CN114866324A - Information processing method, system, device and storage medium - Google Patents
Information processing method, system, device and storage medium Download PDFInfo
- Publication number
- CN114866324A CN114866324A CN202210504336.6A CN202210504336A CN114866324A CN 114866324 A CN114866324 A CN 114866324A CN 202210504336 A CN202210504336 A CN 202210504336A CN 114866324 A CN114866324 A CN 114866324A
- Authority
- CN
- China
- Prior art keywords
- terminal
- verification code
- user
- request
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 82
- 238000003672 processing method Methods 0.000 title claims abstract description 58
- 238000012795 verification Methods 0.000 claims abstract description 251
- 238000013475 authorization Methods 0.000 claims abstract description 209
- 230000004044 response Effects 0.000 claims abstract description 40
- 230000002452 interceptive effect Effects 0.000 claims description 38
- 230000015654 memory Effects 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 abstract description 15
- 238000000034 method Methods 0.000 description 35
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present application relates to the field of data processing, and in particular, to an information processing method, system, device, and storage medium. The information processing method of the present application includes: responding to a starting instruction facing to a target application program, and sending a first verification code application request to an authentication authorization server, wherein the first verification code application request is used for applying for a first verification code, and the first verification code is used for logging in the target application program; receiving and displaying a first verification code; receiving a user authentication token and user information, wherein the user authentication token is generated after an authentication authorization server successfully verifies an authorization login request, the authorization login request is sent by a second terminal in response to the input operation of a first verification code, the authorization login request comprises the first verification code, the user information and signature data, and the second terminal has logged in a target application program; and logging in the target application program according to the user authentication token and the user information. The purpose that multiple terminals can log in the same application program when the terminals do not comprise the camera is achieved.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to an information processing method, system, device, and storage medium.
Background
At present, when logging in the same Application program (APP) through multiple terminals, usually the APP is logged in on one terminal, and when a user starts the APP through another terminal, the another terminal responds to a start operation to display a two-dimensional code corresponding to the APP; and then, the user scans the two-dimensional code by using the camera of the terminal which has logged in the APP, the terminal which has logged in the APP verifies the scanned two-dimensional code, and if the verification is successful, the user successfully logs in the APP through another terminal.
When the technology is used for logging in the same APP through multiple terminals, the technology is not suitable for terminals without cameras, and therefore universality is poor.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing system, information processing equipment and a storage medium, which are used for solving the problem that in the related technology, when the same APP is logged in through multiple terminals, the APP is not suitable for terminals without cameras, so that the universality is poor.
In a first aspect, an embodiment of the present application provides an information processing method, which is applied to a first terminal, and the information processing method includes: responding to a starting instruction facing to a target application program, and sending a first verification code application request to an authentication authorization server, wherein the first verification code application request is used for applying for a first verification code, and the first verification code is used for logging in the target application program; receiving and displaying a first verification code; receiving a user authentication token and user information, wherein the user authentication token is generated after an authentication authorization server successfully verifies an authorization login request, the authorization login request is sent by a second terminal in response to the input operation of a first verification code, the authorization login request comprises the first verification code, the user information and signature data, and the second terminal has logged in a target application program; and logging in the target application program according to the user authentication token and the user information.
In one possible embodiment, the method further comprises: after logging in the target application program, responding to the interactive operation input by the user, and sending a second verification code application request to the authentication and authorization server, wherein the second verification code application request is used for applying for a second verification code of a target service corresponding to the interactive operation; receiving and displaying a second verification code; receiving authorization execution service information, wherein the authorization execution service information is generated after the authentication authorization server successfully verifies an authorization execution service request, and the authorization execution service request is sent by a second terminal in response to the input operation of a second verification code; and executing the target service according to the authorized execution service information.
In a second aspect, an embodiment of the present application provides an information processing method, which is applied to an authentication and authorization server, and the information processing method includes: responding to a first verification code application request from a first terminal, and generating a first verification code, wherein the first verification code application request is used for applying for the first verification code, and the first verification code is used for logging in a target application program; sending a first verification code to a first terminal, and sending indication information to a second terminal, wherein the indication information is used for indicating the second terminal to display an input area of the first verification code on an interactive interface; in response to receiving an authorized login request, verifying the authorized login request, wherein the authorized login request is sent by a second terminal in response to the input operation of a first verification code in an input area, the authorized login request comprises the first verification code, user information and signature data, and the second terminal has logged in a target application program; and if the verification is successful, sending the user authentication token and the user information to the first terminal so that the first terminal logs in the target application program according to the user authentication token and the user information.
In one possible embodiment, the signature data includes time stamp data, and the verifying the authorized login request includes: determining whether the timestamp data is within a preset time error range; if the timestamp data is within the preset time error range, determining a digital certificate corresponding to the user information according to the user information; and calling a certificate center to verify the signature data according to the digital certificate.
In one possible embodiment, the method further comprises: responding to a received digital certificate application request sent by a second terminal, and verifying the digital certificate application request, wherein the digital certificate application request is used for applying for a digital certificate; if the verification is successful, sending a digital certificate application request to a certificate center; and in response to receiving the digital certificate sent by the certificate authority, sending the digital certificate to the second terminal.
In one possible embodiment, the method further comprises: responding to a second identifying code application request from the first terminal, and generating a second identifying code of a target service corresponding to interactive operation, wherein the interactive operation is operation acting on the first terminal; sending a second verification code to the first terminal; in response to receiving the authorized execution service request, verifying the authorized execution service request, wherein the authorized execution service request is sent by the second terminal in response to the input operation of the second verification code, and the authorized execution service request comprises the second verification code and second signature data; if the verification is successful, the authorization execution service information is sent to the first terminal, so that the first terminal executes the target service according to the authorization execution service information.
In a third aspect, an embodiment of the present application provides an information processing method, which is applied to a second terminal, and the information processing method includes: responding to the received indication information, displaying an input area of a first verification code on the interactive interface, wherein the indication information is sent by an authentication and authorization server after responding to a first verification code application request to generate the first verification code, the first verification code application request is used for applying for the first verification code, and the first verification code is used for logging in a target application program; and responding to the input operation of the user on the input area aiming at the first verification code, and sending an authorized login request to the authentication and authorization server, wherein the authorized login request comprises the first verification code, the user information and the signature data, so that the authentication and authorization server generates a user authentication token according to the authorized login request, and the user authentication token is used for the first terminal to login the target application program.
In one possible embodiment, the method further comprises: responding to a registration request of a target application program, and generating a public key and a private key corresponding to user information, wherein the registration request comprises the user information; generating a digital certificate application request according to the public key, wherein the digital certificate application request is used for applying for a digital certificate corresponding to the user information; sending a digital certificate application request to an authentication and authorization server; and receiving the digital certificate sent by the authentication and authorization server.
In a fourth aspect, an embodiment of the present application provides an information processing system, including: the system comprises a first terminal, an authentication and authorization server and a second terminal; the first terminal is used for executing the information processing method of the first aspect; the authentication and authorization server is used for executing the information processing method of the second aspect; the second terminal is configured to execute the information processing method of the third aspect.
In a fifth aspect, an embodiment of the present application provides a terminal device, including: a processor, a memory, an interactive interface; the memory is used for storing executable instructions executable by the processor, and the processor is configured to execute the information processing method of the first aspect or the third aspect via executing the executable instructions.
In a sixth aspect, an embodiment of the present application provides a server, including: a processor, a memory, an interactive interface; the memory is used for storing executable instructions executable by the processor, and the processor is configured to execute the information processing method of the second aspect through executing the executable instructions.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the information processing method of any one of the first to third aspects.
In an eighth aspect, an embodiment of the present application provides a computer program product, which includes a computer program that, when executed by a processor, implements the information processing method of any one of the first to third aspects.
According to the information processing method, the system, the device and the storage medium provided by the embodiment of the application, after a user logs in a target application program through a second terminal, if the user needs to log in the target application program through a first terminal by using the same user account, a first verification code can be applied to an authentication and authorization server, the first verification code is displayed on a user interface after being obtained, after the user sees the first verification code on the user interface of the first terminal, the first verification code is input at the second terminal, the second terminal can send an authorization login request to the authentication and authorization server, so that the authentication and authorization server can generate a user authentication token, and after the first terminal receives the user authentication token and user information sent by the authentication and authorization server, the user can log in the target application program through the first terminal. In the whole process, the camera is not used, so that the same application program can be logged in through multiple terminals when the terminal does not comprise the camera.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an information processing system according to an embodiment of the present application;
fig. 2 is a flowchart of a first embodiment of an information processing method according to an embodiment of the present application;
fig. 3 is a flowchart of a second embodiment of an information processing method according to the present application;
fig. 4 is a flowchart of a third embodiment of an information processing method according to the present application;
fig. 5 is a schematic structural diagram of a first embodiment of an information processing apparatus according to the present application;
fig. 6 is a schematic structural diagram of a second embodiment of an information processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a third embodiment of an information processing apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments that can be made by one skilled in the art based on the embodiments in the present application in light of the present disclosure are within the scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the above-described drawings (if any) are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The terms referred to in the present application are explained first below.
The user: refers to an entity that performs an authorized authentication operation, such as a natural person having some role.
APP: refers to a computer program for performing one or more specific tasks, which is run in a user mode, can interact with a user, and has a visual user interface.
A certificate center: the digital Certificate Authority may also be referred to as a Certificate Authority (CA), i.e., a digital Certificate issuing Authority, or may be referred to as a digital Certificate certification Authority, which is an Authority responsible for issuing and managing digital certificates, supports whole life cycle management of digital certificates, such as issuance, updating, revocation, Certificate verification, and the like, and serves as a trusted third party in e-commerce transactions, and assumes responsibility for validity check of public keys in a public key system.
In the related art provided in the background art, at least the following technical problems exist:
at present, when logging in the same APP through multiple terminals, one method generally logs in the APP on one terminal, and when a user starts the APP through another terminal, the another terminal responds to a start operation to display a two-dimensional code corresponding to the APP; and then, the user scans the two-dimensional code by using the camera of the terminal which has logged in the APP, the terminal which has logged in the APP verifies the scanned two-dimensional code, and if the verification is successful, the user successfully logs in the APP through another terminal. However, when the technology is used to log in the same APP through multiple terminals, the application program is required to acquire the right to use the camera, and the technology is not suitable for terminals not including the camera, so that universality is poor.
The other method is generally that a user applies for a U-KEY (U-KEY) in advance, binds the U-KEY with a digital certificate corresponding to user information, and then uses an entity U-KEY access terminal to perform digital signature and verification, so that the same APP can be logged in through multiple terminals. However, when the technology is used to realize the login of the same APP through multiple terminals, the entity U shield is easily relied on, and a user needs to carry the entity U shield, which results in lower efficiency of logging in the same APP through multiple terminals.
In order to solve the above problems, the present application provides an information processing method, where after a user logs in a target application program through a second terminal, if the user needs to log in the target application program through a first terminal by using the same user account, the user may apply for a verification code and display the verification code on a user interface, so that the user may input the verification code displayed by the first terminal on the user interface of the second terminal to apply for a user authentication token to an authentication and authorization server, and the authentication and authorization server may send the user authentication token and user information to the first terminal, so that the user may log in the target application program through the first terminal according to the user authentication token and the user information. In the whole process, the use of the camera and the U shield is not involved, so that the same application program can be logged in through multiple terminals when the terminal does not comprise the camera or a user does not carry the U shield, and the efficiency of logging in the same application program through the multiple terminals is improved.
In one embodiment, the information processing method may be applied in an application scenario. Fig. 1 is a schematic structural diagram of an information processing system provided in an embodiment of the present application, and as shown in fig. 1, in this scenario, the information processing system may include a first terminal, an authentication and authorization server, and a second terminal, where the first terminal may be a terminal that has not yet logged in a target APP, and the second terminal may be a terminal that has already logged in the target APP.
In the above scenario, when a user wants to log in a target APP on a first terminal, the target APP may be started on the first terminal, so that the first terminal may send a verification code application request to an authentication and authorization server to apply for a verification code; after receiving the verification code sent by the authentication and authorization server, displaying the verification code on an interactive interface; after seeing the verification code on the interactive interface of the first terminal, the user can input the verification code in an input area displayed on the interactive interface of the second terminal, so that the second terminal can send an authorized login request to the authentication and authorization server; and the authentication and authorization server verifies the authorized login request after receiving the authorized login request, generates a user authentication token if the authorized login request is successfully verified, and sends the user authentication token and the user information to the first terminal so as to conveniently login the target APP through the first terminal according to the user authentication token and the user information.
In the above scenario, because the camera of the terminal is not used in the whole login process, the technical scheme provided by the application can realize that the same APP corresponding to the same account is logged in through multiple terminals when the terminal does not include the camera; in addition, the terminal in the application can be provided with a camera, so that the purpose of authorization or login can be realized through the camera when the camera needs to be used.
With reference to the above scenario, the following describes in detail a technical solution of the information processing method provided in the present application through several specific embodiments.
Fig. 2 is a flowchart of a first embodiment of an information processing method provided in the present application, and as shown in fig. 2, the method is applied to a first terminal, and the method includes the following steps:
s201: and responding to a starting instruction of the target-oriented application program, and sending a first verification code application request to the authentication and authorization server.
In this step, the first authentication code application request is used to apply for a first authentication code, which is used to log in to the target application.
In the above scheme, the first terminal may be a terminal where a service application that needs to perform login verification or transaction authorization verification is located, and the service application is also a target application, and may be, for example, an application such as a website that needs to perform login verification or needs secondary identity authentication during transaction.
In the above scheme, if the user needs to log in the target application program on the first terminal, the user may start the target application program on the first terminal to open a login interface of the target application program, and the first terminal, in response to a start instruction for the target application program, may send a first verification code application request to the authentication and authorization server to apply for obtaining the first verification code, and then wait for a response from the authentication and authorization server, where the first verification code may be a dynamic verification code.
In the above solution, the message of the first verification code application request may include device information of the first terminal, and the target application may integrate a Software Development Kit (SDK) of the authentication and authorization server in advance to protect secure transmission of data.
S202: and receiving and displaying the first verification code.
In this step, after the first terminal sends the first verification code application request to the authentication and authorization server, the authentication and authorization server may respond to the first verification code application request and send the first verification code to the first terminal. The first terminal receives the first verification code returned by the authentication and authorization server, displays the first verification code on the interactive interface, waits for the authorization operation of the user on the second terminal, and waits for the authentication and authorization server to respond to the authorization login request sent by the second terminal.
In the above solution, the first verification code may have a validity period of a certain time, for example, the validity period is 5 minutes, and if the first terminal receives the first verification code and the validity period of the first verification code has passed, the first terminal needs to reapply the first verification code to the authentication and authorization server.
S203: a user authentication token and user information are received.
In the step, the user authentication token is generated after the authentication authorization server successfully verifies an authorization login request, the authorization login request is sent by the second terminal in response to the input operation of the first verification code, the authorization login request comprises the first verification code, user information and signature data, and the second terminal has logged in the target application program.
In the above scheme, after the first terminal displays the first verification code, the user may input the first verification code on the interactive interface of the second terminal according to the prompt, so that the second terminal may send an authorized login request to the authentication and authorization server, the authentication and authorization server responds to the authorized login request and verifies the authorized login request, and after the verification is successful, the authentication and authorization server may generate a user authentication token and send the user authentication token and user information to the first terminal.
In the above scheme, when the second terminal sends the authorization login request to the authentication and authorization server, the second terminal may directly access the authentication and authorization server online, and then send the authorization login request to the authentication and authorization server. The authorized login request may include original plaintext data of the first verification code, original plaintext data of the user information, and signature data with timestamp data, and the timestamp data may be timestamp plaintext data of a current standard time and include year, month, day, minute, second and millisecond information, for example, 20211203093012001.
In the above scheme, the first verification code, the user information, and the timestamp data may be spliced to obtain a character string by using a user digital certificate of the second terminal, and then the obtained character string is digitally signed to obtain data, that is, signature data.
S204: and logging in the target application program according to the user authentication token and the user information.
In this step, after the first terminal receives the user authentication token and the user information, the user can log in the target application program through the first terminal, and the backend server of the target application program can establish the user session on the target application program.
In the information processing method provided by this embodiment, the first terminal applies for the first verification code from the authentication and authorization server, so that the user can apply for authorization to login the target application program through the first terminal from the authentication and authorization server by inputting the first verification code into the second terminal, and after receiving the user authentication token and the user information sent by the authentication and authorization server, the first terminal allows the user to login the target application program through the first terminal. In the whole login process, the camera of the terminal is not used, and the entity U shield is not used, so that the technical scheme provided by the application can realize that the same application program is logged in through multiple terminals when the terminal does not comprise the camera to protect the user and does not carry the entity U shield.
In one embodiment, further comprising: after logging in the target application program, responding to the interactive operation input by the user, and sending a second verification code application request to the authentication and authorization server, wherein the second verification code application request is used for applying for a second verification code of a target service corresponding to the interactive operation; receiving and displaying a second verification code; receiving authorization execution service information, wherein the authorization execution service information is generated after the authentication authorization server successfully verifies an authorization execution service request, and the authorization execution service request is sent by a second terminal in response to the input operation of a second verification code; and executing the target service according to the authorized execution service information.
In the scheme, after the user successfully logs in the target application program through the first terminal, if the user needs to execute the target service by using the target application program on the first terminal, for example, execute the transaction service by using the target application program, the user can use the second terminal to authorize the first terminal to execute the target service.
In the above scheme, when the user needs to execute the target service, an interactive operation may be performed on the first terminal, for example, the user opens a transaction service interface of the target application program on the first terminal (the payment service needs to perform secondary authentication on the user), and when the first terminal responds to the interactive operation of the user, the first terminal may send a second verification code application request to the authentication and authorization server to apply for a second verification code to the authentication and authorization server, and then waits for a response of the authentication and authorization server, where the second verification code may be a dynamic verification code.
In the above scheme, the message of the second identifying code application request may include device information of the first terminal and user account information.
In the above scheme, after the authentication and authorization server receives the second verification code application request, the authentication and authorization server responds to the second verification code application request, and then sends the second verification code to the first terminal. The first terminal receives a second verification code returned by the authentication and authorization server and displays the second verification code on the interactive interface; when seeing the second verification code displayed on the first terminal, the user can input the second verification code on the interactive interface of the second terminal, so that the second terminal can send an authorization execution service request to the authentication and authorization server, the authentication and authorization server generates authorization execution service information after responding to the authorization execution service request and successfully verifying the authorization execution service request, then sends the authorization execution service information to the first terminal, and the first terminal executes the target service according to the received authorization execution service information.
In the foregoing scheme, the second verification code may also be a dynamic verification code, and the second verification code may have a validity period of a certain time, for example, the validity period may be 5 minutes, and if the first terminal receives the second verification code and the validity period of the second verification code has passed, the first terminal needs to reapply the second verification code to the authentication and authorization server.
In the above scheme, the first terminal receives the authorization execution service information (the authorization execution service information is also the secondary authorization success information), confirms that the target service can be executed, and can continue the subsequent service flow after the target service is executed.
Fig. 3 is a flowchart of a second embodiment of an information processing method provided in the embodiment of the present application, and as shown in fig. 3, the method is applied to an authentication and authorization server, and the method includes the following steps:
s301: and responding to a first verification code application request from the first terminal to generate a first verification code.
In this step, the first authentication code application request is used to apply for a first authentication code, which is used to log in to the target application.
In the above solution, the authentication and authorization server may also be referred to as an authentication and authorization center, and may refer to a centralized application server that provides unified authentication and authorization for a same user group using multiple applications. The authentication and authorization server stores user account information, the binding relationship between the user account information and the digital certificate, authorization and verification records of the user and the like.
In the above scheme, after the authentication and authorization server responds to the first verification code application request, the first verification code may be generated, and then the first verification code is associated with the first terminal and returned to the first terminal.
In the above scheme, the generation of the first verification code may include the following rules:
the method takes simplified use of a user as priority, generally displays 4-bit random numbers, and ensures that the same first terminal only has one first verification code application request at the same time;
the number of bits of the first verification code can be dynamically expanded according to the number of the first verification code application requests waiting in real time. When the total verification code sampling space (4 bits are 10000 spaces) is used by more than half, bit expansion is needed;
the first verification code has a validity period of a certain time, which is generally 5 minutes, and after 5 minutes, the authentication and authorization server needs to automatically refresh the first verification code again.
S302: and sending the first verification code to the first terminal and sending indication information to the second terminal.
In this step, the indication information is used to instruct the second terminal to display an input area of the first verification code on the interactive interface.
In the above solution, after generating the first verification code, the authentication and authorization server needs to send the first verification code to the first terminal, so that the first terminal can display the first verification code on the user interface of the first terminal. Meanwhile, the authentication and authorization server can also send indication information to the second terminal, so that the second terminal can display the input area of the first verification code on the user interface of the second terminal according to the indication information, and the second terminal can send an authorization login request to the authentication and authorization server after the user inputs the first verification code in the input area on the user interface of the second terminal.
S303: in response to receiving the authorized login request, the authorized login request is verified.
In this step, the authorized login request is issued by the second terminal in response to an input operation of the first authentication code in the input area, the authorized login request including the first authentication code, the user information, and the signature data, the second terminal having logged in the target application.
In the above solution, after receiving the authorized login request, the authentication and authorization server may verify the authorized login request, including verifying the user information and the signature data in the authorized login request.
S304: and if the verification is successful, sending the user authentication token and the user information to the first terminal so that the first terminal logs in the target application program according to the user authentication token and the user information.
In this step, if the authentication and authorization server successfully verifies the authorization login request, the authentication and authorization server may bind the user information with the first terminal so as to record the login state of the user, then generate a user authentication token, and simultaneously return the user authentication token and the user information to the first terminal.
In the information processing method provided by this embodiment, the first terminal applies for the first verification code from the authentication and authorization server, so that the user can apply for authorization to login the target application program through the first terminal from the authentication and authorization server by inputting the first verification code into the second terminal, and after receiving the user authentication token and the user information sent by the authentication and authorization server, the first terminal allows the user to login the target application program through the first terminal. In the whole login process, the camera of the terminal is not used, and the entity U shield is not used, so that the technical scheme provided by the application can realize that the same application program is logged in through multiple terminals when the terminal does not comprise the camera to protect the user and does not carry the entity U shield.
In one embodiment, the signature data includes timestamp data, and verifying the authorized logon request includes: determining whether the timestamp data is within a preset time error range; if the timestamp data is within the preset time error range, determining a digital certificate corresponding to the user information according to the user information; and calling a certificate center to verify the signature data according to the digital certificate.
In this scheme, the signature data may use the timestamp data as a salt value in order to guarantee that the signature data is different each time.
In the above scheme, when the authentication and authorization server verifies the authorized login request, the authorized login request may be analyzed to obtain the user information and the signature data with the timestamp data, and then it is verified whether the user account information included in the user information is normal and whether the timestamp data is within a preset time error range (a current error-allowable time window), for example, a difference between a time displayed by the timestamp data and a current standard time is within 1 minute, and a corresponding digital certificate is searched according to the user information, and according to the searched digital certificate, a certificate center is invoked to verify the accuracy of the signature data. And if the user account information is normal, the timestamp data is within the preset time error range, and the signature data is accurate, the authentication and authorization server successfully verifies the authorization login request. It should be noted that, whether the user account information included in the user information is normal is checked, whether the time stamp data is in the preset time error range is checked, and the accuracy of the signature data is checked in no order.
In the above scheme, the certificate authority may digitally sign the plaintext part of the authorized login request (the plaintext data of the first authentication code + the plaintext data of the user information + the timestamp data) using the digital certificate.
In one embodiment, further comprising: responding to a received digital certificate application request sent by a second terminal, and verifying the digital certificate application request, wherein the digital certificate application request is used for applying for a digital certificate; if the verification is successful, sending a digital certificate application request to a certificate center; and in response to receiving the digital certificate sent by the certificate authority, sending the digital certificate to the second terminal.
In this scheme, when verifying the digital certificate application request, the certificate authority can be called by the authentication authorization server to parse the digital certificate application request and obtain corresponding application information, where the application information may include user account information, a user mobile phone number, and device information of the second terminal, and then verify the application information:
the authentication and authorization server can determine whether to allow the user account information to log in the target application program at the second terminal or not through the user account information, the user mobile phone number and the first verification code; the authentication and authorization server can also verify whether the equipment information and the user account information of the second terminal are bound with the digital certificate, whether the user account information is matched with the mobile phone number of the user, whether the mobile phone number of the user is matched with the first verification code, and the like.
In the above scheme, after the application information is successfully verified, the authentication and authorization server uses the corresponding digital certificate application request to initiate the issuance application of the digital certificate to the certificate center. The certificate center can use the corresponding digital certificate application request and information of equipment information, user account information, a mechanism to which a user belongs and the like of the second terminal to form a unique name DN, and the unique name DN signs the digital certificate and returns the digital certificate to the authentication and authorization server, and the authentication and authorization server sends the digital certificate to the second terminal, so that the efficiency of logging in the same application program by multiple terminals is improved.
In the above scheme, if the digital certificate is already bound to the second terminal and the user account information, the bound digital certificate may be revoked first, and then the digital certificate may be bound again.
In the above scheme, after the digital certificate of the second terminal is applied, the authentication and authorization server may store the digital certificate bound to the information of the second terminal and the user account.
In one embodiment, further comprising: responding to a second identifying code application request from the first terminal, and generating a second identifying code of a target service corresponding to interactive operation, wherein the interactive operation is operation acting on the first terminal; sending a second verification code to the first terminal; in response to receiving the authorized execution service request, verifying the authorized execution service request, wherein the authorized execution service request is sent by the second terminal in response to the input operation of the second verification code, and the authorized execution service request comprises the second verification code and second signature data; if the verification is successful, the authorization execution service information is sent to the first terminal, so that the first terminal executes the target service according to the authorization execution service information.
In this scheme, after the authentication and authorization server generates the second verification code, the second verification code may be associated with the first terminal and the user account information, and then the second verification code is returned to the first terminal.
In the above solution, the generation of the second verification code may include the following rules:
the second verification code corresponding to the authorized execution service request and the first verification code corresponding to the authorized login request can be separated in a space isolation mode, so that the use efficiency of each verification code can be improved;
the method takes simplified use of a user as priority, generally displays 4-bit random numbers, and ensures that the same first terminal only has one second verification code application request at the same time;
the number of bits of the second verification code can be dynamically expanded according to the number of second verification code application requests waiting in real time. When the total verification code sampling space (4 bits are 10000 spaces) is used by more than half, bit expansion is needed;
the second verification code has a validity period of a certain time, which is generally 5 minutes, and after 5 minutes, the authentication and authorization server needs to automatically refresh the second verification code again.
In the above scheme, when the authentication and authorization server verifies the authorization and execution service request, the authorization and execution service request may be analyzed to obtain the user information and the signature data with the timestamp data, then it is verified whether the corresponding relationship between the user account information included in the user information and the second verification code is normal, and it is verified whether the user account information included in the user information is normal, and it is verified whether the timestamp data is within a preset time error range (a time window of a current allowable error), and a corresponding digital certificate is searched according to the user information, and according to the searched digital certificate, the certificate center is invoked to verify the accuracy of the signature data. And if the corresponding relation between the user account information and the second verification code is normal, the user account information is normal, the timestamp data is within the preset time error range, and the signature data is accurate, the authentication and authorization server successfully verifies the authorization execution service request. It should be noted that, whether the corresponding relationship between the user account information and the second verification code is normal is checked, whether the user account information included in the user information is normal is checked, whether the verification timestamp data is within the preset time error range is checked, and the accuracy of the verification signature data has no sequence, if all the verifications are successful, the authorization execution service request is verified successfully, and if one of the verifications fails, the authorization execution service request is verified unsuccessfully.
In the above scheme, the certificate authority may digitally sign the plaintext part of the authorized login request (the plaintext data of the first authentication code + the plaintext data of the user information + the timestamp data) using the digital certificate.
In the above scheme, after the authentication and authorization server successfully verifies the authorization and execution service request, the authorization and execution service information may be generated and returned to the first terminal, so that the first terminal executes the target service according to the authorization and execution service information.
Fig. 4 is a flowchart of a third embodiment of an information processing method provided in the embodiment of the present application, and as shown in fig. 4, the method is applied to a second terminal, and the method includes the following steps:
s401: in response to receiving the indication information, an input area of the first verification code is displayed on the interactive interface.
In this step, the indication information is sent by the authentication and authorization server after generating the first verification code in response to the first verification code application request, where the first verification code application request is used to apply for the first verification code, and the first verification code is used to log in the target application program.
In the foregoing solution, the second terminal may be a terminal where a client program providing an authorization function defined in the present application is located, where the client program is also a target application program on the second terminal, and the client program may support functions of generating a public-private key pair, generating a digital certificate application request, and binding a certificate with user account information. The client program can be preinstalled with a root certificate public key certificate of a certificate center, can support the input of verification codes, and also has the function of performing background verification by connecting an authentication authorization server through online networking.
S402: and responding to the input operation of the user on the input area aiming at the first verification code, and sending an authorized login request to the authentication and authorization server so that the authentication and authorization server generates a user authentication token according to the authorized login request.
In this step, the authorized login request includes a first verification code, user information and signature data, and the user authentication token is used for the first terminal to login the target application program.
In the above scheme, the second terminal may prompt the user to input the first verification code according to the prompt message sent by the authentication and authorization server. After the user inputs the first verification code, the second terminal may generate an authorized login request, where the authorized login request may include the first verification code, user information, and signature data with timestamp data. The second terminal can directly access the authentication and authorization server on line and send an authorization login request to the authentication and authorization server.
In the above solution, the authorized login request may include original plaintext data of the first verification code, original plaintext data of the user information, and signature data with timestamp data, and the timestamp data may be timestamp plaintext data of a current standard time and include year, month, day, minute, second, millisecond information, for example, 20211203093012001, and using the timestamp data as a salt of the signature data may ensure that the signature data of each time is different.
In the above scheme, the first verification code, the user information, and the timestamp data may be spliced to obtain a character string by using a user digital certificate of the second terminal, and then the obtained character string is digitally signed to obtain data, that is, signature data.
In the information processing method provided by this embodiment, the first terminal applies for the first verification code from the authentication and authorization server, so that the user can apply for authorization to login the target application program through the first terminal from the authentication and authorization server by inputting the first verification code into the second terminal, and after receiving the user authentication token and the user information sent by the authentication and authorization server, the first terminal allows the user to login the target application program through the first terminal. In the whole login process, the camera of the terminal is not used, and the entity U shield is not used, so that the technical scheme provided by the application can realize that the same application program is logged in through multiple terminals when the terminal does not comprise the camera to protect the user and does not carry the entity U shield.
In one embodiment, further comprising: responding to a registration request of a target application program, and generating a public key and a private key corresponding to user information, wherein the registration request comprises the user information; generating a digital certificate application request according to the public key, wherein the digital certificate application request is used for applying for a digital certificate corresponding to the user information; sending a digital certificate application request to an authentication and authorization server; and receiving the digital certificate sent by the authentication and authorization server.
In this solution, when the second terminal acquires the digital certificate, it may respond to a registration request of the user for the target application program, then generate a public key and a private key according to the user information, encrypt and store the private key in the target application program of the second terminal, and simultaneously use the public key to generate a digital certificate application request, where the digital certificate application request is also a P10 certificate request, and the P10 certificate request may include information such as device information, user account information, and an organization to which the user belongs of the second terminal.
In the above scheme, the target application program on the second terminal may be a client program that provides an authorization function and is defined in this application, and the client program may be pre-installed with a root certificate public key certificate of a certificate authority, and all data transmission with the authentication and authorization server may use the root certificate public key to perform data encryption transmission.
In the above scheme, after receiving the digital certificate, the second terminal may verify the issuing relationship between the digital certificate and the root certificate, so as to determine whether the digital certificate is issued by the certificate authority.
According to the information processing method provided by the embodiment, the authorization verification of the first terminal is realized based on the input of the dynamic verification code at the second terminal, the dependence on hardware equipment is reduced, the authorization authentication operation of a user is simplified, the memory of the user on a complex password is avoided, and meanwhile, the security of data transmission is also ensured by the second terminal based on a digital certificate; in addition, compared with a code scanning authorization login scheme, the method and the device can realize authorization login only by inputting a corresponding dynamic verification code on an authorization client program of a second terminal without depending on a hardware camera and a corresponding authority of the terminal; meanwhile, compared with a scheme of logging in and authenticating by using a U shield, the method and the device do not depend on issuing of the entity U shield and carrying of the entity token, authorization authentication can be performed by using an authorization client program of the second terminal, a user does not need to input personal account information at the first terminal, and only a simple dynamic verification code needs to be input at the second terminal, so that the same application program corresponding to the same account can be logged in through multiple terminals.
Generally speaking, the technical scheme provided by the application binds user account information and a digital certificate based on trusted equipment and a corresponding client program held by a user, inputs the client program of the trusted equipment by using a dynamic verification code of a server, and finally performs online authorized login and verification, and is a technical scheme which can realize login of the same application program through multiple terminals without depending on a camera and an entity U shield and can improve the security of data transmission.
The embodiment of the application also provides an information processing device which is applied to the first terminal. Fig. 5 is a schematic structural diagram of a first embodiment of an information processing apparatus according to the present application, and as shown in fig. 5, the information processing apparatus 500 includes:
a first sending module 501, configured to send a first verification code application request to an authentication and authorization server in response to a start instruction for a target application program, where the first verification code application request is used to apply for a first verification code, and the first verification code is used to log in the target application program;
a first receiving module 502, configured to receive and display the first verification code;
a second receiving module 503, configured to receive a user authentication token and user information, where the user authentication token is generated after the authentication authorization server successfully verifies an authorization login request, the authorization login request is sent by the second terminal in response to an input operation of the first verification code, the authorization login request includes the first verification code, the user information, and signature data, and the second terminal has logged in the target application program;
and a login module 504, configured to log in the target application according to the user authentication token and the user information.
Optionally, the information processing apparatus 500 further includes a first processing module (not shown), which is specifically configured to: after logging in the target application program, responding to the interactive operation input by the user, and sending a second verification code application request to the authentication and authorization server, wherein the second verification code application request is used for applying for a second verification code of a target service corresponding to the interactive operation; receiving and displaying a second verification code; receiving authorization execution service information, wherein the authorization execution service information is generated after the authentication authorization server successfully verifies an authorization execution service request, and the authorization execution service request is sent by a second terminal in response to the input operation of a second verification code; and executing the target service according to the authorized execution service information.
The information processing apparatus provided in this embodiment is configured to execute the technical solution of the information processing method applied to the first terminal in the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
The embodiment of the application also provides an information processing device which is applied to the authentication and authorization server. Fig. 6 is a schematic structural diagram of a second embodiment of an information processing apparatus according to the embodiment of the present application, and as shown in fig. 6, the information processing apparatus 600 includes:
a generating module 601, configured to generate a first verification code in response to a first verification code application request from a first terminal, where the first verification code application request is used to apply for the first verification code, and the first verification code is used to log in a target application program;
a second sending module 602, configured to send the first verification code to the first terminal, and send indication information to the second terminal, where the indication information is used to indicate the second terminal to display an input area of the first verification code on the interactive interface;
the verification module 603 is configured to verify an authorized login request in response to receiving the authorized login request, where the authorized login request is issued by the second terminal in response to an input operation of the first verification code in the input area, the authorized login request includes the first verification code, the user information, and the signature data, and the second terminal has logged in the target application program;
a third sending module 604, configured to send the user authentication token and the user information to the first terminal if the verification is successful, so that the first terminal logs in the target application according to the user authentication token and the user information.
Optionally, the signature data includes timestamp data, and the verifying module 603 is further specifically configured to: determining whether the timestamp data is within a preset time error range; if the timestamp data is within the preset time error range, determining a digital certificate corresponding to the user information according to the user information; and calling a certificate center to verify the signature data according to the digital certificate.
Optionally, the login apparatus 600 of the application further includes a second processing module (not shown), where the second processing module is specifically configured to: responding to a received digital certificate application request sent by a second terminal, and verifying the digital certificate application request, wherein the digital certificate application request is used for applying for a digital certificate; if the verification is successful, sending a digital certificate application request to a certificate center; and in response to receiving the digital certificate sent by the certificate authority, sending the digital certificate to the second terminal.
Optionally, the login apparatus 600 of the application further includes a third processing module (not shown), where the third processing module is specifically configured to: responding to a second identifying code application request from the first terminal, and generating a second identifying code of a target service corresponding to interactive operation, wherein the interactive operation is operation acting on the first terminal; sending a second verification code to the first terminal; in response to receiving the authorized execution service request, verifying the authorized execution service request, wherein the authorized execution service request is sent by the second terminal in response to the input operation of the second verification code, and the authorized execution service request comprises the second verification code and second signature data; if the verification is successful, the authorization execution service information is sent to the first terminal, so that the first terminal executes the target service according to the authorization execution service information.
The information processing apparatus provided in this embodiment is configured to execute the technical solution of the information processing method applied to the authentication and authorization server in the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
The embodiment of the application also provides an information processing device which is applied to the second terminal. Fig. 7 is a schematic structural diagram of a third embodiment of an information processing apparatus according to an embodiment of the present application, and as shown in fig. 7, the information processing apparatus 700 includes:
the display module 701 is configured to display an input area of a first verification code on the interactive interface in response to receiving indication information, where the indication information is sent by the authentication and authorization server after generating the first verification code in response to a first verification code application request, the first verification code application request is used for applying for the first verification code, and the first verification code is used for logging in a target application program;
a fourth sending module 702, configured to send, in response to an input operation of a user on an input area for a first verification code, an authorization login request to an authentication and authorization server, so that the authentication and authorization server generates a user authentication token according to the authorization login request, where the authorization login request includes the first verification code, user information, and signature data, and the user authentication token is used for the first terminal to log in the target application program.
Optionally, the information processing apparatus 700 further includes a fourth processing module (not shown), where the fourth processing module is specifically configured to: responding to a registration request of a target application program, and generating a public key and a private key corresponding to user information, wherein the registration request comprises the user information; generating a digital certificate application request according to the public key, wherein the digital certificate application request is used for applying for a digital certificate corresponding to the user information; sending a digital certificate application request to an authentication and authorization server; and receiving the digital certificate sent by the authentication and authorization server.
The information processing apparatus provided in this embodiment is configured to execute the technical solution of the information processing method applied to the second terminal in the foregoing method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
An embodiment of the present application further provides a terminal device, fig. 8 is a schematic structural diagram of the terminal device provided in the embodiment of the present application, and as shown in fig. 8, the terminal device 800 includes:
the memory 812 is used for storing executable instructions executable by the processor 811, and the processor 811 is configured to execute the technical solution of the information processing method applied to the first terminal or the second terminal provided by the foregoing method embodiment through executing the executable instructions.
In the terminal device, the memory 812, the processor 811 and the interaction interface 813 are electrically connected directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines, such as a bus. The memory 812 stores therein computer-executable instructions for implementing an information processing method applied to the first terminal or the second terminal, including at least one software functional module that can be stored in the memory in the form of software or firmware, and the processor 811 executes various functional applications and data processing by running the software programs and modules stored in the memory 812.
Fig. 9 is a schematic structural diagram of a server provided in the embodiment of the present application, and the server may be provided as a computer, for example. Referring to fig. 9, the server 900 includes a processing component 901 that further includes one or more processors and memory resources, represented by memory 902, for storing instructions, such as application programs, that are executable by the processing component 901. The application programs stored in memory 902 may include one or more modules that each correspond to a set of instructions. Further, the processing component 901 is configured to execute instructions to perform embodiments of the information processing method applied to the authentication authorization server described above.
The server 900 may also include a power component 903, the power component 903 configured to perform power management of the server 900, a wired or wireless network interface 904 configured to connect the server 900 to a network, and an input/output (I/O) interface 905. The server 900 may operate based on an operating system stored in memory 902, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
The Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory is used for storing programs, and the processor executes the programs after receiving the execution instructions. Further, the software programs and modules within the aforementioned memories may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor may be an integrated circuit chip having signal processing capabilities. The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes a program, and the program is used for implementing the technical solution of the information processing method provided in the method embodiment when being executed by a processor.
The embodiment of the present application further provides a computer program product, which includes a computer program, and the computer program is used for implementing the technical solution of the information processing method provided in the method embodiment when being executed by a processor.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (12)
1. An information processing method applied to a first terminal, the information processing method comprising:
responding to a starting instruction facing to a target application program, and sending a first verification code application request to an authentication authorization server, wherein the first verification code application request is used for applying for a first verification code, and the first verification code is used for logging in the target application program;
receiving and displaying the first verification code;
receiving a user authentication token and user information, wherein the user authentication token is generated after the authentication and authorization server successfully verifies an authorization login request, the authorization login request is sent by a second terminal in response to the input operation of the first verification code, the authorization login request comprises the first verification code, the user information and signature data, and the second terminal has logged in the target application program;
and logging in the target application program according to the user authentication token and the user information.
2. The information processing method according to claim 1, further comprising:
after logging in the target application program, responding to the interactive operation input by the user, and sending a second verification code application request to the authentication and authorization server, wherein the second verification code application request is used for applying for a second verification code of a target service corresponding to the interactive operation;
receiving and displaying the second verification code;
receiving authorization execution service information, wherein the authorization execution service information is generated after the authentication authorization server successfully verifies an authorization execution service request, and the authorization execution service request is sent by the second terminal in response to the input operation of the second verification code;
and executing the target service according to the authorized execution service information.
3. An information processing method applied to an authentication and authorization server, the information processing method comprising:
responding to a first verification code application request from a first terminal, and generating a first verification code, wherein the first verification code application request is used for applying for the first verification code, and the first verification code is used for logging in a target application program;
sending the first verification code to the first terminal, and sending indication information to a second terminal, wherein the indication information is used for indicating the second terminal to display an input area of the first verification code on an interactive interface;
in response to receiving an authorized login request, verifying the authorized login request, wherein the authorized login request is sent by a second terminal in response to the input operation of the first verification code in the input area, the authorized login request comprises the first verification code, user information and signature data, and the second terminal is logged in the target application program;
and if the verification is successful, sending a user authentication token and the user information to the first terminal so that the first terminal logs in the target application program according to the user authentication token and the user information.
4. The information processing method according to claim 3, wherein the signature data includes time stamp data, and the verifying the authorized login request includes:
determining whether the timestamp data is within a preset time error range;
if the timestamp data is within a preset time error range, determining a digital certificate corresponding to the user information according to the user information;
and calling a certificate center to verify the signature data according to the digital certificate.
5. The information processing method according to claim 4, further comprising:
responding to a received digital certificate application request sent by the second terminal, and verifying the digital certificate application request, wherein the digital certificate application request is used for applying for the digital certificate;
if the verification is successful, sending the digital certificate application request to the certificate center;
and in response to receiving the digital certificate sent by the certificate authority, sending the digital certificate to the second terminal.
6. The information processing method according to claim 3 or 4, further comprising:
responding to a second identifying code application request from a first terminal, and generating a second identifying code of a target service corresponding to interactive operation, wherein the interactive operation is operation acting on the first terminal;
sending the second verification code to the first terminal;
responding to a received authorization execution service request, verifying the authorization execution service request, wherein the authorization execution service request is sent by the second terminal in response to the input operation of the second verification code, and the authorization execution service request comprises the second verification code and second signature data;
if the verification is successful, sending authorized execution service information to the first terminal so that the first terminal executes the target service according to the authorized execution service information.
7. An information processing method applied to a second terminal that has logged in a target application, the information processing method comprising:
in response to receiving indication information, displaying an input area of a first verification code on an interactive interface, wherein the indication information is sent by an authentication and authorization server in response to a first verification code application request which is used for applying for the first verification code and is used for logging in the target application program after the first verification code is generated;
responding to the input operation of a user on the input area aiming at the first verification code, and sending an authorization login request to the authentication and authorization server so that the authentication and authorization server generates a user authentication token according to the authorization login request, wherein the authorization login request comprises the first verification code, user information and signature data, and the user authentication token is used for the first terminal to log in the target application program.
8. The information processing method according to claim 7, further comprising:
responding to a registration request of the target application program, and generating a public key and a private key corresponding to the user information, wherein the registration request comprises the user information;
generating a digital certificate application request according to the public key, wherein the digital certificate application request is used for applying for a digital certificate corresponding to the user information;
sending the digital certificate application request to an authentication and authorization server;
and receiving the digital certificate sent by the authentication and authorization server.
9. An information processing system, comprising:
the system comprises a first terminal, an authentication and authorization server and a second terminal;
wherein the first terminal is configured to execute the information processing method of claim 1 or 2;
the authentication authorization server is used for executing the information processing method of any one of claims 3 to 6;
the second terminal is configured to execute the information processing method according to claim 7 or 8.
10. A terminal device, comprising:
a processor, a memory, an interactive interface;
the memory is used for storing executable instructions executable by the processor, and the processor is configured to execute the information processing method of claim 1, 2, 7 or 8 through executing the executable instructions.
11. A server, comprising:
a processor, a memory, an interactive interface;
the memory is used for storing executable instructions executable by the processor, and the processor is configured to execute the information processing method of any one of claims 3 to 6 via executing the executable instructions.
12. A computer-readable storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the information processing method according to any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210504336.6A CN114866324A (en) | 2022-05-10 | 2022-05-10 | Information processing method, system, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210504336.6A CN114866324A (en) | 2022-05-10 | 2022-05-10 | Information processing method, system, device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114866324A true CN114866324A (en) | 2022-08-05 |
Family
ID=82638098
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210504336.6A Pending CN114866324A (en) | 2022-05-10 | 2022-05-10 | Information processing method, system, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114866324A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209763A (en) * | 2016-05-27 | 2016-12-07 | 北京畅游天下网络技术有限公司 | A kind of login method and system |
CN106656993A (en) * | 2016-11-04 | 2017-05-10 | 中国银联股份有限公司 | Dynamic verification code verifying method and apparatus |
CN111466099A (en) * | 2018-09-03 | 2020-07-28 | 华为技术有限公司 | Login method, token sending method and device |
WO2020155492A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Device id-based login state sharing method and device |
CN112968892A (en) * | 2021-02-19 | 2021-06-15 | 中国工商银行股份有限公司 | Information verification method, device, computing equipment and medium |
CN113225188A (en) * | 2020-01-19 | 2021-08-06 | 华为技术有限公司 | Login authentication method, device and system |
-
2022
- 2022-05-10 CN CN202210504336.6A patent/CN114866324A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209763A (en) * | 2016-05-27 | 2016-12-07 | 北京畅游天下网络技术有限公司 | A kind of login method and system |
CN106656993A (en) * | 2016-11-04 | 2017-05-10 | 中国银联股份有限公司 | Dynamic verification code verifying method and apparatus |
CN111466099A (en) * | 2018-09-03 | 2020-07-28 | 华为技术有限公司 | Login method, token sending method and device |
WO2020155492A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Device id-based login state sharing method and device |
CN113225188A (en) * | 2020-01-19 | 2021-08-06 | 华为技术有限公司 | Login authentication method, device and system |
CN112968892A (en) * | 2021-02-19 | 2021-06-15 | 中国工商银行股份有限公司 | Information verification method, device, computing equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10397004B2 (en) | Distributed system for multi-function secure verifiable signer authentication | |
CN110291757B (en) | Method for providing simplified account registration service, user authentication service, and authentication server using the same | |
KR102375777B1 (en) | Payment authentication method, device and system for on-board terminal | |
US9264236B2 (en) | Embedded extrinsic source for digital certificate validation | |
US8387119B2 (en) | Secure application network | |
CN101027676B (en) | A personal token and a method for controlled authentication | |
CN112953970B (en) | Identity authentication method and identity authentication system | |
CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
JP2018532301A (en) | User authentication method and apparatus | |
CN110930147B (en) | Offline payment method and device, electronic equipment and computer-readable storage medium | |
CN113742676B (en) | Login management method, login management device, login management server, login management system and storage medium | |
CN105162775A (en) | Logging method and device of virtual machine | |
WO2019140790A1 (en) | Service tracking method and apparatus, terminal device, and storage medium | |
CN111641615A (en) | Distributed identity authentication method and system based on certificate | |
US20230403154A1 (en) | Verifier credential determination by a registrant | |
CN105162774A (en) | Virtual machine login method and device used for terminal | |
US20220398299A1 (en) | Cross-session issuance of verifiable credential | |
CN115150072A (en) | Cloud network issuing authentication method, equipment, device and storage medium | |
CN113904774A (en) | Block chain address authentication method and device and computer equipment | |
US12039527B2 (en) | Service providing system, service providing device, service providing method, and service providing program | |
CN114866324A (en) | Information processing method, system, device and storage medium | |
CN115378609A (en) | Electronic certificate display method, verification method, terminal and server | |
KR101676719B1 (en) | Method for running virtual machine, method for providing online financial service using virtualization and apparatus for performing the method | |
CN115086090A (en) | Network login authentication method and device based on UKey | |
CN115150086A (en) | Identity authentication method and equipment of public key based on biological characteristics of cloud service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |