Login and verification method for application program

[0031] In order to make the objectives, technical solutions and advantages of the present invention clearer, the following further describes the present invention in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0032] In the embodiment of the present invention, a login request is sent to the application server, and the login request includes login information and a check code, so that the application server verifies the login information according to the check code and the check code stored in the application server. Since the identification of the mobile terminal is unique, and the generated check code is also unique, when the generated check code is different from the check code stored in the application server, the login information verification result is illegal. At this time, even if someone else gets the login account and password, the login operation of the application cannot be completed, thus preventing illegal login on any mobile terminal and improving the security of many existing login accounts and passwords.

[0033] figure 1 The implementation process of an application login method provided by an embodiment of the present invention is shown, and the details are as follows:

[0034] In step S101, the login information of the application and the identification of the mobile terminal are obtained, and the login information includes the login account of the application.

[0035] In this embodiment, the login information of the application program and the login account of the login information application program are acquired. Specifically, a monitoring module can be set to monitor whether there is broadcast information of the input login account of the application program. When there is broadcast information that the application enters the login account, it means that the user is entering the login account, that is, an input monitoring event is triggered. The input monitoring event includes but not limited to one or more of monitoring physical keyboard input or monitoring virtual keyboard input. Monitor the user's input login account to obtain the login account of the application.

[0036] In this embodiment, the identification of the mobile terminal may be the physical identification of the mobile terminal. The identification includes, but is not limited to, International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identification Number (International Mobile Subscriber Identification Number, IMSI).

[0037] In this embodiment, the identification of the mobile terminal adopts IMEI. Specifically, it can be obtained through the interface of the underlying parameters of the mobile terminal system. For ease of description, taking practical applications as an example, when the mobile terminal adopts the android system, By calling the interface command, such as IMEI=((TelephonyManager)getSystemService(TELEPHONY_SERVICE)).getDevi ceId(), the IMEI information of the mobile terminal is extracted to complete the IMEI acquisition.

[0038] In step S102, a check code is generated using a preset function according to the login account of the application and the identification of the mobile terminal.

[0039] In this embodiment, the preset function includes but is not limited to one-way function, exponential function, logarithmic function, power function, composite function, inverse proportional function, etc. Preferably, the preset function is a one-way function, and the one-way function includes but is not limited to a one-way trapdoor function and a one-way hash function.

[0040] In this embodiment, the identification of the mobile terminal adopts IMEI. Specifically, a key is generated from a login account and IMEI through a one-way function. Each login account and IMEI generate a key. Different login accounts and IMEI will generate different Key. Since the one-way function itself has one-way irreversibility, the key can be generated according to the login account and IMEI, but the IMEI cannot be derived from the login account and the key, so the security of subsequent generation of verification codes is increased.

[0041] In this embodiment, the IMEI and the key are XORed to generate a check code. The specific implementation of the exclusive OR operation is a well-known technology, and will not be repeated here.

[0042] In step S103, a login request is sent to the application server, the login request includes the login information and the check code, so that the application server verifies according to the check code and the check code stored in the application server login information.

[0043] In this embodiment, a login request is sent to the application server through an existing network, and the login information includes login information and a check code, so that the application server can verify according to the check code and the check code stored in the application server login information.

[0044] In this embodiment, after the mobile terminal can encrypt the login information with a preset encryption algorithm, it sends a login request to the application server. The preset encryption algorithm methods include but are not limited to RSA algorithm, four-party password, replacement encryption method, The transposition encryption method, three-point encryption method, etc., the application server decrypts the login information through the decryption method corresponding to the preset encryption method. The specific encryption method and decryption method do not limit the present invention here.

[0045] figure 2 The process of modifying the login information of the application on the mobile terminal provided by the embodiment of the present invention is shown, and the details are as follows:

[0046] In step S201, the modification password input by the user and the login account of the application program are obtained.

[0047] In this embodiment, the input box for modifying the password and the login account of the application is drawn on the preset interface of the mobile terminal to facilitate the user to input. When the user inputs, the input monitoring event is triggered. The input monitoring event includes but not Limited to one or more of monitoring physical keyboard input or monitoring virtual keyboard input to monitor the user’s input to modify the password and application login account, so as to obtain the modified password and application login account.

[0048] In step S202, the modification code generated by the preset function is used according to the modification password input by the user and the login account of the application program.

[0049] In this embodiment, the preset function includes but is not limited to one-way function, exponential function, logarithmic function, power function, composite function, inverse proportional function, etc.

[0050] In this embodiment, preferably, the preset function is a one-way function, and the one-way function includes but is not limited to a one-way trapdoor function and a one-way hash function. First, a key is generated from the login account and the modified password through a one-way function. Each login account and the modified password generates a key. Different login accounts and modified passwords will generate different keys. Since the one-way function itself is one-way irreversible, the key can be generated according to the login account and the modified password, but the modified password cannot be derived according to the login account and the key, so the security of subsequent generation of the modified code is increased.

[0051] In this embodiment, the modified password and the key are XORed to generate the modified code. The specific implementation of the exclusive OR operation is a well-known technology, and will not be repeated here.

[0052] In step S203, the modification information is sent to the application server, and the modification information includes the login account and modification code, so that the application server re-establishes the login according to the modification code and the modification code stored in the application server The corresponding relationship between the account number and the verification code is recorded and stored.

[0053] In this embodiment, the modification information is sent to the application server through the existing network, and the modification information includes the login information and the modification code, so that the application server re-establishes the login according to the modification code and the modification code stored in the application server The corresponding relationship between the account number and the verification code is recorded and stored.

[0054] In this embodiment, the application server verifies according to the modification code and the modification code stored in the server, re-establishes the corresponding relationship between the login account and the verification code, and records and stores it. Specifically, the application server queries the modification code corresponding to the login account according to the corresponding relationship between the login account and the modification code stored in the record. When the reported modification code is the same as the modification code stored in the server, it will associate the previous login account with the modification code. The correspondence between the verification code is cancelled, and the correspondence between the login account and the verification code is re-established and recorded and stored.

[0055] In this embodiment, modifying the information means re-establishing the corresponding relationship between the login account and the verification code and recording the stored information.

[0056] As an embodiment of the present invention, image 3 A specific implementation process of step S101 of an application login method is shown:

[0057] In step S301, a list of application programs is displayed, and the application program list includes applications installed on the mobile terminal.

[0058] In this embodiment, the applications installed on the mobile terminal are displayed on the interface of the mobile terminal. Since there are more applications, you can draw a chart on the interface and use the functions of the application as the classification of the applications that meet the conditions. Identification, according to the classification identification, you can view all applications that meet the same function, so that the user can perform the selected operation.

[0059] In step S302, the application specified by the user in the application list is detected.

[0060] In this embodiment, the application specified by the user in the application list may be specified in a manner including but not limited to touch or key, and the selection result of the user is received by detecting the user's selection operation.

[0061] In step S303, when the designated application is started, the step of acquiring the login information of the user designated application and the identification of the mobile terminal is performed.

[0062] In this embodiment, after receiving the user's selection result, the broadcast information in the system is monitored, and when the specified application is monitored to start, the step of acquiring the login information of the user specified application and the identification of the mobile terminal.

[0063] Through the above steps, the application list is displayed on the display interface of the mobile terminal, and the user specifies the application according to personal needs, avoiding the execution of all applications of the mobile terminal to obtain the login information of the user specified application and the identification of the mobile terminal Steps, thereby reducing the running threads of the mobile terminal, saving power, and improving the battery life of the mobile terminal.

[0064] As a preferred embodiment of the present invention, Figure 4 Shows an implementation flowchart of a method for verifying login information, including:

[0065] In step S401, a login request sent by a mobile terminal is received. The login request includes login information and a verification code. The login information includes the login account of the application program. The verification code is based on the login account of the application program and the mobile terminal. The logo is generated using a preset function.

[0066] In this embodiment, the login request sent by the mobile terminal is received, the information carrying the login information is descrambled, the login information and the verification code are obtained, and the login account of the application in the login information is obtained.

[0067] In step S402, in the verification code corresponding to the login account of the application program, the verification code corresponding to the login account in the login information is queried.

[0068] In this embodiment, the application server uses the login account as an index, and in the database storing the check code corresponding to the login account of the application, queries the check code corresponding to the login account in the reported login information to Determine whether the check code corresponding to the login account exists in the storage database.

[0069] In step S403, when the verification code corresponding to the login account cannot be queried, the corresponding relationship between the login account and the verification code in the login information is established and recorded and stored.

[0070] In this embodiment, when the check code corresponding to the login account cannot be queried, it means that the check code corresponding to the login account does not exist in the database. At this time, using the login account in the login information as an index, the login account and the verification code are associated and recorded and stored. Therefore, when the same login account is logged in on different mobile terminals, different check codes are generated due to different mobile terminal identities, which causes the application server to associate the login account with the check code and record and store the situation, thereby improving This improves the accuracy of the application server's judgment of the identification of the mobile terminal through the check code.

[0071] In step S404, when the check code corresponding to the login account is queried, the login information is verified according to the check code and the check code pre-stored in the application server.

[0072] In this embodiment, when the check code corresponding to the login account is queried, it means that the check code corresponding to the login account already exists in the database. At this time, the application server uses the login account as an index to find the check code corresponding to the login account according to the corresponding relationship between the login account and the check code stored in the record. When the reported check code corresponds to the check code corresponding to the login account When the verification code is the same, it means that the login information is verified.

[0073] At this time, the application server receives the login account and password sent by the application running on the mobile terminal, and inquires whether the login account and password are legal in the database. Legal indicates that the verification is successful, and sends a message indicating that the login request is verified successfully. The application running on the mobile terminal loads the resource file.

[0074] As a preferred embodiment of the present invention, the application server verifies the login information according to the check code and the check code pre-stored in the application server. After the login information is verified, the database of the application server detects whether there is a The modification code corresponding to the login account, when there is no modification code corresponding to the login account, a reminder message is sent to the application running on the mobile terminal through the existing network, and the reminder message is used to remind the user to enter the modification password.

[0075] For ease of description, take the actual application as an example. When the following broadcast messages are "please enter the password for modification" and "use the mobile number of this machine as the password for modification", after the application obtains the information, it will be displayed on the application interface Displays controls related to information, and the display form of the controls is an input box. When the user clicks "please enter the password for modification", the control related to "please enter the password for modification" is triggered, and the user manually enters the password. When the user clicks "Using the mobile number of this machine as the password to modify", the control related to "Using the mobile number of the machine as the password to modify" is triggered, and the control obtains relevant permissions from the mobile terminal system. When the relevant permissions are obtained , The application obtains the mobile number of the mobile terminal. Obtaining the mobile number of the mobile terminal is an existing technology, and the specific implementation process is not described here.

[0076] Figure 5 The process of modifying the login information of the application on the application server is shown, which is detailed as follows:

[0077] In step S501, the modification information sent by the mobile terminal is received, and the modification information includes the login account and modification code. The modification code is generated using a preset function according to the login account of the application and the modification password input by the user.

[0078] In this embodiment, the application server receives the modification information sent by the mobile terminal, descrambles the modification information, and obtains the login account and the modification password.

[0079] In step S502, in storing the modification code corresponding to the login account of the application program, query the modification code corresponding to the login account in the login information.

[0080] In this embodiment, the application server uses the login account as the index, and in the database storing the modification code corresponding to the login account of the application, queries the modification code corresponding to the login account in the reported login information to determine the storage Whether there is a modification code corresponding to the login account in the database.

[0081] In step S503, when the modification code corresponding to the login account cannot be queried, the corresponding relationship between the login account and the modification code in the login information is established and recorded and stored.

[0082] In this embodiment, when the modification code corresponding to the login account cannot be queried, it means that there is no modification code corresponding to the login account in the database. At this time, using the login account in the login information as an index, the login account and the modification code are associated and recorded and stored.

[0083] In step S504, when the modification code corresponding to the login account is queried, the application server re-establishes the corresponding relationship between the login account and the modification code and records and stores it.

[0084] In this embodiment, when the modification code corresponding to the login account is queried, it means that the modification code corresponding to the login account already exists in the database. At this time, the reported modification code is matched with the modification code corresponding to the login account. When the match is the same, the corresponding relationship of the verification code previously associated with the login account is cancelled, and the verification code associated with the login account is reacquired. Specifically, the application server issues the broadcast information that regenerates the verification code through the existing network terminal application, so that after the application obtains the broadcast information, the operation of step S101 is performed, so that the application server completes the correction of the login account. The verification code is re-acquired, and the corresponding relationship between the login account and the modification code is established and recorded and stored.

[0085] As a preferred embodiment of the present invention in practical application, the details are as follows:

[0086] When the user uses the same mobile terminal, every time the specified application logs in, the login account and the generated verification code of the specified application will be automatically verified with the verification code stored on the server. If they are the same, then The specified application is logged in and used normally.

[0087] When the user uses the same mobile terminal and needs to cancel the verification code associated with the login account, the user can use the original mobile phone to log in to the login account of the specified application, and enter the relevant login on the preset interface of the application server Account and password, unbind. The application server clears the check code and modification code in the database. When the login account of the specified application logs in, the new verification code and modification code are recorded on the server.

[0088] When the user changes the mobile terminal, because the identification of the mobile terminal has changed, the generated check code is inconsistent with the check code stored on the application server. At this time, the application server will consider that the application running the login account is valid. The mobile terminal has changed. Therefore, the login information sent by the application fails to pass the verification, and the normal login operation cannot be completed. The application server delivers the pre-stored broadcast information. After the application receives the broadcast information, it displays the broadcast information on the screen, such as "The login account has been bound with a mobile phone. If you need to unbind, you need to use the original mobile phone to unbind. If the original mobile phone is no longer in use, please enter the change password". When the user's mobile terminal is not lost, the user can use the original mobile terminal to log in to the login account of the specified application, and enter the relevant login account and password on the preset interface of the application server to release the binding. At the same time, the application server clears the check code and modification code in the database. When the login account of the specified application logs in, the new verification code and modification code are recorded on the server. When the user's mobile terminal is lost, the user can enter the modification number, and the application specified by the application program will send the modification code generated by calculating the modification number and the login account of the specified application to the server. When the modification code is the same as the check code stored in the application server, the check code and modification code on the server are cleared. When the login account of the specified application logs in, the new verification code and modification code are recorded on the server.

[0089] Image 6 It shows a device for logging in to an application provided by an embodiment of the present invention. The device can run on various mobile terminals that access the network, including but not limited to mobile phones, pocket personal computers (PPC), palmtop computers, and computers. , Laptops, personal digital assistants (Personal Digital Assistant, PDA), etc. For ease of description, only the parts related to this embodiment are shown.

[0090] Reference Image 6 , The login device of the application includes:

[0091] The first obtaining unit 601 is configured to obtain login information of the application program and the identification of the mobile terminal, and the login information includes the login account of the application program.

[0092] The first generating unit 602 is configured to generate a check code by using a preset function according to the login account of the application and the identification of the mobile terminal.

[0093] The first sending unit 603 is configured to send a login request to the application server, where the login request includes the login information and the verification code, so that the application server can use the verification code and the verification code stored in the application server. Verification code to verify login information.

[0094] Further, the login device of the application program further includes:

[0095] The second obtaining unit 604 is configured to obtain the modified password input by the user and the login account of the application program.

[0096] The second generating unit 605 is configured to use the modification code generated by the preset function according to the modification password input by the user and the login account of the application program.

[0097] The second sending unit 606 is configured to send modification information to the application server. The modification information includes the login account and modification code, so that the application server can rewrite the modification code according to the modification code and the modification code stored in the application server. The corresponding relationship between the login account and the verification code is established and recorded and stored.

[0098] Further, the login device of the application program further includes:

[0099] The display unit 607 is configured to display a list of applications, and the list of applications includes applications installed on the mobile terminal.

[0100] The detecting unit 608 detects the application program designated by the user in the application program list.

[0101] The execution unit 609, when the designated application is started, executes the steps before acquiring the login information of the application and the identification of the mobile terminal.

[0102] Figure 7 It shows a verification device for an application program provided by an embodiment of the present invention. The device can run on various servers connected to the network. For ease of description, only the parts related to this embodiment are shown.

[0103] Reference Figure 7 , The verification device of the application includes:

[0104] The first receiving unit 701 is configured to receive modification information sent by the mobile terminal. The modification information includes the login account and modification code. The modification code is generated using a preset function based on the login account of the application and the modification password entered by the user. of.

[0105] The first query unit 702 is configured to query the modification code corresponding to the login account in the login information in the modification code corresponding to the login account of the application program.

[0106] The first establishing unit 703 is configured to establish the corresponding relationship between the login account and the modification code in the login information and record and store the corresponding relationship when the modification code corresponding to the login account cannot be queried.

[0107] The first verification unit 704 is configured to, when the modification code corresponding to the login account is queried, the application server re-establishes the corresponding relationship between the login account and the verification code and records and stores it.

[0108] Further, the verification device of the application program further includes:

[0109] The second receiving unit 705 is configured to receive modification information sent by the mobile terminal. The modification information includes the login account and modification code. The modification code is generated using a preset function based on the login account of the application and the modification password entered by the user. of.

[0110] The second query unit 706 stores the modification code corresponding to the login account of the application program, and queries the modification code corresponding to the login account in the login information.

[0111] The second establishment unit 707, when the modification code corresponding to the login account cannot be queried, establishes the corresponding relationship between the login account and the modification code in the login information and records and stores it.

[0112] The second verification unit 708, when the modification code corresponding to the login account is queried, the application server re-establishes the corresponding relationship between the login account and the verification code and records and stores it.

[0113] In the embodiment of the present invention, a login request is sent to the application server, and the login request includes login information and a check code, so that the application server verifies the login information according to the check code and the check code stored in the application server. Since the identification of the mobile terminal is unique and the generated check code is also unique, when the generated check code is different from the check code stored in the application server, the login information verification result is illegal. At this time, even if someone else gets the login account and password, the login operation of the application cannot be completed, thereby preventing illegal login on any mobile terminal and improving the security of many existing login accounts and passwords.

[0114] The above are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement and improvement made within the spirit and principle of the present invention shall be included in the protection scope of the present invention. within.