WO2018099407A1 - Account authentication login method and device - Google Patents
Account authentication login method and device Download PDFInfo
- Publication number
- WO2018099407A1 WO2018099407A1 PCT/CN2017/113648 CN2017113648W WO2018099407A1 WO 2018099407 A1 WO2018099407 A1 WO 2018099407A1 CN 2017113648 W CN2017113648 W CN 2017113648W WO 2018099407 A1 WO2018099407 A1 WO 2018099407A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- customer identification
- identification identifier
- authentication
- status information
- terminal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004590 computer program Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 8
- 230000011664 signaling Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/037—Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present application relates to the field of communications, and in particular, to an account authentication login method and apparatus.
- a third-party login system such as WeChat, QQ, goole account or Apple id.
- the server sends the SMS verification code, and the user inputs the verification code to log in.
- the user needs to manually input the user name or password, and the third-party authentication requires a third-party account to be used, and the login by the SMS verification code also requires the user to input the mobile phone number and the SMS verification code.
- the user operation is more responsible, resulting in poor usability of these methods, affecting the user experience, and it is difficult to directly use the phone number and the internal feature code of the terminal to log in. Guarantee if you lose your hand Opportunities cause large losses.
- the embodiment of the invention provides an account authentication login method and device, which are used to solve the problem that the authentication login method is complicated in the related art.
- an account authentication login method including: acquiring a customer identification identifier of a terminal; and acquiring, by the customer identification identifier of the terminal, the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier; And determining whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
- the customer identification identifier comprises: a global subscriber identity card USIM number or a customer identification module SIM number.
- the method further includes: after obtaining the customer identification identifier of the terminal and authenticating the mobile identification network of the terminal to the mobile network registered by the terminal, the authentication status information of the customer identification identifier is saved, where the authentication status information includes: The identification identifier is authenticated by the mobile network or the customer identification identifier does not pass the authentication of the mobile network; determining whether the current authentication login is passed according to the authentication status information of the customer identification identifier, including: registering with the customer identification identifier according to the customer identification identifier of the terminal After the mobile network obtains the authentication status information of the customer identification identifier, if the authentication status information of the customer identification identifier indicates that the customer identification identifier has passed the authentication of the mobile network, it is determined that the current authentication login is passed, and if the authentication status information of the customer identification identifier indicates the customer identification identifier If the authentication of the mobile network is not passed, it is determined that the current authentication login has not passed.
- the method further includes: saving the authentication status information of the customer identification identifier to the authentication status record server before acquiring the client identification identifier of the terminal and authenticating the mobile network registered by the terminal with the client identification identifier of the terminal. ; identify the customer according to the customer identification of the terminal Obtaining the authentication status information of the customer identification identifier by the registered mobile network, including: sending the customer identification identifier to the authentication status record server on the mobile network side, and receiving the authentication status information of the customer identification identifier sent by the authentication status record server.
- obtaining the customer identification identifier of the terminal includes: receiving the externally input customer identification identifier, or directly acquiring the pre-stored customer identification identifier.
- obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal including: encrypting the terminal identification identifier of the terminal and transmitting the identifier to the mobile network; and receiving the encrypted transmission sent by the mobile network.
- an account authentication and registration device including: a first obtaining module, configured to acquire a customer identification identifier of the terminal; and a second obtaining module configured to identify the customer according to the customer identification identifier of the terminal Identifying the authentication status information of the registered mobile network to obtain the customer identification identifier; and the authentication module, configured to determine whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
- the customer identification identifier comprises: a global subscriber identity card USIM number or a customer identification module SIM number.
- the foregoing apparatus further includes: a first saving module, configured to save the authentication status information of the customer identification identifier after acquiring the customer identification identifier of the terminal and authenticating the mobile identification network registered by the terminal with the customer identification identifier of the terminal
- the authentication status information includes: the customer identification identifier authenticates the authentication through the mobile network or the client identification identifier does not pass the authentication of the mobile network; the authentication module is configured to: obtain the customer identification from the mobile network registered according to the customer identification identifier of the terminal to the customer identification identifier. After the identified authentication status information, if the authentication status information of the customer identification indicator indicates that the customer identification number has been After the authentication by the mobile network, it is determined that the current authentication login is passed. If the authentication status information of the customer identification identifier indicates that the customer identification identifier has not passed the authentication of the mobile network, it is determined that the current authentication login fails.
- the foregoing apparatus further includes: a second saving module, configured to: after obtaining the customer identification identifier of the terminal and after authenticating the mobile network registered by the terminal with the customer identification identifier of the terminal, verifying the authentication status information of the customer identification identifier
- the second acquisition module is configured to: send the customer identification identifier to the authentication status record server on the mobile network side, and receive the authentication status information of the customer identification identifier sent by the authentication status record server.
- the first obtaining module is configured to: receive the externally input customer identification identifier, or directly obtain the pre-stored customer identification identifier.
- the second obtaining module includes: an encryption unit, configured to encrypt the client identification identifier of the terminal and send the information to the mobile network; and the receiving unit is configured to receive the authentication status information of the encrypted customer identification identifier sent by the mobile network; The decryption unit is configured to decrypt the authentication status information of the encrypted customer identification identifier, and obtain the authentication status information of the decrypted customer identification identifier.
- an electronic device includes at least one processor and a memory coupled to the at least one processor, the memory for storing instructions executable by the at least one processor, the instructions being executed by the at least one processor And causing the at least one processor to execute the account authentication login method in the above embodiment.
- a non-transitory storage medium storing computer executable instructions configured to perform the account authentication login method described above is provided.
- a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program When the instructions are executed by the computer, causing the computer to perform the above Account authentication login method.
- the login of the third-party platform is performed by using the authentication result of the customer identification number by the mobile network, and the security of the authentication login is improved, and the security of the authentication login is also improved.
- FIG. 1 is a flowchart of an account authentication login method provided in a first embodiment of the present invention
- FIG. 2 is a flowchart of an account authentication login method provided in a second embodiment of the present invention.
- FIG. 3 is a signaling flowchart of an account authentication login method provided in a third embodiment of the present invention.
- FIG. 4 is a structural block diagram of an account authentication and registration device provided in a fourth embodiment of the present invention.
- the mobile phone Before the USIM (Universal Subscriber Identity Module) card is used in the mobile network, the mobile phone needs to perform AKA (Authentication and Key Agreement) authentication and key agreement with the USIM card. After the authentication is passed, the USIM card can use the current network resources to perform data services or voice services.
- AKA Authentication and Key Agreement
- the USIM card can use the current network resources to perform data services or voice services.
- the inventor considers that since the above authentication process already exists, this process is reused in the authentication login process of the third party application or other port, thereby omitting the user's process of inputting the authentication password and the verification, and the authentication process is more secure.
- the LTE network uses the USIM card, which has higher security requirements than the 2/3G SIM card.
- the 128 cryptographic algorithm used by the USIM is MILLENAGE. The algorithm is mature, difficult to crack, and through two-way authentication and chain. Layer layer encryption, only legitimate users can use the carrier's LTE network The network is sufficient to ensure the safety of the user.
- the method of the present invention is not limited to the USIM card, and is also applicable to the SIM (Subscriber Identification Module).
- the USIM authentication process (also called the authentication process) is performed between the USIM and the base station, and the user and the third party.
- the login platform does not participate in the process, and the process cannot be known. This ensures the security of the authentication information and at the same time guarantees the uniqueness of the authentication information.
- the mobile network is developing rapidly, LTE is widely used, and the security of the USIM card has been greatly improved. If the mobile phone number can be directly used as the user account, the mobile network authentication information is guaranteed, and the account is completed by the operator.
- the security legality verification eliminates the user's input of the authentication password or the SMS verification code for authentication, which not only facilitates the user's use, but also improves the security.
- FIG. 1 is a flowchart of the method. As shown in FIG. 1, the method includes steps 101 to 103.
- step 101 acquire a customer identification identifier of the terminal.
- the client identification identifier may specifically be a client identification number.
- the terminal when the terminal determines to use the customer identification number as the user account for the authentication login, the terminal identifies the customer identification identifier.
- the customer identification identifier involved in this embodiment may refer to a USIM number or a SIM number.
- Obtaining the customer identification identifier of the terminal may include: receiving the customer identification identifier of the external input (the user inputs through the authentication login page), or directly obtaining the customer identification identifier, specifically, the terminal may be obtained from the terminal.
- the customer identification identifier is obtained in the middle or external storage space, such as a SIM card.
- step 102 the authentication status information of the customer identification identifier is obtained from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal.
- the method provided in this embodiment saves the authentication status information of the customer identification identifier after the client identification identifier of the terminal is authenticated to the mobile network registered by the terminal, and the authentication status information may include: the authentication of the customer identification identifier through the mobile network or the identification of the client.
- the authentication status information of the customer identification identifier obtained in the step 102 is the authentication status information stored after the customer identification identifier is authenticated on the mobile network.
- a dedicated server may be used to store the authentication status information of the customer identification identifier, so that the authentication status information obtained in this embodiment may be performed by the server. Based on this, in the embodiment, after the client identification identifier of the terminal is authenticated to the mobile network registered by the terminal, the authentication status information of the customer identification identifier is saved to the authentication status record server, and the client identifier and the client identifier are recorded.
- a user data server in the user storage authentication state at the base station end that is, an authentication status record server
- the role of the server is to provide authentication information of the current client identification identifier encrypted by the relevant website or interface. It is possible to directly identify the secure login website or other interface through the customer identification, and the newly added server can be directly provided by the operator, so that the transmission of the authentication data (which may include the authentication information of the customer identification identifier) can be reduced.
- the node also reduces the risk of the authentication data being cracked.
- the authentication status information may be obtained by using the encryption method.
- the user may obtain the authentication status information of the customer identification identifier according to the customer identification identifier of the terminal.
- the client identification identifier of the terminal is encrypted and sent to the mobile network; the authentication status information of the encrypted customer identification identifier sent by the mobile network is received; the authentication status information of the encrypted customer identification identifier is decrypted, and the decrypted customer identification identifier is obtained.
- Authentication status information is obtained by using the encryption method.
- step 103 it is determined whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
- the terminal After obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal, if the authentication status information of the customer identification identifier indicates that the customer identification identifier has passed the authentication of the mobile network, determining the current authentication login If the authentication status information of the customer identification identifier indicates that the customer identification identifier does not pass the authentication of the mobile network, it is determined that the current authentication login fails.
- the solution provided in this embodiment can improve the efficiency of authentication login.
- This embodiment describes the entire process of performing authentication login for the account authentication login method.
- the process includes steps 201 through 209.
- step 201 the terminal initiates a login application.
- step 202 the user confirms the selection to use the mobile phone number to directly authenticate the login through the terminal, if the user does not select the mobile phone number to log in directly, use other methods to log in, go to step 207;
- step 203 after the user selects to use the mobile phone number for authentication and login, the login interface obtains the mobile phone number or the user manually inputs the mobile phone number, and obtains the current network status information of the mobile phone, such as which network the mobile phone is registered to, which system, and the like;
- step 204 determining whether the current mobile phone is using the mobile phone number to register the carrier network, and Whether the mobile phone number is registered to the LTE, if the mobile phone number is not registered to the LTE, then the process goes to step 208, prompting the user to ask the user to register the current card with the LTE network;
- step 205 if the mobile phone number is registered to the LTE, the login interface is encrypted and connected to the authentication status record server, and the current USIM mobile phone number and other related information on the card (such as the service information in the SIM card, etc., need to be explained). Yes, the authentication status information of the mobile phone number only needs to have a SIM card number or a USIM card number.
- the related information is only auxiliary information, and the auxiliary information may be obtained without using the auxiliary information.
- the authentication status record server decrypts the current mobile phone number and other related information on the USIM card, queries the authentication status record server to record information, encrypts the query result, and feeds back to the third-party interface.
- the third-party interface obtains the encrypted authentication status information, and after decrypting the authentication status information, if the obtained decrypted information is “USIM card has not been authenticated”, the process proceeds to step 209 to log out.
- step 206 the third-party interface obtains the encrypted authentication information, and after decrypting the authentication status information, if the information is “the current mobile phone number is authenticated (or authenticated)”, the mobile phone number is directly used to log in successfully.
- FIG. 3 illustrates the process of signaling interaction between each end in the account authentication login method provided by the present invention. As shown in FIG. 3, the process includes steps 301 to 312.
- Step 301 The terminal accesses the eNodeB (evolved base station);
- Step 302 The MME (Mobility Management Entity) performs authentication on the terminal.
- Step 303 The MME sends an initialization content setting request to the terminal.
- Step 304 The eNodeB sends a security mode command to the terminal.
- Step 305 The terminal sends a command for completing the security mode setting to the eNodeB.
- Step 306 The eNodeB sends a security mode failure command to the terminal.
- Step 307 The eNodeB sends an initial content establishment response to the MME.
- Step 308 The MME updates the authentication result to the AS (Application Server).
- Step 309 The third-party interface applies for using the mobile phone number as the login account name
- Step 310 The third-party interface applies for the authentication status information of the mobile phone number to the AS in the encrypted signal by using the mobile phone number and the current status information of the mobile phone.
- Step 311 The third-party interface receives the authentication status information sent by the AS.
- Step 312 The third party interface permits the user to log in.
- FIG. 4 is a structural block diagram of the device. As shown in FIG. 4, the device 40 includes the following components:
- the first obtaining module 41 is configured to acquire a customer identification identifier of the terminal.
- the second obtaining module 42 is configured to obtain the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal.
- the authentication module 43 is configured to determine whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
- the customer identification identifier may include: a global subscriber identity card USIM number or a customer identification module SIM number.
- the apparatus 40 provided in this embodiment may further include: a first saving module, configured to save the client after acquiring the client identification identifier of the terminal and authenticating the registered mobile network with the client identification identifier of the terminal Identifying the authentication status information of the identifier, the authentication status information includes: the customer identification identifier is authenticated by the mobile network or the client identification identifier is not authenticated by the mobile network;
- the certificate module is configured to: after obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal, if the authentication status information of the customer identification identifier indicates that the customer identification identifier has passed the authentication of the mobile network, Then, it is determined that the current authentication login is passed. If the authentication status information of the customer identification identifier indicates that the customer identification identifier does not pass the authentication of the mobile network, it is determined that the current authentication login fails.
- the apparatus 40 provided in this embodiment may further include: a second saving module, configured to: after acquiring the customer identification identifier of the terminal and authenticating the mobile network registered by the terminal with the customer identification identifier of the terminal, The authentication status information of the identification identifier is saved to the authentication status record server.
- the second acquisition module is configured to: send the customer identification identifier to the authentication status record server on the mobile network side, and receive the authentication status information of the customer identification identifier sent by the authentication status record server.
- the first obtaining module 41 is configured to: receive the externally input customer identification identifier, or directly obtain the pre-stored customer identification identifier.
- the second obtaining module 42 may specifically include: an encryption unit configured to encrypt the client identification identifier of the terminal and send the information to the mobile network; and the receiving unit is configured to receive the authentication status information of the encrypted customer identification identifier sent by the mobile network.
- the decryption unit is configured to decrypt the authentication status information of the encrypted customer identification identifier, and obtain the authentication status information of the decrypted customer identification identifier.
- An embodiment of the present invention further provides an electronic device.
- the electronic device includes at least one processor and a memory coupled to the at least one processor, the memory for storing instructions executable by the at least one processor, the instructions being executed by the at least one processor And causing the at least one processor to execute the account authentication login method in the above embodiment.
- the embodiment of the invention further provides a non-transitory storage medium storing computer executable instructions, and the computer executable instructions are configured to execute the account authentication login method described above.
- An embodiment of the present invention further provides a computer program product, where the computer program product includes A computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the account authentication login method described above.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
本申请涉及通讯领域,特别是涉及一种账户认证登录方法及装置。The present application relates to the field of communications, and in particular, to an account authentication login method and apparatus.
在互联网时代,网站、邮箱、论坛、应用等很多方面都需要使用用户账户以及密码进行登录。为了方便安全地进行账号的管理以及使用,目前发展出了各种安全的登录方式,例如,有些使用加密数据来帮助用户记录账号信息,有些是通过公共第三方接口来统一登录,使得用户可以使用一个用户名密码登录多个网站或者应用,或通过手机号,以及短信验证等各种方法进行登录。In the Internet age, websites, mailboxes, forums, applications, and many other aspects require user accounts and passwords to log in. In order to facilitate the safe management and use of accounts, various secure login methods have been developed. For example, some use encrypted data to help users record account information, and some use unified public third-party interfaces to enable users to use. A user name and password are used to log in to multiple websites or applications, or to log in by various methods such as mobile phone number and SMS verification.
账户登录技术目前有以下几大类:Account login technology currently has the following major categories:
1、直接通过用户名和密码进行登录。1. Log in directly by username and password.
2、通过第三方登录系统,比如微信、QQ、goole账号或苹果id等绑定认证关联。2. Bind the authentication association through a third-party login system, such as WeChat, QQ, goole account or Apple id.
3、通过手机号码和手机内部特征码(可以是手机MAC地址,或者下发给手机一组随机串号等或者其他一个特定信息)绑定手机号码和手机进行登录。3. Bind the mobile phone number and mobile phone to log in through the mobile phone number and the internal feature code of the mobile phone (which can be the MAC address of the mobile phone, or a random serial number sent to the mobile phone or other specific information).
4、通过手机号码,服务器发送短信验证码,用户输入验证码进行登录。4. Through the mobile phone number, the server sends the SMS verification code, and the user inputs the verification code to log in.
基于相关技术中已有的上述各种登录方式,需要用户手动输入用户名或者密码,且第三方认证需要第三方账户才能使用,而通过短信验证码登录,也需要用户输入手机号码和短信验证码,即使安全性上能够获得基本保证,但是使得用户操作较为负责,导致这些方式的易用性较差,影响用户体验,而直接使用电话号码以及终端内部特征码来进行登录的安全性上很难保证,如果丢失手 机会引起较大的损失。Based on the above various login methods existing in the related art, the user needs to manually input the user name or password, and the third-party authentication requires a third-party account to be used, and the login by the SMS verification code also requires the user to input the mobile phone number and the SMS verification code. Even if security can obtain basic guarantees, but the user operation is more responsible, resulting in poor usability of these methods, affecting the user experience, and it is difficult to directly use the phone number and the internal feature code of the terminal to log in. Guarantee if you lose your hand Opportunities cause large losses.
发明内容Summary of the invention
本发明实施例提供一种账户认证登录方法及装置,用以解决相关技术中认证登录方式较为复杂的问题。The embodiment of the invention provides an account authentication login method and device, which are used to solve the problem that the authentication login method is complicated in the related art.
根据本发明的一个实施例,提供了一种账户认证登录方法,包括:获取终端的客户识别标识;根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息;以及根据客户识别标识的认证状态信息确定当前认证登录是否通过。According to an embodiment of the present invention, an account authentication login method is provided, including: acquiring a customer identification identifier of a terminal; and acquiring, by the customer identification identifier of the terminal, the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier; And determining whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
可选地,客户识别标识,包括:全球用户识别卡USIM号码或客户识别模块SIM号码。Optionally, the customer identification identifier comprises: a global subscriber identity card USIM number or a customer identification module SIM number.
可选地,上述方法还包括:在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,保存客户识别标识的认证状态信息,认证状态信息包括:客户识别标识认证通过移动网络的认证或客户识别标识未通过移动网络的认证;根据客户识别标识的认证状态信息确定当前认证登录是否通过,包括:在根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息之后,如果客户识别标识的认证状态信息表明客户识别标识已经通过移动网络的认证,则确定当前认证登录通过,如果客户识别标识的认证状态信息表明客户识别标识未通过移动网络的认证,则确定当前认证登录未通过。Optionally, the method further includes: after obtaining the customer identification identifier of the terminal and authenticating the mobile identification network of the terminal to the mobile network registered by the terminal, the authentication status information of the customer identification identifier is saved, where the authentication status information includes: The identification identifier is authenticated by the mobile network or the customer identification identifier does not pass the authentication of the mobile network; determining whether the current authentication login is passed according to the authentication status information of the customer identification identifier, including: registering with the customer identification identifier according to the customer identification identifier of the terminal After the mobile network obtains the authentication status information of the customer identification identifier, if the authentication status information of the customer identification identifier indicates that the customer identification identifier has passed the authentication of the mobile network, it is determined that the current authentication login is passed, and if the authentication status information of the customer identification identifier indicates the customer identification identifier If the authentication of the mobile network is not passed, it is determined that the current authentication login has not passed.
可选地,上述方法还包括:在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,将客户识别标识的认证状态信息保存至认证状态记录服务器上;根据终端的客户识别标识向客户识别标 识所注册的移动网络获取客户识别标识的认证状态信息,包括:向移动网络侧的认证状态记录服务器发送客户识别标识,接收认证状态记录服务器发送的客户识别标识的认证状态信息。Optionally, the method further includes: saving the authentication status information of the customer identification identifier to the authentication status record server before acquiring the client identification identifier of the terminal and authenticating the mobile network registered by the terminal with the client identification identifier of the terminal. ; identify the customer according to the customer identification of the terminal Obtaining the authentication status information of the customer identification identifier by the registered mobile network, including: sending the customer identification identifier to the authentication status record server on the mobile network side, and receiving the authentication status information of the customer identification identifier sent by the authentication status record server.
可选地,获取终端的客户识别标识,包括:接收外部输入的客户识别标识,或直接获取预存的客户识别标识。Optionally, obtaining the customer identification identifier of the terminal includes: receiving the externally input customer identification identifier, or directly acquiring the pre-stored customer identification identifier.
可选地,根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息,包括:将终端的客户识别标识加密后发送至移动网络;接收移动网络发送的加密后的客户识别标识的认证状态信息;对加密后的客户识别标识的认证状态信息进行解密,得到解密后的客户识别标识的认证状态信息。Optionally, obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal, including: encrypting the terminal identification identifier of the terminal and transmitting the identifier to the mobile network; and receiving the encrypted transmission sent by the mobile network. The authentication status information of the customer identification identifier; decrypting the authentication status information of the encrypted customer identification identifier to obtain the authentication status information of the decrypted customer identification identifier.
根据本发明的另一个实施例,提供了一种账户认证登录装置,包括:第一获取模块,设置为获取终端的客户识别标识;第二获取模块,设置为根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息;以及认证模块,设置为根据客户识别标识的认证状态信息确定当前认证登录是否通过。According to another embodiment of the present invention, an account authentication and registration device is provided, including: a first obtaining module, configured to acquire a customer identification identifier of the terminal; and a second obtaining module configured to identify the customer according to the customer identification identifier of the terminal Identifying the authentication status information of the registered mobile network to obtain the customer identification identifier; and the authentication module, configured to determine whether the current authentication login is passed according to the authentication status information of the customer identification identifier.
可选地,客户识别标识,包括:全球用户识别卡USIM号码或客户识别模块SIM号码。Optionally, the customer identification identifier comprises: a global subscriber identity card USIM number or a customer identification module SIM number.
可选地,上述装置还包括:第一保存模块,设置为在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,保存客户识别标识的认证状态信息,认证状态信息包括:客户识别标识认证通过移动网络的认证或客户识别标识未通过移动网络的认证;认证模块设置为:在根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息之后,如果客户识别标识的认证状态信息表明客户识别标识已 经通过移动网络的认证,则确定当前认证登录通过,如果客户识别标识的认证状态信息表明客户识别标识未通过移动网络的认证,则确定当前认证登录未通过。Optionally, the foregoing apparatus further includes: a first saving module, configured to save the authentication status information of the customer identification identifier after acquiring the customer identification identifier of the terminal and authenticating the mobile identification network registered by the terminal with the customer identification identifier of the terminal The authentication status information includes: the customer identification identifier authenticates the authentication through the mobile network or the client identification identifier does not pass the authentication of the mobile network; the authentication module is configured to: obtain the customer identification from the mobile network registered according to the customer identification identifier of the terminal to the customer identification identifier. After the identified authentication status information, if the authentication status information of the customer identification indicator indicates that the customer identification number has been After the authentication by the mobile network, it is determined that the current authentication login is passed. If the authentication status information of the customer identification identifier indicates that the customer identification identifier has not passed the authentication of the mobile network, it is determined that the current authentication login fails.
可选地,上述装置还包括:第二保存模块,设置为在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,将客户识别标识的认证状态信息保存至认证状态记录服务器上;其中,第二获取模块设置为:向移动网络侧的认证状态记录服务器发送客户识别标识,接收认证状态记录服务器发送的客户识别标识的认证状态信息。Optionally, the foregoing apparatus further includes: a second saving module, configured to: after obtaining the customer identification identifier of the terminal and after authenticating the mobile network registered by the terminal with the customer identification identifier of the terminal, verifying the authentication status information of the customer identification identifier The second acquisition module is configured to: send the customer identification identifier to the authentication status record server on the mobile network side, and receive the authentication status information of the customer identification identifier sent by the authentication status record server.
可选地,第一获取模块设置为:接收外部输入的客户识别标识,或直接获取预存的客户识别标识。Optionally, the first obtaining module is configured to: receive the externally input customer identification identifier, or directly obtain the pre-stored customer identification identifier.
可选地,第二获取模块,包括:加密单元,设置为将终端的客户识别标识加密后发送至移动网络;接收单元,设置为接收移动网络发送的加密后的客户识别标识的认证状态信息;解密单元,设置为对加密后的客户识别标识的认证状态信息进行解密,得到解密后的客户识别标识的认证状态信息。Optionally, the second obtaining module includes: an encryption unit, configured to encrypt the client identification identifier of the terminal and send the information to the mobile network; and the receiving unit is configured to receive the authentication status information of the encrypted customer identification identifier sent by the mobile network; The decryption unit is configured to decrypt the authentication status information of the encrypted customer identification identifier, and obtain the authentication status information of the decrypted customer identification identifier.
根据本发明的又一个实施例,提供了一种电子设备。所述电子设备包括至少一个处理器和与所述至少一个处理器连接的存储器,所述存储器用于存储可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行时,使所述至少一个处理器执行上述实施例中的账户认证登录方法。According to still another embodiment of the present invention, an electronic device is provided. The electronic device includes at least one processor and a memory coupled to the at least one processor, the memory for storing instructions executable by the at least one processor, the instructions being executed by the at least one processor And causing the at least one processor to execute the account authentication login method in the above embodiment.
根据本发明的又一个实施例,提供了一种非暂态存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述的账户认证登录方法。In accordance with still another embodiment of the present invention, a non-transitory storage medium storing computer executable instructions configured to perform the account authentication login method described above is provided.
根据本发明的又一个实施例,提供了一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述的 账户认证登录方法。According to still another embodiment of the present invention, a computer program product is provided, the computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program When the instructions are executed by the computer, causing the computer to perform the above Account authentication login method.
本实施例提供的方案,借助移动网络对客户识别号码的认证结果来进行第三方平台的登录,在提高了认证登录效率的基础上,也提高了认证登录的安全性。In the solution provided by the embodiment, the login of the third-party platform is performed by using the authentication result of the customer identification number by the mobile network, and the security of the authentication login is improved, and the security of the authentication login is also improved.
图1是本发明第一实施例中提供的账户认证登录方法的流程图;1 is a flowchart of an account authentication login method provided in a first embodiment of the present invention;
图2是本发明第二实施例中提供的账户认证登录方法的流程图;2 is a flowchart of an account authentication login method provided in a second embodiment of the present invention;
图3是本发明第三实施例中提供的账户认证登录方法的信令流程图;3 is a signaling flowchart of an account authentication login method provided in a third embodiment of the present invention;
图4是本发明第四实施例中提供的账户认证登录装置的结构框图。4 is a structural block diagram of an account authentication and registration device provided in a fourth embodiment of the present invention.
手机在插入的USIM(Universal Subscriber Identity Module,全球用户识别卡)卡使用移动网络之前,都需要和USIM卡进行AKA(Authentication and Key Agreement,第三代移动通讯网络的认证与密钥协商协议),当认证通过后USIM卡可以使用当前网络资源进行数据业务或者语音业务。发明人考虑到既然已经存在以上鉴权过程,则将这个过程再次利用在第三方应用或者其他端口的认证登录过程,从而省略用户的输入认证密码以及验证的过程,并且该认证过程更加安全。Before the USIM (Universal Subscriber Identity Module) card is used in the mobile network, the mobile phone needs to perform AKA (Authentication and Key Agreement) authentication and key agreement with the USIM card. After the authentication is passed, the USIM card can use the current network resources to perform data services or voice services. The inventor considers that since the above authentication process already exists, this process is reused in the authentication login process of the third party application or other port, thereby omitting the user's process of inputting the authentication password and the verification, and the authentication process is more secure.
LTE网络使用的是USIM卡,在安全性上比2/3G的SIM卡有更高的要求,USIM使用的128密码算法为MILLENAGE,该算法比较成熟,较难被破解,并且通过双向验证以及链路层的加密,只有合法的用户才能使用运营商的LTE网 络足以保证用户的安全,本发明所涉及的方法不仅限于USIM卡,对SIM(SubscriberIdentification Module,客户识别卡)来说也同样适用。The LTE network uses the USIM card, which has higher security requirements than the 2/3G SIM card. The 128 cryptographic algorithm used by the USIM is MILLENAGE. The algorithm is mature, difficult to crack, and through two-way authentication and chain. Layer layer encryption, only legitimate users can use the carrier's LTE network The network is sufficient to ensure the safety of the user. The method of the present invention is not limited to the USIM card, and is also applicable to the SIM (Subscriber Identification Module).
由于每个USIM的鉴权信息(也称认证信息,或认证状态信息)是唯一的不可复制的,而USIM鉴权过程(也称认证过程)在USIM和基站之间进行的,用户以及第三方登录平台不参与该过程,也无法获知该过程,这就保证了鉴权信息的安全性,同时又保证的鉴权信息的唯一性。Since the authentication information (also called authentication information or authentication status information) of each USIM is unique and cannot be copied, the USIM authentication process (also called the authentication process) is performed between the USIM and the base station, and the user and the third party. The login platform does not participate in the process, and the process cannot be known. This ensures the security of the authentication information and at the same time guarantees the uniqueness of the authentication information.
众所周知,移动网络发展迅速,LTE被大量普及,USIM卡的安全性也得到了很大的提高,如果可以直接使用手机号作为用户账户,以移动网络鉴权信息为保证,通过运营商来完成账户的安全合法性验证,从而省却用户输入认证密码,或者短信验证码进行鉴权,不仅可以方便用户使用,同时也提高了安全性。As we all know, the mobile network is developing rapidly, LTE is widely used, and the security of the USIM card has been greatly improved. If the mobile phone number can be directly used as the user account, the mobile network authentication information is guaranteed, and the account is completed by the operator. The security legality verification eliminates the user's input of the authentication password or the SMS verification code for authentication, which not only facilitates the user's use, but also improves the security.
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings. The described embodiments are only a part of the embodiments of the invention, and not all of the embodiments.
第一实施例First embodiment
本实施例提供了一种账户认证登录方法,图1是该方法的流程图,如图1所示,该方法包括步骤101至103。This embodiment provides an account authentication login method, and FIG. 1 is a flowchart of the method. As shown in FIG. 1, the method includes
在步骤101:获取终端的客户识别标识。At step 101: acquire a customer identification identifier of the terminal.
在本实施例中,客户端识别标识具体可以是客户端识别号码。In this embodiment, the client identification identifier may specifically be a client identification number.
可选地,在本实施例中,可以是在终端确定以客户识别号码作为用户账户进行认证登陆时,获取终端的客户识别标识。本实施例中所涉及到的客户识别标识可以指USIM号码或SIM号码。Optionally, in this embodiment, when the terminal determines to use the customer identification number as the user account for the authentication login, the terminal identifies the customer identification identifier. The customer identification identifier involved in this embodiment may refer to a USIM number or a SIM number.
获取终端的客户识别标识可以包括:接收外部输入(用户通过认证登录页面输入的)的客户识别标识,或直接获取客户识别标识,具体的,可以从终端 中,或外部存储空间,比如SIM卡,云盘中获取该客户识别标识。Obtaining the customer identification identifier of the terminal may include: receiving the customer identification identifier of the external input (the user inputs through the authentication login page), or directly obtaining the customer identification identifier, specifically, the terminal may be obtained from the terminal The customer identification identifier is obtained in the middle or external storage space, such as a SIM card.
在步骤102:根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息。In
本实施例提供的方法在终端的客户识别标识向其所注册的移动网络进行认证后,保存客户识别标识的认证状态信息,该认证状态信息可以包括:客户识别标识通过移动网络的认证或客户识别标识未通过移动网络的认证,该步骤102中获取到的客户识标识的认证状态信息即为在客户识别标识在移动网络上进行认证后,存储的该认证状态信息。The method provided in this embodiment saves the authentication status information of the customer identification identifier after the client identification identifier of the terminal is authenticated to the mobile network registered by the terminal, and the authentication status information may include: the authentication of the customer identification identifier through the mobile network or the identification of the client. The authentication status information of the customer identification identifier obtained in the
可选地,在本实施例中,可以使用一个专用的服务器来存储客户识别标识的认证状态信息,这样,本实施例中获取的认证状态信息皆可以通过该服务器进行。基于此,在本实施例中,在终端的客户识别标识向其所注册的移动网络进行认证后,将客户识别标识的认证状态信息保存至认证状态记录服务器上,并记录客户端识别标识以及该客户识别标识对应的认证状态信息的对应关系;在向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息时,则向移动网络侧的认证状态记录服务器发送客户识别标识,接收认证状态记录服务器发送的客户识别标识的认证状态信息。Optionally, in this embodiment, a dedicated server may be used to store the authentication status information of the customer identification identifier, so that the authentication status information obtained in this embodiment may be performed by the server. Based on this, in the embodiment, after the client identification identifier of the terminal is authenticated to the mobile network registered by the terminal, the authentication status information of the customer identification identifier is saved to the authentication status record server, and the client identifier and the client identifier are recorded. Corresponding relationship of the authentication status information corresponding to the customer identification identifier; when obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier, transmitting the customer identification identifier to the authentication status record server on the mobile network side, and receiving the authentication status The authentication status information of the customer identification identifier sent by the server is recorded.
在本实施例中,只需要在基站端增加一个用户存储认证状态的用户数据服务器,即认证状态记录服务器,这个服务器的作用就是提供给相关网站或者接口经过加密的当前客户识别标识的认证信息,就可以直接通过客户识别标识安全的登录网站或者其它接口了,同时新增加的服务器可以是运营商直接提供的,这样可以减少鉴权数据(该数据中可以包括客户识别标识的认证信息)的传输节点,也就降低了鉴权数据被破解的风险。In this embodiment, it is only necessary to add a user data server in the user storage authentication state at the base station end, that is, an authentication status record server, and the role of the server is to provide authentication information of the current client identification identifier encrypted by the relevant website or interface. It is possible to directly identify the secure login website or other interface through the customer identification, and the newly added server can be directly provided by the operator, so that the transmission of the authentication data (which may include the authentication information of the customer identification identifier) can be reduced. The node also reduces the risk of the authentication data being cracked.
同时,在本实施例中,为了保证用户的客户识别标识的认证状态信息的安 全性,在向移动网络侧获取认证状态信息时,可以通过加密方式进行,基于此,根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息,可以包括:将终端的客户识别标识加密后发送至移动网络;接收移动网络发送的加密后的客户识别标识的认证状态信息;对加密后的客户识别标识的认证状态信息进行解密,得到解密后的客户识别标识的认证状态信息。Meanwhile, in this embodiment, in order to ensure the authentication status information of the user's customer identification identifier In the case of obtaining the authentication status information from the mobile network side, the authentication status information may be obtained by using the encryption method. The user may obtain the authentication status information of the customer identification identifier according to the customer identification identifier of the terminal. The client identification identifier of the terminal is encrypted and sent to the mobile network; the authentication status information of the encrypted customer identification identifier sent by the mobile network is received; the authentication status information of the encrypted customer identification identifier is decrypted, and the decrypted customer identification identifier is obtained. Authentication status information.
在步骤103:根据客户识别标识的认证状态信息确定当前认证登录是否通过。At
在根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息之后,如果客户识别标识的认证状态信息表明客户识别标识已经通过移动网络的认证,则确定当前认证登录通过,如果客户识别标识的认证状态信息表明客户识别标识未通过移动网络的认证,则确定当前认证登录未通过。After obtaining the authentication status information of the customer identification identifier from the mobile network registered by the customer identification identifier according to the customer identification identifier of the terminal, if the authentication status information of the customer identification identifier indicates that the customer identification identifier has passed the authentication of the mobile network, determining the current authentication login If the authentication status information of the customer identification identifier indicates that the customer identification identifier does not pass the authentication of the mobile network, it is determined that the current authentication login fails.
本实施例提供的方案能够提高认证登录的效率。The solution provided in this embodiment can improve the efficiency of authentication login.
第二实施例Second embodiment
本实施例对账户认证登录方法进行认证登录的整个流程进行说明。This embodiment describes the entire process of performing authentication login for the account authentication login method.
该流程包括步骤201至209。The process includes
在步骤201:终端发起登录申请;In
在步骤202:用户通过终端确认选择使用手机号直接进行认证登录,如果用户不选择手机号直接登录则使用其他方式登录,转至步骤207;In step 202: the user confirms the selection to use the mobile phone number to directly authenticate the login through the terminal, if the user does not select the mobile phone number to log in directly, use other methods to log in, go to step 207;
在步骤203:用户选择使用手机号进行认证登录后,登录接口获取手机号码或者用户手动输入手机号码,同时获取手机当前网络状态信息,比如手机注册到哪个网络,哪个制式等;In
在步骤204:判断当前手机是否正在使用手机号码注册的运营商网络,以及 手机号码是否注册到LTE上,如果手机号码并没有注册到LTE则转至步骤208,提示用户请用户将当前卡注册LTE网络;At step 204: determining whether the current mobile phone is using the mobile phone number to register the carrier network, and Whether the mobile phone number is registered to the LTE, if the mobile phone number is not registered to the LTE, then the process goes to step 208, prompting the user to ask the user to register the current card with the LTE network;
在步骤205:如果手机号码注册到LTE,则由登录接口经过加密方式连接到认证状态记录服务器上,通过当前USIM手机号以及卡上其他相关信息(例如SIM卡中的业务信息等,需要说明的是,获取手机号的认证状态信息仅需有SIM卡号码,或USIM卡号码即可,这些相关信息仅为辅助性信息,也可以无需使用这些辅助信息),获取手机号的认证状态信息。In step 205: if the mobile phone number is registered to the LTE, the login interface is encrypted and connected to the authentication status record server, and the current USIM mobile phone number and other related information on the card (such as the service information in the SIM card, etc., need to be explained). Yes, the authentication status information of the mobile phone number only needs to have a SIM card number or a USIM card number. The related information is only auxiliary information, and the auxiliary information may be obtained without using the auxiliary information.
认证状态记录服务器经过解密得到当前手机号码以及其他USIM卡上相关信息,查询认证状态记录服务器记录信息,将查询结果加密后反馈给第三方接口。The authentication status record server decrypts the current mobile phone number and other related information on the USIM card, queries the authentication status record server to record information, encrypts the query result, and feeds back to the third-party interface.
第三方接口获取加密后的认证状态信息,对该认证状态信息进行解密后,如果得到的解密信息为“USIM卡未经过鉴权”则转至步骤:209,退出登录。The third-party interface obtains the encrypted authentication status information, and after decrypting the authentication status information, if the obtained decrypted information is “USIM card has not been authenticated”, the process proceeds to step 209 to log out.
在步骤206:第三方接口获取加密后的认证信息,对该认证状态信息进行解密后如果得到信息为“当前手机号经过鉴权(或通过鉴权)”则直接使用手机号登录成功。In
第三实施例Third embodiment
本实施例信令流程图图3来对本发明提供的账户认证登录方法中,各端进行信令交互的过程进行说明,如图3所示,该过程包括步骤301至312。The signaling flow chart of this embodiment is shown in FIG. 3, which illustrates the process of signaling interaction between each end in the account authentication login method provided by the present invention. As shown in FIG. 3, the process includes steps 301 to 312.
步骤301:终端接入eNodeB(演进型基站);Step 301: The terminal accesses the eNodeB (evolved base station);
步骤302:MME(Mobility Management Entity,移动管理节点功能)对终端进行认证;Step 302: The MME (Mobility Management Entity) performs authentication on the terminal.
步骤303:MME向终端发送初始化内容设置请求;Step 303: The MME sends an initialization content setting request to the terminal.
步骤304:eNodeB向终端发送安全模式命令; Step 304: The eNodeB sends a security mode command to the terminal.
步骤305:终端向eNodeB发送安全模式设置完成的命令;Step 305: The terminal sends a command for completing the security mode setting to the eNodeB.
步骤306:eNodeB向终端发送安全模式失败命令;Step 306: The eNodeB sends a security mode failure command to the terminal.
步骤307:eNodeB向MME发送初始内容建立回应;Step 307: The eNodeB sends an initial content establishment response to the MME.
步骤308:MME将鉴权结果更新到AS(Application Server,应用服务器);Step 308: The MME updates the authentication result to the AS (Application Server).
步骤309:第三方接口申请使用手机号作为登录账户名;Step 309: The third-party interface applies for using the mobile phone number as the login account name;
步骤310:第三方接口通过手机号以及目前手机的状态信息,在加密信号中向AS申请手机号的认证状态信息;Step 310: The third-party interface applies for the authentication status information of the mobile phone number to the AS in the encrypted signal by using the mobile phone number and the current status information of the mobile phone.
步骤311:第三方接口接收AS发送的认证状态信息;Step 311: The third-party interface receives the authentication status information sent by the AS.
步骤312:第三方接口准许用户登录。Step 312: The third party interface permits the user to log in.
第四实施例Fourth embodiment
本实施例提供了一种账户认证登录装置,图4是该装置的结构框图,如图4所示,该装置40包括如下组成部分:。This embodiment provides an account authentication login device, and FIG. 4 is a structural block diagram of the device. As shown in FIG. 4, the
第一获取模块41设置为获取终端的客户识别标识。The first obtaining
第二获取模块42设置为根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息。The second obtaining
认证模块43设置为根据客户识别标识的认证状态信息确定当前认证登录是否通过。The
其中,客户识别标识可以包括:全球用户识别卡USIM号码或客户识别模块SIM号码。The customer identification identifier may include: a global subscriber identity card USIM number or a customer identification module SIM number.
可选地,本实施例提供的装置40还可以包括:第一保存模块,设置为在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,保存客户识别标识的认证状态信息,认证状态信息包括:客户识别标识认证通过移动网络的认证或客户识别标识未通过移动网络的认证;认
证模块设置为:在根据终端的客户识别标识向客户识别标识所注册的移动网络获取客户识别标识的认证状态信息之后,如果客户识别标识的认证状态信息表明客户识别标识已经通过移动网络的认证,则确定当前认证登录通过,如果客户识别标识的认证状态信息表明客户识别标识未通过移动网络的认证,则确定当前认证登录未通过。Optionally, the
可选地,本实施例提供的装置40还可以包括:第二保存模块,设置为在获取终端的客户识别标识之前以及以终端的客户识别标识向其所注册的移动网络进行认证之后,将客户识别标识的认证状态信息保存至认证状态记录服务器上;第二获取模块设置为:向移动网络侧的认证状态记录服务器发送客户识别标识,接收认证状态记录服务器发送的客户识别标识的认证状态信息。Optionally, the
其中,上述第一获取模块41设置为:接收外部输入的客户识别标识,或直接获取预存的客户识别标识。The first obtaining
其中,上述第二获取模块42具体可以包括:加密单元,设置为将终端的客户识别标识加密后发送至移动网络;接收单元,设置为接收移动网络发送的加密后的客户识别标识的认证状态信息;解密单元,设置为对加密后的客户识别标识的认证状态信息进行解密,得到解密后的客户识别标识的认证状态信息。The second obtaining
本发明实施例还提供一种电子设备。所述电子设备包括至少一个处理器和与所述至少一个处理器连接的存储器,所述存储器用于存储可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行时,使所述至少一个处理器执行上述实施例中的账户认证登录方法。An embodiment of the present invention further provides an electronic device. The electronic device includes at least one processor and a memory coupled to the at least one processor, the memory for storing instructions executable by the at least one processor, the instructions being executed by the at least one processor And causing the at least one processor to execute the account authentication login method in the above embodiment.
本发明实施例还提供了一种非暂态存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述的账户认证登录方法。The embodiment of the invention further provides a non-transitory storage medium storing computer executable instructions, and the computer executable instructions are configured to execute the account authentication login method described above.
本发明实施例还提供了一种计算机程序产品,所述计算机程序产品包括存 储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述的账户认证登录方法。An embodiment of the present invention further provides a computer program product, where the computer program product includes A computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the account authentication login method described above.
尽管为示例目的,已经公开了本发明的实施例,本领域的技术人员将意识到各种改进、增加和取代也是可能的,因此,本发明的范围应当不限于上述实施例。 While the embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will recognize that various modifications, additions and substitutions are possible. Therefore, the scope of the present invention should not be limited to the embodiments described above.
Claims (12)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611074927.5A CN108123918A (en) | 2016-11-29 | 2016-11-29 | A kind of account authentication login method and device |
| CN201611074927.5 | 2016-11-29 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2018099407A1 true WO2018099407A1 (en) | 2018-06-07 |
Family
ID=62226850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2017/113648 WO2018099407A1 (en) | 2016-11-29 | 2017-11-29 | Account authentication login method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108123918A (en) |
| WO (1) | WO2018099407A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111643907A (en) * | 2020-05-29 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Game login method and device, storage medium and electronic equipment |
| CN116916310A (en) * | 2023-07-07 | 2023-10-20 | 中移互联网有限公司 | Verification code generation and verification method and device and electronic equipment |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109286933B (en) * | 2018-10-18 | 2021-11-30 | 世纪龙信息网络有限责任公司 | Authentication method, device, system, computer equipment and storage medium |
| CN109583950B (en) * | 2018-11-26 | 2023-10-17 | 万菊仙 | Mining platform for two-account customers |
| CN114244616B (en) * | 2021-12-21 | 2024-05-14 | 中国电信股份有限公司 | Login verification method, login verification system, electronic device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051898A (en) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | Certifying method and its device for radio network end-to-end communication |
| CN101087326A (en) * | 2006-06-08 | 2007-12-12 | 中兴通讯股份有限公司 | A communication terminal registration method and system |
| CN104125567A (en) * | 2014-07-30 | 2014-10-29 | 京信通信系统(中国)有限公司 | Femto and authentication method and authentication device for access of femto to network side |
| US20150312251A1 (en) * | 2012-02-16 | 2015-10-29 | France Telecom | Ensuring the security of a data transmission |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621801B (en) * | 2009-08-11 | 2012-11-28 | 华为终端有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| FR2955450B1 (en) * | 2010-01-21 | 2012-03-16 | Sfr Sa | METHOD OF AUTHENTICATING A MOBILE TERMINAL TO ACCESS A SERVER OF APPLICATIONS |
| CN101867912A (en) * | 2010-06-07 | 2010-10-20 | 华为终端有限公司 | Authentication method of access network and terminal |
| CN105791262B (en) * | 2015-12-30 | 2019-05-17 | 广东亿迅科技有限公司 | APP real-name authentication safe login system and method based on mobile phone IMSI |
-
2016
- 2016-11-29 CN CN201611074927.5A patent/CN108123918A/en active Pending
-
2017
- 2017-11-29 WO PCT/CN2017/113648 patent/WO2018099407A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051898A (en) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | Certifying method and its device for radio network end-to-end communication |
| CN101087326A (en) * | 2006-06-08 | 2007-12-12 | 中兴通讯股份有限公司 | A communication terminal registration method and system |
| US20150312251A1 (en) * | 2012-02-16 | 2015-10-29 | France Telecom | Ensuring the security of a data transmission |
| CN104125567A (en) * | 2014-07-30 | 2014-10-29 | 京信通信系统(中国)有限公司 | Femto and authentication method and authentication device for access of femto to network side |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111643907A (en) * | 2020-05-29 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Game login method and device, storage medium and electronic equipment |
| CN116916310A (en) * | 2023-07-07 | 2023-10-20 | 中移互联网有限公司 | Verification code generation and verification method and device and electronic equipment |
| CN116916310B (en) * | 2023-07-07 | 2024-07-26 | 中移互联网有限公司 | Verification code generation and verification method, device and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108123918A (en) | 2018-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11510054B2 (en) | Methods, apparatuses, and computer program products for performing identification and authentication by linking mobile device biometric confirmation with third-party mobile device account association | |
| US11764966B2 (en) | Systems and methods for single-step out-of-band authentication | |
| US20220014524A1 (en) | Secure Communication Using Device-Identity Information Linked To Cloud-Based Certificates | |
| US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
| KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
| US10348715B2 (en) | Computer-implemented systems and methods of device based, internet-centric, authentication | |
| US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
| US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
| WO2015062398A1 (en) | Access authentication method and device for information system | |
| WO2016107333A1 (en) | Device and system operating method for online activation of mobile terminal token | |
| WO2018014760A1 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
| TW201914256A (en) | Identity verification method and device, electronic equipment | |
| US20160119143A1 (en) | User identity authenticating method, terminal, and server | |
| US8397281B2 (en) | Service assisted secret provisioning | |
| CN113221128B (en) | Account and password storage method and registration management system | |
| WO2018099407A1 (en) | Account authentication login method and device | |
| CN110659467A (en) | A remote user identity authentication method, device, system, terminal and server | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| WO2016115807A1 (en) | Wireless router access processing method and device, and wireless router access method and device | |
| TW201729562A (en) | Server, mobile terminal, and internet real name authentication system and method | |
| CN109460647B (en) | Multi-device secure login method | |
| CN104918241A (en) | User authentication method and system | |
| CN105577606A (en) | A method and device for realizing authenticator registration | |
| CN115913612B (en) | Remote access method and storage medium of account-free system iot equipment | |
| CN104348801B (en) | Authentication method, the method and relevant apparatus for generating credential |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17876063 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 17876063 Country of ref document: EP Kind code of ref document: A1 |