CN105187431A - Log-in method, server, client and communication system for third party application - Google Patents
Log-in method, server, client and communication system for third party application Download PDFInfo
- Publication number
- CN105187431A CN105187431A CN201510595952.7A CN201510595952A CN105187431A CN 105187431 A CN105187431 A CN 105187431A CN 201510595952 A CN201510595952 A CN 201510595952A CN 105187431 A CN105187431 A CN 105187431A
- Authority
- CN
- China
- Prior art keywords
- login
- client
- information
- party application
- authorization information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000004891 communication Methods 0.000 title claims abstract description 19
- 238000013475 authorization Methods 0.000 claims description 185
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000002377 Fourier profilometry Methods 0.000 claims description 6
- 230000002950 deficient Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 abstract description 11
- 230000008569 process Effects 0.000 abstract description 9
- 230000008878 coupling Effects 0.000 abstract description 7
- 238000010168 coupling process Methods 0.000 abstract description 7
- 238000005859 coupling reaction Methods 0.000 abstract description 7
- 238000007726 management method Methods 0.000 description 92
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012559 user support system Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a log-in method, server, client and communication system for a third party application. The log-in method for a third party application comprises receiving verification information sent from a log-in application client; sending the verification information to an account number management server so that the account number management server can verify the verification information; receiving the returned verification result, wherein if the verification result shows that the verification is qualified, searching a secret key database to acquire a first secret key and using the first secret key to according to the application logo of a third party application client to sign for a user account name and a log-in timestamp of the user account information to acquire a first signature; and generating signature verification information and sending the signature verification information to the log-in application client, transmitting the signature verification information to a third party application server through the third party application client, and allowing to log in the third party application client after signing for the third party application server and comparing the signature. With the technical scheme of the log-in method, server, client and communication system for a third party application, the dependency and the coupling between the account number verification server and the third party application can be reduced during the log-in process.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of login method of third-party application, server, client and communication system.
Background technology
Universal and the development of the Internet, bring a large amount of Internet Service Providers, but the partial service of many Internet Service Providers just has permission acquisition after needing user to log in.At present, increasing website and Mobile solution all support the operation that third party logs in and authorizes, user is by the website of certain support of the mobile terminal accessings such as mobile phone third party login or when applying, do not have in this website before this user or apply registered, the entrance that the third party that still can be provided by this application is logged in, input third party's account and password realize the operation logging in this website or application.Such as, user supports by mobile terminal accessing the Yoqoo that Tengxun account logs in, and user is by the page of specifying inputting the account of Tengxun and password to log in Yoqoo.
The patent No. disclosed in prior art be 201310310826.3 patent be a kind of technical scheme realizing above-mentioned effect.Which disclose a kind of third party website login method based on mobile terminal, when the browser of mobile terminal detects the trigger event of third party's register, the login page of third party's register is shown to Internet Server request, after this login page completing user account authentication and authorization confirms, Internet service is used for user ID and the authorization token of third party's login, to complete third party's login to third party website distribution.
There is following shortcoming in technique scheme:
One, interconnected server directly intercoms mutually with third party website, formed and rely on and coupling, if when third party website is because of reasons such as Internet Transmission situation or Internet Server own services go wrong, the information such as the user ID of interconnected server transmission cannot be received in time, thus after causing user to have input correct account number cipher, still cannot log in third party website in time, have a strong impact on the experience of user, the login step of third party website is also therefore to the dependence of interconnected server height of formation.
Two, the browser of mobile terminal directly and interconnected server communication, and interconnected server both carried out account checking, carried out data interaction again with user, effectively cannot disperse the load of interconnected server.Meanwhile, people can utilize browser to launch a offensive to interconnected server, cause safety problem.
Three, user directly can only cancel the mandate of this third party website to the empowerment management of third party website, but in fact user only wishes that cancelling certain mobile terminal concrete uses this account to log in the mandate of third party website, but not fully phase out the mandate of this third party website, the coarseness of empowerment management causes being difficult to carry out accurate authorization control, lacks empowerment management mode safely and effectively.
Summary of the invention
The embodiment of the present invention proposes a kind of login method of third-party application, can reduce dependence and the coupling of account authentication server and third-party application server in login process.
