[go: up one dir, main page]

CN119583150A - Multi-system login method, device, storage medium and program product - Google Patents

Multi-system login method, device, storage medium and program product Download PDF

Info

Publication number
CN119583150A
CN119583150A CN202411696502.2A CN202411696502A CN119583150A CN 119583150 A CN119583150 A CN 119583150A CN 202411696502 A CN202411696502 A CN 202411696502A CN 119583150 A CN119583150 A CN 119583150A
Authority
CN
China
Prior art keywords
verification
token
level
function
portal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411696502.2A
Other languages
Chinese (zh)
Other versions
CN119583150B (en
Inventor
陈凯
刘继忠
钱俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202411696502.2A priority Critical patent/CN119583150B/en
Publication of CN119583150A publication Critical patent/CN119583150A/en
Application granted granted Critical
Publication of CN119583150B publication Critical patent/CN119583150B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本申请实施例提供一种多系统登录方法、设备、存储介质及程序产品,涉及安全认证技术领域。该方法包括响应于成功通过数字门户的身份验证,接收服务器发送的令牌,显示数字门户关联的多个系统的系统入口,令牌包括权限标识,响应于针对多个系统的系统入口中的目标系统的系统入口的触控操作,根据权限标识确定目标系统的系统验证等级,若目标系统的系统验证等级为第一系统等级,则登录目标系统的预设页面,若目标系统的系统验证等级为第二系统等级,则对用户基于第二系统等级对应的验证提示信息输入的第一系统验证信息进行验证,若验证成功,则登录目标系统的预设页面。本实施例提供的方法提高多系统登录的便利性和安全性。

The embodiments of the present application provide a multi-system login method, device, storage medium and program product, which relate to the field of security authentication technology. The method includes receiving a token sent by a server in response to successfully passing the identity authentication of a digital portal, displaying the system entrances of multiple systems associated with the digital portal, the token including an authority identifier, and in response to a touch operation on the system entrance of a target system among the system entrances of the multiple systems, determining the system verification level of the target system according to the authority identifier, if the system verification level of the target system is the first system level, logging in to the preset page of the target system, if the system verification level of the target system is the second system level, verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and if the verification is successful, logging in to the preset page of the target system. The method provided in this embodiment improves the convenience and security of multi-system login.

