, the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.

需要说明的,表1、表2所示的预设数据库仅仅是本发明实施例的一种实现方式,实际应用中可以不同,不应构成限定。所述预设数据库的数据存储形式可以包括但不限于:数据库、文件、表格等。It should be noted that the preset database shown in Table 1 and Table 2 is only an implementation manner of the embodiment of the present invention, and may be different in actual application and should not be limited. The data storage form of the preset database may include, but is not limited to, a database, a file, a table, and the like.

本发明实施例中,为了增强所述预设数据库的安全性,在保存所述目标输入域中输入的登录信息时,移动终端可以按照预设加密规则加密所述登录信息,并将加密后的所述登录信息保存到所述数据库中。In the embodiment of the present invention, in order to enhance the security of the preset database, when the login information input in the target input field is saved, the mobile terminal may encrypt the login information according to a preset encryption rule, and encrypt the encrypted information. The login information is saved to the database.

本发明实施例涉及的登录信息的加密过程可以如图3A所示,移动终端通过对称加密算法(如AES256)对所述登录信息进行加密。其中,加密密钥可以是预先设置的加密密钥。The encryption process of the login information according to the embodiment of the present invention may be as shown in FIG. 3A, and the mobile terminal encrypts the login information by using a symmetric encryption algorithm (such as AES256). The encryption key may be a preset encryption key.

本发明实施例中,移动终端可以设置所述预设数据库的管理密码,所述 管理密码用于生成对称加密算法的加解密密钥,即不需要保存对称加密算法的加解密密钥,仅需要保存所述管理密码。具体实现中,移动终端可以将所述管理密码可以与预设生物特征信息对应的存储在可信执行环境(Trusted Execution Environment,TEE)中,其中,预设生物特征信息可以是获取所述管理密码的凭证。In the embodiment of the present invention, the mobile terminal may set an administrative password of the preset database, The management password is used to generate the encryption and decryption key of the symmetric encryption algorithm, that is, the encryption and decryption key of the symmetric encryption algorithm is not required to be saved, and only the management password needs to be saved. In a specific implementation, the mobile terminal may store the management password in a Trusted Execution Environment (TEE) corresponding to the preset biometric information, where the preset biometric information may be the acquired management password. Voucher.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置所述管理密码。In practical applications, the user can set the management password when using (or registering) the scheme of the present invention for the first time.

如图3B所示,移动终端可以通过加盐算法将所述管理密码生成加密密钥,用以增加加密复杂度,提高安全性。As shown in FIG. 3B, the mobile terminal may generate an encryption key for the management password by using a salting algorithm to increase encryption complexity and improve security.

优选的,本发明实施例涉及的登录信息的加密过程可以如图3C所示,包括:Preferably, the encryption process of the login information in the embodiment of the present invention may be as shown in FIG. 3C, including:

A.所述生物特征信息(如指纹)验证通过之后,从TEE中取出所述管理密码;A. After the verification of the biometric information (such as a fingerprint) is passed, the management password is taken out from the TEE;

B.通过加盐算法将取出的所述管理密码生成待验证数据,其中,盐值2可以是预先设置的;B. The extracted management password is generated by the salt adding algorithm to generate data to be verified, wherein the salt value 2 may be preset;

C.比较所述待验证数据与验证码是否一致,若一致,则表示取出的所述管理密码是正确的,并执行D;其中,验证码的生成过程可以如图3D所示;C. Comparing whether the data to be verified and the verification code are consistent. If they are consistent, the management password is correct, and D is performed; wherein the verification code generation process may be as shown in FIG. 3D;

D.利用所述管理密码通过加盐算法生成加密密钥,其中,盐值1可以是预先设置的;D. generating an encryption key by using a salt-adding algorithm by using the management password, wherein the salt value 1 may be preset;

E.利用所述加密密钥通过对称加密算法(如AES256)对登录信息进行加密,生成已加密的登录信息。E. Encrypting the login information by a symmetric encryption algorithm (such as AES256) using the encryption key to generate encrypted login information.

从图3C所示的加密过程可知,在从TEE中取出管理密码之后,移动终端可验证取出的所述管理密码是否正确,若正确,才利用取出的所述管理密码生成所述加密密钥,用以加密所述登录信息,可保证加密的正确性和安全性,为后续解密所述登录信息提供基础。It can be seen from the encryption process shown in FIG. 3C that after the management password is retrieved from the TEE, the mobile terminal can verify whether the retrieved management password is correct, and if correct, use the retrieved management password to generate the encryption key. The encryption of the login information ensures the correctness and security of the encryption, and provides a basis for subsequent decryption of the login information.

需要说明的,实际应用中,本发明实施例涉及的登录信息的加密过程还可以采用其他加密算法,例如非对称加密算法,这里不做限制。It should be noted that, in an actual application, the encryption process of the login information involved in the embodiment of the present invention may also adopt other encryption algorithms, such as an asymmetric encryption algorithm, which is not limited herein.

为了进一步增强本发明方案的安全性,可以优选的将涉及用户身份验证和登录信息保存的步骤通过可信执行环境(TEE)执行,将涉及人机交互的输入输出的步骤(如上述S101至S107)通过目标操作系统执行。所述可信执 行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。In order to further enhance the security of the solution of the present invention, the steps involved in user identity verification and login information preservation may preferably be performed by a Trusted Execution Environment (TEE), which will involve input and output of human-computer interaction (such as S101 to S107 above). ) is executed by the target operating system. Trusted execution The line environment communicates with the target operating system. The target operating system can typically be an open operating system.

具体的,上述S109的具体实现方式可包括:Specifically, the specific implementation manner of the foregoing S109 may include:

所述目标操作系统可以将在上述S107中接收的所述生物特征信息发送给可信执行环境;The target operating system may send the biometric information received in the foregoing S107 to a trusted execution environment;

所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则所述目标操作系统将所述登录信息发送给所述可信执行环境;If the biometric information is preset biometric information, the target operating system sends the login information to the trusted execution environment;

如果所述生物特征信息是预设生物特征信息,则所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the trusted execution environment uses the login information as login information of the user that is characterized by the biometric information to log in to the application, and saves the login information to In the default database.

上述通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和登录信息保存的步骤被恶意篡改,可增强本发明方案的安全性。The steps of performing the solution of the present invention by using the trusted execution environment and the target operating system respectively can prevent the steps of user identity verification and login information saving from being maliciously falsified due to malicious attacks on the target operating system, and the solution of the present invention can be enhanced. Security.

实施本发明实施例,移动终端可识别出应用程序的登录页面中用于输入登录信息的目标输入域,并验证用户输入的生物特征信息,如果通过验证,则将所述目标输入域中输入的登录信息作为所述用户登录所述应用程序的登录信息保存到所述预设数据库中,可实现自动保存用户在登录页面输入的登录信息,为本发明后续描述的登录信息输入方法提供支撑。In the embodiment of the present invention, the mobile terminal can identify the target input field for inputting the login information in the login page of the application, and verify the biometric information input by the user, and if verified, input the target input field. The login information is saved in the preset database as the login information of the user logging in to the application, and the login information input by the user on the login page is automatically saved, which provides support for the login information input method described later in the present invention.

参见图4,图4是本发明实施例提供的登录信息输入方法的流程示意图。在图4所示的登录信息输入方法中,移动终端识别出应用程序的登录页面中用于输入登录信息的目标输入域,如果用户输入的生物特征信息通过验证,则从预设数据库中获取所述用户登录所述应用程序的登录信息,并将所述登录信息填充到所述目标输入域中,可实现自动填充登录页面中的所述目标输入域,简化了用户的登录操作。如图4所示,该方法包括:Referring to FIG. 4, FIG. 4 is a schematic flowchart of a login information input method according to an embodiment of the present invention. In the login information input method shown in FIG. 4, the mobile terminal identifies a target input field for inputting login information in the login page of the application, and if the biometric information input by the user passes the verification, the current database is obtained from the preset database. The login information of the user is registered in the application, and the login information is filled into the target input domain, so that the target input field in the login page is automatically populated, which simplifies the login operation of the user. As shown in FIG. 4, the method includes:

S401,识别出当前页面为应用程序的登录页面。S401. Identify that the current page is a login page of the application.

S403,识别出所述登录页面中用于输入登录信息的目标输入域。S403. Identify a target input field for inputting login information in the login page.

S405,接收用户输入的生物特征信息。 S405. Receive biometric information input by a user.

S407,如果生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息。S407. If the biometric information is the preset biometric information, obtain the login information of the user that is characterized by the biometric information and log in to the application from the preset database.

S409,将所述登录信息填充到所述目标输入域中。S409. Fill the login information into the target input domain.

具体的,S401和S403可参考图1实施例中的相关内容,这里不赘述。也即是说,移动终端可以通过S401和S403识别出所述登录页面中的所述目标输入域,并进一步分析出所述目标输入域的属性。For details, refer to the related content in the embodiment of FIG. 1 for S401 and S403, and details are not described herein. That is to say, the mobile terminal can identify the target input field in the login page through S401 and S403, and further analyze the attributes of the target input field.

具体实现中,如图5A所示,在用户打开所述应用程序的所述登录页面之后,移动终端可查询所述预设数据库,判断所述预设数据库中是否有所述应用程序的登录信息,若有,则在所述登录页面上弹出提示框,提示用户填充所述目标输入域。In a specific implementation, as shown in FIG. 5A, after the user opens the login page of the application, the mobile terminal may query the preset database to determine whether the login information of the application is in the preset database. If yes, a prompt box is displayed on the login page to prompt the user to fill the target input field.

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。在用户访问所述预设数据库之前,移动终端需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的信息。In the embodiment of the present invention, the preset database is used to securely store login information of the user. Before the user accesses the preset database, the mobile terminal needs to authenticate the user, and verify the passed user: write information to the preset database, or change the information in the preset database, or read The information in the preset database.

具体实现中,在从所述预设数据库中获取用户登录所述应用程序的登录信息之前,移动终端可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,则从所述预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将获取到的所述登录信息填充到所述目标输入域中。In a specific implementation, before acquiring the login information of the user to log in to the application, the mobile terminal may receive biometric information input by the user, and if the biometric information is preset biometric information, The preset database is configured to acquire login information of the user that is characterized by the biometric information and log in to the application, and fill the acquired login information into the target input domain.

例如,如图5B所示,移动终端可以通过扫描用户指纹来验证用户身份。示例仅仅是本发明实施例的一种实现方式,实际应用中,移动终端也可以通过人脸识别、虹膜识别、语音特征识别等验证用户输入的生物特征信息的方式来验证用户身份,这里不作限制。当然,除了验证生物特征信息,移动终端还可以通过其他验证方式,例如密码验证,来验证用户身份,本发明实施例不作限制。For example, as shown in FIG. 5B, the mobile terminal can verify the identity of the user by scanning the user's fingerprint. The example is only an implementation manner of the embodiment of the present invention. In an actual application, the mobile terminal can also verify the identity of the user by means of face recognition, iris recognition, voice feature recognition, etc., and the user identity is verified. . Of course, in addition to verifying the biometric information, the mobile terminal can verify the identity of the user by using other authentication methods, such as password verification, which is not limited in the embodiment of the present invention.

本发明实施例中,所述预设数据库可以如图1实施例中的表1所示,仅用于保存单个合法用户的登录信息。本发明实施例中,所述预设数据库也可以如图1实施例中的表2所示,用于保存多个合法用户的登录信息。In the embodiment of the present invention, the preset database may be used to save the login information of a single legal user, as shown in Table 1 in the embodiment of the present invention. In the embodiment of the present invention, the preset database may also be used to save login information of multiple legal users as shown in Table 2 in the embodiment of FIG. 1 .

需要说明的,所述单个合法用户可以对应一个(或以上)预设生物特征信息。所述多个合法用户中的各个用户也可以对应一个(或以上)预设生物 特征信息。即:一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that the single legal user may correspond to one (or more) preset biometric information. Each of the plurality of legitimate users may also correspond to one (or more) preset creatures Feature information. That is: one (or more) preset biometric information can be used to characterize a legitimate user.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置预设生物特征信息(如指纹)。In practical applications, the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.

本发明实施例中,所述目标输入域可包括至少两个输入域,例如用户名域和密码域。在填充所述至少两个输入域时,移动终端可根据所述至少两个输入域中的各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息,并在所述各个输入域中各自填充与各个输入域的属性相符合的登录信息。In the embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. When filling the at least two input fields, the mobile terminal may respectively obtain logins corresponding to the attributes of the respective input domains from the login information according to attributes of respective input domains in the at least two input domains. Information, and each of the input fields is filled with login information that matches the attributes of the respective input fields.

参考图1实施例中的内容可知,所述目标输入域的属性可用于指示出所述目标输入域接收的信息类型。也即是说,用户名域用于接收用户名,密码域用于接收密码。Referring to the content in the embodiment of FIG. 1, the attribute of the target input field can be used to indicate the type of information received by the target input field. That is to say, the username field is used to receive the username, and the password domain is used to receive the password.

下面以用户名域和密码域为例来详细说明所述目标输入域的填充情形:The user name field and password field are taken as an example to describe the filling situation of the target input field in detail:

如果用户名域和密码域都是空白的。那么,移动终端可以根据所述应用程序的标识和所述生物特征信息所表征的用户的标识,从所述预设数据库中获取该用户登录所述应用程序的用户名和密码,并将用户名填充到空白的用户名域,将密码填充到空白的密码域。If the username field and password field are both blank. Then, the mobile terminal may obtain the user name and password of the user to log in to the application from the preset database according to the identifier of the application and the identifier of the user characterized by the biometric information, and fill the username Go to the blank username field and populate the password with a blank password field.

需要说明的,如果一个用户对应多份登录信息,即一个用户具有多个登录账号(例如前述表2中的“用户1”对应有2份登录“应用程序2”的登录信息),在填充所述目标输入域时,移动终端可优选地弹出选择界面,以使用户从多个登录账号中选择一个账号进行登录。It should be noted that if one user corresponds to multiple login information, that is, one user has multiple login accounts (for example, "user 1" in Table 2 above has two login information of login "application 2"), at the filling office. When the target input field is described, the mobile terminal may preferably pop up a selection interface to enable the user to select one of the plurality of login accounts to log in.

如果用户名域不是空白的,密码域是空白的。那么,移动终端可以根据所述应用程序的标识、所述生物特征信息所表征的用户的标识以及用户名域中输入的用户名,从所述预设数据库中获取该用户通过该用户名登录所述应用程序的密码,并将密码填充到空白的密码域中。If the username field is not blank, the password field is blank. Then, the mobile terminal may obtain, according to the identifier of the application, the identifier of the user represented by the biometric information, and the username entered in the username field, the user to obtain the login by using the username from the preset database. Describe the application's password and populate it with a blank password field.

可选的,本发明实施例中,移动终端可以根据用户的选择操作选择性地填充所述目标输入域。Optionally, in the embodiment of the present invention, the mobile terminal may selectively fill the target input domain according to a user's selection operation.

具体的,移动终端可接收用户输入的选择操作,根据所述选择操作选中的目标输入域的属性,从所述登录信息(即S405接收的生物特征信息所表征的用户登录所述应用程序的登录信息)中获取与所述选中的目标输入域的属性相符合登录信息,并在所述选中的目标输入域中填充与所述选中的目标输 入域的属性相符合登录信息。Specifically, the mobile terminal may receive a selection operation input by the user, and log in from the login information (ie, the user characterized by the biometric information received by S405 to log in to the application according to the attribute of the target input field selected by the selection operation. Obtaining login information in accordance with an attribute of the selected target input field, and filling the selected target input field with the selected target input The attributes of the inbound domain match the login information.

例如,用户可以在所述登录页面通过单指触摸来选择一个目标输入域进行填充。优选的,移动终端可以在接收用户的单指触摸选择的同时,执行上述S405。也即是说,移动终端可以在接收用户的选择操作(触摸操作)的同时,获取用户的指纹信息。这样可以减少用户的操作次数,提高用户体验。For example, the user can select a target input field for filling by a single-finger touch on the login page. Preferably, the mobile terminal may perform the above S405 while receiving the single-finger touch selection of the user. That is to say, the mobile terminal can acquire the fingerprint information of the user while receiving the user's selection operation (touch operation). This can reduce the number of user operations and improve the user experience.

需要说明的,用户也可以在所述登录页面通过一个手指去选择需要填充的目标输入域,另一个手指进行指纹信息的输入。实际应用中,用户还可以通过其他方式选择需要填充的目标输入域,例如长按目标输入域,这里不做限制。It should be noted that the user may also select a target input field to be filled by one finger on the login page, and input fingerprint information by another finger. In practical applications, the user can also select the target input field to be filled by other means, such as long pressing the target input field, and there is no restriction here.

参考图1实施例的内容可知,为了增强所述预设数据库的安全性,所述预设数据库中登录信息可以是通过预设加密规则进行加密的登录信息。相应的,移动终端需要对S407获得的登录信息进行解密。所述解密规则可以是预先设置的与所述预设加密规则相对应的解密规则。Referring to the content of the embodiment of FIG. 1 , in order to enhance the security of the preset database, the login information in the preset database may be login information encrypted by using a preset encryption rule. Correspondingly, the mobile terminal needs to decrypt the login information obtained by S407. The decryption rule may be a pre-set decryption rule corresponding to the preset encryption rule.

如果登录信息的加密过程如图3A所示,那么,如图6A所示,移动终端可同样地通过对称加密算法对已加密的登录信息进行解密。其中,解密密钥与加密密钥相同。If the encryption process of the login information is as shown in FIG. 3A, then, as shown in FIG. 6A, the mobile terminal can similarly decrypt the encrypted login information by a symmetric encryption algorithm. The decryption key is the same as the encryption key.

参考图1实施例的内容可知,移动终端可以设置所述预设数据库的管理密码,所述管理密码用于生成对称加密算法的加解密密钥,即不需要保存对称加密算法的加解密密钥,仅需要保存所述管理密码。具体实现中,移动终端可以将所述管理密码可以与预设生物特征信息对应存储在可信执行环境(Trusted Execution Environment,TEE)中,其中,预设生物特征信息可以是获取所述管理密码的凭证。Referring to the content of the embodiment of FIG. 1 , the mobile terminal may set an administrative password of the preset database, where the management password is used to generate an encryption and decryption key of a symmetric encryption algorithm, that is, an encryption and decryption key that does not need to save a symmetric encryption algorithm. , only need to save the management password. In a specific implementation, the mobile terminal may store the management password in a Trusted Execution Environment (TEE) corresponding to the preset biometric information, where the preset biometric information may be obtained by acquiring the management password. certificate.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置所述管理密码。In practical applications, the user can set the management password when using (or registering) the scheme of the present invention for the first time.

如果加密密钥的生成过程如图3B所示,那么,为了保持加解密密钥的一致性,如图6B所示,移动终端可同样的利用所述管理密码生成解密密钥。If the generation process of the encryption key is as shown in FIG. 3B, in order to maintain the consistency of the encryption/decryption key, as shown in FIG. 6B, the mobile terminal can similarly generate the decryption key using the management password.

如果登录信息的加密过程如图3C所示,那么,相应地,已加密的登录信息的解密过程可以如图6C所示,包括:If the encryption process of the login information is as shown in FIG. 3C, then, correspondingly, the decryption process of the encrypted login information may be as shown in FIG. 6C, including:

A.所述生物特征信息(如指纹)验证通过之后,从TEE中取出所述管理密码; A. After the verification of the biometric information (such as a fingerprint) is passed, the management password is taken out from the TEE;

B.通过加盐算法将取出的所述管理密码生成待验证数据,其中,盐值2可以是预先设置的;B. The extracted management password is generated by the salt adding algorithm to generate data to be verified, wherein the salt value 2 may be preset;

C.比较所述待验证数据与验证码是否一致,若一致,则表示取出的所述管理密码是正确的,并执行D;验证码的生成过程可以如图3D所示;C. Comparing whether the data to be verified and the verification code are consistent, if they are consistent, it means that the obtained management password is correct, and D is executed; the process of generating the verification code may be as shown in FIG. 3D;

D.利用所述管理密码通过加盐算法生成解密密钥,其中,盐值1可以是预先设置的;D. using the management password to generate a decryption key by a salting algorithm, wherein the salt value 1 may be preset;

E.利用D生成的解密密钥通过对称加密算法(如AES256)对已加密的登录信息进行解密,得到原始的登录信息。E. Decrypt the encrypted login information by a symmetric encryption algorithm (such as AES256) using the decryption key generated by D to obtain the original login information.

从图6C所示的解密过程可知,在从TEE中取出所述管理密码之后,移动终端需要验证取出的所述管理密码是否正确,若正确,才利用取出的所述管理密码生成所述解密密钥,用以解密所述登录信息,可保证整个加解密过程的正确性和安全性。It can be seen from the decryption process shown in FIG. 6C that after the management password is retrieved from the TEE, the mobile terminal needs to verify whether the extracted management password is correct, and if correct, the decryption key is generated by using the extracted management password. The key is used to decrypt the login information to ensure the correctness and security of the entire encryption and decryption process.

需要说明的,已加密的登录信息的解密规则还可以是其他与登录信息加密规则相对应的解密规则,例如非对称加密算法约定的解密过程,这里不作限制。It should be noted that the decryption rule of the encrypted login information may also be other decryption rules corresponding to the login information encryption rule, such as the decryption process agreed by the asymmetric encryption algorithm, which is not limited herein.

为了进一步增强本发明方案的安全性,可以优选的将涉及用户身份验证和登录信息获取的步骤通过可信执行环境(TEE)执行,将涉及人机交互的输入输出的步骤(如上述S401至S405、S409)通过目标操作系统执行。所述可信执行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。In order to further enhance the security of the solution of the present invention, the steps involved in user identity verification and login information acquisition may preferably be performed by a Trusted Execution Environment (TEE), which involves steps of input and output of human-computer interaction (such as S401 to S405 described above). , S409) is executed by the target operating system. The trusted execution environment and the target operating system communicate with each other. The target operating system can typically be an open operating system.

具体的,上述S407的具体实现方式可包括:Specifically, the specific implementation manner of the foregoing S407 may include:

所述目标操作系统将在上述S405中接收的所述生物特征信息发送给可信执行环境;The target operating system sends the biometric information received in the above S405 to the trusted execution environment;

所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。相应的,所述目标操作系统获取到所述可信执行环境发送的所述登录信息。The trusted execution environment verifies whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, the trusted execution environment acquires the The user characterized by the biometric information logs in to the login information of the application and transmits the login information to the target operating system. Correspondingly, the target operating system acquires the login information sent by the trusted execution environment.

上述通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和 登录信息获取的步骤被恶意篡改,可增强本发明方案的安全性。The foregoing steps of performing the solution of the present invention by using the trusted execution environment and the target operating system respectively can avoid user identity verification and the user authentication due to malicious attacks on the target operating system. The steps of obtaining the login information are maliciously tampering, and the security of the solution of the present invention can be enhanced.

实施本发明实施例,移动终端可识别出应用程序的登录页面中用于输入登录信息的目标输入域,并验证用户输入的生物特征信息,如果通过验证,则从预设数据库中获取所述用户登录所述应用程序的登录信息,并将所述登录信息填充到所述目标输入域中,可实现自动填充登录页面中的所述目标输入域,简化了用户的登录操作,并且适用范围广,不受应用程序开发平台的限制。In the embodiment of the present invention, the mobile terminal can identify the target input field for inputting the login information in the login page of the application, and verify the biometric information input by the user. If the verification is successful, the user is obtained from the preset database. Logging in the login information of the application, and populating the login information into the target input domain, can automatically fill the target input field in the login page, simplify the login operation of the user, and have a wide application range. Not limited by the application development platform.

参见图7,图7是本发明实施例提供的一种登录信息保存装置的结构示意图。如图7所示,登录信息保存装置70可包括:第一识别单元701、第二识别单元703、第一接收单元705、第二接收单元707和保存单元709。其中:Referring to FIG. 7, FIG. 7 is a schematic structural diagram of a login information storage apparatus according to an embodiment of the present invention. As shown in FIG. 7, the login information holding device 70 may include a first identifying unit 701, a second identifying unit 703, a first receiving unit 705, a second receiving unit 707, and a saving unit 709. among them:

第一识别单元701,用于识别出当前页面为应用程序的登录页面;The first identifying unit 701 is configured to identify that the current page is a login page of the application;

第二识别单元703,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit 703, configured to identify a target input field for inputting login information in the login page;

第一接收单元705,用于接收用户在所述目标输入域中输入的登录信息;The first receiving unit 705 is configured to receive login information input by the user in the target input field;

第二接收单元707,用于接收用户输入的生物特征信息;a second receiving unit 707, configured to receive biometric information input by a user;

保存单元709,用于将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。The saving unit 709 is configured to use the login information as login information of the user that is characterized by the biometric information to log in to the application, and save the login information to a preset database.

具体的,本发明实施例涉及的应用程序是指用户当前打开的应用程序,可以是网页应用(Web App),或混合应用(Hybrid App),或原生应用(Native App)。本发明实施例涉及的登录页面是指所述应用程序提供给用户的用于输入登录信息的页面。本发明实施例涉及的登录信息是指用户登录所述应用程序所需要的信息,具体如用户名和密码等。Specifically, the application program in the embodiment of the present invention refers to an application currently opened by the user, and may be a web application (Web App), a hybrid application (Hybrid App), or a native application (Native App). The login page according to the embodiment of the present invention refers to a page for inputting login information provided by the application to the user. The login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.

具体实现中,登录信息保存装置70可以根据当前页面包括的界面元素识别出当前页面所属的应用程序。例如,根据当前页面的标题栏中文字或图片或商标等信息识别出当前页面所属的应用程序。实际应用中,登录信息保存装置70还可以根据其他信息,例如弹窗中的提示语,识别出当前页面所属的应用程序,这里不作限制。In a specific implementation, the login information storage device 70 may identify an application to which the current page belongs according to an interface element included in the current page. For example, the application to which the current page belongs is identified based on information such as text or image or trademark in the title bar of the current page. In the actual application, the login information storage device 70 can also identify the application to which the current page belongs according to other information, such as a prompt in the pop-up window, which is not limited herein.

进一步的,第一识别单元701需要识别出当前页面是否是所述登录页面。Further, the first identifying unit 701 needs to identify whether the current page is the login page.

一种实现方式中,第一识别单元701可以根据当前页面包括的界面元素 来分析出当前页面是否是所述登录页面。例如,如果当前页面包含有用于触发登录请求的“登录”控件,那么,第一识别单元701可以判定当前页面是所述登录页面。In an implementation manner, the first identifying unit 701 may be based on an interface element included in the current page. To analyze whether the current page is the login page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 701 can determine that the current page is the login page.

另一种实现方式中,第一识别单元701可以判断当前页面是否存在所述目标输入域,如果存在所述目标输入域,则判定当前页面是所述登录页面。In another implementation manner, the first identifying unit 701 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.

本发明实施例中,第二识别单元703可以获取登录页面对应的上下文,根据所述上下文识别出所述目标输入域。In the embodiment of the present invention, the second identifying unit 703 may acquire a context corresponding to the login page, and identify the target input domain according to the context.

所述上下文用于表征所述登录页面所引用的控件对象和资源。例如,在Android中,界面上下文(Activity Context)在应用界面(Activity)启动的时候被创建,主要用于保存对当前界面控件和资源的引用。The context is used to characterize control objects and resources referenced by the login page. For example, in Android, the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.

这里,控件对象包括但不限于:用于接收用户输入的输入型控件,如按键(Button)、文本输入框(如Android中的EditText)等,以及用于向用户显示信息的输出型控件,如标签(Label)、文本显示框(如Android中的TextView)等。这里,资源包括但不限于:显示在输出型控件中的文字、图片等资源。Here, the control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android). Here, resources include, but are not limited to, text, images, and the like displayed in the output control.

具体实现中,第二识别单元703可预先设置用于识别所述目标输入域的上下文,并在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。所述目标输入域对应的上下文可包括:所述目标输入域在页面布局上的相邻控件,以及相邻控件所引用的资源。In a specific implementation, the second identifying unit 703 may preset a context for identifying the target input domain, and identify, according to a preset context for identifying the target input domain, in a context corresponding to the login page. The target input field. The context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。在用户访问所述预设数据库之前,需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的信息。In the embodiment of the present invention, the preset database is used to securely store login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the passed user can verify: the information is written into the preset database, or the information in the preset database is changed, or the read Preset the information in the database.

具体实现中,在保存单元709将所述目标输入域中输入的登录信息保存到所述预设数据库中之前,第二接收单元707可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,则保存单元709将所述目标输入域中输入的所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。In a specific implementation, before the saving unit 709 saves the login information input in the target input field to the preset database, the second receiving unit 707 may receive biometric information input by the user, if the biometric information is Presetting the biometric information, the saving unit 709 uses the login information input in the target input field as login information of the user that is represented by the biometric information to log in to the application, and saves the login information to a preset. In the database.

需要说明的,一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that one (or more) preset biometric information can be used to represent a legitimate user.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置预设 生物特征信息(如指纹)。In practical applications, the user can set a preset when using (or registering) the scheme of the present invention for the first time. Biometric information (such as fingerprints).

本发明实施例中,为了增强所述预设数据库的安全性,在保存所述目标输入域中输入的登录信息时,登录信息保存装置70需要对登录信息进行加密处理。In the embodiment of the present invention, in order to enhance the security of the preset database, when the login information input in the target input field is saved, the login information storage device 70 needs to perform encryption processing on the login information.

进一步的,登录信息保存装置70在包括:第一识别单元701、第二识别单元703、第一接收单元705、第二接收单元707和保存单元709外,还可包括:加密单元,用于在保存单元709保存所述登录信息到预设数据库中之前,按照预设加密规则加密所述登录信息。Further, the login information holding device 70 may further include: an encryption unit, in addition to the first identification unit 701, the second identification unit 703, the first receiving unit 705, the second receiving unit 707, and the saving unit 709, The saving unit 709 encrypts the login information according to a preset encryption rule before saving the login information to the preset database.

更进一步的,为了进一步增强本发明方案的安全性,保存单元709可以优选的通过可信执行环境(TEE)执行涉及用户身份验证和登录信息保存的步骤。所述可信执行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。Further, in order to further enhance the security of the solution of the present invention, the saving unit 709 can preferably perform steps involving user identity verification and login information saving through a Trusted Execution Environment (TEE). The trusted execution environment and the target operating system communicate with each other. The target operating system can typically be an open operating system.

具体实现中,保存单元709可具体用于:In a specific implementation, the saving unit 709 can be specifically configured to:

通过所述目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting the biometric information to the trusted execution environment by the target operating system;

通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Verifying, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则通过所述目标操作系统将所述登录信息发送给所述可信执行环境;And if the biometric information is preset biometric information, sending the login information to the trusted execution environment by using the target operating system;

如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the login information is used as login information of the user that is represented by the biometric information to log in to the application by the trusted execution environment, and the login information is saved. Go to the default database.

保存单元709通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和登录信息保存的步骤被恶意篡改,可增强本发明方案的安全性。The saving unit 709 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information saving being maliciously falsified due to malicious attacks on the target operating system, and the present invention can be enhanced. The security of the inventive solution.

可以理解的,登录信息保存装置70的各个功能模块的具体实现还可参照图1实施例中的方法,这里不再赘述。It can be understood that the specific implementation of each function module of the login information storage device 70 can also refer to the method in the embodiment of FIG. 1 , and details are not described herein again.

参见图8,图8是本发明实施例提供的一种登录信息输入装置的结构示意图。如图8所示,登录信息输入装置80可包括:第一识别单元801、第二识别单元803、接收单元805、获取单元807和填充单元809。其中: Referring to FIG. 8, FIG. 8 is a schematic structural diagram of a login information input apparatus according to an embodiment of the present invention. As shown in FIG. 8, the login information input device 80 may include a first identification unit 801, a second recognition unit 803, a receiving unit 805, an acquisition unit 807, and a padding unit 809. among them:

第一识别单元801,用于识别出当前页面为应用程序的登录页面;The first identifying unit 801 is configured to identify that the current page is a login page of the application;

第二识别单元803,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit 803, configured to identify a target input field for inputting login information in the login page;

接收单元805,用于接收用户输入的生物特征信息;The receiving unit 805 is configured to receive biometric information input by the user;

获取单元807,用于如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;The obtaining unit 807 is configured to: if the biometric information is the preset biometric information, acquire, from the preset database, login information of the user that is characterized by the biometric information and log in to the application;

填充单元809,用于将所述登录信息填充到所述目标输入域中。The filling unit 809 is configured to fill the login information into the target input domain.

具体的,第一识别单元801需要识别出当前页面是否是所述登录页面。Specifically, the first identifying unit 801 needs to identify whether the current page is the login page.

一种实现方式中,第一识别单元801可以根据当前页面包括的界面元素来分析出当前页面是否是所述登录页面。例如,如果当前页面包含有用于触发登录请求的“登录”控件,那么,第一识别单元801可以判定当前页面是所述登录页面。In an implementation manner, the first identifying unit 801 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 801 can determine that the current page is the login page.

另一种实现方式中,第一识别单元801可以判断当前页面是否存在所述目标输入域,如果存在所述目标输入域,则判定当前页面是所述登录页面。In another implementation manner, the first identifying unit 801 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.

本发明实施例中,第二识别单元803可以获取登录页面对应的上下文,根据所述上下文识别出所述目标输入域。In the embodiment of the present invention, the second identifying unit 803 may acquire a context corresponding to the login page, and identify the target input domain according to the context.

所述上下文用于表征所述登录页面所引用的控件对象和资源。这里,控件对象包括但不限于:用于接收用户输入的输入型控件,如按键(Button)、文本输入框(如Android中的EditText)等,以及用于向用户显示信息的输出型控件,如标签(Label)、文本显示框(如Android中的TextView)等。这里,资源包括但不限于:显示在输出型控件中的文字、图片等资源。The context is used to characterize control objects and resources referenced by the login page. Here, the control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android). Here, resources include, but are not limited to, text, images, and the like displayed in the output control.

具体实现中,第二识别单元803可预先设置用于识别所述目标输入域的上下文,并在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。所述目标输入域对应的上下文可包括:所述目标输入域在页面布局上的相邻控件,以及相邻控件所引用的资源。In a specific implementation, the second identifying unit 803 may preset a context for identifying the target input domain, and identify, according to a preset context for identifying the target input domain, in a context corresponding to the login page. The target input field. The context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。在用户访问所述预设数据库之前,需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的信息。 In the embodiment of the present invention, the preset database is used to securely store login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the passed user can verify: the information is written into the preset database, or the information in the preset database is changed, or the read Preset the information in the database.

具体实现中,在获取单元807从所述预设数据库中获取用户登录所述应用程序的登录信息之前,接收单元805可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,获取单元807从所述预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,之后填充单元809将获取到的所述登录信息填充到所述目标输入域中。In a specific implementation, before the obtaining unit 807 obtains login information of the user from the application, the receiving unit 805 may receive biometric information input by the user, if the biometric information is a preset biometric. The information obtaining unit 807 acquires, from the preset database, login information of the user that is characterized by the biometric information and logs in to the application, and then the filling unit 809 fills the acquired login information into the target input domain. in.

需要说明的,一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that one (or more) preset biometric information can be used to represent a legitimate user.

实际应用中,用户可以在首次使用(或注册)本发明的方案时设置预设生物特征信息(如指纹)。In practical applications, the user can set preset biometric information (such as a fingerprint) when using (or registering) the scheme of the present invention for the first time.

本发明实施例中,所述目标输入域可包括至少两个输入域,例如用户名域和密码域。在填充单元809填充所述至少两个输入域时,获取单元807可根据所述至少两个输入域中的各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息,并触发填充单元809在所述各个输入域中各自填充与各个输入域的属性相符合的登录信息。In the embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. When the filling unit 809 fills the at least two input fields, the obtaining unit 807 may separately acquire attributes of the respective input domains from the login information according to attributes of respective input domains in the at least two input domains. The matching login information, and the trigger padding unit 809 each fills the login information in accordance with the attributes of the respective input fields in the respective input fields.

可选的,本发明实施例中,填充单元809可以根据用户的选择操作选择性地填充所述目标输入域。Optionally, in the embodiment of the present invention, the filling unit 809 may selectively fill the target input domain according to a user's selection operation.

具体的,填充单元809可接收用户输入的选择操作,根据所述选择操作选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息,并在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。Specifically, the filling unit 809 can receive a selection operation input by the user, and obtain, according to the attribute of the target input field selected by the selection operation, the login information that matches the attribute of the selected target input domain from the login information, and The selected target input field is filled with login information that matches the attribute of the selected target input field.

为了增强所述预设数据库的安全性,所述预设数据库中登录信息可以是通过预设加密规则进行加密的登录信息。In order to enhance the security of the preset database, the login information in the preset database may be login information encrypted by a preset encryption rule.

相应的,登录信息输入装置80需要对获取单元807获得的登录信息进行解密。Accordingly, the login information input device 80 needs to decrypt the login information obtained by the acquisition unit 807.

进一步的,登录信息输入装置80在包括:第一识别单元801、第二识别单元803、接收单元805、获取单元807和填充单元809外,还可包括:解密单元,用于在填充单元809将所述登录信息填充到所述目标输入域之前,通过所述预设加密规则对应的解密规则解密所述登录信息。Further, the login information input device 80 includes a first identification unit 801, a second identification unit 803, a receiving unit 805, an obtaining unit 807, and a filling unit 809, and may further include: a decrypting unit, which is used in the filling unit 809 Before the login information is filled in the target input field, the login information is decrypted by using a decryption rule corresponding to the preset encryption rule.

更进一步的,为了进一步增强本发明方案的安全性,获取单元807可以优选的通过可信执行环境(TEE)执行涉及用户身份验证和登录信息获取的 步骤。所述可信执行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。Further, in order to further enhance the security of the solution of the present invention, the obtaining unit 807 can preferably perform user identity authentication and login information acquisition through a Trusted Execution Environment (TEE). step. The trusted execution environment and the target operating system communicate with each other. The target operating system can typically be an open operating system.

具体实现方中,获取单元807可具体用于:In a specific implementation, the obtaining unit 807 can be specifically configured to:

通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting the biometric information to the trusted execution environment by the target operating system;

通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, obtaining the preset biometric information from the preset database by using the trusted execution environment. The user characterized by the biometric information logs in to the login information of the application, and sends the login information to the target operating system.

获取单元807通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和登录信息获取的步骤被恶意篡改,可增强本发明方案的安全性。The obtaining unit 807 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information acquisition from being maliciously falsified due to malicious attacks on the target operating system, and the present invention may be enhanced. The security of the inventive solution.

可以理解的,登录信息输入装置80的各个功能模块的具体实现还可参照图4实施例中的方法,这里不再赘述。It can be understood that the specific implementation of each function module of the login information input device 80 can also refer to the method in the embodiment of FIG. 4, and details are not described herein again.

为了便于实施本发明实施例,本发明提供了一种终端,用于实现图1实施例所述的登录信息保存方法。参见图9,终端100可包括:基带芯片100、存储器105(可包括一个或多个计算机可读存储介质)、射频(RF)模块106、外围系统107、显示器(LCD)113、摄像头114、音频电路115、触摸屏116以及传感器117(可包括一个或多个传感器)。其中,基带芯片100可集成包括:一个或多个处理器101、时钟模块102以及电源管理模块103。这些部件可在一个或多个通信总线104上通信。In order to facilitate the implementation of the embodiments of the present invention, the present invention provides a terminal for implementing the login information saving method described in the embodiment of FIG. Referring to FIG. 9, the terminal 100 may include: a baseband chip 100, a memory 105 (which may include one or more computer readable storage media), a radio frequency (RF) module 106, a peripheral system 107, a display (LCD) 113, a camera 114, and audio. Circuit 115, touch screen 116, and sensor 117 (which may include one or more sensors). The baseband chip 100 can be integrated to include: one or more processors 101, a clock module 102, and a power management module 103. These components can communicate over one or more communication buses 104.

应当理解,终端100仅为本发明的一个例子,并且,终端100可具有比示出的部件更多或更少的部件,可以组合两个或更多个部件,或者可具有部件的不同配置实现。It should be understood that the terminal 100 is only an example of the present invention, and that the terminal 100 may have more or fewer components than those shown, two or more components may be combined, or may have different configurations of components. .

存储器105与处理器101耦合,用于存储各种软件程序和/或多组指令。具体实现中,存储器105可包括高速随机存取的存储器,并且也可包括非易失性存储器,例如一个或多个磁盘存储设备、闪存设备或其他非易失性固态存储设备。Memory 105 is coupled to processor 101 for storing various software programs and/or sets of instructions. In particular implementations, memory 105 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.

射频(RF)模块106用于接收和发送射频信号。射频(RF)模块106通过射频信号与通信网络和其他通信设备通信。具体实现中,射频(RF)模块 106可包括但不限于:天线系统、RF收发器、一个或多个放大器、调谐器、一个或多个振荡器、数字信号处理器、CODEC芯片、SIM卡和存储介质等。在一些实施例中,可在单独的芯片上实现射频(RF)模块106。A radio frequency (RF) module 106 is operative to receive and transmit radio frequency signals. Radio frequency (RF) module 106 communicates with the communication network and other communication devices via radio frequency signals. In the specific implementation, the radio frequency (RF) module 106 may include, but is not limited to, an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, and a storage medium. In some embodiments, a radio frequency (RF) module 106 can be implemented on a separate chip.

外围系统107主要用于实现终端100和用户/外部环境之间的交互功能,主要包括终端200的输入输出装置。具体实现中,外围系统107可包括:显示器(LCD)控制器108、摄像头控制器109、音频控制器110、触摸屏控制器111以及传感器管理模块112。其中,各个控制器可与各自对应的外围设备耦合。在一些实施例中,外围系统107还可以包括其他I/O外设的控制器。The peripheral system 107 is mainly used to implement the interaction function between the terminal 100 and the user/external environment, and mainly includes the input and output devices of the terminal 200. In a specific implementation, the peripheral system 107 can include a display (LCD) controller 108, a camera controller 109, an audio controller 110, a touch screen controller 111, and a sensor management module 112. Wherein, each controller can be coupled with a corresponding peripheral device. In some embodiments, peripheral system 107 may also include controllers for other I/O peripherals.

集成于基带芯片100中的时钟模块102主要用于为处理器101产生数据传输和时序控制所需要的时钟。集成于基带芯片100中的电源管理模块103主要用于为处理器101、射频模块106以及外围系统提供稳定的、高精确度的电压。集成于基带芯片100中的处理器101主要用于调用存储于存储器105中的登录信息保存程序,并执行如下步骤:The clock module 102 integrated in the baseband chip 100 is primarily used to generate the clocks required for data transfer and timing control for the processor 101. The power management module 103 integrated in the baseband chip 100 is mainly used to provide a stable, high-precision voltage for the processor 101, the radio frequency module 106, and the peripheral system. The processor 101 integrated in the baseband chip 100 is mainly used to call a login information saving program stored in the memory 105, and performs the following steps:

识别出显示于显示器113中的当前页面为应用程序的登录页面;Recognizing that the current page displayed on the display 113 is a login page of the application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

接收用户通过触摸屏116在所述目标输入域中输入的登录信息;Receiving login information input by the user through the touch screen 116 in the target input field;

接收用户通过摄像头114或传感器117输入的生物特征信息;Receiving biometric information input by the user through the camera 114 or the sensor 117;

如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。And if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

本发明实施例中,所述生物特征信息可以指纹信息。处理器101可以通过指纹传感器接收用户输入的指纹。In the embodiment of the present invention, the biometric information may be fingerprint information. The processor 101 can receive a fingerprint input by the user through the fingerprint sensor.

本发明实施例中,所述生物特征信息也可以语音特征信息。处理器101可以通过音频电路115接收用户输入的语音信息。In the embodiment of the present invention, the biometric information may also be voice feature information. The processor 101 can receive voice information input by the user through the audio circuit 115.

本发明实施例中,所述生物特征信息还可以虹膜信息。处理器101可以通过摄像头114扫描获取用户的虹膜信息。In the embodiment of the present invention, the biometric information may also be iris information. The processor 101 can scan and acquire the iris information of the user through the camera 114.

实际应用中,所述生物特征信息还可以是其他信息,例如人脸信息,这里不做限制。处理器101可以通过摄像头114获取用户的人脸信息。In practical applications, the biometric information may also be other information, such as face information, which is not limited herein. The processor 101 can acquire the face information of the user through the camera 114.

本发明实施例涉及的应用程序是指用户当前打开的应用程序。本发明实施例涉及的登录页面是指所述应用程序提供给用户的用于输入登录信息的 页面。本发明实施例涉及的登录信息是指用户登录所述应用程序所需要的信息,具体如用户名和密码等。An application program according to an embodiment of the present invention refers to an application currently opened by a user. The login page according to the embodiment of the present invention refers to the application for the user to input login information. page. The login information related to the embodiment of the present invention refers to information required for the user to log in to the application, such as a username and a password.

一种实现方式中,处理器101可以根据当前页面包括的界面元素来分析出当前页面是否是所述登录页面。例如,如果当前页面包含有用于触发登录请求的“登录”控件,那么,处理器101可以判定当前页面是所述登录页面。In an implementation manner, the processor 101 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the processor 101 can determine that the current page is the login page.

另一种实现方式中,处理器101可以判断当前页面是否存在所述目标输入域,如果存在所述目标输入域,则判定当前页面是所述登录页面。In another implementation manner, the processor 101 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.

本发明实施例中,终端可以获取登录页面对应的上下文,根据所述上下文识别出所述目标输入域。In the embodiment of the present invention, the terminal may obtain a context corresponding to the login page, and identify the target input domain according to the context.

所述上下文用于表征所述登录页面所引用的控件对象和资源。例如,在Android中,界面上下文(Activity Context)在应用界面(Activity)启动的时候被创建,主要用于保存对当前界面控件和资源的引用。The context is used to characterize control objects and resources referenced by the login page. For example, in Android, the Activity Context is created when the application interface is launched, and is mainly used to save references to current interface controls and resources.

这里,控件对象包括但不限于:用于接收用户输入的输入型控件,如按键(Button)、文本输入框(如Android中的EditText)等,以及用于向用户显示信息的输出型控件,如标签(Label)、文本显示框(如Android中的TextView)等。这里,资源包括但不限于:显示在输出型控件中的文字、图片等资源。Here, the control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android). Here, resources include, but are not limited to, text, images, and the like displayed in the output control.

具体实现中,处理器101可预先设置用于识别所述目标输入域的上下文,并在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。所述目标输入域对应的上下文可包括:所述目标输入域在页面布局上的相邻控件,以及相邻控件所引用的资源。In a specific implementation, the processor 101 may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the context according to a preset context for identifying the target input domain. Target input field. The context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.