Embodiments provide a kind of login method of third-party application, comprising:
Receive the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
Described authorization information is sent to account management server, for described account management server, described authorization information is verified;
Receive the result that described account management server returns;
If described the result is for being verified, then according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature; Otherwise, return login failure message to described login applications client, and terminate this login;
Generate signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
Described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described described authorization information is sent to account management server before, also comprise:
Format checking is carried out to described authorization information, if described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
Further, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described the result also comprises the unique identifier corresponding to described user account information;
Described described signature authentication information is sent to described login applications client after, also comprise:
Described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
On the other hand, the one embodiments provided logs in application server, comprising:
First receiving element, for receiving the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
First transmitting element, for described authorization information is sent to account management server, verifies described authorization information for described account management server;
Second receiving element, for receiving the result that described account management server returns;
First signature unit, for when described the result is for being verified, according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature;
Second transmitting element, for obstructed out-of-date for checking at described the result, returns login failure message to described login applications client, and terminates this login;
Authentication information generation unit, for generating signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
With, 3rd transmitting element, for described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described login application server also comprises:
Format checking unit, before described authorization information being sent to account management server at described first transmitting element, carries out format checking to described authorization information; If described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
Further, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described the result also comprises the unique identifier corresponding to described user account information;
Described login application server also comprises:
4th transmitting element, for after described signature authentication information is sent to described login applications client by described 3rd transmitting element, described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
Again on the one hand, embodiments provide a kind of login method of third-party application, comprising:
Third-party application client sends logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client generates authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
Described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
Described login applications client receives the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
Described signature authentication information is sent to described third-party application client by described login applications client;
Described signature authentication information is sent to third-party application server by described third-party application client, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, also comprise:
Described login applications client receives the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
Further, described authorization information also comprises the first dynamic code, and described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described login applications client also comprises after receiving the signature authentication information of described login application server transmission:
Described login applications client receives the unique identifier that described login application server sends; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
Another aspect, embodiments provides a kind of FTP client FTP, comprises and logs in applications client and third-party application client;
Described third-party application client comprises:
5th transmitting element, for sending logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client comprises:
Authorization information generation unit, for generating authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
6th transmitting element, for described authorization information is sent to login application server, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
6th receiving element, for receiving the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
With, the 7th transmitting element, for sending to described third-party application client by described signature authentication information;
Described third-party application client also comprises:
8th transmitting element, for described signature authentication information is sent to third-party application server, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described login applications client also comprises:
7th receiving element, for described authorization information being sent to login application server at described 6th transmitting element, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, receive the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
Further, described authorization information also comprises the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described login applications client also comprises:
8th receiving element, for receive at the 6th receiving element described login application server send signature authentication information after, receive described login application server send unique identifier; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
On the other hand, embodiments provide a kind of communication system, comprise FTP client FTP, third-party application server, log in application server and account management server;
Described FTP client FTP is the FTP client FTP as described in any one of claim 16 to 20;
Described login application server is the login application server as described in any one of claim 6 to 10.
Implement the embodiment of the present invention, there is following beneficial effect:
The login method of a kind of third-party application that the embodiment of the present invention provides, login application server, FTP client FTP and communication system.Log in application server after receiving the authorization information logging in applications client transmission, account management server authorization information is sent to verify, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, log in application server according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.Finally log in application server and the signature authentication information of generation is sent to login applications client, this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When adopting third-party application client to log in compared to prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with the account information of account management server and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signing messages unanimously determine whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Accompanying drawing explanation
Fig. 1 is the information interaction schematic diagram of a kind of embodiment of the login method of third-party application provided by the invention;
Fig. 2 is the schematic flow sheet of a kind of embodiment of the login method of third-party application provided by the invention;
Fig. 3 is the sequential chart of a kind of embodiment of the login method of third-party application provided by the invention;
Fig. 4 is the structural representation of a kind of embodiment of login application server provided by the invention;
Fig. 5 is the structural representation of the another kind of embodiment of login application server provided by the invention;
Fig. 6 is the structural representation of another embodiment of login application server provided by the invention;
Fig. 7 is the schematic flow sheet of the another kind of embodiment of the login method of third-party application provided by the invention;
Fig. 8 is the structural representation of a kind of embodiment of FTP client FTP provided by the invention;
Fig. 9 is the structural representation of a kind of embodiment of login applications client provided by the invention;
Figure 10 is the structural representation of the another kind of embodiment of login applications client provided by the invention;
Figure 11 is the structural representation of a kind of embodiment of communication system provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
It is the information interaction schematic diagram of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 1, Fig. 1.As shown in Figure 1, the login method of third-party application of the present invention comprises: third-party application client, third-party application server, account management server, login application server, login applications client.The detailed process step of login method of the present invention can be the schematic flow sheet of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 2, Fig. 2, and the method is suitable for and logs in application server, mainly comprises the following steps:
Step 101: receive the authorization information logging in applications client and send; Wherein, this authorization information generates by logging in logging request that applications client sends according to third-party application client; Authorization information comprises: the application identities of third-party application client and user account information.
In the present embodiment, after user triggers third-party application login in third-party application client, third-party application client sends the application identities of logging request and third-party application client to login applications client.User interface is jumped to by third-party application client and logs in applications client, and user is logging in account applications client being selected log in.If user did not use this account Successful login mistake in this login applications client, then user was still needed to input password when logging in.If user once used this account Successful login mistake in this login applications client, then log in applications client and inquire about the unique identifier be stored in identification code data storehouse corresponding to this account, using the password of this unique identifier as this account, user, without the need to inputting password, simplifies user operation.
Log in applications client according to this logging request, generate and comprise the application identities of third-party application client and the authorization information of user account information.This user account information comprises: user account name and password (being inputted or unique identifier by user).
One as the present embodiment is illustrated, and authorization information can also comprise the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.First dynamic code is provided with effective time, can regenerate after the time, and identical to be applied in the dynamic code that different clients generates not identical.
In the present embodiment, login applications client and third-party application client are two different clients in same terminal, and the information transmission logged between applications client and third-party application client is believable.This same terminal can be, but not limited to as intelligent terminal, mobile terminal or computer terminal.
Step 102: authorization information is sent to account management server, verifies this authorization information for account management server.
In the present embodiment, also comprise before authorization information being sent to account management server: carry out format checking to authorization information, whether whether the application identities as checked third-party application client correct etc. from the form of chartered third-party application, user account information and the first dynamic code.If authorization information passed examination, then authorization information is sent to account management server; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, account management server is verified authorization information and is specifically comprised: by the user account information in authorization information, compare with the user account information in database, judges whether consistent; If consistent, be then verified; If inconsistent, then verify and do not pass through.If this user account information uses clear-text passwords, then the clear-text passwords searching this user account in a database corresponding is compared.Log in if this user account is second time, then the unique identifier searching this user account in a database corresponding is compared.
One as the present embodiment is illustrated, if this authorization information also comprises the first dynamic code, then account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.In this citing, client identification, according to the Authorized operation of user, prestores in database by account management server.By Authorized operation, user determines which logs in applications client and can complete login authentication, even if user account and password are revealed, can not complete login authentication, ensure that the accuracy of authorization information in undelegated login applications client.Mobile phone terminal as user has been lost; user only need authorize account management server to be cancelled with associating of this user account by the client identification of this loss mobile phone; can ensure that the dynamic code that this mobile phone terminal generates cannot by checking; thus without the need to cancelling associating of this user account and third-party application, the safety of user account also can be protected.
Step 103: receive the result that account management server returns.
In the present embodiment, after account management server completes checking, the result can be returned to login application server.If the verification passes, then the result comprises: be verified message and the exclusive identification code corresponding to this user account information.Log in applications client this exclusive identification code is stored in identification code data storehouse, so that user logs in next time.If checking is not passed through, then the result comprises checking and does not pass through message.This is verified message to log in applications client, returns login failure message to login applications client, and terminates this login.
Step 104: if the result is for being verified, then according to the application identities of third-party application client, search key database, obtain the first key, and use the user account name in the first double secret key user account information and login time stamp to sign, obtain the first signature; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, log in application server and mutually arrange what a identical key with third-party application server, login application server is by the application identities of third party's client and appoint that key is interrelated, and is stored in key database.After user account is verified, only need can obtain the first key according to the application identities query key database of the 3rd applications client.If illegal third-party application, then cannot inquire key in key database, log in application server and confirm that this third-party application client is illegitimate client, terminate this and log in.
Step 105: generate signature authentication information; This signature authentication information comprises: the first signature, user account name and login time stamp.
Step 106: signature authentication information is sent to login applications client, to make login applications client, signature authentication information is transmitted to third-party application client, third-party application server is transmitted to make third-party application client, thus the second double secret key user account name making third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
In the present embodiment, after third-party application server accepts the login of third-party application client, return comparison result to third-party application client, user is mutual at the enterprising Serial Communication of third-party application client.
In order to steps flow chart of the present invention is better described, be the sequential chart of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 3, Fig. 3.
Therefore the login method of a kind of third-party application that the embodiment of the present invention provides, is applicable to log in application server.Log in application server after receiving the authorization information logging in applications client transmission, account management server authorization information is sent to verify, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, log in application server according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.Finally log in application server and the signature authentication information of generation is sent to login applications client, this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When adopting third-party application client to log in compared to prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with account management server account information and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signing messages unanimously determine whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Further, the present invention adopts independently login applications client and third-party application client to carry out alternately, and special account management network in charge is transferred in the service of checking account, share the load logging in application server, reduce the coupling of server.If there is new third-party application client to need to make login mode of the present invention, then without the need to adjusting the verifying logic of account management server, only need third-party application server register on login application server and arrange key, expansion flexibly.
Further, third-party application server does not directly carry out communication with account management server, ensures fail safe and the privacy of account management server, prevents attack.
Further, the authorization information in the login method of third-party application of the present invention, except user account information, also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.User can authorize client in advance in account management server, to represent which client can carry out login authentication.The identification code of authorized client is stored in database by account management server.When authorization information is verified, account management server, according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent.If consistent, be verified, otherwise checking is not passed through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.And by Authorized operation, user determines which logs in applications client and can complete login authentication, even if user account and password are revealed, can not complete login authentication, ensure that the accuracy of authorization information in undelegated login applications client.Mobile phone terminal as user has been lost; user only need authorize account management server to be cancelled with associating of this user account by the client identification of this loss mobile phone; can ensure that the dynamic code that this mobile phone terminal generates cannot by checking; thus without the need to cancelling associating of this user account and third-party application, the safety of user account also can be protected.
Embodiment 2
Be the structural representation of a kind of embodiment of login application server provided by the invention see Fig. 4, Fig. 4, as described in Figure 4, this login application server comprises:
First receiving element 401, for receiving the authorization information logging in applications client and send; Wherein, this authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Authorization information comprises: the application identities of third-party application client and user account information.
First transmitting element 402, for authorization information is sent to account management server, verifies this authorization information for account management server.
Second receiving element 403, for receiving the result that account management server returns;
First signature unit 404, for when the result is for being verified, according to the application identities of third-party application client, search key database, obtain the first key, and use the user account name in the first double secret key user account information and login time stamp to sign, obtain the first signature.
Second transmitting element 405, for obstructed out-of-date for verifying at the result, returns login failure message to login applications client, and terminates this login.
Authentication information generation unit 406, for generating signature authentication information; This signature authentication information comprises: the first signature, user account name and login time stamp.
3rd transmitting element 407, for signature authentication information is sent to login applications client, to make login applications client, signature authentication information is transmitted to third-party application client, third-party application server is transmitted to make third-party application client, thus the second double secret key user account name making third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
One as the present embodiment is illustrated, and is the structural representation of the another kind of embodiment of login application server provided by the invention see Fig. 5, Fig. 5.The difference of Fig. 5 and Fig. 4 is, logs in application server and also comprises: format checking unit 408, before authorization information being sent to account management server at the first transmitting element 402, carry out format checking to authorization information; If authorization information passed examination, then authorization information is sent to account management server; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, authorization information can also comprise: the first dynamic code; Described first dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.
One as the present embodiment is illustrated, and is the structural representation of another embodiment of login application server provided by the invention see Fig. 6, Fig. 6.The difference of Fig. 6 and Fig. 4 is, log in application server also to comprise: the 4th transmitting element 609, for after signature authentication information is sent to login applications client by the 3rd transmitting element 407, unique identifier is sent to login applications client, for login applications client, unique identifier is stored in identification code data storehouse.This unique identifier sends to login application server by account management server by the result, corresponding with this user account information.
In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.
The more detailed operation principle of the present invention and process step can be, but not limited to the relevant record being illustrated in embodiment 1.
Therefore, the one that the embodiment of the present invention provides logs in application server, after receiving at the first receiving element 401 authorization information logging in applications client transmission, authorization information sends to account management server to verify by the first transmitting element 402, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, second receiving element 403 receives the result returned, again by the first signature unit 404 according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.The signature authentication information that authentication information generation unit 406 generates by last 3rd transmitting element 407 sends to login applications client, and this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When logging in compared to the third-party application client of prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with the account information of account management server and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signature unanimously determines whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Embodiment 3
Be the schematic flow sheet of the another kind of embodiment of the login method of third-party application provided by the invention see Fig. 7, Fig. 7, the method is applicable to FTP client FTP, and its main process flow steps is as follows:
Step 701: third-party application client sends logging request to login applications client; This logging request comprises the application identities of third-party application client.
Step 702: log in applications client and generate authorization information according to described logging request; Wherein, this authorization information comprises application identities and user account information.
Step 703: log in applications client and authorization information is sent to login application server, to make login application server, authorization information is transmitted to account management server, thus account management server is verified authorization information, and the result is returned to login application server.
Step 704: log in applications client and receive the signature authentication information logging in application server and send; Wherein, signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; First signature is by logging in application server when the result is for being verified, according to the application identities of third-party application client, search key database, after obtaining the first key, use the first double secret key user account name and login time stamp to carry out signing and obtaining.
Step 705: log in applications client and signature authentication information is sent to third-party application client.
Step 706: signature authentication information is sent to third-party application server by third-party application client, use user account name described in the second double secret key prestored and login time stamp to sign for third-party application server, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
In the present embodiment, log in applications client and authorization information is sent to login application server, to make login application server, described authorization information is transmitted to account management server, thus account management server is verified described authorization information, and after the result being returned to described login application server, also comprise: log in applications client and receive the login failure message logging in application server and send, and this logs according to the login failure end of message.Wherein, login failure message is generated when the format checking of authorization information is defective by login application server; Or, login failure message be by login application server the result be checking obstructed out-of-date generation.
One as this example is illustrated, and authorization information also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.
One as the present embodiment is illustrated, and after logging in the signature authentication information of applications client reception login application server transmission, also comprises: log in the unique identifier that applications client receives the transmission of login application server.Wherein, unique identifier is corresponding with user account information, and sends to login application server by account management server.Log in applications client unique identifier is stored in identification code data storehouse.In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.User, after use login application server completes the login first of this user account, without the need to inputting password again when next time logs in, reducing the memory cost of user, improving Consumer's Experience.
Therefore, the invention provides a kind of login method of third-party application, be applicable to the FTP client FTP be made up of login applications client and third-party application client.Communicate with third-party application server compared to prior art third-party application client, and the account information relied between third-party application server and account management server is verified and has been carried out login, login method of the present invention completes account information checking by logging in applications client, the certification between third-party application client and third-party application server is completed again by signature authentication, third-party application server is avoided directly to be connected with account management server, untie interdepending of account management server and third-party application server in login process, and avoid the exposure of account management server, improve the fail safe logged in.
Embodiment 4
It is the structural representation of a kind of embodiment of FTP client FTP provided by the invention see Fig. 8, Fig. 8.As shown in Figure 8, this FTP client FTP comprises: log in applications client 801 and third-party application client 802.
Wherein, third-party application client 801 comprises:
5th transmitting element 8011, for sending logging request to login applications client; Logging request comprises the application identities of described third-party application client.
Log in applications client 802 to comprise:
Authorization information generation unit 8021, for generating authorization information according to this logging request; Wherein, authorization information comprises application identities and user account information.
6th transmitting element 8022, for authorization information is sent to login application server, to make login application server that described authorization information is transmitted to account management server, thus account management server is verified authorization information, and the result is returned to login application server.
6th receiving element 8023, for receiving the signature authentication information logging in application server and send; Wherein, signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; First signature is by logging in application server when the result is for being verified, according to the application identities of third-party application client, search key database, after obtaining the first key, use the first double secret key user account name and login time stamp to carry out signing and obtaining.
7th transmitting element 8024, for sending to third-party application client by signature authentication information;
Third-party application client 801 also comprises:
8th transmitting element 8012, for signature authentication information is sent to third-party application server, the second double secret key user account name of prestoring and login time stamp is used to sign for third-party application server, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
One as the present embodiment is illustrated, and is the structural representation of a kind of embodiment of login applications client provided by the invention see Fig. 9, Fig. 9.As shown in Figure 9, log in applications client also to comprise: the 7th receiving element 8025, for authorization information being sent to login application server at the 6th transmitting element 8022, to make login application server, authorization information is transmitted to account management server, thus account management server is verified authorization information, and after the result being returned to login application server, receive the login failure message logging in application server and send, and this logs according to the login failure end of message.Wherein, login failure message is generated when the format checking of authorization information is defective by login application server.Or, login failure message be by login application server the result be checking obstructed out-of-date generation.
One as this example is illustrated, and authorization information also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.
One as the present embodiment is illustrated, and is the structural representation of the another kind of embodiment of login applications client provided by the invention see Figure 10, Figure 10.The difference of Figure 10 and Fig. 9 is, this login applications client also comprises: the 8th receiving element 8026, after receiving at the 6th receiving element 8023 the signature authentication information logging in application server transmission, receive the unique identifier logging in application server and send.Wherein, unique identifier is corresponding with user account information, and sends to login application server by account management server.Log in applications client unique identifier is stored in identification code data storehouse.In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.User, after use login application server completes the login first of this user account, without the need to inputting password again when next time logs in, reducing the memory cost of user, improving Consumer's Experience.
The more detailed steps flow chart of the present embodiment can be, but not limited to the relevant record see embodiment 3.
Therefore, the invention provides a kind of FTP client FTP be made up of login applications client and third-party application client.Communicate with third-party application server compared to prior art third-party application client, and the account information relied between third-party application server and account management server is verified and has been carried out login, FTP client FTP of the present invention completes account information checking by logging in applications client, the certification between third-party application client and third-party application server is completed again by signature authentication, third-party application server is avoided directly to be connected with account management server, untie interdepending of account management server and third-party application server in login process, and avoid the exposure of account management server, improve the fail safe logged in.
Embodiment 5
It is the structural representation of a kind of embodiment of communication system provided by the invention see Figure 11, Figure 11.As shown in figure 11, this communication system comprises: FTP client FTP 1101, third-party application server 1102, login application server 1103 and account management server 1104.
Wherein, login application server 1103 is the login application servers described in embodiment 2.FTP client FTP 1101 is the FTP client FTPs described in embodiment 4.
Therefore communication system provided by the invention can untie interdepending of account management server and third-party application server in login process, avoids the exposure of account management server, improves the fail safe logged in.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications are also considered as protection scope of the present invention.
Claims (21)
1. a login method for third-party application, is characterized in that, comprising:
Receive the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
Described authorization information is sent to account management server, for described account management server, described authorization information is verified;
Receive the result that described account management server returns;
If described the result is for being verified, then according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature; Otherwise, return login failure message to described login applications client, and terminate this login;
Generate signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
Described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
2. the login method of third-party application according to claim 1, is characterized in that, described described authorization information is sent to account management server before, also comprise:
Format checking is carried out to described authorization information, if described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
3. the login method of third-party application according to claim 1, is characterized in that, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
4. the login method of third-party application according to claim 1, is characterized in that, described the result also comprises the unique identifier corresponding to described user account information;
Described described signature authentication information is sent to described login applications client after, also comprise:
Described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
5. the login method of third-party application according to claim 4, it is characterized in that, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
6. log in an application server, it is characterized in that, comprising:
First receiving element, for receiving the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
First transmitting element, for described authorization information is sent to account management server, verifies described authorization information for described account management server;
Second receiving element, for receiving the result that described account management server returns;
First signature unit, for when described the result is for being verified, according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature;
Second transmitting element, for obstructed out-of-date for checking at described the result, returns login failure message to described login applications client, and terminates this login;
Authentication information generation unit, for generating signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
With, 3rd transmitting element, for described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
7. login application server according to claim 6, is characterized in that, also comprise:
Format checking unit, before described authorization information being sent to account management server at described first transmitting element, carries out format checking to described authorization information; If described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
8. login application server according to claim 6, is characterized in that, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
9. login application server according to claim 6, is characterized in that, described the result also comprises the unique identifier corresponding to described user account information;
Described login application server also comprises:
4th transmitting element, for after described signature authentication information is sent to described login applications client by described 3rd transmitting element, described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
10. login application server according to claim 9, it is characterized in that, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
The login method of 11. 1 kinds of third-party application, is characterized in that, comprising:
Third-party application client sends logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client generates authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
Described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
Described login applications client receives the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
Described signature authentication information is sent to described third-party application client by described login applications client;
Described signature authentication information is sent to third-party application server by described third-party application client, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
The login method of 12. third-party application according to claim 11, it is characterized in that, described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, also comprise:
Described login applications client receives the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
The login method of 13. third-party application according to claim 11, it is characterized in that, described authorization information also comprises the first dynamic code, described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
The login method of 14. third-party application according to claim 11, is characterized in that, described login applications client also comprises after receiving the signature authentication information of described login application server transmission:
Described login applications client receives the unique identifier that described login application server sends; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
The login method of 15. third-party application according to claim 14, it is characterized in that, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
16. 1 kinds of FTP client FTPs, is characterized in that, comprise and log in applications client and third-party application client;
Described third-party application client comprises:
5th transmitting element, for sending logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client comprises:
Authorization information generation unit, for generating authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
6th transmitting element, for described authorization information is sent to login application server, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
6th receiving element, for receiving the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
With, the 7th transmitting element, for sending to described third-party application client by described signature authentication information;
Described third-party application client also comprises:
8th transmitting element, for described signature authentication information is sent to third-party application server, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
17. FTP client FTPs according to claim 16, is characterized in that, described login applications client also comprises:
7th receiving element, for described authorization information being sent to login application server at described 6th transmitting element, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, receive the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
18. FTP client FTPs according to claim 16, is characterized in that, described authorization information also comprises the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
19. FTP client FTPs according to claim 16, is characterized in that, described login applications client also comprises:
8th receiving element, for receive at the 6th receiving element described login application server send signature authentication information after, receive described login application server send unique identifier; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
20. FTP client FTPs according to claim 19, is characterized in that, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
21. 1 kinds of communication systems, is characterized in that, comprise FTP client FTP, third-party application server, log in application server and account management server;
Described FTP client FTP is the FTP client FTP as described in any one of claim 16 to 20;
Described login application server is the login application server as described in any one of claim 6 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595952.7A CN105187431B (en) | 2015-09-17 | 2015-09-17 | Login method, server, client and the communication system of third-party application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595952.7A CN105187431B (en) | 2015-09-17 | 2015-09-17 | Login method, server, client and the communication system of third-party application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105187431A true CN105187431A (en) | 2015-12-23 |
| CN105187431B CN105187431B (en) | 2019-02-12 |
Family
ID=54909275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510595952.7A Active CN105187431B (en) | 2015-09-17 | 2015-09-17 | Login method, server, client and the communication system of third-party application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105187431B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959276A (en) * | 2016-04-27 | 2016-09-21 | 青岛海信传媒网络技术有限公司 | Application control method, device, and terminal device based on third party account login |
| CN106339613A (en) * | 2016-08-15 | 2017-01-18 | 腾讯科技(深圳)有限公司 | Application data processing method, terminal and server |
| CN106790240A (en) * | 2017-01-22 | 2017-05-31 | 常卫华 | Based on Third Party Authentication without password login methods, devices and systems |
| CN107911282A (en) * | 2017-11-15 | 2018-04-13 | 广州百兴网络科技有限公司 | A kind of network system that third-party application implantation is realized towards social networks |
| CN107920060A (en) * | 2017-10-11 | 2018-04-17 | 北京京东尚科信息技术有限公司 | Data access method and device based on account |
| CN108650246A (en) * | 2018-04-25 | 2018-10-12 | 广州逗号智能零售有限公司 | A kind of third party's account logon method, apparatus and system |
| CN110149212A (en) * | 2019-05-31 | 2019-08-20 | 杭州安恒信息技术股份有限公司 | A kind of database security reinforcement means, device and electronic equipment |
| CN110602139A (en) * | 2019-09-27 | 2019-12-20 | 成都九曲互动科技有限公司 | Recharge login access method and system based on Tencent cloud |
| CN110719187A (en) * | 2018-07-13 | 2020-01-21 | 深圳兆日科技股份有限公司 | Configuration management method, system and computer readable storage medium |
| CN111193695A (en) * | 2019-07-26 | 2020-05-22 | 腾讯科技(深圳)有限公司 | Encryption method and device for third party account login and storage medium |
| CN111200579A (en) * | 2018-11-16 | 2020-05-26 | 北京奇虎科技有限公司 | A user login method, client and system |
| CN111833063A (en) * | 2019-04-16 | 2020-10-27 | 北京嘀嘀无限科技发展有限公司 | Information processing method, computer device, and computer-readable storage medium |
| CN112069488A (en) * | 2020-07-27 | 2020-12-11 | 合肥美的智能科技有限公司 | Application registration method and related device in communication program |
| CN112688943A (en) * | 2020-12-23 | 2021-04-20 | 南方电网数字电网研究院有限公司 | Dynamic password generation method, server, terminal device and storage medium |
| WO2021168829A1 (en) * | 2020-02-28 | 2021-09-02 | 华为技术有限公司 | User identifier verification method and related device |
| CN113452719A (en) * | 2018-03-30 | 2021-09-28 | 平安科技(深圳)有限公司 | Application login method and device, terminal equipment and storage medium |
| CN113595968A (en) * | 2020-04-30 | 2021-11-02 | 华为技术有限公司 | Login method and system based on cloud application instance and related equipment |
| CN115250204A (en) * | 2022-09-22 | 2022-10-28 | 四川蜀天信息技术有限公司 | Method and system for centralized processing login authentication |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571857A (en) * | 2010-12-27 | 2012-07-11 | 深圳市闪联信息技术有限公司 | Method and system for realizing logging in XMPP (Xmlbased Messaging and Presence Protocol) server |
| WO2012136083A1 (en) * | 2011-04-07 | 2012-10-11 | 腾讯科技(深圳)有限公司 | System and method for accessing third-party applications based on cloud platform |
| CN102763397A (en) * | 2010-02-18 | 2012-10-31 | 诺基亚公司 | Method and apparatus for providing authentication session sharing |
| CN102821085A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Third party authorization login method, open platform and system |
| CN103634329A (en) * | 2013-12-20 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Cross-site login method, cross-site login system and a cross-site login device |
| CN104348612A (en) * | 2013-07-23 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Third-party website login method based on mobile terminal and mobile terminal |
-
2015
- 2015-09-17 CN CN201510595952.7A patent/CN105187431B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102763397A (en) * | 2010-02-18 | 2012-10-31 | 诺基亚公司 | Method and apparatus for providing authentication session sharing |
| CN102571857A (en) * | 2010-12-27 | 2012-07-11 | 深圳市闪联信息技术有限公司 | Method and system for realizing logging in XMPP (Xmlbased Messaging and Presence Protocol) server |
| WO2012136083A1 (en) * | 2011-04-07 | 2012-10-11 | 腾讯科技(深圳)有限公司 | System and method for accessing third-party applications based on cloud platform |
| CN102821085A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Third party authorization login method, open platform and system |
| CN104348612A (en) * | 2013-07-23 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Third-party website login method based on mobile terminal and mobile terminal |
| CN103634329A (en) * | 2013-12-20 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Cross-site login method, cross-site login system and a cross-site login device |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959276A (en) * | 2016-04-27 | 2016-09-21 | 青岛海信传媒网络技术有限公司 | Application control method, device, and terminal device based on third party account login |
| CN106339613A (en) * | 2016-08-15 | 2017-01-18 | 腾讯科技(深圳)有限公司 | Application data processing method, terminal and server |
| CN106790240A (en) * | 2017-01-22 | 2017-05-31 | 常卫华 | Based on Third Party Authentication without password login methods, devices and systems |
| CN106790240B (en) * | 2017-01-22 | 2021-04-23 | 常卫华 | Password-free login method, device and system based on third party authentication |
| CN107920060B (en) * | 2017-10-11 | 2020-06-05 | 北京京东尚科信息技术有限公司 | Data access method and device based on account |
| CN107920060A (en) * | 2017-10-11 | 2018-04-17 | 北京京东尚科信息技术有限公司 | Data access method and device based on account |
| CN107911282A (en) * | 2017-11-15 | 2018-04-13 | 广州百兴网络科技有限公司 | A kind of network system that third-party application implantation is realized towards social networks |
| CN113452719A (en) * | 2018-03-30 | 2021-09-28 | 平安科技(深圳)有限公司 | Application login method and device, terminal equipment and storage medium |
| CN108650246A (en) * | 2018-04-25 | 2018-10-12 | 广州逗号智能零售有限公司 | A kind of third party's account logon method, apparatus and system |
| CN110719187A (en) * | 2018-07-13 | 2020-01-21 | 深圳兆日科技股份有限公司 | Configuration management method, system and computer readable storage medium |
| CN110719187B (en) * | 2018-07-13 | 2022-05-20 | 深圳兆日科技股份有限公司 | Configuration management method, system and computer readable storage medium |
| CN111200579A (en) * | 2018-11-16 | 2020-05-26 | 北京奇虎科技有限公司 | A user login method, client and system |
| CN111200579B (en) * | 2018-11-16 | 2023-10-31 | 北京奇虎科技有限公司 | User login method, client and system |
| CN111833063A (en) * | 2019-04-16 | 2020-10-27 | 北京嘀嘀无限科技发展有限公司 | Information processing method, computer device, and computer-readable storage medium |
| CN111833063B (en) * | 2019-04-16 | 2024-02-02 | 北京嘀嘀无限科技发展有限公司 | Information processing method, computer device, and computer-readable storage medium |
| CN110149212A (en) * | 2019-05-31 | 2019-08-20 | 杭州安恒信息技术股份有限公司 | A kind of database security reinforcement means, device and electronic equipment |
| CN111193695A (en) * | 2019-07-26 | 2020-05-22 | 腾讯科技(深圳)有限公司 | Encryption method and device for third party account login and storage medium |
| CN111193695B (en) * | 2019-07-26 | 2021-07-06 | 腾讯科技(深圳)有限公司 | Encryption method and device for third party account login and storage medium |
| CN110602139A (en) * | 2019-09-27 | 2019-12-20 | 成都九曲互动科技有限公司 | Recharge login access method and system based on Tencent cloud |
| CN114731289A (en) * | 2020-02-28 | 2022-07-08 | 华为技术有限公司 | A user identification verification method and related equipment |
| WO2021168829A1 (en) * | 2020-02-28 | 2021-09-02 | 华为技术有限公司 | User identifier verification method and related device |
| CN113595968A (en) * | 2020-04-30 | 2021-11-02 | 华为技术有限公司 | Login method and system based on cloud application instance and related equipment |
| CN113595968B (en) * | 2020-04-30 | 2023-02-03 | 华为云计算技术有限公司 | Login method and system based on cloud application instance and related equipment |
| US12243041B2 (en) | 2020-04-30 | 2025-03-04 | Huawei Cloud Computing Technologies Co., Ltd. | Payment method and system based on cloud application instance, and related device |
| US12361429B2 (en) | 2020-04-30 | 2025-07-15 | Huawei Cloud Computing Technologies Co., Ltd. | Login method and system based on cloud application instance, and related device |
| CN112069488A (en) * | 2020-07-27 | 2020-12-11 | 合肥美的智能科技有限公司 | Application registration method and related device in communication program |
| CN112688943A (en) * | 2020-12-23 | 2021-04-20 | 南方电网数字电网研究院有限公司 | Dynamic password generation method, server, terminal device and storage medium |
| CN115250204A (en) * | 2022-09-22 | 2022-10-28 | 四川蜀天信息技术有限公司 | Method and system for centralized processing login authentication |
| CN115250204B (en) * | 2022-09-22 | 2022-12-09 | 四川蜀天信息技术有限公司 | Method and system for centralized processing login authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105187431B (en) | 2019-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105187431A (en) | Log-in method, server, client and communication system for third party application | |
| US10187797B2 (en) | Code-based authorization of mobile device | |
| CN105530224B (en) | The method and apparatus of terminal authentication | |
| CN103780397B (en) | A kind of multi-screen multiple-factor convenient WEB identity authentication method | |
| US8356179B2 (en) | Entity bi-directional identificator method and system based on trustable third party | |
| CN104917727B (en) | A kind of method, system and device of account's authentication | |
| JP5980961B2 (en) | Multi-factor certificate authority | |
| US9025769B2 (en) | Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone | |
| CN101414909B (en) | Network application user authentication system, method and mobile communication terminal | |
| CN105516163B (en) | A kind of login method and terminal device and communication system | |
| CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
| CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN100365974C (en) | Device and method for controlling computer login | |
| CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
| JP2016521029A (en) | Network system comprising security management server and home network, and method for including a device in the network system | |
| CN113766450A (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN105187417B (en) | Authority acquiring method and apparatus | |
| CN105141624A (en) | Login method, account management server and client system | |
| EP3123758B1 (en) | User equipment proximity requests authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |