[go: up one dir, main page]

CN116263918A - Password-free login data processing method and password-free login data processing system - Google Patents

Password-free login data processing method and password-free login data processing system Download PDF

Info

Publication number
CN116263918A
CN116263918A CN202111523087.7A CN202111523087A CN116263918A CN 116263918 A CN116263918 A CN 116263918A CN 202111523087 A CN202111523087 A CN 202111523087A CN 116263918 A CN116263918 A CN 116263918A
Authority
CN
China
Prior art keywords
server
request
temporary session
key
session token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111523087.7A
Other languages
Chinese (zh)
Inventor
罗旭东
张健
李澎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unionpay International Co ltd
Original Assignee
Unionpay International Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unionpay International Co ltd filed Critical Unionpay International Co ltd
Priority to CN202111523087.7A priority Critical patent/CN116263918A/en
Publication of CN116263918A publication Critical patent/CN116263918A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a method and a system for processing password-free login data. The method comprises the following steps: sending a first request for requesting to allocate the device ID to the server, and receiving and storing the device ID returned from the server; sending a second request for distributing the temporary session Token to the server based on the device ID, and receiving and storing the temporary session Token distributed from the server; and sending out a password-free login request based on the equipment ID and the temporary session Token. According to the invention, the consumer can make the order and pay through the allocated device ID without registering and logging in, and the convenience and safety of payment can be realized.

Description

免密登录数据处理方法以及免密登录数据处理系统Password-free login data processing method and password-free login data processing system

技术领域technical field

本发明涉及计算机技术,具体地涉及一种免密登录数据处理方法以及免密登录数据处理系统。The invention relates to computer technology, in particular to a secret-free login data processing method and a secret-free login data processing system.

背景技术Background technique

随着电子商务的发展,如今电子商务已经成为了人们日常生活的重要组成部分。人们可以不用出门利用电脑或者手机就能够进行购物,并且价格便宜。With the development of e-commerce, e-commerce has become an important part of people's daily life. People can shop without going out using computers or mobile phones, and the prices are cheap.

消费者为了从各个平台上购买自己所需的商品,都需要先提交个人信息注册平台账号。不知不觉发现自己在很多平台上都留存了个人手机号码、邮箱、密码等个人敏感信息,这就增加了个人信息被泄露的风险。特别有一些用户为了方便记忆,在各网站使用相同的账号和密码,增加了撞库攻击的风险,一个平台的账号密码被泄露的话会导致其他平台的账号密码泄露。In order to purchase the goods they need from various platforms, consumers need to submit personal information to register platform accounts. Unknowingly, I found that I had retained personal sensitive information such as personal mobile phone numbers, email addresses, and passwords on many platforms, which increased the risk of personal information being leaked. In particular, some users use the same account and password on each website for the convenience of memory, which increases the risk of credential stuffing attacks. If the account password of one platform is leaked, the account password of other platforms will be leaked.

对于消费者来说,很多购物平台只是临时使用或使用频率非常低,买完以后可能就不会再使用了。因此,希望能找到一种在线支付解决方案,无需用户注册登录即可快速便捷的完成购物支付流程。For consumers, many shopping platforms are only used temporarily or very infrequently, and may not be used again after the purchase. Therefore, it is hoped to find an online payment solution that can quickly and conveniently complete the shopping payment process without user registration and login.

目前的免登录支付方案实现方式主要有2种:There are two main implementation methods of the current login-free payment scheme:

用户点击付款时调用支付平台的收银台界面,用户输入卡号等信息完成支付。这种免登录支付流程非常简单,但存在几个问题,首先用户无法查看历史交易记录;其次他人知道支付链接以后可以查看自己的订单信息;再次一个支付链接允许多人支付的场景,在用户关闭浏览器后无法查看之前的订单状态。When the user clicks to pay, the cash register interface of the payment platform is called, and the user enters the card number and other information to complete the payment. This login-free payment process is very simple, but there are several problems. First, users cannot view historical transaction records; second, others can view their own order information after knowing the payment link; It is not possible to check the previous order status after the browser.

基于浏览器缓存的方式,用户打开支付链接时记录用户设备ID。用户点击支付按钮跳转到收银台完成支付,支付以后记录设备ID和交易记录的关联关系。虽然,能够解决用户付款以后查看历史交易记录和查看订单状态的问题,但这种方案存在非常大的安全问题,如:攻击者通过抓包等方式获取到用户的设备ID,然后就可以查看该设备ID关联的所有交易记录。Based on the browser cache method, the user device ID is recorded when the user opens the payment link. The user clicks the payment button and jumps to the cash register to complete the payment. After payment, the association between the device ID and the transaction record is recorded. Although it can solve the problem of viewing historical transaction records and viewing order status after the user pays, this solution has very big security problems, such as: the attacker obtains the user's device ID through packet capture, etc., and then can view the All transaction records associated with the device ID.

发明内容Contents of the invention

鉴于上述问题,本发明旨在提供一种无需注册登录即可完成后续支付流程并且能够保证支付安全性的免密登录数据处理方法以及免密登录数据处理系统。In view of the above problems, the present invention aims to provide a secret-free login data processing method and a secret-free login data processing system that can complete the subsequent payment process without registration and login and can ensure payment security.

进一步,本发明还旨在提供一种能够防止他人防冒用户请求进行订单状态、历史交易查询的免密登录数据处理方法以及免密登录数据处理系统。Furthermore, the present invention also aims to provide a secret-free login data processing method and a secret-free login data processing system that can prevent others from impersonating users to request order status and historical transaction inquiries.

本发明一方面的免密登录数据处理方法,其特征在于,包括:The secret-free login data processing method in one aspect of the present invention is characterized in that it includes:

参数初始化步骤,向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID,其中,所述设备ID是由服务器基于所述第一请求生成并用于唯一地标识客户端;A parameter initialization step, sending a first request to the server for requesting the allocation of a device ID, receiving and storing the device ID returned from the server, wherein the device ID is generated by the server based on the first request and is used to uniquely identify the client end;

临时会话Token请求步骤,基于所述设备ID向服务器发出用于分配临时会话Token的第二请求,接收并存储从服务器分配的临时会话Token,其中,所述临时会话Token是由服务器基于所述第二请求生成并且所述服务器存储临时会话Token和设备ID之间的第一对应关系;The temporary session Token request step is to send a second request for allocating a temporary session Token to the server based on the device ID, and receive and store the temporary session Token allocated from the server, wherein the temporary session Token is generated by the server based on the second Two requests are generated and the server stores the first correspondence between the temporary session Token and the device ID;

免密登录步骤,基于所述设备ID以及所述临时会话Token发出免密登录请求。In the secret-free login step, a secret-free login request is issued based on the device ID and the temporary session Token.

可选地,在所述免密登录请求中,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,接收从服务器返回的设备ID相关的订单信息,其中,所述服务器存储临时会话Token和订单信息之间的第二对应关系,Optionally, in the secret-free login request, a third request for obtaining order information is issued based on the device ID and the temporary session Token, and the order information related to the device ID returned from the server is received, wherein the The server stores the second corresponding relationship between the temporary session Token and the order information,

在所述免密登录请求之后进一步包括:After the password-free login request, it further includes:

订单支付步骤,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求,接收从服务器返回的基于所述第四请求而创建的支付链接,其中,所述服务器根据所述第一对应关系和所述第二对应关系获得对应的订单信息并生成支付链接。The order payment step is to issue a fourth request for requesting payment based on the temporary session Token and the order information, and receive the payment link created based on the fourth request returned from the server, wherein the server according to the The first corresponding relationship and the second corresponding relationship obtain corresponding order information and generate a payment link.

可选地,在所述订单支付步骤之后进一步包括:Optionally, after the order payment step, further include:

交易查询步骤,基于所述临时会话Token发出用于查询交易记录的第五请求,接收从服务器返回的基于所述第五请求而查询到的交易记录,其中,所述服务器根据所述第一对应关系获得与所述临时会话Token对应的设备ID相关的交易记录。The transaction query step is to issue a fifth request for querying transaction records based on the temporary session Token, and receive the transaction records returned from the server based on the fifth request, wherein the server according to the first correspondence The relationship obtains transaction records related to the device ID corresponding to the temporary session Token.

可选地所述参数初始化步骤包括:Optionally, the parameter initialization step includes:

向服务器发出用于获取服务器端公钥的请求;Send a request to the server to obtain the server-side public key;

接收并存储从服务器根据该请求生成的服务器端公钥,其中,在服务器存储所述服务器端公钥与所述服务器端公钥对应的服务器端私钥;receiving and storing the server-side public key generated from the server according to the request, wherein the server-side public key and the server-side private key corresponding to the server-side public key are stored on the server;

生成客户端公私钥对和随机密钥并且存储所述客户端公私钥对和随机密钥;Generate a client public-private key pair and a random key and store the client public-private key pair and random key;

向服务器发出用于请求分配设备ID的第一请求,其中,所述第一请求中包含所述客户端公钥和用所述服务器端公钥加密后的随机密钥,其中,服务器使用所述服务器端私钥解密出随机密钥,并且生成唯一标识客户端的设备ID,使用随机密钥将设备ID加密后返回,同时服务器存储设备ID和客户端公钥之间的对应关系;以及sending a first request to the server for requesting device ID allocation, wherein the first request includes the client public key and a random key encrypted with the server public key, wherein the server uses the The server-side private key decrypts a random key, and generates a device ID that uniquely identifies the client, uses the random key to encrypt the device ID and returns it, and the server stores the corresponding relationship between the device ID and the client public key; and

接收从服务器返回的设备ID。Receive the device ID returned from the server.

