Summary of the invention
The embodiment of the present invention proposes a kind of login method of third-party application, can reduce dependence and the coupling of account authentication server and third-party application server in login process.
Embodiments provide a kind of login method of third-party application, comprising:
Receive the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
Described authorization information is sent to account management server, for described account management server, described authorization information is verified;
Receive the result that described account management server returns;
If described the result is for being verified, then according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature; Otherwise, return login failure message to described login applications client, and terminate this login;
Generate signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
Described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described described authorization information is sent to account management server before, also comprise:
Format checking is carried out to described authorization information, if described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
Further, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described the result also comprises the unique identifier corresponding to described user account information;
Described described signature authentication information is sent to described login applications client after, also comprise:
Described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
On the other hand, the one embodiments provided logs in application server, comprising:
First receiving element, for receiving the authorization information logging in applications client and send; Wherein, described authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Described authorization information comprises: the application identities of described third-party application client and user account information;
First transmitting element, for described authorization information is sent to account management server, verifies described authorization information for described account management server;
Second receiving element, for receiving the result that described account management server returns;
First signature unit, for when described the result is for being verified, according to the application identities of described third-party application client, search key database, obtain the first key, and use the user account name in user account information described in described first double secret key and login time stamp to sign, obtain the first signature;
Second transmitting element, for obstructed out-of-date for checking at described the result, returns login failure message to described login applications client, and terminates this login;
Authentication information generation unit, for generating signature authentication information; Described signature authentication information comprises: described first signature, described user account name and described login time stamp;
With, 3rd transmitting element, for described signature authentication information is sent to described login applications client, to make described login applications client, described signature authentication information is transmitted to described third-party application client, third-party application server is transmitted to make described third-party application client, thus user account name described in the second double secret key making described third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described login application server also comprises:
Format checking unit, before described authorization information being sent to account management server at described first transmitting element, carries out format checking to described authorization information; If described authorization information passed examination, then described authorization information is sent to described account management server; Otherwise, return login failure message to described login applications client, and terminate this login.
Further, described authorization information also comprises: the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described the result also comprises the unique identifier corresponding to described user account information;
Described login application server also comprises:
4th transmitting element, for after described signature authentication information is sent to described login applications client by described 3rd transmitting element, described unique identifier is sent to described login applications client, for described login applications client, described unique identifier is stored in identification code data storehouse.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
Again on the one hand, embodiments provide a kind of login method of third-party application, comprising:
Third-party application client sends logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client generates authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
Described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
Described login applications client receives the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
Described signature authentication information is sent to described third-party application client by described login applications client;
Described signature authentication information is sent to third-party application server by described third-party application client, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described authorization information is sent to login application server by described login applications client, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, also comprise:
Described login applications client receives the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
Further, described authorization information also comprises the first dynamic code, and described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described login applications client also comprises after receiving the signature authentication information of described login application server transmission:
Described login applications client receives the unique identifier that described login application server sends; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
Another aspect, embodiments provides a kind of FTP client FTP, comprises and logs in applications client and third-party application client;
Described third-party application client comprises:
5th transmitting element, for sending logging request to login applications client; Described logging request comprises the application identities of described third-party application client;
Described login applications client comprises:
Authorization information generation unit, for generating authorization information according to described logging request; Wherein, described authorization information comprises described application identities and user account information;
6th transmitting element, for described authorization information is sent to login application server, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and the result is returned to described login application server;
6th receiving element, for receiving the signature authentication information that described login application server sends; Wherein, described signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; Described first signs by described login application server when described the result is for being verified, according to the application identities of described third-party application client, search key database, after obtaining the first key, user account name described in described first double secret key and described login time stamp is used to carry out signing and obtaining;
With, the 7th transmitting element, for sending to described third-party application client by described signature authentication information;
Described third-party application client also comprises:
8th transmitting element, for described signature authentication information is sent to third-party application server, use user account name described in the second double secret key prestored and login time stamp to sign for described third-party application server, obtain the second signature, in comparison and confirm described first signature and described second sign completely the same after, accept the login of described third-party application client.
Further, described login applications client also comprises:
7th receiving element, for described authorization information being sent to login application server at described 6th transmitting element, to make described login application server, described authorization information is transmitted to account management server, thus described account management server is verified described authorization information, and after the result being returned to described login application server, receive the login failure message that described login application server sends, and this logs according to the described login failure end of message;
Wherein, described login failure message is generated when the format checking of described authorization information is defective by described login application server;
Or, described login failure message be by described login application server described the result be checking obstructed out-of-date generation.
Further, described authorization information also comprises the first dynamic code; Described first dynamic code, by the mark of described login applications client according to described login applications client, calculates according to pre-configured dynamic code algorithm and generates;
Described account management server is verified described authorization information, specifically comprises:
According to the client identification prestored and pre-configured dynamic code algorithm, calculate acquisition second dynamic code;
By the application identities of the first dynamic code in described authorization information, third-party application client and user account information, compare with the application identification information in described second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent;
If consistent, be then verified;
If not quite identical, then verify and do not pass through.
Further, described login applications client also comprises:
8th receiving element, for receive at the 6th receiving element described login application server send signature authentication information after, receive described login application server send unique identifier; Wherein, described unique identifier is corresponding with described user account information, and sends to described login application server by described account management server;
Described unique identifier is stored in identification code data storehouse by described login applications client.
Further, the user account information in described authorization information is according to user's input or is obtained according in the unique identifier stored in described identification code data storehouse by described login applications client.
On the other hand, embodiments provide a kind of communication system, comprise FTP client FTP, third-party application server, log in application server and account management server;
Described FTP client FTP is the FTP client FTP as described in any one of claim 16 to 20;
Described login application server is the login application server as described in any one of claim 6 to 10.
Implement the embodiment of the present invention, there is following beneficial effect:
The login method of a kind of third-party application that the embodiment of the present invention provides, login application server, FTP client FTP and communication system.Log in application server after receiving the authorization information logging in applications client transmission, account management server authorization information is sent to verify, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, log in application server according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.Finally log in application server and the signature authentication information of generation is sent to login applications client, this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When adopting third-party application client to log in compared to prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with the account information of account management server and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signing messages unanimously determine whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
It is the information interaction schematic diagram of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 1, Fig. 1.As shown in Figure 1, the login method of third-party application of the present invention comprises: third-party application client, third-party application server, account management server, login application server, login applications client.The detailed process step of login method of the present invention can be the schematic flow sheet of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 2, Fig. 2, and the method is suitable for and logs in application server, mainly comprises the following steps:
Step 101: receive the authorization information logging in applications client and send; Wherein, this authorization information generates by logging in logging request that applications client sends according to third-party application client; Authorization information comprises: the application identities of third-party application client and user account information.
In the present embodiment, after user triggers third-party application login in third-party application client, third-party application client sends the application identities of logging request and third-party application client to login applications client.User interface is jumped to by third-party application client and logs in applications client, and user is logging in account applications client being selected log in.If user did not use this account Successful login mistake in this login applications client, then user was still needed to input password when logging in.If user once used this account Successful login mistake in this login applications client, then log in applications client and inquire about the unique identifier be stored in identification code data storehouse corresponding to this account, using the password of this unique identifier as this account, user, without the need to inputting password, simplifies user operation.
Log in applications client according to this logging request, generate and comprise the application identities of third-party application client and the authorization information of user account information.This user account information comprises: user account name and password (being inputted or unique identifier by user).
One as the present embodiment is illustrated, and authorization information can also comprise the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.First dynamic code is provided with effective time, can regenerate after the time, and identical to be applied in the dynamic code that different clients generates not identical.
In the present embodiment, login applications client and third-party application client are two different clients in same terminal, and the information transmission logged between applications client and third-party application client is believable.This same terminal can be, but not limited to as intelligent terminal, mobile terminal or computer terminal.
Step 102: authorization information is sent to account management server, verifies this authorization information for account management server.
In the present embodiment, also comprise before authorization information being sent to account management server: carry out format checking to authorization information, whether whether the application identities as checked third-party application client correct etc. from the form of chartered third-party application, user account information and the first dynamic code.If authorization information passed examination, then authorization information is sent to account management server; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, account management server is verified authorization information and is specifically comprised: by the user account information in authorization information, compare with the user account information in database, judges whether consistent; If consistent, be then verified; If inconsistent, then verify and do not pass through.If this user account information uses clear-text passwords, then the clear-text passwords searching this user account in a database corresponding is compared.Log in if this user account is second time, then the unique identifier searching this user account in a database corresponding is compared.
One as the present embodiment is illustrated, if this authorization information also comprises the first dynamic code, then account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.In this citing, client identification, according to the Authorized operation of user, prestores in database by account management server.By Authorized operation, user determines which logs in applications client and can complete login authentication, even if user account and password are revealed, can not complete login authentication, ensure that the accuracy of authorization information in undelegated login applications client.Mobile phone terminal as user has been lost; user only need authorize account management server to be cancelled with associating of this user account by the client identification of this loss mobile phone; can ensure that the dynamic code that this mobile phone terminal generates cannot by checking; thus without the need to cancelling associating of this user account and third-party application, the safety of user account also can be protected.
Step 103: receive the result that account management server returns.
In the present embodiment, after account management server completes checking, the result can be returned to login application server.If the verification passes, then the result comprises: be verified message and the exclusive identification code corresponding to this user account information.Log in applications client this exclusive identification code is stored in identification code data storehouse, so that user logs in next time.If checking is not passed through, then the result comprises checking and does not pass through message.This is verified message to log in applications client, returns login failure message to login applications client, and terminates this login.
Step 104: if the result is for being verified, then according to the application identities of third-party application client, search key database, obtain the first key, and use the user account name in the first double secret key user account information and login time stamp to sign, obtain the first signature; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, log in application server and mutually arrange what a identical key with third-party application server, login application server is by the application identities of third party's client and appoint that key is interrelated, and is stored in key database.After user account is verified, only need can obtain the first key according to the application identities query key database of the 3rd applications client.If illegal third-party application, then cannot inquire key in key database, log in application server and confirm that this third-party application client is illegitimate client, terminate this and log in.
Step 105: generate signature authentication information; This signature authentication information comprises: the first signature, user account name and login time stamp.
Step 106: signature authentication information is sent to login applications client, to make login applications client, signature authentication information is transmitted to third-party application client, third-party application server is transmitted to make third-party application client, thus the second double secret key user account name making third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
In the present embodiment, after third-party application server accepts the login of third-party application client, return comparison result to third-party application client, user is mutual at the enterprising Serial Communication of third-party application client.
In order to steps flow chart of the present invention is better described, be the sequential chart of a kind of embodiment of the login method of third-party application provided by the invention see Fig. 3, Fig. 3.
Therefore the login method of a kind of third-party application that the embodiment of the present invention provides, is applicable to log in application server.Log in application server after receiving the authorization information logging in applications client transmission, account management server authorization information is sent to verify, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, log in application server according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.Finally log in application server and the signature authentication information of generation is sent to login applications client, this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When adopting third-party application client to log in compared to prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with account management server account information and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signing messages unanimously determine whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Further, the present invention adopts independently login applications client and third-party application client to carry out alternately, and special account management network in charge is transferred in the service of checking account, share the load logging in application server, reduce the coupling of server.If there is new third-party application client to need to make login mode of the present invention, then without the need to adjusting the verifying logic of account management server, only need third-party application server register on login application server and arrange key, expansion flexibly.
Further, third-party application server does not directly carry out communication with account management server, ensures fail safe and the privacy of account management server, prevents attack.
Further, the authorization information in the login method of third-party application of the present invention, except user account information, also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.User can authorize client in advance in account management server, to represent which client can carry out login authentication.The identification code of authorized client is stored in database by account management server.When authorization information is verified, account management server, according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent.If consistent, be verified, otherwise checking is not passed through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.And by Authorized operation, user determines which logs in applications client and can complete login authentication, even if user account and password are revealed, can not complete login authentication, ensure that the accuracy of authorization information in undelegated login applications client.Mobile phone terminal as user has been lost; user only need authorize account management server to be cancelled with associating of this user account by the client identification of this loss mobile phone; can ensure that the dynamic code that this mobile phone terminal generates cannot by checking; thus without the need to cancelling associating of this user account and third-party application, the safety of user account also can be protected.
Embodiment 2
Be the structural representation of a kind of embodiment of login application server provided by the invention see Fig. 4, Fig. 4, as described in Figure 4, this login application server comprises:
First receiving element 401, for receiving the authorization information logging in applications client and send; Wherein, this authorization information is the logging request that sent according to third-party application client by described login applications client and generates; Authorization information comprises: the application identities of third-party application client and user account information.
First transmitting element 402, for authorization information is sent to account management server, verifies this authorization information for account management server.
Second receiving element 403, for receiving the result that account management server returns;
First signature unit 404, for when the result is for being verified, according to the application identities of third-party application client, search key database, obtain the first key, and use the user account name in the first double secret key user account information and login time stamp to sign, obtain the first signature.
Second transmitting element 405, for obstructed out-of-date for verifying at the result, returns login failure message to login applications client, and terminates this login.
Authentication information generation unit 406, for generating signature authentication information; This signature authentication information comprises: the first signature, user account name and login time stamp.
3rd transmitting element 407, for signature authentication information is sent to login applications client, to make login applications client, signature authentication information is transmitted to third-party application client, third-party application server is transmitted to make third-party application client, thus the second double secret key user account name making third-party application server use to prestore and login time stamp are signed, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
One as the present embodiment is illustrated, and is the structural representation of the another kind of embodiment of login application server provided by the invention see Fig. 5, Fig. 5.The difference of Fig. 5 and Fig. 4 is, logs in application server and also comprises: format checking unit 408, before authorization information being sent to account management server at the first transmitting element 402, carry out format checking to authorization information; If authorization information passed examination, then authorization information is sent to account management server; Otherwise, return login failure message to login applications client, and terminate this login.
In the present embodiment, authorization information can also comprise: the first dynamic code; Described first dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.
One as the present embodiment is illustrated, and is the structural representation of another embodiment of login application server provided by the invention see Fig. 6, Fig. 6.The difference of Fig. 6 and Fig. 4 is, log in application server also to comprise: the 4th transmitting element 609, for after signature authentication information is sent to login applications client by the 3rd transmitting element 407, unique identifier is sent to login applications client, for login applications client, unique identifier is stored in identification code data storehouse.This unique identifier sends to login application server by account management server by the result, corresponding with this user account information.
In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.
The more detailed operation principle of the present invention and process step can be, but not limited to the relevant record being illustrated in embodiment 1.
Therefore, the one that the embodiment of the present invention provides logs in application server, after receiving at the first receiving element 401 authorization information logging in applications client transmission, authorization information sends to account management server to verify by the first transmitting element 402, wherein, this authorization information is by logging in logging request that applications client sends according to third-party application client and generating.In account management server authentication by after this authorization information, second receiving element 403 receives the result returned, again by the first signature unit 404 according to the application identities of third-party application client, search key database, obtain the first key, and use the first double secret key user account name and login time stamp to sign, obtain the first signature.The signature authentication information that authentication information generation unit 406 generates by last 3rd transmitting element 407 sends to login applications client, and this signature authentication information comprises the first signature, user account name and login time stamp.Log in applications client and signature authentication information is transmitted to third-party application client, third-party application server is transmitted to again by third-party application client, the second double secret key user account name and login time stamp is used to sign to make third-party application server, obtain the second signature, in comparison and confirm the first signature and second sign completely the same after, accept the login of third-party application client.When logging in compared to the third-party application client of prior art, account authentication server and third-party application server need to interdepend and just can complete the login of third-party application client, the login application server of technical solution of the present invention to be verified with the account information of account management server and after passing through completing, use and sign with the double secret key concerned account numbers information of third-party application server commitment, signing messages passes to third-party application server successively after logging in client, third-party application client.Third-party application server is to after this account information signature, and whether comparison two signature unanimously determines whether user account completes login by checking.Third-party application server without the need to again can complete independently login step with login application server or the communication of account management server, unties dependence and the coupling of account management server in login process and third-party application server.
Embodiment 3
Be the schematic flow sheet of the another kind of embodiment of the login method of third-party application provided by the invention see Fig. 7, Fig. 7, the method is applicable to FTP client FTP, and its main process flow steps is as follows:
Step 701: third-party application client sends logging request to login applications client; This logging request comprises the application identities of third-party application client.
Step 702: log in applications client and generate authorization information according to described logging request; Wherein, this authorization information comprises application identities and user account information.
Step 703: log in applications client and authorization information is sent to login application server, to make login application server, authorization information is transmitted to account management server, thus account management server is verified authorization information, and the result is returned to login application server.
Step 704: log in applications client and receive the signature authentication information logging in application server and send; Wherein, signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; First signature is by logging in application server when the result is for being verified, according to the application identities of third-party application client, search key database, after obtaining the first key, use the first double secret key user account name and login time stamp to carry out signing and obtaining.
Step 705: log in applications client and signature authentication information is sent to third-party application client.
Step 706: signature authentication information is sent to third-party application server by third-party application client, use user account name described in the second double secret key prestored and login time stamp to sign for third-party application server, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
In the present embodiment, log in applications client and authorization information is sent to login application server, to make login application server, described authorization information is transmitted to account management server, thus account management server is verified described authorization information, and after the result being returned to described login application server, also comprise: log in applications client and receive the login failure message logging in application server and send, and this logs according to the login failure end of message.Wherein, login failure message is generated when the format checking of authorization information is defective by login application server; Or, login failure message be by login application server the result be checking obstructed out-of-date generation.
One as this example is illustrated, and authorization information also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.
One as the present embodiment is illustrated, and after logging in the signature authentication information of applications client reception login application server transmission, also comprises: log in the unique identifier that applications client receives the transmission of login application server.Wherein, unique identifier is corresponding with user account information, and sends to login application server by account management server.Log in applications client unique identifier is stored in identification code data storehouse.In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.User, after use login application server completes the login first of this user account, without the need to inputting password again when next time logs in, reducing the memory cost of user, improving Consumer's Experience.
Therefore, the invention provides a kind of login method of third-party application, be applicable to the FTP client FTP be made up of login applications client and third-party application client.Communicate with third-party application server compared to prior art third-party application client, and the account information relied between third-party application server and account management server is verified and has been carried out login, login method of the present invention completes account information checking by logging in applications client, the certification between third-party application client and third-party application server is completed again by signature authentication, third-party application server is avoided directly to be connected with account management server, untie interdepending of account management server and third-party application server in login process, and avoid the exposure of account management server, improve the fail safe logged in.
Embodiment 4
It is the structural representation of a kind of embodiment of FTP client FTP provided by the invention see Fig. 8, Fig. 8.As shown in Figure 8, this FTP client FTP comprises: log in applications client 801 and third-party application client 802.
Wherein, third-party application client 801 comprises:
5th transmitting element 8011, for sending logging request to login applications client; Logging request comprises the application identities of described third-party application client.
Log in applications client 802 to comprise:
Authorization information generation unit 8021, for generating authorization information according to this logging request; Wherein, authorization information comprises application identities and user account information.
6th transmitting element 8022, for authorization information is sent to login application server, to make login application server that described authorization information is transmitted to account management server, thus account management server is verified authorization information, and the result is returned to login application server.
6th receiving element 8023, for receiving the signature authentication information logging in application server and send; Wherein, signature authentication information comprises: the user account name in the first signature, user account information and login time stamp; First signature is by logging in application server when the result is for being verified, according to the application identities of third-party application client, search key database, after obtaining the first key, use the first double secret key user account name and login time stamp to carry out signing and obtaining.
7th transmitting element 8024, for sending to third-party application client by signature authentication information;
Third-party application client 801 also comprises:
8th transmitting element 8012, for signature authentication information is sent to third-party application server, the second double secret key user account name of prestoring and login time stamp is used to sign for third-party application server, obtain the second signature, in comparison and confirm the first signature and second signature completely the same after, accept the login of third-party application client.
One as the present embodiment is illustrated, and is the structural representation of a kind of embodiment of login applications client provided by the invention see Fig. 9, Fig. 9.As shown in Figure 9, log in applications client also to comprise: the 7th receiving element 8025, for authorization information being sent to login application server at the 6th transmitting element 8022, to make login application server, authorization information is transmitted to account management server, thus account management server is verified authorization information, and after the result being returned to login application server, receive the login failure message logging in application server and send, and this logs according to the login failure end of message.Wherein, login failure message is generated when the format checking of authorization information is defective by login application server.Or, login failure message be by login application server the result be checking obstructed out-of-date generation.
One as this example is illustrated, and authorization information also comprises the first dynamic code.First dynamic code, by logging in applications client according to the mark logging in applications client, calculates according to pre-configured dynamic code algorithm and generates.Account management server is verified authorization information, specifically comprises: according to the client identification prestored and pre-configured dynamic code algorithm, calculates acquisition second dynamic code; By the application identities of the first dynamic code in authorization information, third-party application client and user account information, compare with the application identification information in the second dynamic code, database, user account information accordingly respectively, judge that whether all information is consistent; If consistent, be then verified; If not quite identical, then verify and do not pass through.Therefore, even if user account and password are revealed, login authentication can not be completed in undelegated client, ensure that the accuracy of authorization information.
One as the present embodiment is illustrated, and is the structural representation of the another kind of embodiment of login applications client provided by the invention see Figure 10, Figure 10.The difference of Figure 10 and Fig. 9 is, this login applications client also comprises: the 8th receiving element 8026, after receiving at the 6th receiving element 8023 the signature authentication information logging in application server transmission, receive the unique identifier logging in application server and send.Wherein, unique identifier is corresponding with user account information, and sends to login application server by account management server.Log in applications client unique identifier is stored in identification code data storehouse.In this citing, the user account information in authorization information obtains according in the unique identifier stored in identification code data storehouse according to user's input or by login applications client.User, after use login application server completes the login first of this user account, without the need to inputting password again when next time logs in, reducing the memory cost of user, improving Consumer's Experience.
The more detailed steps flow chart of the present embodiment can be, but not limited to the relevant record see embodiment 3.
Therefore, the invention provides a kind of FTP client FTP be made up of login applications client and third-party application client.Communicate with third-party application server compared to prior art third-party application client, and the account information relied between third-party application server and account management server is verified and has been carried out login, FTP client FTP of the present invention completes account information checking by logging in applications client, the certification between third-party application client and third-party application server is completed again by signature authentication, third-party application server is avoided directly to be connected with account management server, untie interdepending of account management server and third-party application server in login process, and avoid the exposure of account management server, improve the fail safe logged in.
Embodiment 5
It is the structural representation of a kind of embodiment of communication system provided by the invention see Figure 11, Figure 11.As shown in figure 11, this communication system comprises: FTP client FTP 1101, third-party application server 1102, login application server 1103 and account management server 1104.
Wherein, login application server 1103 is the login application servers described in embodiment 2.FTP client FTP 1101 is the FTP client FTPs described in embodiment 4.
Therefore communication system provided by the invention can untie interdepending of account management server and third-party application server in login process, avoids the exposure of account management server, improves the fail safe logged in.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications are also considered as protection scope of the present invention.