Account login method, device, equipment and storage medium
By unifying the management of account logins in the service system through an authentication system and using virtual account identity information verification, the problems of low account login efficiency and security risks have been solved, enabling efficient and secure service system testing.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TENCENT TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2021-04-14
- Publication Date
- 2026-06-16
AI Technical Summary
During the service system testing process, existing technologies have shown low account login efficiency and security risks, with dedicated accounts and passwords easily leaked, leading to malicious attacks on the service system.
An authentication system is used to uniformly manage account logins across multiple service systems. Authentication is achieved through virtual account identity information, eliminating the need for password input and enabling targeted login and access control.
This improved login efficiency during service system testing, reduced the risk of password leakage, and enhanced the security of the service system.
Smart Images
Figure CN115203671B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of security technology, and in particular to an account login method, apparatus, device and storage medium. Background Technology
[0002] During the testing of different service systems, operators need to log in to each system using a dedicated account and password (i.e., authentication information for the dedicated account). Typically, these dedicated accounts and passwords are known to multiple operators, increasing the risk of their leakage. This allows malicious individuals to steal these accounts and passwords and launch attacks, severely impacting the security of the service systems. Furthermore, the process requires logging into different service systems with different dedicated accounts and passwords, resulting in low efficiency. Therefore, improving the efficiency of account login and the security of service systems during testing is a crucial issue that needs to be addressed. Summary of the Invention
[0003] This application provides an account login method, apparatus, device, and readable storage medium to improve the efficiency of account login and the security of the service system during service system testing.
[0004] In a first aspect, this application provides an account login method applied to an authentication system, wherein the authentication system is connected to multiple service systems via a communication network, comprising:
[0005] Receive a login request for a target service system; wherein the target service system is any one of the plurality of service systems, and the login request carries the virtual account identity information of the virtual account and the system indication information of the target service system;
[0006] If it is determined that the virtual account identity information has passed authentication, then based on the system instruction information and the virtual account identity information, the system will direct the user to the target service system.
[0007] Log in to the target service system based on the virtual account identity information, where the virtual account identity information does not have permission to access the target service system.
[0008] A second aspect of this application provides an account login device for use in an authentication system, wherein the authentication system is connected to multiple service systems via a communication network, comprising:
[0009] The request response unit is used to receive a login request for a target service system; wherein the target service system is any one of the plurality of service systems, and the login request carries the virtual account identity information of the virtual account and the system indication information of the target service system;
[0010] The verification unit is configured to, if it is determined that the virtual account identity information has passed authentication, direct the user to the target service system based on the system instruction information and the virtual account identity information;
[0011] The login unit is used to log in to the target service system based on the virtual account identity information, wherein the virtual account identity information does not have permission to access the target service system.
[0012] In one possible implementation, the verification unit is further configured to:
[0013] After confirming that the virtual account identity information has been verified, at least the virtual account login status is obtained. The virtual account login status is used to indicate whether the target service system has been logged in based on the virtual account identity information.
[0014] If, based on the virtual account identity information, the system indication information, and the virtual account login status, it is determined that verification is performed through the target access method, then, based on the target privileged account identity information and the system indication information, the user is directed to the target service system; wherein, the target access method indicates that the virtual account is allowed to access the corresponding service system based on the privileged account identity information, and the target privileged account identity information includes the privileged account identity information corresponding to the target service system;
[0015] Access to the target service system is based on the target privileged account identity information; the target privileged account identity information has the authority to access the target service system.
[0016] In one possible implementation, the verification unit is specifically used to: generate a virtual account login status based on the virtual account identity information; or, in response to an access request for the target service system, obtain the virtual account login status from the access request, and obtain the account identity information and the system indication information again from the access request.
[0017] In one possible implementation, the verification unit is specifically used to determine whether the target access method is verified through the following process:
[0018] Based on the virtual account identity information and the virtual account login status, it is determined that the target service system has been logged in based on the virtual account identity information; and based on the system indication information, it is determined that the target privileged account identity information exists; and it is determined that the virtual account identity information has privileged access permissions, the privileged access permissions including the permission to access the corresponding service system based on the privileged account identity information.
[0019] In one possible implementation, the verification unit is specifically used to determine whether the virtual account identity information has been authenticated through the following process:
[0020] Based on the virtual account identity information, it is determined that the registration process of the virtual account identity information has been completed in the authentication system; and it is determined that the virtual account identity information has service system login permissions, the service system login permissions including the permission to log in to the service system based on the virtual account identity information.
[0021] In one possible implementation, the login request is triggered by a target interface call operation during the execution of the executable program; the target interface call operation includes an operation of calling a target interface in the authentication system based on the virtual account identity information and the system indication information, and the target interface is used by the authentication system to log in to the target service system based on the virtual account identity information.
[0022] In one possible implementation, the login request also carries security verification information for the virtual account identity information. This security verification information is generated in response to a security verification information retrieval instruction for the virtual account identity information after the registration process of the virtual account identity information is completed in the authentication system. If it is determined that the virtual account identity information has passed authentication, the verification unit is further configured to:
[0023] Before redirecting to the target service system based on the system indication information and the virtual account identity information, the security verification information is obtained from the login request; it is determined that the security verification information is verified by the interface caller.
[0024] In one possible implementation, the verification unit is further configured to: if it is determined that the security verification information has not been verified by the interface caller, return an exception alert message to the executable program to notify the executable program that the call to the target interface is abnormal.
[0025] In one possible implementation, the account login device further includes a first setting unit, which is configured to perform at least one of the following operations:
[0026] In response to a first setting operation for the virtual account identity information, it is determined that the virtual account identity information has the privileged access rights, wherein the first setting operation is used to instruct access to the corresponding service system based on the privileged account identity information;
[0027] In response to a privileged account setting instruction triggered for the target service system, the privileged account identity information indicated by the privileged account setting instruction is determined as the privileged account identity information corresponding to the target service system.
[0028] In one possible implementation, the account login device further includes a second setting unit, which is configured to perform at least one of the following operations:
[0029] In response to a virtual account registration request triggered by a first account for the virtual account identity information, a registration verification message is sent to a second account; and in response to a confirmation registration instruction triggered by the second account for the registration verification message, the registration process of the virtual account identity information is completed in the authentication system.
[0030] In response to a second setting operation for the virtual account identity information, it is determined that the virtual account identity information has login permissions for the service system, wherein the second setting operation is used to instruct login to the service system based on the virtual account identity information.
[0031] A third aspect of this application provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the method described in the first aspect.
[0032] In a fourth aspect, this application provides a computer program product comprising computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the method provided in the first aspect.
[0033] In a fifth aspect, this application provides a computer-readable storage medium storing computer instructions that, when executed on a computer, cause the computer to perform the method described in the first aspect.
[0034] Since the embodiments of this application adopt the above-described technical solution, they have at least the following technical effects:
[0035] In this embodiment, only the virtual account identity information is needed to complete the virtual account authentication process, without requiring the operator to enter the virtual account password. This improves the efficiency of logging into the service system based on the virtual account identity information. Furthermore, since no password is required during the login process, this embodiment does not require setting a password for the virtual account, thus avoiding security issues caused to the service system due to the leakage of the virtual account password. This enhances the security of the service system during testing. Attached Figure Description
[0036] Figure 1 A schematic diagram illustrating an application scenario provided in an embodiment of this application;
[0037] Figure 2 A schematic diagram of a virtual account registration page provided for an embodiment of this application;
[0038] Figure 3 A schematic diagram of a virtual account login and access authorization page provided in an embodiment of this application;
[0039] Figure 4 An example diagram of a privileged account management page provided in an embodiment of this application;
[0040] Figure 5 A flowchart illustrating a login process for a target service system based on virtual account identity information, provided in this application embodiment;
[0041] Figure 6 An interaction diagram for logging into a target service system based on virtual account identity information, provided in an embodiment of this application;
[0042] Figure 7 A flowchart illustrating an embodiment of this application for accessing a target service system based on privileged account identity information;
[0043] Figure 8 An interaction diagram of an access target service system based on privileged account identity information provided in this application embodiment;
[0044] Figure 9 An interaction diagram for logging into a target OA system through a personal OA account, as provided in this application embodiment;
[0045] Figure 10 An example diagram of a unified account login page provided in this application embodiment;
[0046] Figure 11 An interaction diagram for logging into a target OA system based on a virtual account ID, provided in an embodiment of this application;
[0047] Figure 12This is a schematic diagram of the structure of an account login device provided in an embodiment of this application;
[0048] Figure 13 This is a structural diagram of a computer device provided in an embodiment of this application. Detailed Implementation
[0049] To better understand the technical solutions provided in the embodiments of this application, a detailed description will be given below in conjunction with the accompanying drawings and specific implementation methods; to facilitate a better understanding of the technical solutions of this application by those skilled in the art, some concepts involved in this application will be explained below.
[0050] 1) Service system and authentication system
[0051] The service system may include software that provides a specific set of functions, i.e., the service system is a large software composed of multiple functions to solve one or more complex problems; the authentication system (referred to as the TOF system) is a system used to implement unified account login, identity authentication, account management and other functions for multiple service systems. It is a new system proposed in the embodiments of this application. The details of the service system and the authentication system will be further described below.
[0052] 2) Accounts, personal service system accounts, virtual accounts, privileged accounts
[0053] Generally, an account represents a user's identity on the Internet; in this embodiment, a personal service system account refers to an account registered by a user in the service system; a virtual account is an account that has the permission to log in to the service system but not the permission to access the service system; a privileged account is an account that has the permission to access the service system; the specific contents of the account, personal service system account, virtual account and privileged account will be further explained below.
[0054] This application relates to cloud service technology, which refers to a hosting technology that unifies hardware, software, and network resources within a wide area network (WAN) or local area network (LAN) to achieve data computation, storage, processing, and sharing. Cloud technology is a general term encompassing network technology, information technology, integration technology, management platform technology, and application technology based on the cloud computing business model. It can form resource pools, providing flexible and convenient on-demand access. Cloud computing technology will become a crucial support. Backend services of technical network systems require substantial computing and storage resources, such as video websites, image websites, and many portal websites. With the rapid development and application of the internet industry, every item may have its own identification mark in the future, requiring transmission to a backend system for logical processing. Data at different levels will be processed separately, and various industry data will require robust system support, which can only be achieved through cloud service technology.
[0055] To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0056] The design concept of this application will be explained below.
[0057] With the rapid development of internet technology, more and more service systems (such as live streaming systems, office automation systems, and game applications) are being used in various aspects of life and work. During the operation and maintenance of these different service systems, it is necessary to conduct regular or irregular tests on the various functions and system security provided by each system. During these tests, operators need to enter the corresponding dedicated account and password on the login pages provided by each service system to log in. However, on the one hand, in the above-mentioned account login process, the dedicated accounts and passwords for each service system are generally known to different operators, increasing the risk of leakage. This could lead to malicious individuals stealing dedicated accounts and passwords to log in to the corresponding service systems and launch attacks, thus seriously affecting the security of the service systems. On the other hand, when testing multiple service systems, it is necessary to log in to each service system separately with different dedicated accounts and passwords, and for each service system, it is necessary to log in using its corresponding account login page, resulting in low efficiency.
[0058] In view of this, the inventors designed an account login method to improve the efficiency of account login and the security of the service system during testing. Considering that in related technologies, different account login pages are required to trigger login for different service systems, thus affecting the efficiency of logging into different service systems during testing, this application embodiment sets up an authentication system for multiple service systems. This authentication system can be connected to multiple service systems via a communication network, allowing operators to log into different service systems through this unified authentication system, thereby improving the efficiency of logging into different service systems during testing. Furthermore, this application embodiment designs the method to authenticate virtual accounts only using the virtual account identity information, thereby avoiding the leakage of account passwords during account login and ensuring the security of the service system, thus improving the security of the service system during testing.
[0059] As one embodiment, the login request is triggered by a target interface call operation during the execution of the executable program; the target interface call operation includes the operation of calling the target interface in the authentication system, the details of which will be further explained below.
[0060] Furthermore, the service system and authentication system involved in the embodiments of this application will be described; the service system may include software that provides a specific set of functions, that is, the service system is a large software composed of multiple functions to solve one or more complex problems, such as, but not limited to, office automation (OA) systems, enterprise internal management systems, CRM systems, ERP systems, and financial systems; the service system may also be an application (APP); where application is the term given from the perspective of external users, focusing on business, and system is the term given from the perspective of internal development, focusing on functionality;
[0061] OA (Office Automation) systems are a new type of office work that integrates modern technologies such as computers and communications into traditional office methods. Office automation utilizes modern equipment and information technology to replace some of the manual or repetitive tasks traditionally performed by office workers, processing office affairs and business information efficiently and effectively. This enables the efficient use of information resources, thereby improving productivity, supporting decision-making, maximizing work efficiency and quality, and improving the work environment. OA systems typically take the form of an office gateway accessible to internal company employees.
[0062] The main functions of the authentication system in this application embodiment are unified login, identity authentication, and account management for multiple service systems; where unified login refers to single sign-on for accounts, that is, after an account logs in through the unified login method provided by the authentication system, it can log in and access various service systems without having to log in repeatedly in the service systems.
[0063] Furthermore, the following provides a further explanation of the accounts, personal service system accounts, virtual accounts, and privileged accounts involved in the embodiments of this application: Generally, an account is a user's identity representation on the Internet; in the embodiments of this application, a personal service system account refers to an account registered by a user in a service system, with one personal service system corresponding to one user, and the settings information of a personal service system account may include, but is not limited to, the user's personal information, preferences, and other information; wherein, the personal service system accounts registered by the same user in different service systems may be different, and different users may register different personal service system accounts in the same service system.
[0064] As one example, for at least two related service systems (such as service systems set up for at least two departments of the same enterprise / social organization / group), a single user can register only one personal service system account in the above-mentioned at least two service systems. Then, the user can log in and access the above-mentioned at least two service systems through this personal service system account. Here, we take the OA system as an example for explanation. For example, an enterprise contains departments 1 to 3, and OA systems 1 to OA systems 3 are set up for departments 1 and 3 respectively. Suppose that an employee A in the enterprise has registered a personal service system account as OA account 1. Employee A can log in and access OA systems 1 to OA systems 3 through OA account 1.
[0065] A virtual account is an account that has the permission to log in to the service system but not the permission to access the service system; a privileged account is an account that has the permission to access the service system, that is, a privileged account is an account that has the right to access the data of the service system and can use all the functions provided by the service system; in this embodiment of the application, the service system can be logged in based on the virtual account identity information of the virtual account, and after logging in to the service system, the service system can be accessed based on the privileged account identity information of the privileged account.
[0066] Login to the service system based on an account identity (such as the account identity information of the aforementioned personal service system account, virtual account identity information, and privileged account identity information, etc.) can be understood as the account identity being verified and entering the service system as the account corresponding to that account identity (i.e., the aforementioned personal service account, virtual account, or privileged account, etc.), but without being able to access the service system's data. Access to the service system based on an account identity can be understood as: accessing the data provided by the service system as the account corresponding to that account identity. That is, after logging into the service system with a certain account identity, the account uses the target function provided by the service system (any function among the functions provided by the service system), and the service system will access (i.e. query or obtain) the data under the data path corresponding to the target function in the service system's business logic. The data accessed can be data that already exists in the service system, or it may be data entered when the account or other accounts access the service system.
[0067] To better understand the design concept of this application, the following examples illustrate the application scenarios in the embodiments of this application.
[0068] Please see Figure 1 This invention provides an application scenario for an account login method. The application scenario may include a terminal device 100, an authentication system 200, and multiple service systems 300. The authentication system 200 and the multiple service systems 300 are connected based on a communication network. The authentication system 200 includes at least one first server (such as, but not limited to, 210-1, 210-2, or 210-3 shown in the figure), and each service system 300 includes at least one second server (such as, but not limited to, 310-1, 310-2, or 310-3 shown in the figure).
[0069] The aforementioned authentication system 200 can receive login requests for the target service system, and after determining that the virtual account identity information carried in the login request has passed authentication, log in to the target service system based on the virtual account identity information; wherein, the target service system is any one of the aforementioned multiple service systems 300, and the specific details of logging into the target service system will be further explained below.
[0070] Furthermore, in this embodiment of the application, the authentication system 200 can also at least obtain the login status of the virtual account. After determining that the verification is performed through the target access method based on the virtual account identity information, the system indication information and the virtual account login status, the system accesses the target service system based on the privileged account identity information of the privileged account corresponding to the target service system. The specific process will be described below.
[0071] After the authentication system 200 logs in based on the aforementioned virtual account identity information, the service system 300 can load or display the login information of the virtual account corresponding to the virtual account identity information; it can also provide various data required for various operations triggered by the corresponding privileged account during the process of the authentication system 200 accessing the system based on the corresponding privileged account identity information.
[0072] The terminal device 110 in this application embodiment may be a mobile terminal, a fixed terminal, or a portable terminal, such as a mobile phone, site, unit, device, multimedia computer, multimedia tablet, Internet node, communicator, desktop computer, laptop computer, notebook computer, netbook computer, tablet computer, personal communication system (PCS) device, personal navigation device, personal digital assistant (PDA), audio / video player, digital camera or camcorder, positioning device, television receiver, radio broadcast receiver, e-book device, gaming device, or any combination thereof, including accessories and peripherals of these devices or any combination thereof.
[0073] As one embodiment, the first server and the second server mentioned above can be independent physical servers, or a server cluster or distributed system composed of multiple physical servers. They can also be multiple cloud servers that provide basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. The functions of the first server can be implemented by one or more cloud servers, or by one or more cloud server clusters, etc. The functions of the second server can be implemented by one or more cloud servers, or by one or more cloud server clusters, etc.
[0074] The account login method provided in the embodiments of this application will be described in detail below. It should be noted that the above application scenarios are only shown for the purpose of understanding the spirit and principles of this application, and the implementation of this application is not limited in any way.
[0075] based on Figure 1 In light of the application scenarios, the following provides an example of an account login method involved in the embodiments of this application.
[0076] Firstly, in order to achieve the design purpose of logging into the service system with a virtual account and accessing the service system with a privileged account, this application also provides a method for creating a virtual account and a method for creating a privileged account, the details of which are as follows.
[0077] As one embodiment, the aforementioned virtual account can be an account applied for and registered by a first account and registered with the consent of a second account; wherein the first account can be one of the aforementioned personal service accounts, and the first account has the authority to log in and access the authentication system; the second account is an account with the authority to log in and access the authentication system, and has the authority to manage the aforementioned authentication system. The aforementioned second account can be an account with the authority to log in and access the aforementioned multiple service systems (i.e., it can be, but is not limited to, the aforementioned personal service system accounts), or it can be an account without the authority to log in or access the aforementioned multiple service systems. Those skilled in the art can set it up according to actual needs.
[0078] As one embodiment, after the first account logs into the authentication system, it can trigger a virtual account registration request for the virtual account. In response to the virtual account registration request triggered by the first account for the virtual account identity, the authentication system sends a registration review message to the second account; and in response to the registration review message triggered by the second account for the registration confirmation instruction, the registration process of the virtual account identity information is completed in the authentication system.
[0079] Specifically, the first account can, but is not limited to, triggering the aforementioned virtual account registration request through a virtual account registration page. Please refer to [link to relevant documentation]. Figure 2 A virtual account registration page is provided, where the first account can enter the virtual account identity information in the input box 2001, and then trigger the above registration request by submitting the application button 2002; wherein, the virtual account identity information is information that can uniquely identify the virtual account in the authentication system, which may be, but is not limited to, the virtual account ID or a unique string, etc.
[0080] As one embodiment, to facilitate the tracking or auditing of various login or operation information after testing the service system, the virtual account registration page can also include the following: input box 2003 indicates the name of the virtual account; input box 2004 indicates the applicant information of the applicant with the authority to manage the virtual account; input box 2005 indicates the alternative person in charge information of the alternative person in charge with the authority to manage the virtual account; input box 2006 indicates the application department (which may be, but is not limited to, the organization to which the applicant belongs); and input box 2007 indicates the description of the purpose of the virtual account application. The applicant information may be, but is not limited to, the account identity information of the first account requesting virtual account registration; the backup person in charge may be, but is not limited to, the account that manages the virtual account when the first account is abnormal; and the backup person in charge information may be, but is not limited to, the account identity information of the personal service system account corresponding to the backup person in charge. The second account may, but is not limited to, determine whether to allow the registration of the virtual account based on the application department and the description of the purpose of the application. If the registration of the virtual account is allowed, the second account will trigger a confirmation registration instruction in response to the registration review message.
[0081] As one example, after the first account logs into the authentication system, it can trigger operations to manage the permissions of the virtual account. The authentication system then responds to these operations by determining the permissions set by the first account for the virtual account (also referred to as the virtual account identity information). For details, please refer to [link to relevant documentation]. Figure 3 A virtual account login access authorization page is provided. A first account can select a virtual account identity from the set of virtual account identity information for which the first account has management authority through a virtual account selection box 301. Then, the first account can determine that the selected virtual account identity does not have service system login authority based on the first login permission setting box 3021 in the login permission setting area 302. Alternatively, the first account can determine that the selected virtual account identity has service system login authority based on a second login permission setting box 3022, and trigger a second setting operation for the selected virtual account identity by submitting an application button 303. The second setting operation is used to instruct the user to log in to the service system based on the virtual account identity. The authentication system can then respond to the second setting operation for the virtual account identity and determine that the virtual account identity has the service system login authority (i.e., the authority to log in to the service system based on the virtual account identity). The second setting operation is used to instruct the user to log in to the service system based on the virtual account identity.
[0082] As one embodiment, after the first account logs into the authentication system, it can also set whether the virtual account identity information has the permission to access the corresponding service system based on the privileged account identity information. Specifically, the first account can operate based on the access permission setting area 304 in the virtual account login access authorization page. If the first account selects the first access permission setting box 3041, it can be determined that the virtual account identity information can only log in to the service system and cannot access the corresponding service system based on the privileged account identity information. If the first account selects the second access permission setting box 3042 and selects the submit application button 303, a first setting operation is triggered for the virtual account identity information selected through the virtual account selection box 301. Then, the authentication system can respond to the first setting operation and determine that the selected virtual account identity information has the privileged access permission. The first setting operation is used to indicate access to the corresponding service system based on the privileged account identity information. The privileged access permission is the permission to access the corresponding service system based on the privileged account identity information.
[0083] As one embodiment, this application embodiment can also set a security verification information token for virtual account identity information. This security verification information token can be used to verify the target interface call operation, that is, to verify whether the operation of calling the target interface in the authentication system is legal, thereby preventing malicious callers from using stolen virtual accounts to log in to the service system. Specifically, the first account can trigger the generation of a security verification information token for the selected virtual account identity information through button 305, and display the generated security verification information token through display box 306, so that the first account can know the above-mentioned security verification information token. Then, the first account can indicate the above-mentioned security verification information token in the login request to indicate to the authentication system that the operation of calling the target interface based on the above-mentioned virtual account identity information is safe (i.e. legal). The security verification information tokens for different virtual account identity information can be different, that is, in the authentication system, the security verification information token for a virtual account identity information can be unique.
[0084] As one embodiment, a third account with management service system permissions can set the privileged account identity information of the privileged account corresponding to the service system through the authentication system; specifically, the third accounts corresponding to different service systems can be different, or the third accounts corresponding to different service systems can be the same; the above-mentioned third account is not limited to a registered personal service system, but can also be the account corresponding to the administrator of each service system, etc., and those skilled in the art can set the above-mentioned third account according to actual needs.
[0085] Specifically, please see Figure 4This application embodiment also provides a privileged account management page. A third account can input system instruction information of the service system to be configured in the system instruction information box 4001 (wherein, the service system to be configured is any one of multiple service systems connected to the authentication system), and input the privileged account identity information of the privileged account corresponding to the service system to be configured in the privileged account identity information 4002. After selecting the OK button 4003, a privileged account setting instruction for the service system to be configured is triggered. Then, the authentication system responds to the privileged account setting instruction and determines the privileged account identity information indicated by the privileged account setting instruction as the privileged account identity information corresponding to the service system to be configured.
[0086] As one embodiment, to facilitate security protection of privileged accounts, in this embodiment of the application, the second account can also set a password for the privileged account through the password setting area 4004, so that the third account or a third account other than the third account can manage the privileged account.
[0087] As an example, to facilitate the tracing or auditing of various access service system operation information after accessing the service system based on privileged account identity information, in this embodiment of the application, the third account can also indicate the service system manager information of the service system manager with the authority to manage the above-mentioned service system to be configured through input box 4005, the backup service system manager information of the backup service system manager with the authority to manage the above-mentioned service system to be configured through input box 4006, and the information of the department corresponding to the service system to be configured through input box 4007, etc.; wherein, the above-mentioned service system manager information and backup service system manager information may be, but are not limited to, the account identity information of the corresponding manager's personal service system account, etc.
[0088] Please refer to Figure 5 This flowchart illustrates an account login method designed according to an embodiment of this application, applied to the aforementioned authentication system 200, and specifically includes the following steps:
[0089] Step S501: Receive a login request for the target service system; wherein the target service system is any one of the multiple service systems, and the login request carries the virtual account identity information of the virtual account and the system instruction information of the target service system.
[0090] As one embodiment, to improve the efficiency and flexibility of the virtual account login system, this application embodiment considers enabling virtual account login to the service system through an executable program, eliminating the need for various account login pages, thereby improving the efficiency and flexibility of virtual account login. Specifically, this application embodiment can set a target interface in the authentication system, which is used to log in to the target service system based on the aforementioned virtual account identity information. The login request can be triggered by the executable program during runtime in response to a target interface call operation. The target interface call operation can be, but is not limited to, the executable program calling the target interface in the authentication system based on the aforementioned virtual account identity information and the aforementioned system instruction information. The specific form of the executable program is not limited; those skilled in the art can set it according to actual needs, such as, but not limited to, using an automated login script (i.e., scripts written in various programming languages, etc.) as the executable program. The aforementioned security verification information can be found in [reference needed]. Figure 3 The relevant descriptions will not be repeated here.
[0091] Step S502: If it is determined that the above-mentioned virtual account identity information has passed the identity verification, then based on the above-mentioned system instruction information and the above-mentioned virtual account identity information, the system is directed to the above-mentioned target service system.
[0092] As an example, to ensure the security of the service system, this embodiment requires identity verification of the virtual account identity information during the login process to confirm that the virtual account corresponding to the virtual account identity information is a legitimate account already registered in the authentication system. Specifically, if the virtual account identity information simultaneously meets the following identity verification condition 1 and identity verification condition 2, then the virtual account identity information is determined to have passed identity verification, wherein:
[0093] Identity verification condition 1: Based on the aforementioned virtual account identity information, it is determined that the registration process for the aforementioned virtual account identity information has been completed in the aforementioned authentication system. Wherein, if the virtual account identity information satisfies identity verification condition 1, it can be determined that the virtual account corresponding to the virtual account identity information has been registered in the authentication system.
[0094] Identity verification condition 2: Determine that the above-mentioned virtual account identity information has service system login permissions, including the permission to log in to the service system based on the above-mentioned virtual account identity information.
[0095] As an example, if it is determined that the virtual account identity information meets authentication condition 1 but does not meet authentication condition 2, then it can be determined that the virtual account settings corresponding to the virtual account identity information do not allow the permission to log in to the service system based on the virtual account identity information. In this case, a reminder message can be returned.
[0096] Step S503: Log in to the target service system based on the aforementioned virtual account identity information. The aforementioned virtual account identity information does not have permission to access the target service system.
[0097] Specifically, in this embodiment, the authentication system can directly log in to the target service system using the virtual account identity information corresponding to the aforementioned virtual account identity information; the authentication system can also generate a first ticket for the aforementioned virtual account identity information based on the virtual account identity information, the first ticket carrying the aforementioned virtual account identity information, and then send the first ticket to the target service system; after receiving the aforementioned first ticket, the target service system requests the authentication system to decrypt the aforementioned first ticket to obtain the virtual account identity information, thereby completing the process of logging into the target service system based on the virtual account identity information.
[0098] Please see Figure 6 The following describes an automated interaction process between the login script, authentication system, and target service system during the login process using a virtual account:
[0099] Step S601: The automated login script sends a login request, which carries virtual account identity information, system instruction information, and a security verification token for the aforementioned virtual account identity information.
[0100] In step S602, the authentication system determines whether the security verification information token has been verified by the interface caller. If it has, proceed to step S603; otherwise, proceed to step S6021.
[0101] Specifically, the authentication system can determine the signature based on the aforementioned security verification information token. If the signature is determined to be valid, the security verification information token is then verified by the API caller.
[0102] In step S6021, the authentication system returns an exception alert message to the automated login script to notify that the automated login script's call to the target interface is abnormal.
[0103] In step S603, the authentication system determines whether the virtual account identity information has passed the identity verification. If it has, a first ticket for the virtual account identity information is generated and the process proceeds to step S604; otherwise, the process proceeds to step S6031.
[0104] As one embodiment, step S603 may include steps S6031 and S6032;
[0105] In step S6031, the authentication system determines whether the registration process of the virtual account identity information has been completed in the authentication system. If not, proceed to step S60311.
[0106] In step S60311, the authentication system sends an account anomaly alert message to the automated login script to notify that the aforementioned virtual account identity information is abnormal.
[0107] In step S6032, the authentication system determines whether the above-mentioned virtual account identity information has service system login permissions. If not, it proceeds to step S60321.
[0108] In step S60321, the authentication system sends a login permission exception message to the automated login script to notify that the aforementioned virtual account identity information does not have login permission to the service system.
[0109] In this application embodiment, it is possible, but not limited to, through... Figure 3 The illustrated setup method sets up login permissions for the aforementioned service system based on the virtual account identity information.
[0110] As an example, if it is determined in step S6021 that the registration process of the virtual account identity information has been completed in the authentication system, and it is determined in step S6032 that the virtual account identity information has service system login permissions, then proceed to step S604.
[0111] In step S604, the authentication system, based on the aforementioned system instruction information, directs (i.e. redirects) to the aforementioned target service system and transmits the aforementioned first ticket.
[0112] In step S605, the target service system requests the authentication system to decrypt the first ticket to obtain the virtual account identity information.
[0113] As one example, please refer to Figure 7 After verifying the identity information of the virtual account in step S502, the user can access the data of the target service system as a privileged account. Specifically, the access process includes the following steps S701 to S703:
[0114] Step S701: Obtain at least the login status of the aforementioned virtual account, which is used to indicate whether the target service system has been logged in based on the aforementioned virtual account identity information.
[0115] Specifically, please see Figure 8After verifying the identity information of the virtual account in step S502, a virtual account login status can be generated based on the aforementioned virtual account identity information (this virtual account login status is the first ticket for the virtual account identity information, which indicates that the user has logged into the target service system based on the virtual account identity information); alternatively, in response to an access request to the target service system, the virtual account login status can be obtained from the access request, and the virtual account identity information and system indication information can be obtained again from the access request (as can be referred to...). Figure 8 In steps S802 to S805, the first ticket ticker generated based on the virtual account identity information is the aforementioned virtual account login status, indicating login to the target service system based on the virtual account identity information.
[0116] As one embodiment, after steps S802 to S805 and before step S703, it can be determined whether the security verification information token for the virtual account identity information is verified by the interface caller. For details, please refer to the relevant description of step S602 above, which will not be repeated here.
[0117] Step S702: If it is determined that the verification is performed through the target access method based on the virtual account identity information, the system indication information, and the virtual account login status, then the target service system is directed based on the target privileged account identity information and the system indication information; wherein, the target access method indicates that the virtual account is allowed to access the corresponding service system based on the privileged account identity information, and the target privileged account identity information includes the privileged account identity information corresponding to the target service system.
[0118] As one embodiment, to ensure the security of the service system, this embodiment requires determining whether the target access method verification is successful during the access to the target service system. Access to the target service system is only permitted after successful verification. Specifically, if the following access method verification conditions 1 to 3 are simultaneously met, then the target access method verification is successful, wherein:
[0119] Access method verification condition 1: Based on the above virtual account identity information and the above virtual account login status, it is determined that the above target service system has been logged in based on the above virtual account identity information.
[0120] Access method verification condition 2: Based on the above system indication information, it is determined that the above target privileged account identity information exists.
[0121] Specifically, in the embodiments of this application, it is possible, but not limited to, through... Figure 4The illustrated method involves setting the aforementioned target privileged account identity information for the target service system.
[0122] Access method verification condition 3: Determine that the above virtual account identity information has privileged access permissions, including the permission to access the corresponding service system based on the privileged account identity information.
[0123] Specifically, in the embodiments of this application, it may be based on, but is not limited to, [the following]. Figure 3 The illustrated setup method demonstrates how to set up the aforementioned privileged access permissions for the virtual account identity information.
[0124] Step S703: Access the target service system based on the target privileged account identity information; the target privileged account identity information has the permission to access the target service system.
[0125] Specifically, in steps S702 and S703, after verifying that the target access method has been successfully accessed, a second ticket for the privileged account identity information of the target service system can be generated. Based on the system instruction information, the authentication system directs (i.e. redirects) to the target service system and transmits the ticket for the privileged account identity information. The target service system requests the authentication system to decrypt the second ticket for the privileged account identity information to obtain the privileged account identity information. Then, the authentication system accesses the target service system based on the privileged account identity information.
[0126] As an example, to facilitate understanding of the account login method provided in this application, a specific example is given below. In this example, multiple OA systems in Company A are used as the aforementioned multiple service systems, the ID of the virtual account (hereinafter referred to as the virtual account ID) is used as the aforementioned virtual account identity information, the personal OA account registered by an employee of Company A in the OA system is used as the first account, and the network address of each OA system (i.e., the website address or domain name corresponding to the OA system, hereinafter referred to as the OA address) is used as the system indication information of the service system for explanation. It is noted that the personal OA account of one employee in the aforementioned multiple OA systems is the same.
[0127] As one embodiment, the authentication system provided in this application can not only log in to the service system based on virtual account identity information and access the service system based on privileged account identity information, but also log in and access the service system based on the identity information of the aforementioned personal service system account. Please refer to [link to relevant documentation]. Figure 9 This application embodiment also provides a process for employees to log in to the corresponding target OA system (i.e., the aforementioned target service system) through their personal OA account, as detailed below.
[0128] Step S901: The employee opens a browser and enters the OA address of the target OA system into the browser.
[0129] In step S902, the browser redirects to the target OA system based on the OA address entered by the employee.
[0130] Step S903: Is the target OA system user currently logged into the target OA system with a personal OA account?
[0131] In step S904, if the target OA system determines that the user has not logged into the target OA system with a personal OA account, it will redirect the user to the authentication system.
[0132] Step S905: The authentication system opens the unified account login page through a browser.
[0133] Specifically, please see Figure 10 An example diagram of the unified login page for the aforementioned accounts is provided. Employees can enter relevant information of their personal OA account on the unified login page shown in diagram (a) and trigger a login request for the target OA system. Alternatively, they can scan the QR code shown in diagram (b) to trigger a login request for the target OA system using their personal OA account information.
[0134] It should be noted that, Figure 10 The unified account login page shown is only an illustrative example. Under normal circumstances, various login methods can trigger a request to log in to the target OA system using the identity information of the aforementioned personal OA account.
[0135] In step S906, employees can select a login method on the unified account login page and trigger a login request for the target OA system.
[0136] In step S907, the browser sends a login request for the target OA system to the authentication system.
[0137] In step S908, the authentication system determines the login result of logging into the target OA system with the identity information of the aforementioned personal OA account. If the login is successful, the authentication system generates a third ticket for the aforementioned personal OA account, which carries encrypted information of the identity information of the aforementioned personal OA account.
[0138] In step S909, after the authentication system confirms that the user has successfully logged into the target OA system with the identity information of the aforementioned personal OA account, it redirects the user to the target OA system again and sends the aforementioned third ticket back to the target OA system.
[0139] In step S910, after receiving the third ticket, the target OA system parses the identity information of the personal OA account in the third ticket and allows access to the data of the person who owns the personal OA account using the identity information of the aforementioned personal OA account.
[0140] The following content in this example illustrates a process of logging into the target OA system based on a virtual account ID and accessing the target OA system based on the target privileged account ID (i.e., the target privileged account identity information mentioned above). Please refer to [link to relevant documentation]. Figure 11 The process specifically includes:
[0141] The process of logging into the target OA system based on a virtual account ID includes the following steps S1101 to S1104:
[0142] Step S1101: The automated login script sends a login request, which carries the virtual account ID, the OA address of the target OA system, and the security verification information token of the virtual account ID.
[0143] The OA address mentioned above is the network address of the OA system that needs to be logged into, and the virtual account ID is obtained through... Figure 2 The ID of the applied virtual account, the aforementioned security verification token is in Figure 3 The token shown is generated when applying for service system login permissions on the virtual account management platform. Each virtual account can have a random and unique token, which is used for signature calculation for verification by the interface caller.
[0144] Specifically, in this embodiment of the application, employees can write and run automated login scripts based on the known virtual account ID, OA address and security verification information token. During the execution of the automated login script, the target interface call operation will be triggered, and in response to the target interface call operation, the login request will be sent to the authentication system.
[0145] In step S1102, the authentication system determines whether the virtual account ID has passed authentication. If it has, a first ticket for the virtual account ID is generated, and the process proceeds to step S1103.
[0146] Specifically, in step S1102, the content of step S602 above can also be referred to to determine whether the security verification information token has been verified by the interface caller. The specific process can be found in the above content and will not be repeated here.
[0147] In step S1103, the authentication system, based on the aforementioned OA address, redirects to the target OA system and transmits the aforementioned first ticket.
[0148] In step S1104, the target OA system requests the authentication system to decrypt the first ticket mentioned above to obtain the virtual account ID.
[0149] The format of the first ticket can be exactly the same as that of the third ticket, with only the account identity information being different. Therefore, the target OA system can apply to perform a ticket release operation on the first ticket without any modifications.
[0150] After the virtual account login is completed in the above process, the target OA system needs to request the authentication system to perform a ticket release operation on the first ticket and obtain the virtual account ID in the first ticket. In the above process, after the target OA system releases the ticket, it will obtain the virtual account ID of the virtual account. Since the target OA system itself does not have relevant business data of the virtual account, in principle, the data will not be displayed in the target OA system after logging in based on the virtual account ID. Therefore, after step S1104 above, the requester (employee or other test member, etc.) who requests to log in to the target OA system based on the virtual account ID can check whether the target OA system displays business data or account information associated with the virtual account corresponding to the virtual account ID. If business data or account data is displayed in the target OA system, it proves that the account login function of the target OA system is abnormal. This process has satisfied the first layer of security testing for the target OA system.
[0151] As one embodiment, accessing the target OA system based on the target privileged account ID (i.e., the target privileged account identity information) includes the following steps S1105 to S1109:
[0152] In step S1105, the automated login script sends an access request to the authentication system for the target OA system. The access request carries the virtual account ID, the OA address of the target OA system, the security verification information token of the virtual account ID, and the first ticket for the virtual account ID.
[0153] The aforementioned security verification information token is used for the verification process of the aforementioned interface caller. For details, please refer to the content of step S602 above, which will not be repeated here. The aforementioned first ticket is used to determine that the process of logging into the target OA system based on the aforementioned virtual account ID has been completed. The virtual account ID that has not logged into the target OA system is not allowed to access the OA system with a privileged account ID.
[0154] In step S1106, the authentication system determines whether the target access method is verified based on the virtual account ID, OA address, and first ticket. If the verification is successful, a second ticket is generated for the target privileged account ID corresponding to the target OA system.
[0155] The specific details of the target access method verification mentioned above can be found in step S702 above, and will not be repeated here.
[0156] In step S1107, the authentication system, based on the aforementioned OA address, directs the system to the target OA system and transmits the aforementioned second ticket.
[0157] In step S1108, the target OA system requests the authentication system to decrypt the second ticket mentioned above to obtain the target privileged account ID.
[0158] Step S1109: The authentication system accesses the target OA system based on the aforementioned target privileged account ID.
[0159] The above steps S1105 to S1109 satisfy the needs of the requesting party to conduct security testing (or probe) on the target OA system.
[0160] In this embodiment, logging into the service system using a virtual account eliminates the need for an account login page, thus improving the efficiency of virtual account login. Furthermore, the absence of a password for the virtual account avoids security issues caused by password leaks, thereby enhancing the security of the service system during testing. Additionally, both virtual account login and privileged account access processes in this embodiment are equipped with strict signature authentication and request logs, facilitating auditing after service system testing. For example, it allows auditing which virtual account accessed which OA system at what time, and whether access was made using privileged account information, enabling information statistics and subsequent operations during the service system testing process.
[0161] Please refer to Figure 12 Based on the same inventive concept, embodiments of this application provide an account login device 1200, applied to an authentication system. This authentication system is connected to multiple service systems via a communication network, including:
[0162] The request response unit 1201 is used to receive a login request for a target service system; wherein the target service system is any one of the plurality of service systems, and the login request carries the virtual account identity information of the virtual account and the system indication information of the target service system.
[0163] The verification unit 1202 is used to, if it is determined that the above-mentioned virtual account identity information has passed the identity verification, direct the user to the above-mentioned target service system based on the above-mentioned system instruction information and the above-mentioned virtual account identity information;
[0164] Login unit 1203 is used to log in to the target service system based on the aforementioned virtual account identity information, wherein the aforementioned virtual account identity information does not have the permission to access the target service system.
[0165] As one embodiment, the verification unit 1202 is specifically used for:
[0166] Based on the aforementioned virtual account identity information, a virtual account login status is generated; or
[0167] In response to the access request to the aforementioned target service system, the login status of the aforementioned virtual account is obtained from the access request, and the account identity information and the system instruction information are obtained again from the access request.
[0168] As one embodiment, the verification unit 1202 is specifically used to determine the target access method verification through the following process: based on the above-mentioned virtual account identity information and the above-mentioned virtual account login status, determine that the target service system has been logged in based on the above-mentioned virtual account identity information; and based on the above-mentioned system indication information, determine that the above-mentioned target privileged account identity information exists; and determine that the above-mentioned virtual account identity information has privileged access rights, the above-mentioned privileged access rights including the right to access the corresponding service system based on the privileged account identity information.
[0169] As one embodiment, the verification unit 1202 is specifically used to determine that the virtual account identity information has passed identity verification through the following process: based on the virtual account identity information, determining that the registration process of the virtual account identity information has been completed in the authentication system; and determining that the virtual account identity information has service system login permissions, the service system login permissions including the permission to log in to the service system based on the virtual account identity information.
[0170] As one embodiment, the login request is triggered by a target interface call operation during the execution of the executable program; the target interface call operation includes the operation of calling the target interface in the authentication system based on the virtual account identity information and the system indication information, and the target interface is used by the authentication system to log in to the target service system based on the virtual account identity information.
[0171] As one embodiment, the login request also carries security verification information for the virtual account identity information. This security verification information is generated in response to a security verification information acquisition instruction for the virtual account identity information after the registration process of the virtual account identity information is completed in the authentication system. If it is determined that the virtual account identity information has passed authentication, the verification unit 1202 is further configured to:
[0172] Before redirecting to the target service system based on the above system indication information and the above virtual account identity information, obtain the above security verification information from the above login request; and determine that the above security verification information has been verified by the interface caller.
[0173] As one embodiment, the verification unit 1202 is further configured to: if it is determined that the security verification information has not been verified by the interface caller, return an exception reminder message to the executable program to notify the executable program that the call to the target interface is abnormal.
[0174] As one embodiment, the account login device 1200 further includes a first setting unit 1204, which is used to perform at least one of the following operations:
[0175] In response to the first setting operation for the aforementioned virtual account identity information, it is determined that the aforementioned virtual account identity information has the aforementioned privileged access permissions, and the aforementioned first setting operation is used to instruct access to the corresponding service system based on the privileged account identity information;
[0176] In response to a privileged account setting instruction triggered for the aforementioned target service system, the privileged account identity information indicated by the privileged account setting instruction is determined to be the privileged account identity information corresponding to the aforementioned target service system.
[0177] As one embodiment, the account login device 1200 further includes a second setting unit 1205, which is used to perform at least one of the following operations:
[0178] In response to the virtual account registration request triggered by the first account for the aforementioned virtual account identity information, a registration verification message is sent to the second account; and in response to the registration verification message triggered by the second account, the registration process of the aforementioned virtual account identity information is completed in the aforementioned authentication system.
[0179] In response to the second setting operation for the aforementioned virtual account identity information, it is determined that the aforementioned virtual account identity information has login permissions for the aforementioned service system. The aforementioned second setting operation is used to instruct login to the service system based on the aforementioned virtual account identity information.
[0180] As one example, Figure 12 The device described above can be used to implement any of the account login methods discussed earlier.
[0181] Based on the same inventive concept as the above-described method embodiments, this application also provides a computer device. This computer device can be used for data processing based on pushed content. In one embodiment, the computer device can be a server, such as... Figure 1 The server in the authentication system 200 shown. In this embodiment, the computer device can be structured as follows: Figure 13 As shown, it includes a memory 1301, a communication module 1303, and one or more processors 1302.
[0182] The memory 1301 is used to store computer programs executed by the processor 1302. The memory 1301 may mainly include a program storage area and a data storage area. The program storage area may store the operating system and programs required to run instant messaging functions, etc.; the data storage area may store various instant messaging information and operation instruction sets, etc.
[0183] Memory 1301 may be volatile memory, such as random-access memory (RAM); memory 1301 may also be non-volatile memory, such as read-only memory, flash memory, hard disk drive (HDD), or solid-state drive (SSD); or memory 1301 may be any other medium capable of carrying or storing desired program code having the form of instructions or data structures and accessible by a computer, but is not limited thereto. Memory 1301 may be a combination of the above-described memories.
[0184] Processor 1302 may include one or more central processing units (CPUs) or digital processing units, etc. Processor 1302 is used to implement the above-mentioned method for extracting account features when calling a computer program stored in memory 1301.
[0185] The communication module 1303 is used to communicate with terminal devices and other servers.
[0186] This application embodiment does not limit the specific connection medium between the memory 1301, communication module 1303, and processor 1302. This application embodiment... Figure 13 The memory 1301 and the processor 1302 are connected via a bus 1304, and the bus 1304 is in Figure 13The connections between other components are shown in bold lines only and are not intended to be limiting. The 1304 bus can be divided into address bus, data bus, control bus, etc. For ease of illustration, Figure 13 The bus is represented by a single thick line, but this does not mean that there is only one bus or one type of bus.
[0187] The memory 1301 stores a computer storage medium, which stores computer-executable instructions for implementing the account feature extraction method of this application embodiment. The processor 1302 is used to execute the above-described account feature extraction method, such as... Figure 3 As shown.
[0188] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium includes various media capable of storing program code, such as mobile storage devices, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0189] Alternatively, if the integrated unit described above is implemented as a software functional module and sold or used as an independent product, it can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the embodiments of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as mobile storage devices, ROM, RAM, magnetic disks, or optical disks.
[0190] Based on the same technical concept, embodiments of this application also provide a computer-readable storage medium storing computer instructions that, when executed on a computer, cause the computer to perform the startup method for an instant messaging application as described above.
[0191] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0192] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if such modifications and variations fall within the scope of the claims of this application and their equivalents, this application also intends to include such modifications and variations.
Claims
1. An account login method, characterized in that, This is applied to an authentication system, which is connected to multiple service systems via a communication network, including: Receive a login request for a target service system; wherein the target service system is any one of the plurality of service systems, and the login request carries the virtual account identity information of the virtual account and the system indication information of the target service system; If it is determined that the virtual account identity information has passed authentication, then based on the system instruction information and the virtual account identity information, the system will direct the user to the target service system. Log in to the target service system based on the virtual account identity information, where the virtual account identity information does not have permission to access the target service system; After confirming that the account identity information has passed identity verification, the process further includes: At least the virtual account login status is obtained, and the virtual account login status is used to indicate whether the target service system has been logged in based on the virtual account identity information; If, based on the virtual account identity information, the system indication information, and the virtual account login status, it is determined that verification is performed via the target access method, then, based on the target privileged account identity information and the system indication information, the user is directed to the target service system. The target access method indicates that the virtual account is allowed to access the corresponding service system based on the privileged account identity information, and the target privileged account identity information includes the privileged account identity information corresponding to the target service system. Whether the virtual account possesses the privileged account identity information is set by the first account after registering the virtual account, and the privileged account identity information is set by a third account with authority to manage the service system. Access to the target service system is based on the target privileged account identity information; the target privileged account identity information has the authority to access the target service system.
2. The method as described in claim 1, characterized in that, The step of at least obtaining the login status of the virtual account includes: Based on the virtual account identity information, generate a virtual account login status; or In response to an access request to the target service system, the virtual account login status is obtained from the access request, and the account identity information and system indication information are obtained again from the access request.
3. The method as described in claim 1, characterized in that, The determination of verification via the target access method includes: Based on the virtual account identity information and the virtual account login status, it is determined that the user has logged into the target service system using the virtual account identity information; and Based on the system indication information, it is determined that the target privileged account identity information exists; and It is determined that the virtual account identity information has privileged access permissions, which include the permission to access the corresponding service system based on the privileged account identity information.
4. The method as described in claim 1, characterized in that, The process of determining that the virtual account identity information has passed identity verification includes: Based on the virtual account identity information, it is determined that the registration process for the virtual account identity information has been completed in the authentication system; and It is determined that the virtual account identity information has service system login permissions, which include the permission to log in to the service system based on the virtual account identity information.
5. The method according to any one of claims 1-4, characterized in that, The login request is triggered by a target interface call operation during the execution of the executable program; the target interface call operation includes the operation of calling the target interface in the authentication system based on the virtual account identity information and the system indication information, and the target interface is used by the authentication system to log in to the target service system based on the virtual account identity information.
6. The method as described in claim 5, characterized in that, The login request also carries security verification information for the virtual account identity information. This security verification information is generated in response to a command to obtain the security verification information for the virtual account identity information after the registration process of the virtual account identity information is completed in the authentication system. If it is determined that the virtual account identity information has passed authentication, and before redirecting to the target service system based on the system indication information and the virtual account identity information, the method further includes: Obtain the security verification information from the login request; It is determined that the security verification information is verified by the interface caller.
7. The method as described in claim 6, characterized in that, The method further includes: If it is determined that the security verification information fails to pass the verification by the interface caller, an exception notification message is returned to the executable program to notify the executable program that the call to the target interface is abnormal.
8. The method as described in claim 3 or 4, characterized in that, The method further includes at least one of the following operations: In response to a first setting operation for the virtual account identity information, it is determined that the virtual account identity information has privileged access rights, wherein the first setting operation is used to instruct access to the corresponding service system based on the privileged account identity information; In response to a privileged account setting instruction triggered for the target service system, the privileged account identity information indicated by the privileged account setting instruction is determined as the privileged account identity information corresponding to the target service system.
9. The method as described in claim 4, characterized in that, The method further includes at least one of the following operations: In response to a virtual account registration request triggered by a first account for the virtual account identity information, a registration verification message is sent to a second account; and in response to a confirmation registration instruction triggered by the second account for the registration verification message, the registration process of the virtual account identity information is completed in the authentication system. In response to a second setting operation for the virtual account identity information, it is determined that the virtual account identity information has login permissions for the service system, wherein the second setting operation is used to instruct login to the service system based on the virtual account identity information.
10. An account login device, characterized in that, This is applied to an authentication system, which is connected to multiple service systems via a communication network, including: The request response unit is used to receive a login request for a target service system; wherein the target service system is any one of the plurality of service systems, and the login request carries the virtual account identity information of the virtual account and the system indication information of the target service system; The verification unit is configured to, if it is determined that the virtual account identity information has passed authentication, direct the user to the target service system based on the system instruction information and the virtual account identity information; The login unit is used to log in to the target service system based on the virtual account identity information, wherein the virtual account identity information does not have permission to access the target service system. The verification unit is also used for: After confirming that the virtual account identity information has been verified, at least the virtual account login status is obtained. The virtual account login status is used to indicate whether the target service system has been logged in based on the virtual account identity information. If, based on the virtual account identity information, the system indication information, and the virtual account login status, it is determined that verification is performed via the target access method, then, based on the target privileged account identity information and the system indication information, the user is directed to the target service system. The target access method indicates that the virtual account is allowed to access the corresponding service system based on the privileged account identity information, and the target privileged account identity information includes the privileged account identity information corresponding to the target service system. Whether the virtual account possesses the privileged account identity information is set by the first account after registering the virtual account, and the privileged account identity information is set by a third account with authority to manage the service system. Access to the target service system is based on the target privileged account identity information; the target privileged account identity information has the authority to access the target service system.
11. A computer program product, characterized in that, The computer program product includes computer instructions stored in a computer-readable storage medium, wherein a processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions to cause the computer device to perform the method of any one of claims 1-9.
12. A computer device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the method of any one of claims 1-9.
13. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that, when executed on a computer, cause the computer to perform the method as described in any one of claims 1-9.