例如,预先设置用户名域的相邻控件为文本显示框,其引用的文字资源包括:“用户名”、“账号”、“邮箱”等字符串。那么,处理器101可以将图2A中显示内容为“用户名”的文本显示框之后的输入域识别为用户名域。For example, the adjacent control of the user name field is preset as a text display box, and the text resources referenced by the user include: "user name", "account", "mailbox" and the like. Then, the processor 101 can recognize the input field after the text display box whose content is "user name" in FIG. 2A as the user name field.

具体实现中,预设的用于识别所述目标输入域的上下文可以存储在存储器105中。In a specific implementation, a preset context for identifying the target input field may be stored in the memory 105.

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。所述预设数据库可位于存储器105中,所述预设数据库的数据存储形式可以包括但不限于:数据库、文件、表格等。在用户访问所述预设数据库之前,处理器101需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的 信息。In the embodiment of the present invention, the preset database is used to securely store login information of the user. The preset database may be located in the memory 105. The data storage form of the preset database may include, but is not limited to, a database, a file, a table, and the like. Before the user accesses the preset database, the processor 101 needs to authenticate the user, verify the passed user: write information to the preset database, or change the information in the preset database, or read Taking the preset database information.

具体实现中,在将所述目标输入域中输入的登录信息保存到所述预设数据库中之前,处理器101可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,则所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。In a specific implementation, before saving the login information input in the target input field to the preset database, the processor 101 may receive biometric information input by the user, if the biometric information is preset biometric information. And the login information is used as the login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database.

需要说明的,一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that one (or more) preset biometric information can be used to represent a legitimate user.

本发明实施例中,为了增强所述预设数据库的安全性,在保存所述目标输入域中输入的登录信息时,处理器101可以按照预设加密规则加密所述登录信息,并将加密后的所述登录信息保存到所述数据库中。In the embodiment of the present invention, in order to enhance the security of the preset database, when saving the login information input in the target input field, the processor 101 may encrypt the login information according to a preset encryption rule, and after encrypting The login information is saved to the database.

为了进一步增强本发明方案的安全性,可以优选的将涉及用户身份验证和登录信息保存的步骤通过可信执行环境(TEE)执行,将涉及人机交互的输入输出的步骤通过目标操作系统执行。所述可信执行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。In order to further enhance the security of the solution of the present invention, the steps involved in user identity verification and login information preservation may preferably be performed by a Trusted Execution Environment (TEE), and the steps involving input and output of human-computer interaction are performed by the target operating system. The trusted execution environment and the target operating system communicate with each other. The target operating system can typically be an open operating system.

具体实现方式中,处理器101可以通过目标操作系统将所述生物特征信息发送给可信执行环境,之后处理器101可以通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;In a specific implementation, the processor 101 may send the biometric information to the trusted execution environment by using the target operating system, and then the processor 101 may verify, by the trusted execution environment, whether the biometric information is the preset. Biometric information and returning the verification result to the target operating system;

如果所述生物特征信息是预设生物特征信息,则处理器101可以通过所述目标操作系统将所述登录信息发送给所述可信执行环境;If the biometric information is preset biometric information, the processor 101 may send the login information to the trusted execution environment by using the target operating system;

如果所述生物特征信息是预设生物特征信息,则处理器101可以通过所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is the preset biometric information, the processor 101 may save the login information as the login information of the user that is represented by the biometric information to the application through the trusted execution environment, and save the login information. The login information is in a preset database.

处理器101通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和登录信息保存的步骤被恶意篡改,可增强本发明方案的安全性。The processor 101 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information being saved from being maliciously falsified due to malicious attacks on the target operating system, and the present invention may be enhanced. The security of the inventive solution.

可理解的是,处理器101的执行步骤还可参照图1实施例的内容,这里不再赘述。 It can be understood that the execution steps of the processor 101 can also refer to the content of the embodiment of FIG. 1 , and details are not described herein again.

为了便于实施本发明实施例,本发明提供了一种终端,用于实现图4实施例所述的登录信息输入方法。In order to facilitate the implementation of the embodiments of the present invention, the present invention provides a terminal for implementing the login information input method described in the embodiment of FIG.

参见图10,终端200可包括:基带芯片200、存储器205(可包括一个或多个计算机可读存储介质)、射频(RF)模块206、外围系统207、显示器(LCD)113、摄像头114、音频电路115、触摸屏116以及传感器117(可包括一个或多个传感器)。其中,基带芯片200可集成包括:一个或多个处理器201、时钟模块202以及电源管理模块203。这些部件可在一个或多个通信总线204上通信。Referring to FIG. 10, the terminal 200 may include: a baseband chip 200, a memory 205 (which may include one or more computer readable storage media), a radio frequency (RF) module 206, a peripheral system 207, a display (LCD) 113, a camera 114, and audio. Circuit 115, touch screen 116, and sensor 117 (which may include one or more sensors). The baseband chip 200 can be integrated to include: one or more processors 201, a clock module 202, and a power management module 203. These components can communicate over one or more communication buses 204.

应当理解,终端200仅为本发明的一个例子,并且,终端200可具有比示出的部件更多或更少的部件,可以组合两个或更多个部件,或者可具有部件的不同配置实现。It should be understood that the terminal 200 is only one example of the present invention, and that the terminal 200 may have more or fewer components than those shown, two or more components may be combined, or may have different configurations of components. .

存储器205与处理器201耦合,用于存储各种软件程序和/或多组指令。具体实现中,存储器205可包括高速随机存取的存储器,并且也可包括非易失性存储器,例如一个或多个磁盘存储设备、闪存设备或其他非易失性固态存储设备。Memory 205 is coupled to processor 201 for storing various software programs and/or sets of instructions. In particular implementations, memory 205 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.

射频(RF)模块206用于接收和发送射频信号。射频(RF)模块206通过射频信号与通信网络和其他通信设备通信。具体实现中,射频(RF)模块206可包括但不限于:天线系统、RF收发器、一个或多个放大器、调谐器、一个或多个振荡器、数字信号处理器、CODEC芯片、SIM卡和存储介质等。在一些实施例中,可在单独的芯片上实现射频(RF)模块206。A radio frequency (RF) module 206 is used to receive and transmit radio frequency signals. Radio frequency (RF) module 206 communicates with the communication network and other communication devices via radio frequency signals. In a specific implementation, the radio frequency (RF) module 206 can include, but is not limited to: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, and Storage media, etc. In some embodiments, a radio frequency (RF) module 206 can be implemented on a separate chip.

外围系统207主要用于实现终端200和用户/外部环境之间的交互功能,主要包括终端200的输入输出装置。具体实现中,外围系统207可包括:显示器(LCD)控制器208、摄像头控制器209、音频控制器210、触摸屏控制器111以及传感器管理模块112。其中,各个控制器可与各自对应的外围设备耦合。在一些实施例中,外围系统207还可以包括其他I/O外设的控制器。The peripheral system 207 is mainly used to implement the interaction function between the terminal 200 and the user/external environment, and mainly includes the input and output devices of the terminal 200. In a specific implementation, the peripheral system 207 can include a display (LCD) controller 208, a camera controller 209, an audio controller 210, a touch screen controller 111, and a sensor management module 112. Wherein, each controller can be coupled with a corresponding peripheral device. In some embodiments, peripheral system 207 may also include controllers for other I/O peripherals.

集成于基带芯片200中的时钟模块202主要用于为处理器201产生数据传输和时序控制所需要的时钟。集成于基带芯片200中的电源管理模块203主要用于为处理器201、射频模块206以及外围系统提供稳定的、高精确度的电压。集成于基带芯片200中的处理器201主要用于调用存储于存储器205中的登录信息保存程序,并执行如下步骤: The clock module 202 integrated in the baseband chip 200 is primarily used to generate the clocks required for data transfer and timing control for the processor 201. The power management module 203 integrated in the baseband chip 200 is mainly used to provide a stable, high-precision voltage for the processor 201, the radio frequency module 206, and the peripheral system. The processor 201 integrated in the baseband chip 200 is mainly used to call a login information saving program stored in the memory 205, and performs the following steps:

识别出显示于显示器(LCD)213当前页面为应用程序的登录页面;Recognizing a login page displayed on the current page of the display (LCD) 213 as an application;

识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page;

接收用户通过摄像头214或传感器217输入的生物特征信息;Receiving biometric information input by the user through the camera 214 or the sensor 217;

如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And if the biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application;

将所述登录信息填充到所述目标输入域中。The login information is populated into the target input domain.

本发明实施例中,所述生物特征信息可以指纹信息。处理器201可以通过指纹传感器接收用户输入的指纹。In the embodiment of the present invention, the biometric information may be fingerprint information. The processor 201 can receive a fingerprint input by the user through the fingerprint sensor.

本发明实施例中,所述生物特征信息也可以语音特征信息。处理器201可以通过音频电路215接收用户输入的语音信息。In the embodiment of the present invention, the biometric information may also be voice feature information. The processor 201 can receive voice information input by the user through the audio circuit 215.

本发明实施例中,所述生物特征信息还可以虹膜信息。处理器201可以通过摄像头214扫描获取用户的虹膜信息。In the embodiment of the present invention, the biometric information may also be iris information. The processor 201 can scan and acquire the iris information of the user through the camera 214.

实际应用中,所述生物特征信息还可以是其他信息,例如人脸信息,这里不做限制。处理器201可以通过摄像头214获取用户的人脸信息。In practical applications, the biometric information may also be other information, such as face information, which is not limited herein. The processor 201 can acquire the face information of the user through the camera 214.

一种实现方式中,处理器201可以根据当前页面包括的界面元素来分析出当前页面是否是所述登录页面。例如,如果当前页面包含有用于触发登录请求的“登录”控件,那么,处理器201可以判定当前页面是所述登录页面。In an implementation manner, the processor 201 may analyze whether the current page is the login page according to an interface element included in the current page. For example, if the current page contains a "login" control for triggering a login request, the processor 201 can determine that the current page is the login page.

另一种实现方式中,处理器201可以判断当前页面是否存在所述目标输入域,如果存在所述目标输入域,则判定当前页面是所述登录页面。In another implementation manner, the processor 201 may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.

所述上下文用于表征所述登录页面所引用的控件对象和资源。这里,控件对象包括但不限于:用于接收用户输入的输入型控件,如按键(Button)、文本输入框(如Android中的EditText)等,以及用于向用户显示信息的输出型控件,如标签(Label)、文本显示框(如Android中的TextView)等。这里,资源包括但不限于:显示在输出型控件中的文字、图片等资源。The context is used to characterize control objects and resources referenced by the login page. Here, the control object includes but is not limited to: an input type control for receiving user input, such as a button, a text input box (such as EditText in Android), and an output type control for displaying information to the user, such as Label, text display box (such as TextView in Android). Here, resources include, but are not limited to, text, images, and the like displayed in the output control.

具体实现中,处理器201可预先设置用于识别所述目标输入域的上下文,并在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。所述目标输入域对应的上下文可包括:所述目标输入域在页面布局上的相邻控件,以及相邻控件所引用的资源。In a specific implementation, the processor 201 may preset a context for identifying the target input domain, and in the context corresponding to the login page, identify the context according to a preset context for identifying the target input domain. Target input field. The context corresponding to the target input field may include: adjacent controls of the target input field on the page layout, and resources referenced by adjacent controls.

本发明实施例中,所述预设数据库用于安全存储用户的登录信息。所述预设数据库可位于存储器205中,所述预设数据库的数据存储形式可以包括 但不限于:数据库、文件、表格等。在用户访问所述预设数据库之前,处理器201可需要对用户进行身份验证,验证通过的用户才能:写入信息到所述预设数据库中,或更改所述预设数据库中的信息,或读取所述预设数据库中的信息。In the embodiment of the present invention, the preset database is used to securely store login information of the user. The preset database may be located in the memory 205, and the data storage form of the preset database may include But not limited to: databases, documents, tables, etc. Before the user accesses the preset database, the processor 201 may need to authenticate the user, verify the passed user: write information into the preset database, or change the information in the preset database, or Reading the information in the preset database.

具体实现中,在从所述预设数据库中获取用户登录所述应用程序的登录信息之前,处理器201可以接收用户输入的生物特征信息,如果所述生物特征信息是预设生物特征信息,则从所述预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将获取到的所述登录信息填充到所述目标输入域中。In a specific implementation, before acquiring the login information of the user from the preset database, the processor 201 may receive biometric information input by the user, and if the biometric information is preset biometric information, Acquiring login information of the user that is characterized by the biometric information to log in to the application, and filling the acquired login information into the target input domain.

需要说明的,一个(或以上)预设生物特征信息可用于表征一个合法用户。It should be noted that one (or more) preset biometric information can be used to represent a legitimate user.

本发明实施例中,所述目标输入域可包括至少两个输入域,例如用户名域和密码域。在填充所述至少两个输入域时,处理器201可根据所述至少两个输入域中的各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息,并在所述各个输入域中各自填充与各个输入域的属性相符合的登录信息。In the embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. When filling the at least two input fields, the processor 201 may respectively obtain, from the login information, the attributes of the respective input domains according to the attributes of the respective input fields in the at least two input fields. Login information, and each of the input fields is filled with login information that matches the attributes of the respective input fields.

可选的,本发明实施例中,处理器201可以根据用户的选择操作选择性地填充所述目标输入域。Optionally, in the embodiment of the present invention, the processor 201 may selectively fill the target input domain according to a user's selection operation.

具体的,处理器201可接收用户输入的选择操作,根据所述选择操作选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息,并在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。Specifically, the processor 201 may receive a selection operation input by the user, and obtain, according to the attribute of the target input field selected by the selection operation, the login information that matches the attribute of the selected target input domain from the login information, and The selected target input field is filled with login information that matches the attribute of the selected target input field.

本发明实施例中,所述预设数据库中登录信息可以是通过预设加密规则进行加密的登录信息。相应的,处理器201需要将登录信息解密。所述解密规则可以是预先设置的与所述预设加密规则相对应的解密规则。In the embodiment of the present invention, the login information in the preset database may be login information encrypted by using a preset encryption rule. Correspondingly, the processor 201 needs to decrypt the login information. The decryption rule may be a pre-set decryption rule corresponding to the preset encryption rule.

为了进一步增强本发明方案的安全性,可以优选的将涉及用户身份验证和登录信息获取的步骤通过可信执行环境(TEE)执行,将涉及人机交互的输入输出的步骤通过目标操作系统执行。所述可信执行环境与目标操作系统之间相互通信。所述目标操作系统通常可以是一个开放的操作系统。In order to further enhance the security of the inventive solution, the steps involved in user authentication and login information acquisition may preferably be performed by a Trusted Execution Environment (TEE), and the steps involving input and output of human-computer interaction are performed by the target operating system. The trusted execution environment and the target operating system communicate with each other. The target operating system can typically be an open operating system.

具体实现方式中,所述处理器通过目标操作系统将所述生物特征信息发 送给可信执行环境;In a specific implementation, the processor sends the biometric information through a target operating system. Send to a trusted execution environment;

处理器101可以通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则可以通过所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并通过所述可信执行环境将所述登录信息发送给所述目标操作系统。The processor 101 may verify, by the trusted execution environment, whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, may be from the trusted execution environment. Obtaining login information of the user that is characterized by the biometric information and logging in to the application, and sending the login information to the target operating system by using the trusted execution environment.

处理器101通过所述可信执行环境和目标操作系统分别执行本发明方案的相关步骤,可避免由于目标操作系统遭受恶意攻击而导致用户身份验证和登录信息获取的步骤被恶意篡改,可增强本发明方案的安全性。The processor 101 performs the relevant steps of the solution of the present invention by using the trusted execution environment and the target operating system respectively, so as to prevent the steps of user identity verification and login information acquisition from being maliciously falsified due to malicious attacks on the target operating system, and the present invention can be enhanced. The security of the inventive solution.

可理解的是,处理器201的执行步骤还可参照图4实施例的内容,这里不再赘述。It can be understood that the execution steps of the processor 201 can also refer to the content of the embodiment of FIG. 4, and details are not described herein again.

综上所述,实施本发明实施例,通过识别应用程序的登录页面中用于输入登录信息的目标输入域,并验证用户输入的生物特征信息,如果通过验证,则从预设数据库中获取所述用户登录所述应用程序的登录信息,并将所述登录信息填充到所述目标输入域中,可实现自动填充登录页面中的所述目标输入域,简化了用户的登录操作,并且适用范围广,不受应用程序开发平台的限制。In summary, the embodiment of the present invention implements the target input field for inputting login information in the login page of the application, and verifies the biometric information input by the user. If the verification succeeds, the current database is obtained from the preset database. The login information of the user logging in to the application, and populating the login information into the target input domain, can automatically fill the target input domain in the login page, simplifying the login operation of the user, and the scope of application Wide, not limited by the application development platform.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

以上所揭露的仅为本发明部分实施例而已,当然不能以此来限定本发明之权利范围,本领域普通技术人员可以理解实现上述实施例的全部或部分流程,并依本发明权利要求所作的等同变化,仍属于发明所涵盖的范围。 The above disclosure is only a part of the embodiments of the present invention, and the scope of the present invention is not limited thereto, and those skilled in the art can understand all or part of the process of implementing the above embodiments, and according to the claims of the present invention. Equivalent changes are still within the scope of the invention.

Claims (30)

一种登录信息输入方法,其特征在于,包括:A login information input method, comprising: 识别出当前页面为应用程序的登录页面;Identifying that the current page is the login page of the application; 识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page; 接收用户输入的生物特征信息;Receiving biometric information input by the user; 如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And if the biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application; 将所述登录信息填充到所述目标输入域中。The login information is populated into the target input domain. 如权利要求1所述的方法,其特征在于,所述目标输入域包括至少两个输入域;所述将所述登录信息填充到所述目标输入域中,包括:The method of claim 1, wherein the target input field comprises at least two input fields; the filling the login information into the target input domain comprises: 分析出所述至少两个输入域中的各个输入域的属性;Analyzing an attribute of each input field in the at least two input fields; 根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;And acquiring login information that matches the attributes of the respective input domains from the login information according to the attributes of the input fields; 在所述各个输入域中分别填充与各个输入域的属性相符合的登录信息。Login information corresponding to the attributes of the respective input fields is filled in each of the input fields. 如权利要求1所述的方法,其特征在于,所述将所述登录信息填充到所述目标输入域中,包括:接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。The method of claim 1, wherein the filling the login information into the target input field comprises: receiving a selection operation input by a user, the selecting operation for selecting a login information to be filled a target input field; analyzing an attribute of the target input field selected by the selecting operation; obtaining, according to the attribute of the selected target input field, the login information that matches the attribute of the selected target input field from the login information Filling in the selected target input field with the login information that matches the attribute of the selected target input field. 如权利要求1所述的方法,其特征在于,所述如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,包括:The method according to claim 1, wherein if the biometric information is preset biometric information, acquiring a user characterized by the biometric information from a preset database to log in to the application Login information, including: 目标操作系统将所述生物特征信息发送给可信执行环境;The target operating system transmits the biometric information to a trusted execution environment; 所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则所述可信执行环境从预 设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。The trusted execution environment verifies whether the biometric information is the preset biometric information, and if the biometric information is preset biometric information, the trusted execution environment is pre- And obtaining, by the database, login information of the user that is characterized by the biometric information and logging in to the application, and sending the login information to the target operating system. 如权利要求1-4中任一项所述的方法,其特征在于,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述将所述登录信息填充到所述目标输入域之前,还包括:通过所述预设加密规则对应的解密规则解密所述登录信息。The method according to any one of claims 1-4, wherein the login information in the preset database is login information encrypted by a preset encryption rule; the filling the login information into the location Before the target input field, the method further includes: decrypting the login information by using a decryption rule corresponding to the preset encryption rule. 如权利要求1-3中任一项所述的方法,其特征在于,所述识别出所述登录页面中用于输入登录信息的目标输入域,包括:The method according to any one of claims 1 to 3, wherein the identifying a target input field for inputting login information in the login page comprises: 获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page; 在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain. 一种登录信息保存方法,其特征在于,包括:A method for saving login information, comprising: 识别出当前页面为应用程序的登录页面;Identifying that the current page is the login page of the application; 识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page; 接收用户在所述目标输入域中输入的登录信息;Receiving login information input by the user in the target input field; 接收用户输入的生物特征信息;Receiving biometric information input by the user; 如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。And if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database. 如权利要求7所述的方法,其特征在于,所述如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中,包括:The method according to claim 7, wherein if the biometric information is preset biometric information, the login information is used as a user characterized by the biometric information to log in to the application. The login information is saved to the preset database, including: 目标操作系统将所述生物特征信息发送给可信执行环境;The target operating system transmits the biometric information to a trusted execution environment; 所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统; Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system; 如果所述生物特征信息是预设生物特征信息,则所述目标操作系统将所述登录信息发送给所述可信执行环境;If the biometric information is preset biometric information, the target operating system sends the login information to the trusted execution environment; 如果所述生物特征信息是预设生物特征信息,则所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the trusted execution environment uses the login information as login information of the user that is characterized by the biometric information to log in to the application, and saves the login information to In the default database. 如权利要求7或8所述的方法,其特征在于,在所述保存所述登录信息到预设数据库中之前,还包括:按照预设加密规则加密所述登录信息。The method according to claim 7 or 8, wherein before the saving the login information to the preset database, the method further comprises: encrypting the login information according to a preset encryption rule. 如权利要求7所述的方法,其特征在于,所述识别出所述登录页面中用于输入登录信息的目标输入域,包括:The method according to claim 7, wherein the identifying a target input field for inputting login information in the login page comprises: 获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page; 在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain. 一种登录信息输入装置,其特征在于,包括:A login information input device, comprising: 第一识别单元,用于识别出当前页面为应用程序的登录页面;a first identifying unit, configured to identify that the current page is a login page of the application; 第二识别单元,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit, configured to identify a target input field for inputting login information in the login page; 接收单元,用于接收用户输入的生物特征信息;a receiving unit, configured to receive biometric information input by the user; 获取单元,用于如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And an obtaining unit, configured to: if the biometric information is preset biometric information, acquire, from a preset database, login information of a user that is characterized by the biometric information and log in to the application; 填充单元,用于将所述登录信息填充到所述目标输入域中。a padding unit, configured to fill the login information into the target input domain. 如权利要求11所述的装置,其特征在于,所述目标输入域包括至少两个输入域;所述填充单元,具体用于:分析出所述至少两个输入域中的各个输入域的属性;根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;在所述各个输入域中分别填充 与各个输入域的属性相符合的登录信息。The device according to claim 11, wherein the target input field comprises at least two input fields, and the filling unit is configured to: analyze attributes of each input domain in the at least two input fields And acquiring, according to the attributes of the respective input fields, login information that matches the attributes of the respective input domains from the login information; filling the respective input domains separately Login information that matches the attributes of each input field. 如权利要求11所述的装置,其特征在于,所述填充单元,具体用于:接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。The device according to claim 11, wherein the filling unit is specifically configured to: receive a user input selection operation, the selection operation is used to select a target input field that needs to be filled with login information; and the selection is analyzed Manipulating the attribute of the selected target input field; obtaining, according to the attribute of the selected target input field, the login information that matches the attribute of the selected target input field; and the selected target input field The fill information matches the login information of the selected target input domain. 如权利要求11所述的装置,其特征在于,所述获取单元,具体用于:The device according to claim 11, wherein the obtaining unit is specifically configured to: 通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting the biometric information to the trusted execution environment by the target operating system; 通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信Verifying, by the trusted execution environment, whether the biometric information is the preset biometric information 息,如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并将所述登录信息发送给所述目标操作系统。And if the biometric information is preset biometric information, obtaining, by using the trusted execution environment, the login information of the user that is characterized by the biometric information and logging in to the application, and The login information is sent to the target operating system. 如权利要求11-14中任一项所述的装置,其特征在于,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述装置还包括:解密单元,用于在所述填充单元将所述登录信息填充到所述目标输入域之前,通过所述预设加密规则对应的解密规则解密所述登录信息。The device according to any one of claims 11 to 14, wherein the login information in the preset database is login information encrypted by a preset encryption rule; the device further comprises: a decryption unit, And before the filling unit fills the login information into the target input domain, decrypting the login information by using a decryption rule corresponding to the preset encryption rule. 如权利要求11-13中任一项所述的装置,其特征在于,所述第二识别单元,具体用于:获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。The device according to any one of claims 11 to 13, wherein the second identifying unit is configured to: acquire a context corresponding to the login page; and the context is used to represent the login page The referenced control object and the resource; in the context corresponding to the login page, the target input field is identified according to a preset context for identifying the target input field. 一种登录信息保存装置,其特征在于,包括:A login information storage device, comprising: 第一识别单元,用于识别出当前页面为应用程序的登录页面; a first identifying unit, configured to identify that the current page is a login page of the application; 第二识别单元,用于识别出所述登录页面中用于输入登录信息的目标输入域;a second identifying unit, configured to identify a target input field for inputting login information in the login page; 第一接收单元,用于接收用户在所述目标输入域中输入的登录信息;a first receiving unit, configured to receive login information input by the user in the target input field; 第二接收单元,用于接收用户输入的生物特征信息;a second receiving unit, configured to receive biometric information input by the user; 保存单元,用于如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。a saving unit, configured to: if the biometric information is preset biometric information, use the login information as login information of a user that is represented by the biometric information to log in to the application, and save the login information to a pre Set in the database. 如权利要求17所述的装置,其特征在于,所述保存单元,具体用于:The device according to claim 17, wherein the saving unit is specifically configured to: 通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting the biometric information to the trusted execution environment by the target operating system; 通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Verifying, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system; 如果所述生物特征信息是预设生物特征信息,则通过所述目标操作系统将所述登录信息发送给所述可信执行环境;And if the biometric information is preset biometric information, sending the login information to the trusted execution environment by using the target operating system; 如果所述生物特征信息是预设生物特征信息,则通过所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the login information is used as login information of the user that is represented by the biometric information to log in to the application by the trusted execution environment, and the login information is saved. Go to the default database. 如权利要求17或18所述的装置,其特征在于,还包括:加密单元,用于在所述保存单元保存所述登录信息到预设数据库中之前,按照预设加密规则加密所述登录信息。The device according to claim 17 or 18, further comprising: an encryption unit, configured to encrypt the login information according to a preset encryption rule before the saving unit saves the login information to a preset database . 如权利要求17所述的装置,其特征在于,所述第二识别单元,具体用于:获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。The device according to claim 17, wherein the second identifying unit is configured to: acquire a context corresponding to the login page; and the context is used to represent a control object and a resource referenced by the login page. In the context corresponding to the login page, the target input field is identified according to a preset context for identifying the target input field. 一种终端,其特征在于,包括:输入装置、输出装置、存储器和与所述存储器耦合的处理器,其中:A terminal, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein: 所述处理器读取所述存储器中存储的指令,用于执行以下步骤: The processor reads instructions stored in the memory for performing the following steps: 识别出显示于所述输出装置中的当前页面为应用程序的登录页面;Recognizing that the current page displayed in the output device is a login page of the application; 识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page; 通过所述输入装置接收用户输入的生物特征信息;Receiving biometric information input by a user through the input device; 如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;And if the biometric information is the preset biometric information, obtaining, by using the preset database, the login information of the user that is characterized by the biometric information and logging in to the application; 将所述登录信息填充到所述目标输入域中。The login information is populated into the target input domain. 如权利要求21所述的终端,其特征在于,所述目标输入域包括至少两个输入域;所述将所述登录信息填充到所述目标输入域中的步骤,包括:The terminal according to claim 21, wherein the target input field comprises at least two input fields; and the step of filling the login information into the target input field comprises: 所述处理器分析出所述至少两个输入域中的各个输入域的属性;The processor analyzes attributes of respective input fields in the at least two input fields; 所述处理器根据所述各个输入域的属性,从所述登录信息中分别获取与所述各个输入域的属性相符合的登录信息;And the processor respectively acquires login information that matches the attributes of the respective input domains from the login information according to attributes of the respective input domains; 所述处理器在所述各个输入域中分别填充与各个输入域的属性相符合的登录信息。The processor fills each of the input fields with login information that matches the attributes of the respective input fields. 如权利要求21所述的终端,其特征在于,所述将所述登录信息填充到所述目标输入域中的步骤,包括:The terminal according to claim 21, wherein the step of filling the login information into the target input domain comprises: 所述处理器通过所述输入装置接收用户输入的选择操作,所述选择操作用于选择需要填充登录信息的目标输入域;分析出所述选择操作选中的目标输入域的属性;根据所述选中的目标输入域的属性,从所述登录信息中获取与所述选中的目标输入域的属性相符合登录信息;在所述选中的目标输入域中填充与所述选中的目标输入域的属性相符合登录信息。Receiving, by the input device, a selection operation input by a user, the selecting operation is for selecting a target input field that needs to be filled with login information; analyzing an attribute of the target input field selected by the selecting operation; The attribute of the target input field, obtaining login information that matches the attribute of the selected target input field from the login information; filling the selected target input field with the attribute of the selected target input field Meet the login information. 如权利要求21所述的终端,其特征在于,所述如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息的步骤,包括:The terminal according to claim 21, wherein if the biometric information is preset biometric information, acquiring a user characterized by the biometric information from a preset database to log in to the application Steps to log in to the information, including: 所述处理器通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting, by the target operating system, the biometric information to a trusted execution environment; 所述处理器通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,如果所述生物特征信息是预设生物特征信息,则通过所 述可信执行环境从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息,并通过所述可信执行环境将所述登录信息发送给所述目标操作系统。The processor verifies whether the biometric information is the preset biometric information by using the trusted execution environment, and if the biometric information is preset biometric information, The trusted execution environment acquires, from the preset database, login information of the user that is characterized by the biometric information and logs in to the application, and sends the login information to the target operating system by using the trusted execution environment. 如权利要求21-24中任一项所述的终端,其特征在于,所述预设数据库中的登录信息是通过预设加密规则进行加密的登录信息;所述处理器还用于:在将所述登录信息填充到所述目标输入域之前,通过所述预设加密规则对应的解密规则解密所述登录信息。The terminal according to any one of claims 21 to 24, wherein the login information in the preset database is login information encrypted by a preset encryption rule; the processor is further configured to: Before the login information is filled in the target input field, the login information is decrypted by using a decryption rule corresponding to the preset encryption rule. 如权利要求21-23中任一项所述的终端,其特征在于,所述识别出所述登录页面中用于输入登录信息的目标输入域的步骤,包括:The terminal according to any one of claims 21 to 23, wherein the step of identifying a target input field for inputting login information in the login page comprises: 所述处理器获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;The processor acquires a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page; 所述处理器在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。The processor identifies the target input domain according to a preset context for identifying the target input domain in a context corresponding to the login page. 一种终端,其特征在于,包括:输入装置、输出装置、存储器和与所述存储器耦合的处理器,其中:A terminal, comprising: an input device, an output device, a memory, and a processor coupled to the memory, wherein: 所述处理器读取所述存储器中存储的指令,用于执行以下步骤:The processor reads instructions stored in the memory for performing the following steps: 识别出显示于所述输出装置中的当前页面为应用程序的登录页面;Recognizing that the current page displayed in the output device is a login page of the application; 识别出所述登录页面中用于输入登录信息的目标输入域;Identifying a target input field for inputting login information in the login page; 通过所述输入装置接收用户在所述目标输入域中输入的登录信息;Receiving login information input by the user in the target input field by the input device; 通过所述输入装置接收用户输入的生物特征信息;Receiving biometric information input by a user through the input device; 如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。And if the biometric information is preset biometric information, the login information is used as login information of the user that is characterized by the biometric information to log in to the application, and the login information is saved in a preset database. 如权利要求27所述的终端,其特征在于,所述如果所述生物特征信息是预设生物特征信息,则将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中的步 骤,包括:The terminal according to claim 27, wherein if the biometric information is preset biometric information, the login information is used as a user characterized by the biometric information to log in to the application. Login information, save the login information to the step in the default database Steps, including: 所述处理器通过目标操作系统将所述生物特征信息发送给可信执行环境;Transmitting, by the target operating system, the biometric information to a trusted execution environment; 所述处理器通过所述可信执行环境验证所述生物特征信息是否是所述预设生物特征信息,并将验证结果返回给所述目标操作系统;Determining, by the trusted execution environment, whether the biometric information is the preset biometric information, and returning the verification result to the target operating system; 如果所述生物特征信息是预设生物特征信息,则所述处理器通过所述目标操作系统将所述登录信息发送给所述可信执行环境;And if the biometric information is preset biometric information, the processor sends the login information to the trusted execution environment by using the target operating system; 如果所述生物特征信息是预设生物特征信息,则所述处理器通过所述可信执行环境将所述登录信息作为所述生物特征信息所表征的用户登录所述应用程序的登录信息,保存所述登录信息到预设数据库中。If the biometric information is preset biometric information, the processor saves the login information as login information of the user that is represented by the biometric information to the application through the trusted execution environment, and saves the login information. The login information is in a preset database. 如权利要求27或28所述的终端,其特征在于,所述处理器还用于:在保存所述登录信息到预设数据库中之前,按照预设加密规则加密所述登录信息。The terminal according to claim 27 or 28, wherein the processor is further configured to: encrypt the login information according to a preset encryption rule before saving the login information to the preset database. 如权利要求27所述的终端,其特征在于,所述识别出所述登录页面中用于输入登录信息的目标输入域的步骤,包括:The terminal according to claim 27, wherein the step of identifying a target input field for inputting login information in the login page comprises: 获取所述登录页面对应的上下文;所述上下文用于表征所述登录页面所引用的控件对象和资源;Obtaining a context corresponding to the login page; the context is used to represent a control object and a resource referenced by the login page; 在所述登录页面对应的上下文中,根据预设的用于识别所述目标输入域的上下文识别出所述目标输入域。 In the context corresponding to the login page, the target input domain is identified according to a preset context for identifying the target input domain.
PCT/CN2016/097182 2015-09-21 2016-08-29 Login information input method, login information storage method, and associated device Ceased WO2017050093A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510604757.6 2015-09-21
CN201510604757.6A CN106549920B (en) 2015-09-21 2015-09-21 Login information input method, login information storage method and related device

Publications (1)

Publication Number Publication Date
WO2017050093A1 true WO2017050093A1 (en) 2017-03-30

Family

ID=58365142

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/097182 Ceased WO2017050093A1 (en) 2015-09-21 2016-08-29 Login information input method, login information storage method, and associated device

Country Status (2)

Country Link
CN (4) CN106549920B (en)
WO (1) WO2017050093A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549920A (en) * 2015-09-21 2017-03-29 华为终端(东莞)有限公司 Login information input method, login information storage method and related device
CN110175442A (en) * 2019-04-15 2019-08-27 深圳壹账通智能科技有限公司 Based on APP means of defence, device, equipment and the storage medium for shielding lower fingerprint
CN114281197A (en) * 2021-12-14 2022-04-05 Oppo广东移动通信有限公司 Information filling method, device, electronic device and storage medium
CN114860360A (en) * 2022-04-08 2022-08-05 南京四维智联科技有限公司 Login page generation method and device and electronic equipment
CN115203674A (en) * 2022-07-21 2022-10-18 中国平安人寿保险股份有限公司 Automatic login method, system, device and storage medium for application program

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107357562B (en) * 2017-05-24 2023-09-05 青岛海信移动通信技术股份有限公司 Information filling method, device and client
CN107480516A (en) * 2017-07-14 2017-12-15 青岛海信移动通信技术股份有限公司 A kind of method and apparatus for filling input frame
CN107797677B (en) * 2017-07-26 2020-12-22 深圳壹账通智能科技有限公司 Login parameter input method, device, platform and readable storage medium
CN110650110B (en) * 2018-06-26 2022-03-22 深信服科技股份有限公司 Login page identification method and related equipment
CN112771826B (en) * 2018-11-05 2023-01-10 深圳市欢太科技有限公司 Application program registration method, application program registration device and mobile terminal
CN109992939B (en) * 2019-03-29 2021-08-20 维沃移动通信有限公司 A login method and terminal device
CN110007823B (en) * 2019-04-01 2020-12-04 钱咸升(北京)网络科技股份公司 Information input method and device
CN110414246B (en) * 2019-06-19 2023-05-30 平安科技(深圳)有限公司 Shared file security management method, device, terminal and storage medium
CN111639919B (en) * 2020-06-05 2024-04-09 中国银行股份有限公司 Information acquisition method and device
CN111783055B (en) * 2020-06-30 2025-07-25 维沃移动通信有限公司 Account information management method and device and electronic equipment
CN111831991A (en) * 2020-07-24 2020-10-27 中国工商银行股份有限公司 Input operation detection method, device, computing equipment and medium
CN112311805B (en) * 2020-11-06 2022-04-12 支付宝(杭州)信息技术有限公司 Login-free authentication processing method and device based on trusted execution environment
CN112947834A (en) * 2021-01-27 2021-06-11 维沃移动通信有限公司 Information input method and device and electronic equipment
CN112990913A (en) * 2021-03-26 2021-06-18 中国工商银行股份有限公司 Automatic filling method, server and system for browser payment login page
CN113709181A (en) * 2021-09-10 2021-11-26 未鲲(上海)科技服务有限公司 Website login method, device, equipment and storage medium based on browser plug-in
CN116257837B (en) * 2023-05-16 2023-08-22 深圳竹云科技股份有限公司 Application system login method and device, computer equipment and storage medium
CN116743476A (en) * 2023-07-05 2023-09-12 数字广东网络建设有限公司 Business system login method, device, electronic equipment and storage medium
CN117993857B (en) * 2024-02-05 2024-08-30 北京睿企信息科技有限公司 Instruction text sending system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073794A1 (en) * 2002-10-15 2004-04-15 Kevin Nip Method and system for the dynamic and automated storage and retrieval of authentication information via a communications network
CN101272237A (en) * 2008-04-22 2008-09-24 北京飞天诚信科技有限公司 A method and system for automatically generating and filling login information
CN102222200A (en) * 2011-06-24 2011-10-19 宇龙计算机通信科技(深圳)有限公司 Application program logging method and logging management system
CN102594817A (en) * 2012-02-15 2012-07-18 李晶 Password agent method, user terminal equipment and password agent server
CN103795716A (en) * 2014-01-21 2014-05-14 宇龙计算机通信科技(深圳)有限公司 Network account login method and device, and terminal
CN104331650A (en) * 2013-07-22 2015-02-04 联想(北京)有限公司 Information processing method and electronic equipment
CN104660688A (en) * 2015-02-03 2015-05-27 百度在线网络技术(北京)有限公司 Method and device for acquiring login information
CN104780167A (en) * 2015-03-27 2015-07-15 深圳创维数字技术有限公司 Account login method and terminal

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2308282B (en) * 1995-12-15 2000-04-12 Lotus Dev Corp Differential work factor cryptography method and system
US5787169A (en) * 1995-12-28 1998-07-28 International Business Machines Corp. Method and apparatus for controlling access to encrypted data files in a computer system
US6064736A (en) * 1997-09-15 2000-05-16 International Business Machines Corporation Systems, methods and computer program products that use an encrypted session for additional password verification
JP2000221881A (en) * 1999-02-01 2000-08-11 Nec Corp Electronic signature terminal device, electronic signature management device and electronic signature system
JP2001265735A (en) * 2000-03-22 2001-09-28 Ntt Communications Kk Authentication method, signature method, and communication method and system using ID / password
US7228417B2 (en) * 2002-02-26 2007-06-05 America Online, Inc. Simple secure login with multiple-authentication providers
JP2007142504A (en) * 2005-11-14 2007-06-07 Kotohaco:Kk Information processing system
CN101588348A (en) * 2008-05-22 2009-11-25 中国电信股份有限公司 System logging method and system logging device based on Web
CN101635629B (en) * 2008-07-21 2013-02-20 李晓东 Secure password authentication method
CN101888395A (en) * 2009-05-13 2010-11-17 华为技术有限公司 A data synchronization method, widget terminal and server
CN101815291A (en) * 2010-03-22 2010-08-25 中兴通讯股份有限公司 Method and system for logging on client automatically
CN101872365A (en) * 2010-07-02 2010-10-27 苏州阔地网络科技有限公司 A method of one-click login to other websites realized on the webpage
CN102591889A (en) * 2011-01-17 2012-07-18 腾讯科技(深圳)有限公司 Method and device for assisting user input based on browser of mobile terminal
CN102281539B (en) * 2011-08-29 2014-10-29 惠州Tcl移动通信有限公司 Mobile terminal and application program login method thereof
CN102495855B (en) * 2011-11-21 2013-09-25 奇智软件(北京)有限公司 Automatic login method and device
CN102637194B (en) * 2012-02-27 2013-10-02 长春吉大正元信息技术股份有限公司 Trigger method for late binding event of Web page element in BHO (browser helper object)
CN102646077B (en) * 2012-03-28 2016-06-15 山东超越数控电子有限公司 A kind of method of the full disk encryption based on credible password module
WO2013162296A1 (en) * 2012-04-25 2013-10-31 주식회사 로웸 Passcode operating system, passcode apparatus, and super-passcode generating method
CN103425914A (en) * 2012-05-17 2013-12-04 宇龙计算机通信科技(深圳)有限公司 Login method of application program and communication terminal
JP2014027494A (en) * 2012-07-27 2014-02-06 Hitachi Ltd User authentication system, user authentication method, and network apparatus
CN102868732A (en) * 2012-08-27 2013-01-09 北京小米科技有限责任公司 Account password-based login implementation method, system and device
US9294267B2 (en) * 2012-11-16 2016-03-22 Deepak Kamath Method, system and program product for secure storage of content
CN103024005B (en) * 2012-11-30 2015-11-25 北京奇虎科技有限公司 Website login information store method and device
CN103218555A (en) * 2013-03-04 2013-07-24 北京百纳威尔科技有限公司 Logging-in method and device for application program
US9807085B2 (en) * 2013-03-15 2017-10-31 Veracode, Inc. Systems and methods for automated detection of login sequence for web form-based authentication
CN103227786B (en) * 2013-04-08 2018-11-16 优视科技有限公司 A kind of website login information filling method and device
EP2905717A1 (en) * 2014-02-05 2015-08-12 Thomson Licensing Device and method for device and user authentication
CN104219228B (en) * 2014-08-18 2018-01-02 四川长虹电器股份有限公司 A kind of user's registration, user identification method and system
KR101494854B1 (en) * 2014-12-10 2015-02-23 주식회사 인포바인 Method of convenient signing in using automatically detecting and filling login field in web or applicaion and apparatus for the same
CN104598793A (en) * 2015-01-08 2015-05-06 百度在线网络技术(北京)有限公司 Fingerprint authentication method and fingerprint authentication device
CN106549920B (en) * 2015-09-21 2021-06-01 华为终端有限公司 Login information input method, login information storage method and related device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073794A1 (en) * 2002-10-15 2004-04-15 Kevin Nip Method and system for the dynamic and automated storage and retrieval of authentication information via a communications network
CN101272237A (en) * 2008-04-22 2008-09-24 北京飞天诚信科技有限公司 A method and system for automatically generating and filling login information
CN102222200A (en) * 2011-06-24 2011-10-19 宇龙计算机通信科技(深圳)有限公司 Application program logging method and logging management system
CN102594817A (en) * 2012-02-15 2012-07-18 李晶 Password agent method, user terminal equipment and password agent server
CN104331650A (en) * 2013-07-22 2015-02-04 联想(北京)有限公司 Information processing method and electronic equipment
CN103795716A (en) * 2014-01-21 2014-05-14 宇龙计算机通信科技(深圳)有限公司 Network account login method and device, and terminal
CN104660688A (en) * 2015-02-03 2015-05-27 百度在线网络技术(北京)有限公司 Method and device for acquiring login information
CN104780167A (en) * 2015-03-27 2015-07-15 深圳创维数字技术有限公司 Account login method and terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549920A (en) * 2015-09-21 2017-03-29 华为终端(东莞)有限公司 Login information input method, login information storage method and related device
CN110175442A (en) * 2019-04-15 2019-08-27 深圳壹账通智能科技有限公司 Based on APP means of defence, device, equipment and the storage medium for shielding lower fingerprint
CN114281197A (en) * 2021-12-14 2022-04-05 Oppo广东移动通信有限公司 Information filling method, device, electronic device and storage medium
CN114860360A (en) * 2022-04-08 2022-08-05 南京四维智联科技有限公司 Login page generation method and device and electronic equipment
CN115203674A (en) * 2022-07-21 2022-10-18 中国平安人寿保险股份有限公司 Automatic login method, system, device and storage medium for application program

Also Published As

Publication number Publication date
CN106549920B (en) 2021-06-01
CN113452678A (en) 2021-09-28
CN113676443A (en) 2021-11-19
CN111585964B (en) 2023-03-24
CN106549920A (en) 2017-03-29
CN111585964A (en) 2020-08-25

Similar Documents

Publication Publication Date Title
CN111585964B (en) Login information input method, login information storage method and related device
US11764966B2 (en) Systems and methods for single-step out-of-band authentication
US20220318355A1 (en) Remote usage of locally stored biometric authentication data
CN116049785B (en) Identity authentication method and system
US10404754B2 (en) Query system and method to determine authentication capabilities
US9183365B2 (en) Methods and systems for fingerprint template enrollment and distribution process
US9741033B2 (en) System and method for point of sale payment data credentials management using out-of-band authentication
EP3824592B1 (en) Public-private key pair protected password manager
CN108810021B (en) Query system and method for determining verification function
US9286466B2 (en) Registration and authentication of computing devices using a digital skeleton key
JP2021510978A (en) Systems and methods for binding verifiable claims
US10484372B1 (en) Automatic replacement of passwords with secure claims
AU2013205396B2 (en) Methods and Systems for Conducting Smart Card Transactions
US20150096001A1 (en) Systems and Methods for Credential Management Between Electronic Devices
WO2019179394A1 (en) Method, terminal, and authentication server for retrieving identity information
WO2017000829A1 (en) Method for checking security based on biological features, client and server
WO2017067201A1 (en) Wi-fi connection method, terminal, and system
CN109922027B (en) Credible identity authentication method, terminal and storage medium
CN108475304A (en) A method, device and mobile terminal for associating application programs with biometric features
CN106487758A (en) A kind of data safety endorsement method, service terminal and private key backup server
AU2018101656A4 (en) A System and Method for Facilitating the Delivery of Secure Hyperlinked Content via Mobile Messaging
SE540649C2 (en) Method and system for secure password storage
WO2021249527A1 (en) Method and apparatus for implementing motopay, and electronic device
CN115378609A (en) Electronic certificate display method, verification method, terminal and server
WO2017063298A1 (en) Authentication method and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16847975

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16847975

Country of ref document: EP

Kind code of ref document: A1