Description

Multi-system login method, device, storage medium and program product
Technical Field
The embodiment of the application relates to the technical field of distribution, in particular to a multi-system login method, equipment, a storage medium and a program product.
Background
With the development of internet technology, enterprises may build multiple systems to provide different services to users.
In the related art, a plurality of systems are independent, and a user can log in to access the corresponding system based on the account password corresponding to the system.
However, in the process of implementing the present application, the inventor finds that at least the following problems exist in the prior art, in the above manner, the user needs to memorize multiple groups of account passwords, and inconvenience is caused when logging in multiple systems.
Disclosure of Invention
The embodiment of the application provides a multi-system login method, equipment, a storage medium and a program product, which are used for improving the convenience and safety of multi-system login.
In a first aspect, an embodiment of the present application provides a multi-system login method, applied to a terminal device, where the method includes:
receiving a token sent by a server in response to successful authentication of a digital portal, and displaying system entries of a plurality of systems associated with the digital portal;
responding to touch operation of a system inlet of a target system in system inlets of the systems, and determining a system verification level of the target system according to the permission identification;
if the system verification level of the target system is the first system level, logging in a preset page of the target system;
If the system verification level of the target system is a second system level, generating verification prompt information corresponding to the second system level; and verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if the verification is successful.
In one possible design, the verification prompt information comprises at least one of inserting an online banking shield, inputting a short message verification code, performing fingerprint verification, performing voiceprint verification and performing face verification.
In one possible design, the responding to successfully logging into the digital portal may further comprise:
displaying a login page of the digital portal;
Responding to the login operation aiming at the login page, acquiring a portal login account number and a password corresponding to the login operation, sending the portal login account number and the password to a server, enabling the server to verify the portal login account number and the password, generating a token if the verification is passed, and sending the token to the terminal equipment.
In one possible design, before the determining the system verification level of the target system according to the authority identifier, the method further includes:
Decrypting the token to obtain a time stamp for generating the token and the effective duration of the token;
Determining whether the token is valid or not according to the time stamp of the generated token and the valid duration of the token;
And if so, determining the system verification level of the target system according to the authority identification.
In one possible design, the method further comprises:
Based on a preset period, actively calling a refreshing interface, and acquiring a new effective token from a server.
In one possible design, the logging on the preset page of the target system includes:
determining the function display grade of the target system according to the authority identification;
logging in a preset page of the target system, wherein function inlets of a plurality of function modules matched with the function display grade are displayed in the preset page of the target system.
In one possible design, after the logging in the preset page of the target system, the method further includes:
Responding to touch operation of a function inlet of a target function module in function inlets of a plurality of function modules in the preset page, and logging in the function module;
Responding to the service function provided by the execution function module, and determining the function verification level of the target function module according to the authority identification;
If the function verification level of the target function is a first function level, generating verification prompt information corresponding to the first function level; verifying the first function verification information input by the user based on the verification prompt information corresponding to the first function level, and if the verification is successful, completing the execution of the service function;
If the system verification level of the target system is a second function level, generating verification prompt information corresponding to the second function level; verifying second function verification information input by the user based on the verification prompt information corresponding to the second function level, and if verification is successful, completing the execution of the service function;
the security of the second function verification information is greater than that of the first function verification information.
In a second aspect, an embodiment of the present application provides a multi-system login method, applied to a server, where the method includes:
receiving a portal login account number and a password of a digital portal sent by terminal equipment;
Verifying the portal login account and the password;
If the verification is passed, generating a token according to a unique user identifier corresponding to the portal login account, wherein the token comprises a permission identifier, wherein the permission identifier is used for indicating a corresponding system verification level;
And sending the token to the terminal equipment.
In one possible design, the generating a token according to the unique user identifier corresponding to the portal login account includes:
Combining the unique user identifier and the authority identifier corresponding to the portal login account into a JSON object or character string to obtain token original data;
encrypting the original data based on a preset secret key, and generating a token according to the encrypted original data.
In one possible design, the generating a token according to the unique user identifier corresponding to the portal login account includes:
Recording a timestamp of the generated token;
And generating a token according to the timestamp, the preset effective duration and the unique user identifier corresponding to the portal login account.
In one possible design, after the token is generated according to the timestamp, the preset valid duration and the unique user identifier corresponding to the portal login account, the method further includes:
And if the remaining effective time of the token is less than or equal to the preset duration, automatically generating a new token.
In a third aspect, an embodiment of the present application provides a terminal device, including:
The system comprises a display module, a server, a digital portal, a server and a storage module, wherein the display module is used for receiving a token sent by the server in response to successful authentication of the digital portal and displaying system entries of a plurality of systems associated with the digital portal;
a determining module, configured to determine a system verification level of a target system according to the permission identifier in response to a touch operation of a system portal of the target system among system portals of the plurality of systems;
the login module is used for logging in a preset page of the target system if the system verification level of the target system is a first system level;
The login module is further used for generating verification prompt information corresponding to the second system level if the system verification level of the target system is the second system level, verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if verification is successful.
In a fourth aspect, an embodiment of the present application provides a server, including:
the receiving module is used for receiving the portal login account number and the password of the digital portal sent by the terminal equipment;
the verification module is used for verifying the portal login account and the password;
The generation module is used for generating a token according to the unique user identifier corresponding to the portal login account if verification is passed, wherein the token comprises a permission identifier, and the permission identifier is used for indicating a corresponding system verification level;
and the sending module is used for sending the token to the terminal equipment.
In a fifth aspect, an embodiment of the present application provides an electronic device, including at least one processor and a memory;
the memory stores computer-executable instructions;
The at least one processor executes the computer-executable instructions stored by the memory such that the at least one processor performs the method as described above in the first aspect and the various possible designs of the first aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having stored therein computer executable instructions which, when executed by a processor, implement the method as described in the first aspect and the various possible designs of the first aspect.
In a seventh aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the method as described above for the first aspect and the various possible designs of the first aspect.
The method includes the steps of receiving a token sent by a server in response to successful authentication through a digital portal, displaying system entrances of a plurality of systems associated with the digital portal, wherein the token comprises a permission identifier, determining a system authentication level of a target system according to the permission identifier in response to touch operation of the system entrances of the target system in the system entrances of the plurality of systems, logging in a preset page of the target system if the system authentication level of the target system is a first system level, generating authentication prompt information corresponding to the second system level if the system authentication level of the target system is a second system level, and authenticating the first system authentication information input by a user based on the authentication prompt information corresponding to the second system level if the authentication is successful. According to the method provided by the embodiment, the digital portal is set, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal can be logged in based on the token, the permission identification is embedded in the token when the token is generated, and different systems can be logged in based on the permission identification through verification of different complexity degrees, so that the fine management of risk levels of different systems is realized, potential safety hazards are eliminated, and the convenience and safety of multi-system login are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
Fig. 1 is a schematic diagram of a scenario of a multi-system login method according to an embodiment of the present application;
fig. 2 is a flowchart of a multi-system login method according to an embodiment of the present application;
FIG. 3 is a second flowchart of a multi-system login method according to an embodiment of the present application;
FIG. 4 is an interactive schematic diagram of a multi-system login method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the technical scheme of the application, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the information such as financial data or user data are in accordance with the regulations of related laws and regulations, and the public welfare is not violated.
It should be noted that, in the embodiments of the present application, some existing solutions in the industry such as software, components, models, etc. may be mentioned, and they should be regarded as exemplary, only for illustrating the feasibility of implementing the technical solution of the present application, but it does not mean that the applicant has or must not use the solution.
Currently, banking industry is related to a plurality of systems and platforms for public business, such as internet banking with transfer transaction functions, etc., and a system for querying information. Because the login and authentication mechanisms of the systems are different, users need to memorize and input different account passwords respectively, so that the use is inconvenient. In addition, safety control mechanisms among different systems are inconsistent, so that potential safety hazards are increased.
In order to solve the problems and improve user experience and system security, the inventor of the application researches and discovers that system inlets of a plurality of systems can be integrated by setting a digital portal, so that a token uniquely corresponding to a user is generated after the user logs in the digital portal, and further the system inlets of the systems can be logged in based on the token, and in order to further carry out fine management on risk levels of different systems, authority level information of the user can be added when the token is generated, so that when the system is logged in according to the token, verification of corresponding levels can be carried out based on the authority level information contained in the token, the systems of different risk levels are ensured to be protected to different degrees, and potential safety hazards are eliminated.
Fig. 1 is a schematic diagram of a scenario of a multi-system login method according to an embodiment of the present application. As shown in fig. 1, a terminal apparatus 101 and a server 102 are communicatively connected. The terminal device 101 may be a mobile phone, a tablet computer, a computer, etc., and the server 102 may be a cluster server or a cloud server.
In a specific implementation process, a digital portal is installed in a terminal device 101, the terminal device 101 receives verification information for the digital portal input by a user, the verification information is sent to a server 102 for identity verification, after verification is passed, the server 102 generates a token, the token is sent to the terminal device 101, the terminal device 101 receives the token sent by the server, a plurality of system entrances of systems associated with the digital portal are displayed, the token comprises a permission identifier, a system verification grade of a target system in the system entrances of the systems is determined according to the permission identifier in response to touch operation of the system entrances of the target system, if the system verification grade of the target system is a first system grade, a preset page of the target system is logged in, if the system verification grade of the target system is a second system grade, verification prompt information corresponding to the second system grade is generated, verification is performed on a first system verification information input by the user based on the verification prompt information corresponding to the second system grade, and if verification is successful, a preset page of the target system is logged in. According to the multi-system login method provided by the embodiment of the application, the digital portal is arranged, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal are logged in based on the token, the permission identification is embedded in the token when the token is generated, and different systems can be logged in based on the permission identification through the verification of different complexity degrees, so that the fine management of risk levels of different systems is realized, and the potential safety hazard is eliminated.
It should be noted that, the schematic view of the scenario shown in fig. 1 is only an example, and the multi-system login method and the scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and as a person of ordinary skill in the art can know that, with the evolution of the system and the appearance of a new service scenario, the technical solution provided by the embodiments of the present application is equally applicable to similar technical problems.
The technical scheme of the application is described in detail below by specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 2 is a flowchart of a multi-system login method according to an embodiment of the present application. As shown in fig. 2, the method is applied to a terminal device, and specifically includes:
201. And receiving a token sent by a server in response to successful authentication of the digital portal, and displaying system entries of a plurality of systems associated with the digital portal, wherein the token comprises a permission identifier.
In particular, an enterprise typically has multiple systems to provide different services to users. In order to facilitate user operation, the embodiment builds a unified digital portal by integrating a plurality of channel entrances such as enterprise network banking, consultation platform and the like, so that a user can access all systems after obtaining a unique token, and the login process is simplified. When the digital portal is logged in, the user can input the account number and the password of the digital portal into the terminal equipment so as to verify the identity of the user, and after the verification is passed, a token which is used for logging in each system integrated by the digital portal and uniquely corresponds to the user can be obtained. In addition, the risk levels of different systems are different, so that the access rights and the security levels of the systems are finely managed by adding the rights identification when the token is generated, potential safety hazards are eliminated, and fund loss or information leakage is avoided.
In some embodiments, before the digital portal is successfully logged in, the method further comprises the steps of displaying a login page of the digital portal, responding to a login operation for the login page, acquiring a portal login account and a password corresponding to the login operation, sending the portal login account and the password to a server, enabling the server to verify the portal login account and the password, generating a token if the verification is passed, and sending the token to the terminal equipment.
Specifically, after the terminal equipment installs the application program of the digital portal, after the application program is started, a login page can be displayed, the login page can comprise an input box of an account number and a password, after the terminal equipment receives verification information such as the portal login account number and the password input by a user, the verification information is sent to a server for authentication, after the authentication is passed, a token is generated by the server, and then the token can be sent to the terminal equipment, so that the terminal equipment logs in a plurality of systems associated with the digital portal based on the token.
According to the multi-system login method, the account passwords are adopted to verify the login digital portal, so that users can be managed in a unified mode based on the digital portal, after the user logs in, the user can log in each system through the tokens generated after the user passes the verification through automatic identification, confidentiality is good, and convenience in login is improved.
202. And responding to touch operation of a system inlet of a target system in the system inlets of the systems, and determining the system verification level of the target system according to the permission identification.
Specifically, after verification is successful, system entries of a plurality of systems are displayed in a page, touch operation (such as clicking, long pressing and the like) aiming at one of the system entries is received, a token can be automatically identified, and a system corresponding to the system entry is logged in according to the token. In order to manage risks, in the automatic identification of the token, the permission identification can be extracted, and the verification level of the system pointed by the permission identification is determined, so that the verification of what degree is needed to be performed on the system to be logged in for the user is determined.
In some embodiments, to further increase security, the token may be encrypted to prevent tampering with the token. The method comprises the steps of determining a system verification level of a target system according to a permission identification, decrypting the token to obtain a time stamp for generating the token and the effective time of the token, determining whether the token is effective according to the time stamp for generating the token and the effective time of the token, and determining the system verification level of the target system according to the permission identification if the token is effective.
Specifically, after the user passes the authentication, the authentication server may generate the token based on the unique identification of the user (e.g., user ID), the rights identification (e.g., role, rights level), device information, and other context information. Upon generating the token, the system may embed the user's rights information (e.g., user role, rights level, accessible resources) into the token for subsequent direct use in rights verification. The token content can also be encrypted by adopting a symmetric encryption (such as AES) or an asymmetric encryption (such as RSA) algorithm, so that the security and tamper resistance of the token content are ensured.
In the specific implementation process, the original data is generated firstly, namely the ID, the authority identification, the equipment information and the like of the user are combined into a JSON object or a character string. And secondly, encrypting the original data by using a preset key. Finally, outputting the Token, namely converting the encrypted data into a Token, and returning the Token to the client.
In some embodiments, to ensure continued security of the system and convenient use by the user, the Token may have a certain expiration date and an automatic update mechanism. Specifically, based on a preset period, a refresh interface is actively called, and a new effective token is acquired from a server.
203. And if the system verification level of the target system is the first system level, logging in a preset page of the target system.
204. If the system verification level of the target system is a second system level, generating verification prompt information corresponding to the second system level; and verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if the verification is successful.
In particular, a subdivision of system level security management may be performed for multiple systems. Different role rights are set for different systems. For example, for a financial function system, the highest security level role may be set. When users access the systems, the authenticity of the user identity and the legality of operation are ensured through double verification of the internet banking shield and the short message verification code. Particular embodiments may include the user selecting to access the enterprise network silver after the digital portal logs in. The system prompts the user to insert the internet banking shield and input the short message verification code. After successful verification, the user may perform high risk operations, such as funds transfer. For information-based systems, a lower security level role may be set. The user only needs to perform basic login verification, and no additional security verification measures are needed. The specific implementation mode comprises that after the digital portal logs in, a user selects to access the intelligent E message. The system directly allows access without additional authentication.
In some embodiments, to ensure security, the number of authentication failures may be limited. After the verification of the verification information input by the user based on the verification prompt information corresponding to the second system level, the method can further comprise updating the total number of failures if the verification fails, wherein the total number of failures is the sum of the number of failures of the verification performed by logging in a plurality of systems after the digital portal is successfully logged in, and logging out of the digital portal if the total number of failures is larger than a preset value.
In some embodiments, the method may further include generating verification prompt information corresponding to a third system level if the system verification level of the target system is the third system level, verifying second system verification information input by a user based on the verification prompt information corresponding to the third system level, and logging in a preset page of the target system if verification is successful, wherein the security of the second system verification information is greater than that of the first system verification information.
In some embodiments, the verification prompt information comprises at least one of inserting an online banking shield, inputting a short message verification code, performing fingerprint verification, performing voiceprint verification and performing face verification.
In particular, different system levels may be used to perform verification of different degrees of complexity, e.g., verification types may be superimposed, with more superimposed indicating higher complexity. For example, the complexity is low to high, the user needs to log in directly by verification, and the internet banking shield and short message verification code, the internet banking shield, short message verification, fingerprint verification and the like are needed.
In some embodiments, in order to refine and manage the risk level of the functional module, different functional modules may be presented for different users. The method for logging in the preset page of the target system comprises the steps of determining the function display grade of the target system according to the authority identification, and logging in the preset page of the target system, wherein the preset page of the target system is displayed with function inlets of a plurality of function modules matched with the function display grade.
In some embodiments, to refine the management of the risk level of the functional module, verification level settings of different functional modules may be made for different users. The method comprises the steps of logging in a preset page of a target system, responding to touch operation of a function inlet of the target function module in function inlets of a plurality of function modules in the preset page, logging in the function module, responding to service function provided by executing the function module, determining a function verification level of the target function module according to the authority identification, generating verification prompt information corresponding to the first function level if the function verification level of the target function is the first function level, verifying the first function verification information input by a user based on the verification prompt information corresponding to the first function level, completing execution of the service function if verification is successful, generating verification prompt information corresponding to the second function level if the system verification level of the target system is the second function level, verifying the second function verification information input by the user based on the verification prompt information corresponding to the second function level if verification is successful, and completing execution of the service function if verification is successful, wherein the security of the second function verification information is greater than that of the first function verification information.
Specifically, in the system, grading processing is performed according to risk levels of different functions, namely, aiming at low-risk functions such as user personal account transaction in enterprise network bank, the user can finish operation only by verifying short messages or passwords. The method comprises the steps that a user selects to perform personal account operation, a system prompts the user to input a short message verification code or a password, and the user completes the operation after verification is successful. Aiming at high risk functions, such as money exchange transaction with other people in an enterprise bank, a user needs to verify a short message or a password, and needs to perform secondary verification through an internet bank shield so as to ensure transaction safety. Particular embodiments include a user selecting to conduct a money transfer transaction with another person. The system prompts the user to insert the internet banking shield and input a short message verification code or a password. After verification is successful, the user completes the transaction.
In the embodiment, the safety of the system is effectively improved through the safety hierarchical control mechanism of the system level and the function level, and the safety requirements of different risk operations are met. The access rights and the security verification modes of different systems and functions are finely designed, so that the operation security is ensured.
As can be seen from the above description, the multi-system login method provided by the embodiment of the application sets the digital portal, generates the token after the digital portal passes the authentication of the digital portal successfully, logs in each system in the digital portal based on the token, embeds the permission identifier when generating the token, and logs in different systems through the authentication of different complexity based on the permission identifier, thereby realizing the fine management of the risk levels of different systems and eliminating the potential safety hazard. The unified safety control mechanism ensures the safety consistency among the systems and reduces the potential safety risk. The strict verification mode and authority setting ensure that high-risk operation is fully protected, and the possibility of capital loss and information leakage is reduced.
Fig. 3 is a second flowchart of a multi-system login method according to an embodiment of the present application. As shown in fig. 3, the method includes:
301. And receiving the portal login account number and the password of the digital portal, which are sent by the terminal equipment.
302. And verifying the portal login account and the password.
303. If the verification is passed, a token is generated according to the unique user identifier corresponding to the portal login account, the token comprises a permission identifier, the permission identifier is used for indicating a corresponding system verification level, and different system verification levels correspond to different verification complexity.
304. And sending the token to the terminal equipment.
Specifically, in the process of logging in the digital portal, the terminal equipment receives a portal login account and a password input by a user aiming at the digital portal, and sends the account and the password to the server for verification. After passing the verification, the server generates a token according to the unique identification (such as a portal login account) of the user, and embeds a permission identification in the token generation process so as to carry out refined permission management based on the token when logging in each system. In the embodiment, the user can obtain the unique Token to access all systems only by logging in the digital portal once, so that the user experience is improved, and the complicated operation of repeated logging is reduced.
In some embodiments, to further increase security, the token may be encrypted to prevent tampering with the token. The generating the token according to the user unique identifier corresponding to the portal login account can comprise the steps of combining the user unique identifier corresponding to the portal login account and the authority identifier into a JSON object or character string to obtain token original data, encrypting the original data based on a preset secret key, and generating the token according to the encrypted original data.
Specifically, after the user passes the authentication, the authentication server may generate the token based on the unique identification of the user (e.g., user ID), the rights identification (e.g., role, rights level), device information, and other context information. Upon generating the token, the system may embed the user's rights information (e.g., user role, rights level, accessible resources) into the token for subsequent direct use in rights verification. The token content can also be encrypted by adopting a symmetric encryption (such as AES) or an asymmetric encryption (such as RSA) algorithm, so that the security and tamper resistance of the token content are ensured.
In the specific implementation process, the original data is generated firstly, namely the ID, the authority identification, the equipment information and the like of the user are combined into a JSON object or a character string. And secondly, encrypting the original data by using a preset key. Finally, outputting the Token, namely converting the encrypted data into a Token, and returning the Token to the client.
In some embodiments, the Token may have a certain expiration date in order to ensure continued security of the system and convenient use by the user. The method comprises the steps of recording a time stamp of a generated token according to a user unique identifier corresponding to the portal login account, and generating the token according to the time stamp, preset effective duration and the user unique identifier corresponding to the portal login account.
In some embodiments, in order to ensure the validity of the token, an automatic update mechanism of the token may be set, and specifically, after the token is generated according to the timestamp, the preset valid duration and the unique user identifier corresponding to the portal login account, the method further includes automatically generating a new token if the remaining valid time of the token is less than or equal to the preset duration.
Specifically, an effective duration may be set, and the token is valid within the effective duration from the generation time, and is determined to be invalid if the effective duration is exceeded. The system may configure the "automatic renewal" or "manual refresh" function of the token, updating the effective duration when the token is about to expire or be refreshed.
Illustratively, the server records the time stamp of the token generation in the token by adding a valid duration field (e.g., 30 minutes) at the time of token generation. The validity period field is added at token generation, for example, 30 minutes. The validity period may be determined by examining the time stamp after decrypting the token to determine if it has expired. When a token is about to fail, the system may provide a refresh mechanism to generate a new token that continues the user's session.
In the process of verifying the validity of the token, when a system in the terminal equipment receives a request containing the token, information such as user information, authority identification, valid duration and the like is extracted from the token, and authority verification and invalidation check are carried out. And the system checks whether the user has the authority for executing the request operation according to the analyzed authority identification. During the verification process, the system will check the time stamp and validity period fields of the token to ensure that the token is in use during the validity period. The terminal equipment decrypts the token, extracts the authority information and the effective duration, checks whether the authority information accords with the authority requirement of the request operation, checks whether the effective duration is expired, refuses access and prompts to log in again if the token is expired.
After the token is set to a valid duration for security, one way to ensure a continuous valid re-issuance mechanism for the token is to automatically renew the system for a specific time window immediately before the token fails, e.g., to generate a new token for the last 10 minutes and return it to the client. Another way is active refresh-the client may request a refresh token to ensure the persistence of the session. When the token is refreshed, the system regenerates the token and updates the validity period.
Specifically, when the token will expire (e.g., within 10 minutes), the system automatically generates a new token and updates the validity period. The client can actively call the refresh interface to acquire a new valid token.
In summary, the token generation is that the token is generated based on the user ID and the authority identification, the authority information is ensured to be embedded in the token, and the encryption processing ensures the security. And the failure mechanism is used for setting effective duration when the token is generated, supporting an automatic renewal or active refreshing mechanism and ensuring the continuity of the session. And (3) validity verification, namely obtaining authority information and valid duration by decrypting the token when the system receives the request, and performing authority verification and expiration check to ensure the validity of the token. Reissue-the system supports a reissue mechanism for tokens to cope with expiration and invalidation of tokens.
According to the multi-system login method, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal can be logged in based on the token, the permission identification is embedded in the token when the token is generated, different systems can be logged in based on the permission identification through verification of different complexity degrees, fine management of risk levels of the different systems is achieved, and potential safety hazards are eliminated.
Fig. 4 is an interaction schematic diagram of a multi-system login method according to an embodiment of the present application. As shown in fig. 4, the method includes:
401. the terminal device displays a landing page of the digital portal.
402. And the terminal equipment receives touch operation of a user aiming at the login page.
403. And the terminal equipment sends the portal login account and the password corresponding to the touch operation and aiming at the digital portal to the server.
404. And the server verifies the portal login account and the password.
405. If the verification is passed, the server generates a token according to the unique user identifier corresponding to the portal login account, wherein the token comprises a permission identifier, the permission identifier is used for indicating a corresponding system verification level, and different system verification levels correspond to different verification complexity.
406. And the server sends the token to the terminal equipment.
407. And the terminal equipment responds to the successful authentication passing through the digital portal, receives the token sent by the server, and displays the system entries of a plurality of systems associated with the digital portal, wherein the token comprises a permission identifier.
408. And responding to touch operation of a system inlet of a target system in the system inlets of the systems, and determining the system verification level of the target system according to the permission identification.
409. And if the system verification level of the target system is the first system level, logging in a preset page of the target system.
410. If the system verification level of the target system is a second system level, generating verification prompt information corresponding to the second system level; and verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if the verification is successful.
According to the multi-system login method provided by the embodiment, the digital portal is set, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal can be logged in based on the token, the permission identification is embedded in the token when the token is generated, and different systems can be logged in based on the permission identification through the verification of different complexity degrees, so that the fine management of risk levels of the different systems is realized, and the potential safety hazard is eliminated.
Fig. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 5, the terminal device 50 includes a display module 501, a determination module 502, and a login module 503.
And the display module 501 is used for receiving a token sent by the server in response to successful authentication of the digital portal and displaying system entries of a plurality of systems associated with the digital portal, wherein the token comprises a permission identifier.
A determining module 502, configured to determine a system verification level of a target system according to the permission identifier in response to a touch operation of a system portal of the target system in system portals of the multiple systems.
A login module 503, configured to login to a preset page of the target system if the system verification level of the target system is the first system level.
The login module 503 is further configured to generate verification prompt information corresponding to a second system level if the system verification level of the target system is the second system level, and verify the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and login a preset page of the target system if the verification is successful.
According to the service network initiating equipment provided by the embodiment of the application, the digital portal is arranged, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal are logged in based on the token, the permission identification is embedded in the token when the token is generated, and different systems can be logged in based on the permission identification through the verification of different complexity degrees, so that the fine management of the risk levels of the different systems is realized, and the potential safety hazard is eliminated.
In some embodiments, the verification prompt information comprises at least one of inserting an online banking shield, inputting a short message verification code, performing fingerprint verification, performing voiceprint verification and performing face verification.
In some embodiments, display module 501 is also used to display a landing page of a digital portal;
Responding to the login operation aiming at the login page, acquiring a portal login account number and a password corresponding to the login operation, sending the portal login account number and the password to a server, enabling the server to verify the portal login account number and the password, generating a token if the verification is passed, and sending the token to the terminal equipment.
In some embodiments, the determining module 502 is specifically configured to decrypt the token to obtain a time stamp for generating the token and a valid duration of the token, determine whether the token is valid according to the time stamp for generating the token and the valid duration of the token, and if so, determine a system verification level of the target system according to the permission identifier.
In some embodiments, the login module 503 is further configured to actively invoke the refresh interface to obtain a new valid token from the server based on a preset period.
In some embodiments, the login module 503 is specifically configured to determine a function display level of the target system according to the permission identifier, and login a preset page of the target system, where function entries of a plurality of function modules that match the function display level are displayed in the preset page of the target system.
In some embodiments, the login module 503 is further configured to login the function module in response to a touch operation for a function entry of a target function module in function entries of the plurality of function modules in the preset page, determine a function verification level of the target function module according to the permission identifier in response to executing a service function provided by the function module, generate verification prompt information corresponding to a first function level if the function verification level of the target function is the first function level, verify first function verification information input by a user based on the verification prompt information corresponding to the first function level, complete execution of the service function if verification is successful, generate verification prompt information corresponding to a second function level if a system verification level of the target system is the second function level, verify second function verification information input by the user based on the verification prompt information corresponding to the second function level, complete execution of the service function if verification is successful, and ensure that security of the second function verification information is greater than that of the first function verification information.
The terminal device provided by the embodiment of the present application may be used to execute the above embodiment of the method using the terminal device as an execution body, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application. As shown in fig. 6, the server 60 includes a receiving module 601, a verifying module 602, a generating module 603, and a transmitting module 604.
And the receiving module 601 is configured to receive a portal login account number and a password of the digital portal sent by the terminal device.
And the verification module 602 is configured to verify the portal login account id and the password.
The generating module 603 is configured to generate a token according to a unique user identifier corresponding to the portal login account if the verification passes, where the token includes a permission identifier, the permission identifier is used to indicate a corresponding system verification level, and different system verification levels correspond to different verification complexities.
And the sending module 604 is configured to send the token to the terminal device.
According to the service network initiating equipment provided by the embodiment of the application, the digital portal is arranged, after the identity verification of the digital portal is successfully passed, the token is generated, so that all systems in the digital portal are logged in based on the token, the permission identification is embedded in the token when the token is generated, and different systems can be logged in based on the permission identification through the verification of different complexity degrees, so that the fine management of the risk levels of the different systems is realized, and the potential safety hazard is eliminated.
In some embodiments, the generating module 603 is specifically configured to combine the unique identifier of the user corresponding to the portal login account and the permission identifier into a JSON object or a character string to obtain token original data, encrypt the original data based on a preset key, and generate a token according to the encrypted original data.
In some embodiments, the generating module 603 is specifically configured to record a timestamp of the generated token, and generate the token according to the timestamp, a preset valid duration, and a unique user identifier corresponding to the portal login account.
In some embodiments, the generating module 603 is further configured to automatically generate a new token if the remaining validity time of the token is less than or equal to a preset duration.
The server provided by the embodiment of the present application may be used to execute the above embodiment of the method using the server as the execution body, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
Fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application, where the device may be a computer, a tablet device, a server, etc.
The device 70 may include one or more of a processing component 701, a memory 702, a power component 703, a multimedia component 704, an audio component 705, an input/output (I/O) interface 706, a sensor component 707, and a communication component 708.
The processing component 701 generally controls overall operation of the device 70, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 701 may include one or more processors 709 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 701 may include one or more modules that facilitate interactions between the processing component 701 and other components. For example, the processing component 701 may include a multimedia module to facilitate interaction between the multimedia component 704 and the processing component 701.
The memory 702 is configured to store various types of data to support operations at the device 70. Examples of such data include instructions for any application or method operating on device 70, contact data, phonebook data, messages, pictures, video, and the like. The memory 702 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply assembly 703 provides power to the various components of the device 70. The power supply components 703 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device 70.
The multimedia component 704 includes a screen between the device 70 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, multimedia component 704 includes a front-facing camera and/or a rear-facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 70 is in an operational mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
The audio component 705 is configured to output and/or input audio signals. For example, the audio component 705 includes a Microphone (MIC) configured to receive external audio signals when the device 70 is in an operational mode, such as a call mode, a recording mode, and a speech recognition mode. The received audio signals may be further stored in the memory 702 or transmitted via the communication component 708. In some embodiments, the audio component 705 further comprises a speaker for outputting audio signals.
The I/O interface 706 provides an interface between the processing component 701 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to, a home button, a volume button, an activate button, and a lock button.
Sensor assembly 707 includes one or more sensors for providing status assessment of various aspects of device 70. For example, sensor assembly 707 may detect an on/off state of device 70, a relative positioning of the components, such as a display and keypad of device 70, sensor assembly 707 may also detect a change in position of device 70 or a component of device 70, the presence or absence of user contact with device 70, a change in orientation or acceleration/deceleration of device 70, and a change in temperature of device 70. The sensor assembly 707 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 707 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 707 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 708 is configured to facilitate communication between the device 70 and other devices, either wired or wireless. The device 70 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In one exemplary embodiment, the communication component 708 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 708 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the device 70 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 702, including instructions executable by processor 709 of device 70 to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
The computer readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk. A readable storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. In the alternative, the readable storage medium may be integral to the processor. The processor and the readable storage medium may reside in an Application SPECIFIC INTEGRATED Circuits (ASIC). The processor and the readable storage medium may reside as discrete components in a device.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of implementing the various method embodiments described above may be implemented by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs the steps comprising the method embodiments described above, and the storage medium described above includes various media capable of storing program code, such as ROM, RAM, magnetic or optical disk.
The embodiment of the application also provides a computer program product, which comprises a computer program, wherein the computer program realizes the multi-system login method executed by the multi-system login device when being executed by a processor.
It should be noted that the above embodiments are merely for illustrating the technical solution of the present application and not for limiting the same, and although the present application has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that the technical solution described in the above embodiments may be modified or some or all of the technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the scope of the technical solution of the embodiments of the present application.

Claims (16)

1. A multi-system login method, applied to a terminal device, the method comprising:
receiving a token sent by a server in response to successful authentication of a digital portal, and displaying system entries of a plurality of systems associated with the digital portal;
responding to touch operation of a system inlet of a target system in system inlets of the systems, and determining a system verification level of the target system according to the permission identification;
if the system verification level of the target system is the first system level, logging in a preset page of the target system;
If the system verification level of the target system is a second system level, generating verification prompt information corresponding to the second system level; and verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if the verification is successful.
2. The method of claim 1, wherein the verification prompt includes at least one of inserting an online banking shield, entering a short message verification code, performing fingerprint verification, performing voiceprint verification, and performing face verification.
3. The method of claim 1, wherein the responding to successfully logging into the digital portal is preceded by:
displaying a login page of the digital portal;
Responding to the login operation aiming at the login page, acquiring a portal login account number and a password corresponding to the login operation, sending the portal login account number and the password to a server, enabling the server to verify the portal login account number and the password, generating a token if the verification is passed, and sending the token to the terminal equipment.
4. The method of claim 1, wherein prior to determining the system authentication level of the target system based on the permission identification, further comprising:
Decrypting the token to obtain a time stamp for generating the token and the effective duration of the token;
Determining whether the token is valid or not according to the time stamp of the generated token and the valid duration of the token;
And if so, determining the system verification level of the target system according to the authority identification.
5. The method according to claim 4, wherein the method further comprises:
Based on a preset period, actively calling a refreshing interface, and acquiring a new effective token from a server.
6. The method according to any one of claims 1-5, wherein the logging into the preset page of the target system comprises:
determining the function display grade of the target system according to the authority identification;
logging in a preset page of the target system, wherein function inlets of a plurality of function modules matched with the function display grade are displayed in the preset page of the target system.
7. The method according to any one of claims 1-5, further comprising, after the logging into the preset page of the target system:
Responding to touch operation of a function inlet of a target function module in function inlets of a plurality of function modules in the preset page, and logging in the function module;
Responding to the service function provided by the execution function module, and determining the function verification level of the target function module according to the authority identification;
If the function verification level of the target function is a first function level, generating verification prompt information corresponding to the first function level; verifying the first function verification information input by the user based on the verification prompt information corresponding to the first function level, and if the verification is successful, completing the execution of the service function;
If the system verification level of the target system is a second function level, generating verification prompt information corresponding to the second function level; verifying second function verification information input by the user based on the verification prompt information corresponding to the second function level, and if verification is successful, completing the execution of the service function;
the security of the second function verification information is greater than that of the first function verification information.
8. A multi-system login method, applied to a server, comprising:
receiving a portal login account number and a password of a digital portal sent by terminal equipment;
Verifying the portal login account and the password;
If the verification is passed, generating a token according to a unique user identifier corresponding to the portal login account, wherein the token comprises a permission identifier, wherein the permission identifier is used for indicating a corresponding system verification level;
And sending the token to the terminal equipment.
9. The method of claim 8, wherein the generating a token according to the unique user identifier corresponding to the portal login account comprises:
Combining the unique user identifier and the authority identifier corresponding to the portal login account into a JSON object or character string to obtain token original data;
encrypting the original data based on a preset secret key, and generating a token according to the encrypted original data.
10. The method according to claim 8 or 9, wherein the generating a token according to the unique user identifier corresponding to the portal login account includes:
Recording a timestamp of the generated token;
And generating a token according to the timestamp, the preset effective duration and the unique user identifier corresponding to the portal login account.
11. The method of claim 10, wherein after the generating the token according to the timestamp, the preset valid duration, and the unique user identifier corresponding to the portal login account, further comprises:
And if the remaining effective time of the token is less than or equal to the preset duration, automatically generating a new token.
12. A terminal device, comprising:
The system comprises a display module, a server, a digital portal, a server and a storage module, wherein the display module is used for receiving a token sent by the server in response to successful authentication of the digital portal and displaying system entries of a plurality of systems associated with the digital portal;
a determining module, configured to determine a system verification level of a target system according to the permission identifier in response to a touch operation of a system portal of the target system among system portals of the plurality of systems;
the login module is used for logging in a preset page of the target system if the system verification level of the target system is a first system level;
The login module is further used for generating verification prompt information corresponding to the second system level if the system verification level of the target system is the second system level, verifying the first system verification information input by the user based on the verification prompt information corresponding to the second system level, and logging in a preset page of the target system if verification is successful.
13. A server for a server, which comprises a server and a server, characterized by comprising the following steps:
the receiving module is used for receiving the portal login account number and the password of the digital portal sent by the terminal equipment;
the verification module is used for verifying the portal login account and the password;
The generation module is used for generating a token according to the unique user identifier corresponding to the portal login account if verification is passed, wherein the token comprises a permission identifier, and the permission identifier is used for indicating a corresponding system verification level;
and the sending module is used for sending the token to the terminal equipment.
14. An electronic device comprising at least one processor and a memory;
the memory stores computer-executable instructions;
The at least one processor executing computer-executable instructions stored in the memory causes the at least one processor to perform the multi-system login method of any one of claims 1 to 11.
15. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor implement the multi-system login method of any one of claims 1 to 11.
16. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the multi-system login method of any one of claims 1 to 11.
CN202411696502.2A 2024-11-25 2024-11-25 Multi-system login methods, devices, storage media and program products Active CN119583150B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411696502.2A CN119583150B (en) 2024-11-25 2024-11-25 Multi-system login methods, devices, storage media and program products

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411696502.2A CN119583150B (en) 2024-11-25 2024-11-25 Multi-system login methods, devices, storage media and program products

Publications (2)

Publication Number Publication Date
CN119583150A true CN119583150A (en) 2025-03-07
CN119583150B CN119583150B (en) 2025-12-26

Family

ID=94801029

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411696502.2A Active CN119583150B (en) 2024-11-25 2024-11-25 Multi-system login methods, devices, storage media and program products

Country Status (1)

Country Link
CN (1) CN119583150B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119783081A (en) * 2025-03-10 2025-04-08 深圳市沃信达科技有限公司 Security control method, apparatus, and storage medium
CN120151120A (en) * 2025-05-16 2025-06-13 北京国联政信科技有限公司 An identity authentication method based on USB-KEY device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132402A (en) * 2021-04-27 2021-07-16 奇安信科技集团股份有限公司 Single sign-on method and system
CN114189375A (en) * 2021-12-06 2022-03-15 银清科技有限公司 Business system management method and device
CN116720166A (en) * 2023-06-14 2023-09-08 招商银行股份有限公司 User management method, device, terminal equipment and storage medium
CN117040861A (en) * 2023-08-17 2023-11-10 重庆赛力斯新能源汽车设计院有限公司 Multisystem fusion login method and device, electronic equipment and storage medium
CN117522096A (en) * 2023-11-01 2024-02-06 成都数之联科技股份有限公司 Construction method, device, equipment and medium of digital oilfield system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132402A (en) * 2021-04-27 2021-07-16 奇安信科技集团股份有限公司 Single sign-on method and system
CN114189375A (en) * 2021-12-06 2022-03-15 银清科技有限公司 Business system management method and device
CN116720166A (en) * 2023-06-14 2023-09-08 招商银行股份有限公司 User management method, device, terminal equipment and storage medium
CN117040861A (en) * 2023-08-17 2023-11-10 重庆赛力斯新能源汽车设计院有限公司 Multisystem fusion login method and device, electronic equipment and storage medium
CN117522096A (en) * 2023-11-01 2024-02-06 成都数之联科技股份有限公司 Construction method, device, equipment and medium of digital oilfield system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119783081A (en) * 2025-03-10 2025-04-08 深圳市沃信达科技有限公司 Security control method, apparatus, and storage medium
CN119783081B (en) * 2025-03-10 2025-07-25 深圳市沃信达科技有限公司 Security control method, apparatus, and storage medium
CN120151120A (en) * 2025-05-16 2025-06-13 北京国联政信科技有限公司 An identity authentication method based on USB-KEY device

Also Published As

Publication number Publication date
CN119583150B (en) 2025-12-26

Similar Documents

Publication Publication Date Title
EP3657370B1 (en) Methods and devices for authenticating smart card
US10812460B2 (en) Validation system utilizing dynamic authentication
CN119583150B (en) Multi-system login methods, devices, storage media and program products
CN112380511B (en) Account control method, device, equipment and computer readable storage medium
CN109146470B (en) Method and device for generating payment code
JP2018532301A (en) User authentication method and apparatus
CN107230060B (en) A method and device for reporting the loss of an account
CA2794398A1 (en) Authentication method and system using mobile terminal
CN110826043A (en) Digital identity application system and method, identity authentication system and method
KR101639147B1 (en) Method, device, program and storage medium for sending information in voice service
CN104715337A (en) Attendance method, and attendance management method and device
US11936649B2 (en) Multi-factor authentication
CN111368232A (en) Password sharing reflux method and device, electronic equipment and storage medium
CN112087411B (en) System, method and device for authorization processing and electronic equipment
CN113055169A (en) Data encryption method and device, electronic equipment and storage medium
CN114221764A (en) Public key updating method, device and equipment based on block chain
CN113328971A (en) Access resource authentication method and device and electronic equipment
CN111917728A (en) Password verification method and device
US9667784B2 (en) Methods and devices for providing information in voice service
CN109804608B (en) Provides access to structured stored data
CN114189344A (en) Delegated authorization processing method, device and electronic equipment
CN114826556B (en) Front-end code processing method and device
CN111179522A (en) Self-service equipment program installation method, device and system
CN117421715A (en) Authority management method, device, electronic equipment and storage medium
CN116488889A (en) Security policy management method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant