[0044] The embodiments of the present invention are described in detail below. Examples of the embodiments are shown in the accompanying drawings, in which the same or similar reference numerals indicate the same or similar elements or elements with the same or similar functions. The embodiments described below with reference to the drawings are exemplary, and are only used to explain the present invention, but should not be construed as limiting the present invention.
[0045] Reference below figure 1 Describe the login control method based on the QR code according to the embodiment of the present invention, including the following steps:
[0046] Step S110: The cloud server of the network service provider receives the login request sent by the user through the first client.
[0047] Step S120: The cloud server allocates an identification string to the login request, and generates a QR code according to the identification string.
[0048] Step S130: The cloud server sends the QR code to the first client and displays it through the first client, and maintains the network connection with the first client.
[0049] Step S140: The cloud server receives the proxy login request sent to the cloud server after the second client has captured and parsed the QR code, wherein the proxy login request includes the user's identity information.
[0050] Among them, the proxy login request includes an identification string.
[0051] Step S150: The cloud server authenticates the user according to the proxy login request.
[0052] In an embodiment of the present invention, it further includes: the cloud server authenticates the identification string and the identity information in the proxy login request, and if the identification string or the identity information is invalid, the cloud server returns error information to the second client.
[0053] In an embodiment of the present invention, it further includes:
[0054] Step S151: The cloud server judges whether a data item indexed by the identification string is stored, wherein the data item contains user login session information;
[0055] Step S152: If it is determined that a data item indexed by the identification string is stored, an error message is returned to the second client;
[0056] Step S153: If it is determined that no data item indexed by the identification string is stored, and the user is authenticated according to the proxy login request, the corresponding data item is established using the identification string as the index, and login success information is returned to the second client.
[0057] Step S160: After the cloud server determines that the user passes the identity authentication, the cloud server returns the user login session information to the first client through the established network connection.
[0058] In an embodiment of the present invention, after the cloud server determines that the user has passed the identity authentication, the method further includes: the cloud server queries the key-value pair according to the identification string to obtain the network connection handle with the first client, and forwards the first client according to the network connection handle. A client returns user login session information.
[0059] In an embodiment of the present invention, it includes: the cloud server establishes and maintains a key-value pair consisting of an identification string and a network connection handle with the first client.
[0060] According to figure 2 Take an example to specifically introduce the login control method based on the QR code. It can be understood that the following description is for illustrative purposes only, and the embodiments of the present invention are not limited thereto. figure 2 The steps in the method are divided into roles, so that the steps and processes of the first client A, the cloud server, and the second client B in the method are more intuitively displayed.
[0061] Step S210: The user logs in at the first client A. Among them, the first client A may be a certain client application on a device such as a PC or a notebook.
[0062] Step S220: The first client A establishes a network connection with the cloud server, and sends a login request for obtaining a QR code image.
[0063] Step S230: The cloud server allocates an identification string to the login request, and generates a QR code according to the identification string. The cloud server also saves The key-value pair. The cloud server receives the login request for acquiring the two-dimensional code picture sent by the first client A, and generates a globally unique identification string RS and a two-dimensional code QR containing RS information through the prior art.
[0064] Step S240: the cloud server sends data such as the two-dimensional code QR to the first client A. At the same time, the cloud server maintains a key-value pair in the form.
[0065] Step S250: The first client A receives the two-dimensional code picture and displays it on the user interface, and waits for the data sent by the cloud server. If the first client A receives data indicating that a user logs in based on the QR code, step S2180 is entered; otherwise, the first client A stays on the current user interface.
[0066] Step S260: The user starts the second client B. The second client B may be a login agent application installed on a certain mobile device B. In an embodiment of the present invention, the address information of the cloud server is stored in the second client B.
[0067] Step S270: Scan the two-dimensional code picture displayed on the first client A through the camera.
[0068] Step S280: Recognize and decode the scanned two-dimensional code picture by using the prior art to obtain a unique identification string RS.
[0069] Step S290: Determine which user identity the user logs in to the service accessed on the first client A. Among them, the user identity can be obtained through user interaction or reading the cached data of the service. For example, the user interaction operation can be that the user selects from multiple user accounts stored in the local storage system, or receives the account and password input by the user.
[0070] Step S2100: Send a proxy login request containing data such as RS and user identity information to the cloud server. Among them, user identity information includes information such as user name, password, or session of the logged-in user.
[0071] Step S2110: The cloud server judges the validity of RS and user identity information. When the cloud server receives the proxy login request, it first judges the validity of the RS and the user identity.
[0072] Step S2120: If any one of RS and user identity information is invalid, return error information to the second client B. Otherwise, continue to step S2130.
[0073] Step S2130: If the second client B receives an error message, it will prompt the error and guide the user to log in again
[0074] Step S2140: Determine whether a key-value pair with RS as an index and user login session information (ie SESSION information) as a value exists in the cloud server.
[0075] Step S2150: If it exists, return error information to the second client B. Otherwise, proceed to step S2160.
[0076] Step S2160: Set the user state to the login state, and create a login session that includes the user's identity information.
[0077] Step S2170: Read through RS And send the user login session data to the first client A through the read connection handle.
[0078] Step S2180: The first client A receives the user login session information sent by the cloud server, prompts the login success, and enters the user interface after login.
[0079] The login control method based on the two-dimensional code according to the embodiment of the present invention can be applied to client products. After the first client initiates a login request, the cloud server returns a QR code. After decoding the QR code information by the second client with shooting and QR code analysis functions, it sends a proxy login request to the cloud server. The cloud server After the verification is successful, the user login session information is returned to the first client through the established network connection to complete the login process. Take full advantage of the functions and resources of the second client. It does not require users to enter the relevant user name and password every time they log in, which reduces the operation cost of user login, improves user experience, is simple and efficient, and also reduces passwords stolen by phishing and Trojan horses. Such risks ensure the security of user accounts.
[0080] Reference below figure 2 Describes a login control system 100 based on a QR code according to an embodiment of the present invention, including a first client 110, a second client 120, and a cloud server 130. Among them, the first client 110 is used to send a login request to the cloud server 130, and to receive and display a QR code sent by the cloud server 130; the cloud server 130 is used to allocate an identification string for the login request, and generate a QR code according to the identification string , And send the QR code to the first client 110 and maintain the network connection with the first client 110, and send the proxy login request, and authenticate the user according to the proxy login request, and after the user passes the identity authentication The user login session information is returned to the first client 110 through the established network connection; the second client 120 is used to capture the QR code displayed by the first client 110, and send it to the cloud server after analyzing the QR code The address information sends the proxy login request, where the proxy login request includes the user’s identity information.
[0081] Wherein, the second client 120 may be a mobile terminal. The proxy login request includes the identification string.
[0082] In an embodiment of the present invention, the cloud server 130 is also used to establish and maintain a key-value pair including an identification string and a network connection handle with the first client 110.
[0083] In an embodiment of the present invention, the cloud server 130 is also used to authenticate the identification string and identity information in the proxy login request, and return error information to the second client 120 when the identification string or the identity information is invalid.
[0084] In an embodiment of the present invention, the cloud server 130 is also used to determine whether a data item indexed by the identification string is stored, wherein the data item contains user login session information, and the data item indexed by the identification string is stored in the judgment. When the data item is selected, an error message is returned to the second client 120, and when it is determined that no data item indexed by the identification string is stored, and the user is authenticated according to the proxy login request, the corresponding data item is established using the identification string as the index , And return login success information to the second client 120.
[0085] In an embodiment of the present invention, the cloud server 130 is further configured to query the key-value pair according to the identification string to obtain the network connection handle with the first client 110, and return the user login to the first client 110 according to the network connection handle. Session information.
[0086] The following takes a specific login process as an example to specifically introduce the login control system based on the QR code. It can be understood that the following description of the login process is only for exemplary purposes, and the embodiments of the present invention are not limited thereto.
[0087] Step S310: the user logs in at the first client 110. Wherein, the first client 110 may be a certain client application on a device such as a PC or a notebook. The first client 110 establishes a network connection with the cloud server 130, and sends a login request for obtaining a QR code image.
[0088] Step S320: The cloud server 130 allocates an identification string to the login request, and generates a two-dimensional code according to the identification string. The cloud server 130 receives the login request to obtain the QR code image sent by the first client 110, and generates a globally unique identification string RS and a QR code QR containing RS information through the prior art. The cloud server 130 sends data such as a two-dimensional code QR to the first client 110. At the same time, the cloud server 130 maintains a key-value pair in the form.
[0089] Step S330: The first client 110 receives the two-dimensional code picture and displays it on the user interface, and waits for the data sent by the cloud server 130. If the first client 110 receives data indicating that a user logs in based on the QR code, step S360 is entered; otherwise, the first client 110 stays on the current user interface.
[0090] Step S340: the user opens the second client 120. The second client 120 may be a login agent application installed on a certain mobile device B. The second client 120 scans the two-dimensional code picture displayed on the first client 110 through a camera, and recognizes and decodes the scanned two-dimensional code picture through the prior art to obtain a unique identification string RS. The second client 120 determines the identity of the user to log in to obtain the service accessed by the first client 110. Among them, the user identity can be obtained through user interaction or reading the cached data of the service. For example, the user interaction operation can be that the user selects from multiple user accounts stored in the local storage system, or receives the account and password input by the user. The second client 120 sends a proxy login request containing data such as RS and user identity information to the cloud server 130. Among them, user identity information includes information such as user name, password, or session of the logged-in user.
[0091] Step S350: The cloud server 130 judges the validity of RS and user identity information. When the cloud server 130 receives the proxy login request, it first judges the validity of the RS and the user identity. If any one of RS and user identity information is invalid, error information is returned to the second client 120. Otherwise, it is determined whether there is a key-value pair with RS as an index and user login session information (ie SESSION information) as a value in the cloud server 130. If it exists, an error message is returned to the second client 120. Otherwise, the user status is set to the login status, and a login session containing the user's identity information is created. Cloud server 130 reads via RS And send the user login session data to the first client 110 through the read connection handle.
[0092] Step S360: The first client 110 receives the user login session information sent by the cloud server 130, prompts the login success, and enters the user interface after login.
[0093] After the login control system based on the QR code according to the embodiment of the present invention initiates a login request from the first client, the cloud server returns the QR code, and uses the second client with the functions of shooting and QR code analysis to transfer the QR code After the information is decoded, a proxy login request is sent to the cloud server. After the cloud server is successfully verified, it returns the user login session information to the first client through the established network connection to complete the login process. Take full advantage of the functions and resources of the second client. It does not require users to enter the relevant user name and password every time they log in, which reduces the operation cost of user login, improves user experience, is simple and efficient, and also reduces passwords stolen by phishing and Trojan horses. Such risks ensure the security of user accounts.
[0094] Reference below image 3 Describe the cloud server 200 according to an embodiment of the present invention, including a first receiving module 210, a QR code generating module 220, a first sending module 230, a second receiving module 240, an authentication module 250, a connection control module 260, and a second sending module 270 and the key-value pair maintenance module 280.
[0095] The first receiving module 210 is used to receive a login request sent by the user through the first client; the two-dimensional code generating module 220 is used to allocate an identification string to the login request, and generate a two-dimensional code according to the identification string; the first sending module 230 Used to send the QR code to the first client and display it through the first client; the second receiving module 240 is used to receive the proxy login request sent by the address information of the cloud server after the second client photographs and parses the QR code , Where the proxy login request includes the user’s identity information; the authentication module 250 is used to authenticate the user according to the proxy login request; the connection control module 260 is used to maintain a network connection with the first client; the second sending module 270 is used to After the user passes the identity authentication, the user log-in session information is returned to the first client through the established network connection.
[0096] Among them, the polling request or the persistent connection request contains the identification string. The proxy login request includes the identification string.
[0097] In an embodiment of the present invention, the authentication module 250 authenticates the identification string and the identity information in the proxy login request. If the identification string or the identity information is invalid, the second sending module 270 is also used to return an error to the second client. information.
[0098] In an embodiment of the present invention, the authentication module 250 is used to determine whether a data item indexed by the identification string is stored, wherein the data item contains user login session information, and when determining that the data item indexed by the identification string is stored When the item is selected, the second sending module 270 returns error information to the second client.
[0099] In an embodiment of the present invention, it further includes: a key-value pair maintenance module 280 for establishing and maintaining a key-value pair composed of an identification string and a network connection handle with the first client
[0100] The following takes a specific login process as an example to introduce the cloud server in detail. It can be understood that the following description of the login process is only for exemplary purposes, and the embodiments of the present invention are not limited thereto.
[0101] The first receiving module 210 receives a login request to obtain a QR code image sent by the first client. The QR code generation module 220 generates a globally unique identification string RS for the login request through the prior art, and a two-dimensional code containing RS information. Code QR. The first sending module 230 sends data such as a two-dimensional code QR to the first client. At the same time, the key-value pair maintenance module 280 maintains a key-value pair in the form. The first client receives the QR code picture and displays it on the user interface, and waits for the data sent by the cloud server. The second client scans the two-dimensional code picture displayed on the first client through the camera, recognizes and decodes the scanned two-dimensional code picture through the prior art, and sends data including RS and user identity information to the cloud server Agent login request. The second receiving module 240 receives the proxy login request containing data such as RS and user identity information, and the authentication module 250 determines the validity of the RS and user identity information. The authentication module 250 first judges the validity of the RS and the user identity. If the authentication module 250 determines that any one of the RS and the user identity information is invalid, the second sending module 270 returns error information to the second client. Otherwise, the authentication module 250 determines whether there is a key-value pair indexed by RS and the value of the user login session information (ie SESSION information) in the cloud server. If it exists, the second sending module 270 returns error information to the second client. Otherwise, the user status is set to the login status, and the key-value pair maintenance module 280 creates a login session containing the user's identity information. Key-value pair maintenance module 280 reads via RS After reading the connection handle, the second sending module 270 sends the user login session data to the first client. The first client receives the user login session information sent by the cloud server, prompts the login success, and enters the user interface after login.
[0102] According to the cloud server of the embodiment of the present invention, after the first receiving module 210 receives the login request initiated by the first client, the QR code generating module 220 returns the QR code, and the second receiving module 240 receives the proxy login request sent by the second client After successful verification, the authentication module 250 returns the user login session information to the first client through the established network connection to complete the login process. The cloud server makes full use of the function and resource advantages of the second client. It does not require users to enter the relevant user name and password every time they log in, which reduces the operation cost of user login, improves user experience, is simple and efficient, and reduces phishing, Trojan horse steals passwords and other risks to protect the security of user accounts.
[0103] In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" etc. mean specific features described in conjunction with the embodiment or example , Structure, materials or features are included in at least one embodiment or example of the present invention. In this specification, the schematic representation of the above-mentioned terms does not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics may be combined in any one or more embodiments or examples in a suitable manner.
[0104] Although the embodiments of the present invention have been shown and described, those of ordinary skill in the art can understand that various changes, modifications, and substitutions can be made to these embodiments without departing from the principle and spirit of the present invention. And variations, the scope of the present invention is defined by the appended claims and their equivalents.