可选地对于存储的所述客户端公私钥对和随机密钥,设置提取密码。Optionally, an extraction password is set for the stored client public-private key pair and random key.

可选地所述临时会话Token请求步骤包括:Optionally, the temporary session Token request step includes:

生成临时会话密钥;generate a temporary session key;

向服务器发出用于获取临时会话Token的第二请求,其中,所述第二请求中包括:使用所述临时会话密钥加密的设备ID、使用所述客户端私钥对报文进行数字签名的签名值、以及使用所述服务器端公钥加密的临时会话密钥,其中,服务器使用所述服务器端私钥解密获取到临时会话密钥,使用临时会话密钥解密获取设备ID,再根据设备ID基于服务器存储设备ID和客户端公钥之间的对应关系获得对应的客户端公钥,使用该客户端公钥验签报文,在验签通过的情况下,服务器生成临时会话Token,并且服务器把临时会话Token和临时会话密钥与设备ID关联存储;以及Sending a second request to the server for obtaining a temporary session Token, wherein the second request includes: a device ID encrypted with the temporary session key, a device ID encrypted with the client private key to digitally sign the message The signature value and the temporary session key encrypted with the server-side public key, wherein the server uses the server-side private key to decrypt to obtain the temporary session key, and uses the temporary session key to decrypt to obtain the device ID, and then according to the device ID Based on the corresponding relationship between the server storage device ID and the client public key, the corresponding client public key is obtained, and the client public key is used to verify the signature of the message. If the signature verification is passed, the server generates a temporary session Token, and the server Store the temporary session token and temporary session key in association with the device ID; and

接收从服务器返回的临时会话密钥以及使用所述服务器端私钥对报文进行数字签名的签名值。Receive the temporary session key returned from the server and the signature value for digitally signing the message with the server-side private key.

可选地所述订单支付步骤包括下述子步骤:Optionally, the order payment step includes the following sub-steps:

采用临时会话Token向服务器发送请求,以获取订单信息,其中,服务器根据接收到的临时会话Token关联获得设备ID以及关联该设备ID的订单信息;Use the temporary session Token to send a request to the server to obtain order information, wherein the server obtains the device ID and the order information associated with the device ID according to the received temporary session Token association;

接收从服务器返回到客户端的订单信息;Receive order information returned from the server to the client;

携带临时会话Token和订单信息向服务器发起付款请求,其中,服务器根据临时会话Token查找设备ID和客户端公钥,然后对报文验签,验签通过后则创建基于订单信息创建支付链接;以及Initiate a payment request to the server with the temporary session Token and order information, wherein the server searches for the device ID and client public key based on the temporary session Token, and then verifies the signature of the message, and creates a payment link based on the order information after the verification is passed; and

接收从服务器返回的支付链接。Receive the payment link returned from the server.

本发明一方面的免密登录数据处理系统,其特征在于,包括:移动终端以及服务器,The secret-free login data processing system in one aspect of the present invention is characterized in that it includes: a mobile terminal and a server,

所述移动终端包括:The mobile terminal includes:

参数初始化模块,用于向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID;A parameter initialization module, configured to send a first request to the server for requesting device ID allocation, and receive and store the device ID returned from the server;

临时会话模块,基于所述设备ID向服务器发出用于请求临时会话Token的第二请求,接收并存储从服务器返回的临时会话Token;以及The temporary session module sends a second request for requesting a temporary session Token to the server based on the device ID, receives and stores the temporary session Token returned from the server; and

支付处理模块,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求以及基于来自服务器的支付链接完成支付处理,The payment processing module sends a third request for obtaining order information based on the device ID and the temporary session Token, sends a fourth request for requesting payment based on the temporary session Token and the order information and based on the The payment link to complete the payment processing,

其中,所述服务器包括:Wherein, the server includes:

设备ID生成模块,基于所述第一请求生成并用于唯一地标识客户端的设备ID;a device ID generating module, configured to generate and uniquely identify the device ID of the client based on the first request;

Token生成模块,基于所述第二请求生成临时会话Token;A Token generation module generates a temporary session Token based on the second request;

交易处理模块,基于获取订单信息的第三请求,根据所述临时会话Token和所述ID调取设备ID相关的订单信息以及基于所述第四请求创建支付链接;The transaction processing module, based on the third request for obtaining order information, retrieves the order information related to the device ID according to the temporary session Token and the ID and creates a payment link based on the fourth request;

数据库,用于存储所述设备ID和所述临时会话Token,并且用于存储临时会话Token和设备ID之间的第一对应关系以及临时会话Token和订单信息之间的第二对应关系。The database is used to store the device ID and the temporary session Token, and is used to store a first correspondence between the temporary session Token and the device ID and a second correspondence between the temporary session Token and order information.

可选地所述数据库进一步存储相关设备ID的交易记录,Optionally, the database further stores transaction records related to the device ID,

所述移动终端进一步包括:The mobile terminal further includes:

交易查询模块,基于所述临时会话Token发出用于查询交易记录的第五请求,The transaction query module sends the fifth request for querying transaction records based on the temporary session Token,

所述交易处理模块进一步接收所述第五请求并从所述数据库中查询与所述设备ID相关的交易记录。The transaction processing module further receives the fifth request and queries the transaction records related to the device ID from the database.

本发明一方面的初始化模块,用于向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID;The initialization module in one aspect of the present invention is used to send a first request to the server for requesting the allocation of a device ID, and receive and store the device ID returned from the server;

临时会话模块,基于所述设备ID向服务器发出用于获取临时会话Token的第二请求,接收并存储从服务器返回的临时会话Token;以及The temporary session module sends a second request for obtaining a temporary session Token to the server based on the device ID, receives and stores the temporary session Token returned from the server; and

支付处理模块,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求以及基于来自服务器的支付链接完成支付处理。The payment processing module sends a third request for obtaining order information based on the device ID and the temporary session Token, sends a fourth request for requesting payment based on the temporary session Token and the order information and based on the payment link to complete payment processing.

可选地所述移动终端进一步包括:Optionally the mobile terminal further includes:

交易查询模块,基于所述临时会话Token发出用于查询交易记录的第五请求。The transaction query module sends a fifth request for querying transaction records based on the temporary session Token.

可选地所述参数初始化模块执行以下动作:Optionally, the parameter initialization module performs the following actions:

向服务器发出用于获取服务器端公钥的请求;Send a request to the server to obtain the server-side public key;

接收从服务器根据该请求生成的服务器端公钥并且存储所述服务器端公钥;receiving the server-side public key generated from the server according to the request and storing the server-side public key;

生成客户端公私钥对和随机密钥并且存储所述客户端公私钥对和随机密钥;Generate a client public-private key pair and a random key and store the client public-private key pair and random key;

向服务器发出用于请求分配设备ID的第一请求,其中,所述第一请求中包含所述客户端公钥和用所述服务器端公钥加密后的随机密钥,其中,服务器使用所述服务器端私钥解密出随机密钥,并且生成唯一的设备ID,使用随机密钥将设备ID加密后返回给客户端,同时服务器存储设备ID和客户端公钥之间的对应关系;以及sending a first request to the server for requesting device ID allocation, wherein the first request includes the client public key and a random key encrypted with the server public key, wherein the server uses the The server-side private key decrypts a random key, and generates a unique device ID, uses the random key to encrypt the device ID and returns it to the client, and the server stores the corresponding relationship between the device ID and the client public key; and

接收从服务器返回的设备ID。Receive the device ID returned from the server.

可选地所述参数初始化模块对于存储的所述客户端公私钥对和随机密钥设置提取密码。Optionally, the parameter initialization module sets an extraction password for the stored client public-private key pair and random key.

可选地所述临时会话Token请求模块执行下述动作:Optionally, the temporary session Token request module performs the following actions:

生成临时会话密钥;generate a temporary session key;

向服务器发出用于获取临时会话Token的第二请求,其中,所述第二请求中包括:使用所述临时会话密钥加密的设备ID、使用所述客户端私钥对报文进行数字签名的签名值、以及使用所述服务器端公钥加密的临时会话密钥,其中,服务器使用所述服务器端私钥解密获取到临时会话密钥,使用临时会话密钥解密获取设备ID,再根据设备ID基于服务器存储设备ID和客户端公钥之间的对应关系获得对应的客户端公钥,使用该客户端公钥验签报文,在验签通过的情况下,服务器生成临时会话Token,并且服务器把临时会话Token和临时会话密钥与设备ID关联存储;以及Sending a second request to the server for obtaining a temporary session Token, wherein the second request includes: a device ID encrypted with the temporary session key, a device ID encrypted with the client private key to digitally sign the message The signature value and the temporary session key encrypted with the server-side public key, wherein the server uses the server-side private key to decrypt to obtain the temporary session key, and uses the temporary session key to decrypt to obtain the device ID, and then according to the device ID Based on the corresponding relationship between the server storage device ID and the client public key, the corresponding client public key is obtained, and the client public key is used to verify the signature of the message. If the signature verification is passed, the server generates a temporary session Token, and the server Store the temporary session token and temporary session key in association with the device ID; and

接收从服务器返回的临时会话密钥以及使用所述服务器端私钥对报文进行数字签名的签名值。Receive the temporary session key returned from the server and the signature value for digitally signing the message with the server-side private key.

本发明一方面的服务器,其特征在于,包括:The server of one aspect of the present invention is characterized in that, comprising:

设备ID生成模块,基于第一请求生成并用于唯一地标识客户端的设备ID;A device ID generation module, which is generated based on the first request and used to uniquely identify the device ID of the client;

Token生成模块,基于第二请求生成临时会话Token;Token generation module, generates temporary session Token based on the second request;

交易处理模块,基于获取订单信息的第三请求,根据所述临时会话Token和所述ID调取设备ID相关的订单信息以及基于第四请求创建支付链接;The transaction processing module, based on the third request for obtaining order information, retrieves the order information related to the device ID according to the temporary session Token and the ID and creates a payment link based on the fourth request;

数据库,用于存储所述设备ID和所述临时会话Token,并且用于存储临时会话Token和设备ID之间的第一对应关系以及临时会话Token和订单信息之间的第二对应关系。The database is used to store the device ID and the temporary session Token, and is used to store a first correspondence between the temporary session Token and the device ID and a second correspondence between the temporary session Token and order information.

可选地所述数据库进一步存储相关设备ID的交易记录,Optionally, the database further stores transaction records related to the device ID,

所述交易处理模块进一步接收第五请求并从所述数据库中查询与所述设备ID相关的交易记录。The transaction processing module further receives the fifth request and queries the transaction records related to the device ID from the database.

本发明一方面的计算机可读介质,其上存储有计算机程序,其特征在于,A computer-readable medium according to one aspect of the present invention, on which a computer program is stored, is characterized in that,

该计算机程序被处理器执行时实现所述的免密登录数据处理方法。When the computer program is executed by the processor, the method for processing the secret-free login data is realized.

本发明一方面的计算机设备,包括存储模块、处理器以及存储在存储模块上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现所述的免密登录数据处理方法。A computer device in one aspect of the present invention includes a storage module, a processor, and a computer program stored on the storage module and operable on the processor, wherein the processor implements the above-mentioned exemption when executing the computer program. Secret login data processing method.

如上所述,根据本发明的免密登录数据处理方法以及免密登录数据处理系统,消费者进入商城以后无需注册登录即可下订单和付款,而只需要利用设备ID来实现订单信息的查询、订单的支付以及交易的查询,整个购物体验便捷、安全。而且,由于用户无需留存个人账号密码等信息,因此用户也无需担心个人信息被平台泄露或滥用。再者,在本发明中,通过加密签名等技术手段处理,能够有效防止传输数据被他人拦截篡改和仿冒的风险,保证用户数据的安全。As mentioned above, according to the secret-free login data processing method and secret-free login data processing system of the present invention, consumers can place orders and pay without registering and logging in after entering the mall, and only need to use the device ID to realize order information query, Order payment and transaction inquiry, the whole shopping experience is convenient and safe. Moreover, since users do not need to keep information such as personal account passwords, users do not need to worry about personal information being leaked or abused by the platform. Furthermore, in the present invention, through encrypted signature and other technical means, the risks of interception, tampering and counterfeiting of transmitted data can be effectively prevented, and the security of user data can be ensured.

本发明一方面的计算机可读介质,其上存储有计算机程序,其特征在于,该计算机程序被处理器执行时实现所述的免密登录数据处理方法。The computer-readable medium in one aspect of the present invention has a computer program stored thereon, and is characterized in that, when the computer program is executed by a processor, the above method for processing secret-free login data is realized.

本发明一方面的计算机设备,包括存储模块、处理器以及存储在存储模块上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现所述的免密登录数据处理方法。A computer device in one aspect of the present invention includes a storage module, a processor, and a computer program stored on the storage module and operable on the processor, wherein the processor implements the above-mentioned exemption when executing the computer program. Secret login data processing method.

附图说明Description of drawings

图1是表示本发明的免密登录数据处理方法的流程示意图。Fig. 1 is a schematic flow chart showing a method for processing secret-free login data of the present invention.

图2是表示一个具体实施方式中的初始化系统参数的流程示意图。Fig. 2 is a schematic flow chart showing the initialization of system parameters in a specific embodiment.

图3是表示一个具体实施方式中的支付过程的流程示意图。Fig. 3 is a schematic flow chart showing the payment process in a specific embodiment.

图4是表示一个具体实施方式中的查询历史记录过程的流程示意图。Fig. 4 is a schematic flow chart showing the query history recording process in a specific embodiment.

图5是表示本发明的免密登录数据处理系统的结构框图。Fig. 5 is a block diagram showing the structure of the password-free login data processing system of the present invention.

具体实施方式Detailed ways

下面介绍的是本发明的多个实施例中的一些,旨在提供对本发明的基本了解。并不旨在确认本发明的关键或决定性的要素或限定所要保护的范围。Introduced below are some of the various embodiments of the invention, intended to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or to delineate the scope of protection.

出于简洁和说明性目的,本文主要参考其示范实施例来描述本发明的原理。但是,本领域技术人员将容易地认识到,相同的原理可等效地应用于所有类型的免密登录数据处理方法以及免密登录数据处理系统。并且可以在其中实施这些相同的原理,以及任何此类变化不背离本专利申请的真实精神和范围。For purposes of brevity and illustration, the principles of the invention are described herein primarily with reference to exemplary embodiments thereof. However, those skilled in the art will readily recognize that the same principles are equally applicable to all types of password-free data processing methods and password-free data processing systems. And these same principles can be implemented therein, and any such changes do not depart from the true spirit and scope of this patent application.

而且,在下文描述中,参考了附图,这些附图图示特定的示范实施例。在不背离本发明的精神和范围的前提下可以对这些实施例进行电、机械、逻辑和结构上的更改。此外,虽然本发明的特征是结合若干实施/实施例的仅其中之一来公开的,但是如针对任何给定或可识别的功能可能是期望和/或有利的,可以将此特征与其他实施/实施例的一个或多个其他特征进行组合。因此,下文描述不应视为在限制意义上的,并且本发明的范围由所附权利要求及其等效物来定义。Moreover, in the following description, reference is made to the accompanying drawings, which illustrate certain exemplary embodiments. Electrical, mechanical, logical and structural changes may be made to these embodiments without departing from the spirit and scope of the present invention. Furthermore, although a feature of the invention is disclosed in connection with only one of several implementations/embodiments, such feature may be combined with other implementations as may be desired and/or advantageous for any given or identified functionality. / One or more other features of the embodiments are combined. Accordingly, the following description should not be taken in a limiting sense, and the scope of the invention is defined by the appended claims and their equivalents.

诸如“具备”和“包括”之类的用语表示除了具有在说明书和权利要求书中有直接和明确表述的单元(模块)和步骤以外,本发明的技术方案也不排除具有未被直接或明确表述的其它单元(模块)和步骤的情形。Words such as "have" and "comprising" mean that in addition to having units (modules) and steps that are directly and explicitly stated in the specification and claims, the technical solution of the present invention does not exclude The situation of other units (modules) and steps of the expression.

以下对于本发明中将要会出现的一些技术用语进行说明。Some technical terms that will appear in the present invention are described below.

(1)免登录:用户不需要在平台注册账号即可使用所有的功能,减少了用户个人信息被泄露的风险。(1) Login-free: Users do not need to register an account on the platform to use all functions, reducing the risk of user personal information being leaked.

(2)数字签名:是附加在数据单元上的一些数据,或是对数据单元所作的密码变换。 这种数据或变换允许数据单元的接收者用以确认数据单元的来源和数据单元的完整性并保护数据,防止被人(例如接收者)进行伪造。(2) Digital signature: It is some data attached to the data unit, or a cryptographic transformation of the data unit. This data or transformation allows the recipient of the data unit to confirm the origin of the data unit and the integrity of the data unit and to protect the data from forgery by someone (eg, the recipient).

(3)RSA:是一种非对称加密算法,在公开密钥加密和电子商业中被广泛使用。(3) RSA: It is an asymmetric encryption algorithm widely used in public key encryption and electronic commerce.

(4)AES:是目前最流行的对称加密算法,也可以叫做高级加密标准。 是美国联邦政府采用的一种区块加密标准。(4) AES: It is the most popular symmetric encryption algorithm at present, and it can also be called Advanced Encryption Standard. It is a block encryption standard adopted by the US federal government.

(5)提取密码:解密存储在客户端的敏感数据的密钥。(5) Extract password: the key to decrypt sensitive data stored on the client.

首先,对于本发明的免密登录数据处理方法进行说明。First, the method for processing password-free login data of the present invention will be described.

图1是表示本发明的免密登录数据处理方法的流程示意图。Fig. 1 is a schematic flow chart showing a method for processing secret-free login data of the present invention.

如图1所示,本发明的免密登录数据处理方法,其特征在于,包括:As shown in Figure 1, the secret-free login data processing method of the present invention is characterized in that it includes:

参数初始化步骤S100:向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID,其中,所述设备ID是由服务器基于所述第一请求生成并用于唯一地标识客户端;Parameter initialization step S100: sending a first request to the server for requesting the allocation of a device ID, receiving and storing the device ID returned from the server, wherein the device ID is generated by the server based on the first request and used to uniquely identify client;

临时会话Token请求步骤S200:基于所述设备ID向服务器发出用于分配临时会话Token的第二请求,接收并存储从服务器分配的临时会话Token,其中,所述临时会话Token是由服务器基于所述第二请求生成并且所述服务器存储临时会话Token和设备ID之间的第一对应关系;以及Temporary session Token request step S200: send a second request for allocating a temporary session Token to the server based on the device ID, receive and store the temporary session Token allocated from the server, wherein the temporary session Token is determined by the server based on the The second request is generated and the server stores the first correspondence between the temporary session Token and the device ID; and

免密登录请求步骤S300:基于所述设备ID以及所述临时会话Token发出免密登录请求。Password-free login request step S300: send a password-free login request based on the device ID and the temporary session token.

这里作为一个示例,列举的是采用免密登录进行订单支付的场景。这样,免密登录请求步骤S300具体包括:获取订单信息的第三请求,接收从服务器返回的设备ID相关的订单信息,其中,所述服务器存储临时会话Token和订单信息之间的第二对应关系。As an example, here is a scenario where password-free login is used for order payment. In this way, the password-free login request step S300 specifically includes: obtaining a third request for order information, receiving the order information related to the device ID returned from the server, wherein the server stores the second correspondence between the temporary session Token and the order information .

在该免密登录请求步骤S300之后进一步包括(未图示):After step S300 of the password-free login request, it further includes (not shown):

订单支付步骤: 基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求,接收从服务器返回的基于所述第四请求而创建的支付链接,其中,所述服务器根据所述第一对应关系和所述第二对应关系获得对应的订单信息并生成支付链接。Order payment step: send a fourth request for payment based on the temporary session Token and the order information, and receive the payment link created based on the fourth request returned from the server, wherein the server according to the The first corresponding relationship and the second corresponding relationship obtain corresponding order information and generate a payment link.

在所述订单支付步骤之后可选地还可以进一步包括(未图示):After the order payment step, it may optionally further include (not shown):

交易查询步骤,基于所述临时会话Token发出用于查询交易记录的第五请求,接收从服务器返回的基于所述第五请求而查询到的交易记录,其中,所述服务器根据所述第一对应关系获得与所述临时会话Token对应的设备ID相关的交易记录。The transaction query step is to issue a fifth request for querying transaction records based on the temporary session Token, and receive the transaction records returned from the server based on the fifth request, wherein the server according to the first correspondence The relationship obtains transaction records related to the device ID corresponding to the temporary session Token.

接着,对于本发明的一个具体实施方式的免密登录数据处理方法进行说明。Next, a method for processing password-free login data according to a specific embodiment of the present invention will be described.

作为将本发明的免密登录数据处理方法应用到支付场景的示例中,其处理过程可以大致分为四个部分:(1)初始化系统参数过程、(2)临时会话Token获取过程和支付过程、(3)查询历史记录过程。As an example of applying the secret-free login data processing method of the present invention to a payment scenario, the processing process can be roughly divided into four parts: (1) initialization system parameter process, (2) temporary session Token acquisition process and payment process, (3) Query the history record process.

以下对于各个部分进行具体说明。Each part will be described in detail below.

(1)初始化系统参数(1) Initialize system parameters

初始化系统参数的主要作用是为当前客户端生成唯一标识(设备ID)、以及生成客户端公私钥对等。客户端需要使用加密算法把设备ID和私钥加密后存储在客户端,下次用户打开客户端时先检查设备ID是否存在,如果存在则直接使用,不存在则重新执行初始化系统参数流程。The main function of initializing system parameters is to generate a unique identifier (device ID) for the current client, and generate a client public-private key pair, etc. The client needs to use an encryption algorithm to encrypt the device ID and private key and store it on the client. The next time the user opens the client, first check whether the device ID exists. If it exists, use it directly.

在本发明中,通过提出的设备ID能够唯一标识客户端,设备ID用于服务器(后台)标识判断是否为同一个用户,消费者付款时后台关联设备ID和交易信息,下次用户查询交易记录时根据设备ID查询关联的交易记录。在客户端生成的公私钥对用于对请求报文签名和验签,便于服务器识别请求来源,确保设备ID不会被他人冒用。In the present invention, the proposed device ID can uniquely identify the client, and the device ID is used by the server (background) to identify whether it is the same user. When the consumer pays, the background associates the device ID and transaction information, and the next time the user queries the transaction record When querying the associated transaction records based on the device ID. The public-private key pair generated on the client side is used to sign and verify the request message, so that the server can identify the source of the request and ensure that the device ID will not be used by others.

图2是表示一个具体实施方式中的初始化系统参数的流程示意图。Fig. 2 is a schematic flow chart showing the initialization of system parameters in a specific embodiment.

如图2所示,初始化系统参数的流程包括:As shown in Figure 2, the process of initializing system parameters includes:

S1:消费者打开前端任何页面时,检查系统参数是否初始化(是否存在设备ID等信息),如果没有初始化系统参数则接下来进行以下初始化系统参数的步骤;S1: When the consumer opens any front-end page, check whether the system parameters are initialized (whether there is device ID and other information), if the system parameters have not been initialized, then proceed to the following steps to initialize the system parameters;

S2:客户端向服务器发出用于获取服务器端公钥的请求;S2: The client sends a request to the server to obtain the server-side public key;

S3:服务器根据该请求返回服务器端公钥(s_pub_key),客户端保持服务器端公钥,该服务器端公钥用于后续敏感信息的加密,其中,服务器可以根据该请求生成服务器端公钥和服务器端私钥,也可以是服务器预先已生成并存储由服务器端公钥和服务器端私钥;S3: The server returns the server-side public key (s_pub_key) according to the request, and the client keeps the server-side public key, which is used for subsequent encryption of sensitive information. The server can generate the server-side public key and server-side public key according to the request The server-side private key, or the server-side public key and server-side private key have been generated and stored in advance by the server;

S4:客户端使用规定算法生成客户端公私钥对(客户端私钥:c_pri_key和客户端公钥:c_pub_key)和随机密钥,并且使用客户端插件或者SDK等方式加密保存在客户端,另外,作为一个优选示例,考虑到客户端加密算法存在被破解的风险,可以设置提取密码,并且设置为在之后的过程中只有输入提取密码才能够获得客户端公私钥对(c_pri_key,c_pub_key)和随机密钥;S4: The client generates a client public-private key pair (client private key: c_pri_key and client public key: c_pub_key) and a random key using a specified algorithm, and encrypts and stores them on the client using a client plug-in or SDK. In addition, As a preferred example, considering the risk of the client encryption algorithm being cracked, you can set an extraction password, and set it so that the client public-private key pair (c_pri_key, c_pub_key) and random password can be obtained only after entering the extraction password. key;

S5:客户端把客户端公钥(c_pub_key)、和使用服务器端公钥(s_pub_key)加密的随机密钥上送到服务器以请求获取设备ID,其中,这里作为加密方式例如可以采用RSA;S5: The client sends the client public key (c_pub_key) and the random key encrypted with the server-side public key (s_pub_key) to the server to request to obtain the device ID, where, for example, RSA can be used as the encryption method;

S6:服务器使用存储的服务器端私钥(s_pri_key)解密获得随机密钥,并且生成用于唯一表示客户端的设备ID,服务器使用随机密钥将设备ID加密后返回给客户端,同时,服务器在其数据库保存设备ID和客户端公钥(c_pub_key)等信息,至少保存设备ID和客户端公钥(c_pub_key)之间的对应关系。S6: The server decrypts the stored server-side private key (s_pri_key) to obtain a random key, and generates a device ID that uniquely represents the client. The server uses the random key to encrypt the device ID and returns it to the client. At the same time, the server The database saves information such as the device ID and the client public key (c_pub_key), and at least saves the correspondence between the device ID and the client public key (c_pub_key).

客户端收到设备ID以后,使用客户端插件或SDK等方式加密保存在客户端(客户端代码打包时可以使用混淆算法处理),通过加密保持设备ID,能够防止设备ID被他人盗用。After the client receives the device ID, it encrypts and saves it on the client using a client plug-in or SDK (the client code can be packaged using an obfuscation algorithm), and keeps the device ID through encryption, which can prevent the device ID from being stolen by others.

这样,到此为止,系统参数初始化已完成,下次打开客户端时先会先检查设备ID是否存在,若存在就无需重复执行以上操作。In this way, so far, the system parameter initialization has been completed, and the next time the client is opened, it will first check whether the device ID exists, and if it exists, there is no need to repeat the above operations.

(2)临时会话Token获取过程和支付过程(2) Temporary session Token acquisition process and payment process

图3是表示一个具体实施方式中的支付过程的流程示意图。Fig. 3 is a schematic flow chart showing the payment process in a specific embodiment.

如图3所示,一个具体实施方式中的支付过程包括:As shown in Figure 3, the payment process in a specific embodiment includes:

S11:消费者打开订单页面或者客户端其他任何界面;S11: The consumer opens the order page or any other interface of the client;

S12:客户端检查系统参数是否初始化,如果没有初始化则初始化系统参数(即执行上述(1)初始化系统参数的过程),如果已经完成系统参数初始化,则执行一下操作,客户端检查是否已经存在临时会话Token,如果没有则执行S13~S15的操作;S12: The client checks whether the system parameters are initialized. If not initialized, the system parameters are initialized (that is, the process of initializing the system parameters in (1) above is performed). If the system parameters have been initialized, perform the following operations. Session Token, if not, execute the operations of S13~S15;

S13:客户端生成临时会话密钥;S13: the client generates a temporary session key;

S14:客户端向服务器发出临时会话的请求,这里,请求参数包含:采用临时会话密钥加密的设备ID、使用RSASHA256数字签名的报文、以及使用RSA加密的临时会话密钥。其中,数字签名所需的客户端私钥(c_pri_key)和RSA加密所需的服务器端公钥(s_pub_key)在初始化系统参数时已保存在客户端,加密设备ID的加密算法例如可以使用AES。另一方面,如果初始化系统参数时设置了提取密码,此处需要输入提取密码,用于获取存储在客户端的客户端私钥(c_pri_key)和设备ID;S14: The client sends a request for a temporary session to the server. Here, the request parameters include: a device ID encrypted with a temporary session key, a message digitally signed with RSASHA256, and a temporary session key encrypted with RSA. Among them, the client private key (c_pri_key) required for digital signature and the server-side public key (s_pub_key) required for RSA encryption have been saved on the client when initializing the system parameters, and the encryption algorithm for encrypting the device ID can use AES, for example. On the other hand, if the extraction password is set when initializing the system parameters, the extraction password needs to be entered here to obtain the client private key (c_pri_key) and device ID stored on the client;

S15:服务器收到报文后使用服务器端公钥(s_pri_key)解密获取到临时会话密钥,然后使用临时会话密钥解密获取设备ID,再根据设备ID的数据库中存储的设备ID和客户端公钥(c_pub_key)之间的对应关系)查找该设备ID对应的客户端公钥(c_pub_key),最后使用该客户端公钥(c_pub_key)验签报文,如果都能正常处理,说明该报文是合法的,则服务器生成临时会话Token返回给客户端,同时服务器把临时会话Token和临时会话密钥缓存起来,同时关联设备ID,并且另一方面,客户端也把临时会话Token和临时会话密钥加密后缓存起来;S15: After receiving the message, the server uses the server-side public key (s_pri_key) to decrypt to obtain the temporary session key, and then uses the temporary session key to decrypt to obtain the device ID, and then according to the device ID stored in the device ID database and the client public key (c_pub_key)) to find the client public key (c_pub_key) corresponding to the device ID, and finally use the client public key (c_pub_key) to verify the message. If it can be processed normally, it means that the message is If it is legal, the server generates a temporary session token and returns it to the client. At the same time, the server caches the temporary session Token and the temporary session key, and associates the device ID. On the other hand, the client also stores the temporary session token and the temporary session key. Encrypted and cached;

S16:客户端收到临时会话Token以后,采用临时会话Token向服务器发送请求,以获取订单信息;S16: After receiving the temporary session token, the client uses the temporary session token to send a request to the server to obtain order information;

S17:服务器根据接收到的临时会话Token关联查询获得设备ID,将该设备ID相关的订单信息返回到客户端;S17: The server obtains the device ID according to the received temporary session Token association query, and returns the order information related to the device ID to the client;

S18:消费者点击付款按钮;S18: The consumer clicks the payment button;

S19: 客户端携带临时会话Token和订单信息向服务器发起付款请求;S19: The client sends a payment request to the server with the temporary session token and order information;

S20:服务器根据临时会话Token查找设备ID和客户端公钥(c_pub_key),然后查找到的客户端公钥对报文验签,验签通过后则创建基于订单信息创建支付链接,并记录设备ID和订单之间的关系,S20: The server searches for the device ID and client public key (c_pub_key) according to the temporary session Token, and then checks the signature of the message with the found client public key. After the verification is passed, it creates a payment link based on the order information and records the device ID. and the relationship between the order,

S21:服务器返回支付链接(例如收银台URL)给客户端;S21: the server returns the payment link (such as the URL of the cash register) to the client;

S22:客户端跳转到第三方支付平台的收银台页面,完成后续的支付流程。S22: The client jumps to the cash register page of the third-party payment platform to complete the subsequent payment process.

(3)查询历史记录过程。(3) Query the history record process.

图4是表示一个具体实施方式中的查询历史记录过程的流程示意图。Fig. 4 is a schematic flow chart showing the query history recording process in a specific embodiment.

如图4所示,一个具体实施方式中的查询历史记录过程包括:As shown in Figure 4, the query history recording process in a specific embodiment includes:

S31:消费者打开查看交易记录页面或者前端其他任何界面时,检查系统参数是否初始化,如果没有初始化则初始化系统参数,如果初始化了则执行一下操作;S31: When the consumer opens the transaction record page or any other front-end interface, check whether the system parameters are initialized, if not initialized, initialize the system parameters, and if initialized, perform some operations;

S32:客户端检查前端是否已经存在临时会话Token,如果没有则执行S33~S35步操作。S32: The client checks whether a temporary session token already exists in the front end, and if not, executes steps S33~S35.

S33:客户端生成临时会话密钥;S33: the client generates a temporary session key;

S34:客户端向服务器发出临时会话的请求,这里,请求参数包含:用随机密钥加密的设备ID、使用RSASHA256数字签名的报文、以及使用RSA加密的临时会话密钥。其中,数字签名所需的客户端私钥(c_pri_key)和RSA加密所需的服务器端公钥(s_pub_key)在初始化系统参数时已保存在客户端,加密设备ID的加密算法例如可以使用AES。另一方面,如果初始化系统参数时设置了提取密码,此处需要输入提取密码,用于获取存储在客户端的客户端私钥(c_pri_key)和设备ID;S34: The client sends a request for a temporary session to the server. Here, the request parameters include: a device ID encrypted with a random key, a message signed with RSASHA256, and a temporary session key encrypted with RSA. Among them, the client private key (c_pri_key) required for digital signature and the server-side public key (s_pub_key) required for RSA encryption have been saved on the client when initializing the system parameters, and the encryption algorithm for encrypting the device ID can use AES, for example. On the other hand, if the extraction password is set when initializing the system parameters, the extraction password needs to be entered here to obtain the client private key (c_pri_key) and device ID stored on the client;

S35:服务器收到报文后使用服务器端私钥(s_pri_key)解密获取到临时会话密钥,然后使用临时会话密钥解密获取设备ID,再根据设备ID去数据库中存储的设备ID和客户端公钥(c_pub_key)之间的对应关系)查找该设备ID对应的客户端公钥(c_pub_key),最后使用该客户端公钥(c_pub_key)验签报文,如果都能正常处理,说明该报文是合法的,则服务器生成临时会话Token返回给客户端,同时服务器把临时会话Token和临时会话密钥缓存起来,同时关联设备ID,并且另一方面,客户端也把临时会话Token和临时会话密钥加密后缓存起来;S35: After receiving the message, the server uses the server-side private key (s_pri_key) to decrypt to obtain the temporary session key, and then uses the temporary session key to decrypt to obtain the device ID. key (c_pub_key)) to find the client public key (c_pub_key) corresponding to the device ID, and finally use the client public key (c_pub_key) to verify the message. If it can be processed normally, it means that the message is If it is legal, the server generates a temporary session token and returns it to the client. At the same time, the server caches the temporary session Token and the temporary session key, and associates the device ID. On the other hand, the client also stores the temporary session token and the temporary session key. Encrypted and cached;

S36:客户端携带临时会话Token向服务器发送请求,以获取历史交易记录;S36: The client carries the temporary session Token and sends a request to the server to obtain historical transaction records;

S37:服务器收到请求以后,根据临时会话Token获取设备ID和对应的客户端公钥(c_pub_key),然后用客户端公钥(c_pub_key)对报文进行验签,确保数据来源的合法性,如果请求合法则返回该设备ID对应的交易记录。S37: After receiving the request, the server obtains the device ID and the corresponding client public key (c_pub_key) according to the temporary session Token, and then uses the client public key (c_pub_key) to verify the signature of the message to ensure the legitimacy of the data source. If If the request is legal, the transaction record corresponding to the device ID will be returned.

以上说明了本发明的免密登录数据处理方法,接着对于本发明的免密登录数据处理系统进行说明。The password-free login data processing method of the present invention has been described above, and then the password-free login data processing system of the present invention will be described.

图5是表示本发明的免密登录数据处理系统的结构框图。Fig. 5 is a block diagram showing the structure of the password-free login data processing system of the present invention.

如图5所示,免密登录数据处理系统包括:移动终端100以及服务器200。As shown in FIG. 5 , the password-free login data processing system includes: a mobile terminal 100 and a server 200 .

其中,移动终端100包括:Wherein, the mobile terminal 100 includes:

参数初始化模块110,用于向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID;A parameter initialization module 110, configured to send a first request to the server for requesting the allocation of a device ID, and receive and store the device ID returned from the server;

临时会话模块120,基于所述设备ID向服务器发出用于请求临时会话Token的第二请求,接收并存储从服务器返回的临时会话Token;以及The temporary session module 120 sends a second request for requesting a temporary session Token to the server based on the device ID, receives and stores the temporary session Token returned from the server; and

支付处理模块130,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求以及基于来自服务器的支付链接完成支付处理。The payment processing module 130 sends a third request for obtaining order information based on the device ID and the temporary session Token, sends a fourth request for requesting payment based on the temporary session Token and the order information, and sends a fourth request based on the The server's payment link completes the payment processing.

其中,服务器200包括:Wherein, the server 200 includes:

设备ID生成模块210,基于所述第一请求生成并用于唯一地标识客户端的设备ID;A device ID generating module 210, configured to generate a device ID based on the first request and used to uniquely identify the client;

Token生成模块220,基于所述第二请求生成临时会话Token;Token generating module 220 generates a temporary session Token based on the second request;

交易处理模块230,基于获取订单信息的第三请求,根据所述临时会话Token和所述ID调取设备ID相关的订单信息以及基于所述第四请求创建支付链接;The transaction processing module 230, based on the third request for obtaining order information, retrieves the order information related to the device ID according to the temporary session Token and the ID and creates a payment link based on the fourth request;

数据库240,用于存储所述设备ID和所述临时会话Token,并且用于存储临时会话Token和设备ID之间的第一对应关系以及临时会话Token和订单信息之间的第二对应关系。The database 240 is configured to store the device ID and the temporary session Token, and is used to store a first correspondence between the temporary session Token and the device ID and a second correspondence between the temporary session Token and order information.

进一步,数据库240进一步还存储相关设备ID的交易记录。Further, the database 240 further stores transaction records related to device IDs.

移动终端100进一步包括:交易查询模块240,基于所述临时会话Token发出用于查询交易记录的第五请求。The mobile terminal 100 further includes: a transaction query module 240, which sends a fifth request for querying transaction records based on the temporary session Token.

交易处理模块230还用于进一步接收所述第五请求并从所述数据库中查询与所述设备ID相关的交易记录。The transaction processing module 230 is further configured to further receive the fifth request and query the transaction record related to the device ID from the database.

其中,参数初始化模块110执行以下动作:Wherein, the parameter initialization module 110 performs the following actions:

向服务器发出用于获取服务器端公钥的请求;Send a request to the server to obtain the server-side public key;

接收从服务器根据该请求生成的服务器端公钥并且存储所述服务器端公钥;receiving the server-side public key generated from the server according to the request and storing the server-side public key;

生成客户端公私钥对和随机密钥并且存储所述客户端公私钥对和随机密钥;Generate a client public-private key pair and a random key and store the client public-private key pair and random key;

向服务器发出用于请求分配设备ID的第一请求,其中,所述第一请求中包含所述客户端公钥和用所述服务器端公钥加密后的随机密钥,其中,服务器使用所述服务器端私钥解密出随机密钥,并且生成唯一的设备ID,使用随机密钥将设备ID加密后返回给客户端,同时服务器存储设备ID和客户端公钥之间的对应关系;以及sending a first request to the server for requesting device ID allocation, wherein the first request includes the client public key and a random key encrypted with the server public key, wherein the server uses the The server-side private key decrypts a random key, and generates a unique device ID, uses the random key to encrypt the device ID and returns it to the client, and the server stores the corresponding relationship between the device ID and the client public key; and

接收从服务器返回的设备ID。Receive the device ID returned from the server.

而且,参数初始化模块110对于存储的所述客户端公私钥对和随机密钥设置提取密码。Moreover, the parameter initialization module 110 sets an extraction password for the stored client public-private key pair and random key.

临时会话Token请求模块120执行下述动作:The temporary session Token request module 120 performs the following actions:

生成临时会话密钥;generate a temporary session key;

向服务器发出用于获取临时会话Token的第二请求,其中,所述第二请求中包括:使用所述临时会话密钥加密的设备ID、使用所述客户端私钥进行数字签名的报文、以及使用所述服务器端公钥加密的临时会话密钥,其中,服务器使用所述服务器端私钥解密获取到临时会话密钥,使用临时会话密钥解密获取设备ID,再根据设备ID基于服务器存储设备ID和客户端公钥之间的对应关系获得对应的客户端公钥,使用该客户端公钥验签报文,在验签通过的情况下,服务器生成临时会话Token,并且服务器把临时会话Token和临时会话密钥与设备ID关联存储;以及Sending a second request to the server for acquiring a temporary session Token, wherein the second request includes: a device ID encrypted using the temporary session key, a message digitally signed using the client private key, and the temporary session key encrypted using the server-side public key, wherein the server uses the server-side private key to decrypt to obtain the temporary session key, uses the temporary session key to decrypt to obtain the device ID, and then stores the device ID based on the server The correspondence between the device ID and the client public key obtains the corresponding client public key, and uses the client public key to verify the signature of the message. If the signature verification is passed, the server generates a temporary session Token, and the server sends the temporary session Token and temporary session key are stored in association with the device ID; and

接收从服务器返回的临时会话密钥。Receive a temporary session key back from the server.

如上所述,根据本发明的免密登录数据处理方法以及免密登录数据处理系统,消费者进入商城以后无需注册登录即可下订单和付款,而只需要利用设备ID来实现订单信息的查询、订单的支付以及交易的查询,整个购物体验便捷、安全。而且,由于用户无需留存个人账号密码等信息,因此用户也无需担心个人信息被平台泄露或滥用。再者,在本发明中,通过加密签名等技术手段处理,能够有效防止传输数据被他人拦截篡改和仿冒的风险,保证用户数据的安全。As mentioned above, according to the secret-free login data processing method and secret-free login data processing system of the present invention, consumers can place orders and pay without registering and logging in after entering the mall, and only need to use the device ID to realize order information query, Order payment and transaction inquiry, the whole shopping experience is convenient and safe. Moreover, since users do not need to keep information such as personal account passwords, users do not need to worry about personal information being leaked or abused by the platform. Furthermore, in the present invention, through encrypted signature and other technical means, the risks of interception, tampering and counterfeiting of transmitted data can be effectively prevented, and the security of user data can be ensured.

本发明还提供一种计算机可读介质,其上存储有计算机程序,其特征在于,该计算机程序被处理器执行时实现上述的免密登录数据处理方法。The present invention also provides a computer-readable medium, on which a computer program is stored, which is characterized in that, when the computer program is executed by a processor, the above-mentioned secret-free login data processing method is realized.

本发明还提供一种计算机设备,包括存储模块、处理器以及存储在存储模块上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现上述的免密登录数据处理方法。The present invention also provides a computer device, including a storage module, a processor, and a computer program stored on the storage module and operable on the processor. It is characterized in that, when the processor executes the computer program, the aforementioned free Secret login data processing method.

以上例子主要说明了本发明的免密登录数据处理方法以及免密登录数据处理系统。尽管只对其中一些本发明的具体实施方式进行了描述,但是本领域普通技术人员应当了解,本发明可以在不偏离其主旨与范围内以许多其他的形式实施。因此,所展示的例子与实施方式被视为示意性的而非限制性的,在不脱离如所附各权利要求所定义的本发明精神及范围的情况下,本发明可能涵盖各种的修改与替换。The above examples mainly illustrate the password-free login data processing method and the password-free login data processing system of the present invention. Although only some specific embodiments of the present invention have been described, those skilled in the art should understand that the present invention can be implemented in many other forms without departing from the spirit and scope thereof. The examples and embodiments shown are therefore to be regarded as illustrative and not restrictive, and the invention may cover various modifications without departing from the spirit and scope of the invention as defined in the appended claims with replace.

Claims (18)

1.一种免密登录数据处理方法,其特征在于,包括:1. A secret-free login data processing method, characterized in that, comprising: 参数初始化步骤,向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID,其中,所述设备ID是由服务器基于所述第一请求生成并用于唯一地标识客户端;A parameter initialization step, sending a first request to the server for requesting the allocation of a device ID, receiving and storing the device ID returned from the server, wherein the device ID is generated by the server based on the first request and is used to uniquely identify the client end; 临时会话Token请求步骤,基于所述设备ID向服务器发出用于分配临时会话Token的第二请求,接收并存储从服务器分配的临时会话Token,其中,所述临时会话Token是由服务器基于所述第二请求生成并且所述服务器存储临时会话Token和设备ID之间的第一对应关系;The temporary session Token request step is to send a second request for allocating a temporary session Token to the server based on the device ID, and receive and store the temporary session Token allocated from the server, wherein the temporary session Token is generated by the server based on the second Two requests are generated and the server stores the first correspondence between the temporary session Token and the device ID; 免密登录步骤,基于所述设备ID以及所述临时会话Token发出免密登录请求。In the secret-free login step, a secret-free login request is issued based on the device ID and the temporary session Token. 2.如权利要求1所述的免密登录数据处理方法,其特征在于,2. The secret-free login data processing method as claimed in claim 1, characterized in that, 在所述免密登录请求中,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,接收从服务器返回的设备ID相关的订单信息,其中,所述服务器存储临时会话Token和订单信息之间的第二对应关系,In the secret-free login request, a third request for obtaining order information is issued based on the device ID and the temporary session Token, and the order information related to the device ID returned from the server is received, wherein the server stores the temporary The second correspondence between session Token and order information, 在所述免密登录请求之后进一步包括:After the password-free login request, it further includes: 订单支付步骤,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求,接收从服务器返回的基于所述第四请求而创建的支付链接,其中,所述服务器根据所述第一对应关系和所述第二对应关系获得对应的订单信息并生成支付链接。The order payment step is to issue a fourth request for requesting payment based on the temporary session Token and the order information, and receive the payment link created based on the fourth request returned from the server, wherein the server according to the The first corresponding relationship and the second corresponding relationship obtain corresponding order information and generate a payment link. 3.如权利要求2所述的免密登录数据处理方法,其特征在于,在所述订单支付步骤之后进一步包括:3. The secret-free login data processing method according to claim 2, further comprising: after the order payment step: 交易查询步骤,基于所述临时会话Token发出用于查询交易记录的第五请求,接收从服务器返回的基于所述第五请求而查询到的交易记录,其中,所述服务器根据所述第一对应关系获得与所述临时会话Token对应的设备ID相关的交易记录。The transaction query step is to issue a fifth request for querying transaction records based on the temporary session Token, and receive the transaction records returned from the server based on the fifth request, wherein the server according to the first correspondence The relationship obtains transaction records related to the device ID corresponding to the temporary session Token. 4.如权利要求2所述的免密登录数据处理方法,其特征在于,所述参数初始化步骤包括:4. The secret-free login data processing method as claimed in claim 2, wherein the parameter initialization step comprises: 向服务器发出用于获取服务器端公钥的请求;Send a request to the server to obtain the server-side public key; 接收并存储从服务器根据该请求生成的服务器端公钥,其中,在服务器存储所述服务器端公钥与所述服务器端公钥对应的服务器端私钥;receiving and storing the server-side public key generated from the server according to the request, wherein the server-side public key and the server-side private key corresponding to the server-side public key are stored on the server; 生成客户端公私钥对和随机密钥并且存储所述客户端公私钥对和随机密钥;Generate a client public-private key pair and a random key and store the client public-private key pair and random key; 向服务器发出用于请求分配设备ID的第一请求,其中,所述第一请求中包含所述客户端公钥和用所述服务器端公钥加密后的随机密钥,其中,服务器使用所述服务器端私钥解密出随机密钥,并且生成唯一标识客户端的设备ID,使用随机密钥将设备ID加密后返回,同时服务器存储设备ID和客户端公钥之间的对应关系;以及sending a first request to the server for requesting device ID allocation, wherein the first request includes the client public key and a random key encrypted with the server public key, wherein the server uses the The server-side private key decrypts a random key, and generates a device ID that uniquely identifies the client, uses the random key to encrypt the device ID and returns it, and the server stores the corresponding relationship between the device ID and the client public key; and 接收从服务器返回的设备ID。Receive the device ID returned from the server. 5.如权利要求4所述的免密登录数据处理方法,其特征在于,5. The secret-free login data processing method as claimed in claim 4, characterized in that, 对于存储的所述客户端公私钥对和随机密钥,设置提取密码。For the stored client public-private key pair and random key, an extraction password is set. 6.如权利要求4所述的免密登录数据处理方法,其特征在于,所述临时会话Token请求步骤包括:6. The secret-free login data processing method as claimed in claim 4, wherein the temporary session Token request step comprises: 生成临时会话密钥;generate a temporary session key; 向服务器发出用于获取临时会话Token的第二请求,其中,所述第二请求中包括:使用所述临时会话密钥加密的设备ID、使用所述客户端私钥对报文进行数字签名的签名值、以及使用所述服务器端公钥加密的临时会话密钥,其中,服务器使用所述服务器端私钥解密获取到临时会话密钥,使用临时会话密钥解密获取设备ID,再根据设备ID基于服务器存储设备ID和客户端公钥之间的对应关系获得对应的客户端公钥,使用该客户端公钥验签报文,在验签通过的情况下,服务器生成临时会话Token,并且服务器把临时会话Token和临时会话密钥与设备ID关联存储;以及Sending a second request to the server for obtaining a temporary session Token, wherein the second request includes: a device ID encrypted with the temporary session key, a device ID encrypted with the client private key to digitally sign the message The signature value and the temporary session key encrypted with the server-side public key, wherein the server uses the server-side private key to decrypt to obtain the temporary session key, and uses the temporary session key to decrypt to obtain the device ID, and then according to the device ID Based on the corresponding relationship between the server storage device ID and the client public key, the corresponding client public key is obtained, and the client public key is used to verify the signature of the message. If the signature verification is passed, the server generates a temporary session Token, and the server Store the temporary session token and temporary session key in association with the device ID; and 接收从服务器返回的临时会话密钥以及使用所述服务器端私钥对报文进行数字签名的签名值。Receive the temporary session key returned from the server and the signature value for digitally signing the message with the server-side private key. 7.如权利要求6所述的免密登录数据处理方法,其特征在于,所述订单支付步骤包括下述子步骤:7. The secret-free login data processing method according to claim 6, wherein the order payment step comprises the following sub-steps: 采用临时会话Token向服务器发送请求,以获取订单信息,其中,服务器根据接收到的临时会话Token关联获得设备ID以及关联该设备ID的订单信息;Use the temporary session Token to send a request to the server to obtain order information, wherein the server obtains the device ID and the order information associated with the device ID according to the received temporary session Token association; 接收从服务器返回到客户端的订单信息;Receive order information returned from the server to the client; 携带临时会话Token和订单信息向服务器发起付款请求,其中,服务器根据临时会话Token查找设备ID和客户端公钥,然后对报文验签,验签通过后则创建基于订单信息创建支付链接;以及Initiate a payment request to the server with the temporary session Token and order information, wherein the server searches for the device ID and client public key based on the temporary session Token, and then verifies the signature of the message, and creates a payment link based on the order information after the verification is passed; and 接收从服务器返回的支付链接。Receive the payment link returned from the server. 8.一种免密登录数据处理系统,其特征在于,包括:移动终端以及服务器,8. A secret-free login data processing system, comprising: a mobile terminal and a server, 所述移动终端包括:The mobile terminal includes: 参数初始化模块,用于向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID;A parameter initialization module, configured to send a first request to the server for requesting device ID allocation, and receive and store the device ID returned from the server; 临时会话模块,基于所述设备ID向服务器发出用于请求临时会话Token的第二请求,接收并存储从服务器返回的临时会话Token;以及The temporary session module sends a second request for requesting a temporary session Token to the server based on the device ID, receives and stores the temporary session Token returned from the server; and 支付处理模块,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求以及基于来自服务器的支付链接完成支付处理,The payment processing module sends a third request for obtaining order information based on the device ID and the temporary session Token, sends a fourth request for requesting payment based on the temporary session Token and the order information and based on the The payment link to complete the payment processing, 其中,所述服务器包括:Wherein, the server includes: 设备ID生成模块,基于所述第一请求生成并用于唯一地标识客户端的设备ID;a device ID generating module, configured to generate and uniquely identify the device ID of the client based on the first request; Token生成模块,基于所述第二请求生成临时会话Token;A Token generation module generates a temporary session Token based on the second request; 交易处理模块,基于获取订单信息的第三请求,根据所述临时会话Token和所述ID调取设备ID相关的订单信息以及基于所述第四请求创建支付链接;The transaction processing module, based on the third request for obtaining order information, retrieves the order information related to the device ID according to the temporary session Token and the ID and creates a payment link based on the fourth request; 数据库,用于存储所述设备ID和所述临时会话Token,并且用于存储临时会话Token和设备ID之间的第一对应关系以及临时会话Token和订单信息之间的第二对应关系。The database is used to store the device ID and the temporary session Token, and is used to store a first correspondence between the temporary session Token and the device ID and a second correspondence between the temporary session Token and order information. 9.如权利要求8所述的免密登录数据处理系统,其特征在于,9. The secret-free login data processing system as claimed in claim 8, wherein: 所述数据库进一步存储相关设备ID的交易记录,The database further stores transaction records related to the device ID, 所述移动终端进一步包括:The mobile terminal further includes: 交易查询模块,基于所述临时会话Token发出用于查询交易记录的第五请求,The transaction query module sends the fifth request for querying transaction records based on the temporary session Token, 所述交易处理模块进一步接收所述第五请求并从所述数据库中查询与所述设备ID相关的交易记录。The transaction processing module further receives the fifth request and queries the transaction records related to the device ID from the database. 10.一种移动终端,其特征在于,包括:10. A mobile terminal, characterized in that, comprising: 参数初始化模块,用于向服务器发出用于请求分配设备ID的第一请求,接收并存储从服务器返回的设备ID;A parameter initialization module, configured to send a first request to the server for requesting device ID allocation, and receive and store the device ID returned from the server; 临时会话模块,基于所述设备ID向服务器发出用于获取临时会话Token的第二请求,接收并存储从服务器返回的临时会话Token;以及The temporary session module sends a second request for obtaining a temporary session Token to the server based on the device ID, receives and stores the temporary session Token returned from the server; and 支付处理模块,基于所述设备ID以及所述临时会话Token发出用于获取订单信息的第三请求,基于所述临时会话Token和所述订单信息发出用于请求支付的第四请求以及基于来自服务器的支付链接完成支付处理。The payment processing module sends a third request for obtaining order information based on the device ID and the temporary session Token, sends a fourth request for requesting payment based on the temporary session Token and the order information and based on the payment link to complete payment processing. 11.如权利要求10所述的移动终端,其特征在于,所述移动终端进一步包括:11. The mobile terminal according to claim 10, wherein the mobile terminal further comprises: 交易查询模块,基于所述临时会话Token发出用于查询交易记录的第五请求。The transaction query module sends a fifth request for querying transaction records based on the temporary session Token. 12.如权利要求11所述的移动终端,其特征在于,12. The mobile terminal of claim 11, wherein: 所述参数初始化模块执行以下动作:The parameter initialization module performs the following actions: 向服务器发出用于获取服务器端公钥的请求;Send a request to the server to obtain the server-side public key; 接收从服务器根据该请求生成的服务器端公钥并且存储所述服务器端公钥;receiving the server-side public key generated from the server according to the request and storing the server-side public key; 生成客户端公私钥对和随机密钥并且存储所述客户端公私钥对和随机密钥;Generate a client public-private key pair and a random key and store the client public-private key pair and random key; 向服务器发出用于请求分配设备ID的第一请求,其中,所述第一请求中包含所述客户端公钥和用所述服务器端公钥加密后的随机密钥,其中,服务器使用所述服务器端私钥解密出随机密钥,并且生成唯一的设备ID,使用随机密钥将设备ID加密后返回给客户端,同时服务器存储设备ID和客户端公钥之间的对应关系;以及sending a first request to the server for requesting device ID allocation, wherein the first request includes the client public key and a random key encrypted with the server public key, wherein the server uses the The server-side private key decrypts a random key, and generates a unique device ID, uses the random key to encrypt the device ID and returns it to the client, and the server stores the corresponding relationship between the device ID and the client public key; and 接收从服务器返回的设备ID。Receive the device ID returned from the server. 13.如权利要求12所述的移动终端,其特征在于,13. The mobile terminal of claim 12, wherein: 所述参数初始化模块对于存储的所述客户端公私钥对和随机密钥设置提取密码。The parameter initialization module sets an extraction password for the stored client public-private key pair and random key. 14.如权利要求13所述的移动终端,其特征在于,14. The mobile terminal of claim 13, wherein: 所述临时会话Token请求模块执行下述动作:The temporary session Token request module performs the following actions: 生成临时会话密钥;generate a temporary session key; 向服务器发出用于获取临时会话Token的第二请求,其中,所述第二请求中包括:使用所述临时会话密钥加密的设备ID、使用所述客户端私钥对报文进行数字签名的签名值、以及使用所述服务器端公钥加密的临时会话密钥,其中,服务器使用所述服务器端私钥解密获取到临时会话密钥,使用临时会话密钥解密获取设备ID,再根据设备ID基于服务器存储设备ID和客户端公钥之间的对应关系获得对应的客户端公钥,使用该客户端公钥验签报文,在验签通过的情况下,服务器生成临时会话Token,并且服务器把临时会话Token和临时会话密钥与设备ID关联存储;以及Sending a second request to the server for obtaining a temporary session Token, wherein the second request includes: a device ID encrypted with the temporary session key, a device ID encrypted with the client private key to digitally sign the message The signature value and the temporary session key encrypted with the server-side public key, wherein the server uses the server-side private key to decrypt to obtain the temporary session key, and uses the temporary session key to decrypt to obtain the device ID, and then according to the device ID Based on the corresponding relationship between the server storage device ID and the client public key, the corresponding client public key is obtained, and the client public key is used to verify the signature of the message. If the signature verification is passed, the server generates a temporary session Token, and the server Store the temporary session token and temporary session key in association with the device ID; and 接收从服务器返回的临时会话密钥以及使用所述服务器端私钥对报文进行数字签名的签名值。Receive the temporary session key returned from the server and the signature value for digitally signing the message with the server-side private key. 15.一种服务器,其特征在于,包括:15. A server, characterized in that, comprising: 设备ID生成模块,基于第一请求生成并用于唯一地标识客户端的设备ID;A device ID generation module, which is generated based on the first request and used to uniquely identify the device ID of the client; Token生成模块,基于第二请求生成临时会话Token;Token generation module, generates temporary session Token based on the second request; 交易处理模块,基于获取订单信息的第三请求,根据所述临时会话Token和所述ID调取设备ID相关的订单信息以及基于第四请求创建支付链接;The transaction processing module, based on the third request for obtaining order information, retrieves the order information related to the device ID according to the temporary session Token and the ID and creates a payment link based on the fourth request; 数据库,用于存储所述设备ID和所述临时会话Token,并且用于存储临时会话Token和设备ID之间的第一对应关系以及临时会话Token和订单信息之间的第二对应关系。The database is used to store the device ID and the temporary session Token, and is used to store a first correspondence between the temporary session Token and the device ID and a second correspondence between the temporary session Token and order information. 16.如权利要求15所述的服务器,其特征在于,16. The server of claim 15, wherein: 所述数据库进一步存储相关设备ID的交易记录,The database further stores transaction records related to the device ID, 所述交易处理模块进一步接收第五请求并从所述数据库中查询与所述设备ID相关的交易记录。The transaction processing module further receives the fifth request and queries the transaction records related to the device ID from the database. 17.一种计算机可读介质,其上存储有计算机程序,其特征在于,17. A computer-readable medium having a computer program stored thereon, characterized in that, 该计算机程序被处理器执行时实现权利要求1~7任意一项所述的免密登录数据处理方法。When the computer program is executed by the processor, the secret-free login data processing method described in any one of claims 1-7 is realized. 18.一种计算机设备,包括存储模块、处理器以及存储在存储模块上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1~7任意一项所述的免密登录数据处理方法。18. A computer device, comprising a storage module, a processor, and a computer program stored on the storage module and operable on the processor, wherein the processor implements claims 1 to 7 when executing the computer program Any one of the secret-free login data processing methods.
CN202111523087.7A 2021-12-14 2021-12-14 Password-free login data processing method and password-free login data processing system Pending CN116263918A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111523087.7A CN116263918A (en) 2021-12-14 2021-12-14 Password-free login data processing method and password-free login data processing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111523087.7A CN116263918A (en) 2021-12-14 2021-12-14 Password-free login data processing method and password-free login data processing system

Publications (1)

Publication Number Publication Date
CN116263918A true CN116263918A (en) 2023-06-16

Family

ID=86722161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111523087.7A Pending CN116263918A (en) 2021-12-14 2021-12-14 Password-free login data processing method and password-free login data processing system

Country Status (1)

Country Link
CN (1) CN116263918A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119420557A (en) * 2024-11-07 2025-02-11 中国联合网络通信集团有限公司 A password-free login method, device and readable storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001974A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
WO2014206660A1 (en) * 2013-06-28 2014-12-31 Bundesdruckerei Gmbh Electronic transaction method and computer system
CN104361490A (en) * 2014-11-03 2015-02-18 上海众人科技有限公司 Payment method and payment system by sensitive information identification
CN105099676A (en) * 2014-04-18 2015-11-25 阿里巴巴集团控股有限公司 User login method, user terminal and server
CN105391734A (en) * 2015-12-10 2016-03-09 布比(北京)网络技术有限公司 Secure login system, secure login method, login server and authentication server
WO2016045520A1 (en) * 2014-09-28 2016-03-31 中国银联股份有限公司 Token-based mobile payment method and mobile payment system
US20170116615A1 (en) * 2015-10-23 2017-04-27 C1 Bank Systems and methods for issuance of provisional financial accounts to mobile devices
CN106940856A (en) * 2016-12-07 2017-07-11 中国银联股份有限公司 Close method of payment and its system are exempted from based on vehicle-mounted payment authorization
CN111193725A (en) * 2019-12-20 2020-05-22 北京淇瑀信息科技有限公司 A configuration-based joint login method, apparatus and computer equipment
WO2021001415A1 (en) * 2019-07-03 2021-01-07 Phos Services Ltd Secure payment transactions

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001974A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
WO2014206660A1 (en) * 2013-06-28 2014-12-31 Bundesdruckerei Gmbh Electronic transaction method and computer system
CN105099676A (en) * 2014-04-18 2015-11-25 阿里巴巴集团控股有限公司 User login method, user terminal and server
WO2016045520A1 (en) * 2014-09-28 2016-03-31 中国银联股份有限公司 Token-based mobile payment method and mobile payment system
CN104361490A (en) * 2014-11-03 2015-02-18 上海众人科技有限公司 Payment method and payment system by sensitive information identification
US20170116615A1 (en) * 2015-10-23 2017-04-27 C1 Bank Systems and methods for issuance of provisional financial accounts to mobile devices
CN105391734A (en) * 2015-12-10 2016-03-09 布比(北京)网络技术有限公司 Secure login system, secure login method, login server and authentication server
CN106940856A (en) * 2016-12-07 2017-07-11 中国银联股份有限公司 Close method of payment and its system are exempted from based on vehicle-mounted payment authorization
WO2021001415A1 (en) * 2019-07-03 2021-01-07 Phos Services Ltd Secure payment transactions
CN111193725A (en) * 2019-12-20 2020-05-22 北京淇瑀信息科技有限公司 A configuration-based joint login method, apparatus and computer equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周继恩等: "虚拟现实的支付研究与设计", 计算机系统应用, vol. 27, no. 03, 15 March 2018 (2018-03-15), pages 273 - 278 *
廖露阳等: "基于Android App安全登录认证解决方案", 现代计算机(专业版), no. 35, 15 December 2016 (2016-12-15), pages 9 - 12 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119420557A (en) * 2024-11-07 2025-02-11 中国联合网络通信集团有限公司 A password-free login method, device and readable storage medium

Similar Documents

Publication Publication Date Title
JP4274421B2 (en) Pseudo-anonymous user and group authentication method and system on a network
CN110692214B (en) Methods and systems for ownership verification using blockchain
CN103370688B (en) A system and method for generating multi-factor personalized server strong keys from simple user passwords
US6934838B1 (en) Method and apparatus for a service provider to provide secure services to a user
US6102287A (en) Method and apparatus for providing product survey information in an electronic payment system
EP3701668B1 (en) Methods for recording and sharing a digital identity of a user using distributed ledgers
JP5802137B2 (en) Centralized authentication system and method with secure private data storage
US7111172B1 (en) System and methods for maintaining and distributing personal security devices
US8751829B2 (en) Dispersed secure data storage and retrieval
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
US8964976B2 (en) Secure storage and retrieval of confidential information
CN1761926B (en) Method and apparatus for giving user access to information about association between user and data
US8251286B2 (en) System and method for conducting secure PIN debit transactions
US12217258B2 (en) Secure authentication and transaction system and method
US20120066756A1 (en) Authentication service
US20120239928A1 (en) Online Security Systems and Methods
CN104322003B (en) Cryptographic authentication and identification method using real-time encryption
US20090193249A1 (en) Privacy-preserving information distribution system
JP2009526321A (en) System for executing a transaction in a point-of-sale information management terminal using a changing identifier
CN1689297A (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2008054407A2 (en) Asynchronous encryption for secured electronic communications
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
CN112074835A (en) Techniques for performing safe operations
CN116263918A (en) Password-free login data processing method and password-free login data processing system
US20120290483A1 (en) Methods, systems and nodes for authorizing a securized exchange between a user and a provider site

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination