CN112771826B

Movatterモバイル変換

Info

Publication number: CN112771826B
Application number: CN201880097797.8A
Authority: CN
Inventors: 陈岩
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd; Shenzhen Huantai Technology Co Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd; Shenzhen Huantai Technology Co Ltd
Priority date: 2018-11-05
Filing date: 2018-11-05
Publication date: 2023-01-10
Anticipated expiration: 2038-11-05
Also published as: CN112771826A; WO2020093214A1

Abstract

Translated fromChinese

一种应用程序登录方法、应用程序登录装置及移动终端，所述方法包括：读取移动终端中可信执行环境TEE的存储器中所保存的登录账号(S101)；将所述登录账号发送至第一服务器中，以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号(S102)；接收所述第一服务器返回的判断结果(S103)；若所述判断结果指示所述登录账号为用于登录所述目标应用程序的已注册账号，则登录所述目标应用程序(S104)。上述方法能够在一定程度上提高应用程序登录的安全性，并且可以在一定程度上减少用户在登录应用程序时的操作步骤，提高用户体验。

An application login method, an application login device, and a mobile terminal, the method comprising: reading a login account stored in a memory of a trusted execution environment TEE in a mobile terminal (S101); sending the login account to a second In a server, to instruct the first server to judge whether the login account is a registered account for logging into the target application program (S102); receive the judgment result returned by the first server (S103); if the If the judgment result indicates that the login account is a registered account used to log in the target application program, then log in the target application program (S104). The above method can improve the security of application program login to a certain extent, and can reduce the user's operation steps when logging in to an application program to a certain extent, thereby improving user experience.

Description

Translated fromChinese

一种应用程序登录方法、应用程序登录装置及移动终端Application registration method, application registration device and mobile terminal

技术领域technical field

本申请属于电子技术领域，尤其涉及一种应用程序登录方法、应用程序登录装置、移动终端及计算机可读存储介质。The present application belongs to the field of electronic technology, and in particular relates to an application registration method, an application registration device, a mobile terminal and a computer-readable storage medium.

背景技术Background technique

对于移动终端中的大多数应用程序而言，为保障用户的隐私安全，在用户使用某一应用程序之前，均需要用户首先登录该应用程序。目前常用的登录方法为：用户在登录界面填写登录账号(比如，填写电话号码以及短信验证码)，应用程序验证用户填写的登录账号是否合法，若合法则登录该应用程序，否则，则禁止登录该应用程序。For most of the application programs in the mobile terminal, in order to protect the user's privacy, before the user uses a certain application program, the user needs to log in the application program first. At present, the commonly used login method is: the user fills in the login account on the login interface (for example, fills in the phone number and SMS verification code), and the application verifies whether the login account filled in by the user is legal. If it is legal, log in to the application; otherwise, the login is prohibited. the application.

发明内容Contents of the invention

本申请提供了一种应用程序登录方法、应用程序登录装置、移动终端及计算机可读存储介质，可以在一定程度上提高应用程序登录的安全性。The present application provides an application registration method, an application registration device, a mobile terminal and a computer-readable storage medium, which can improve the security of application registration to a certain extent.

本申请第一方面提供了一种应用程序登录方法，应用于移动终端，包括：The first aspect of the present application provides an application login method applied to a mobile terminal, including:

读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号；Read the login account stored in the memory of the trusted execution environment TEE in the mobile terminal;

将上述登录账号发送至第一服务器，以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号；sending the above-mentioned login account to the first server to instruct the above-mentioned first server to judge whether the above-mentioned login account is a registered account for logging into the target application;

接收上述第一服务器返回的判断结果；receiving the judgment result returned by the first server;

若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号，则登录上述目标应用程序。If the determination result indicates that the login account is a registered account used to log in the target application, then log in the target application.

本申请第二方面提供了一种移动终端，包括预设存储器、处理器以及存储在上述预设存储器中并可在上述处理器上运行的计算机程序，上述处理器执行上述计算机程序时实现如下步骤：The second aspect of the present application provides a mobile terminal, including a preset memory, a processor, and a computer program stored in the preset memory and operable on the processor. When the processor executes the computer program, the following steps are implemented :

本申请第三方面提供了一种应用程序登录装置，应用于移动终端，包括：The third aspect of the present application provides an application registration device, which is applied to a mobile terminal, including:

账号读取模块，用于读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号；The account reading module is used to read the login account stored in the memory of the trusted execution environment TEE in the above-mentioned mobile terminal;

账号发送模块，用于将上述登录账号发送至第一服务器，以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号；An account sending module, configured to send the above-mentioned login account to the first server, so as to instruct the above-mentioned first server to judge whether the above-mentioned login account is a registered account for logging into the target application;

结果接收模块，用于接收上述第一服务器返回的判断结果；A result receiving module, configured to receive the judgment result returned by the first server;

第一登录模块，用于若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号，则登录上述目标应用程序。The first login module is configured to log in the target application program if the determination result indicates that the login account is a registered account used to log in the target application program.

本申请第四方面提供了一种计算机可读存储介质，上述计算机可读存储介质存储有计算机程序，上述计算机程序被处理器执行时实现如上述第一方面方法的步骤。A fourth aspect of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the above-mentioned method in the first aspect are implemented.

本申请第五方面提供了一种计算机程序产品，上述计算机程序产品包括计算机程序，上述计算机程序被一个或多个处理器执行时实现如上述第一方面方法的步骤。A fifth aspect of the present application provides a computer program product, the computer program product includes a computer program, and when the computer program is executed by one or more processors, the steps of the method in the first aspect above are implemented.

附图说明Description of drawings

为了更清楚地说明本申请实施例中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the accompanying drawings that need to be used in the descriptions of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are only for the present application For some embodiments, those of ordinary skill in the art can also obtain other drawings based on these drawings without paying creative efforts.

图1是本申请实施例一提供的一种应用程序登录方法的实现流程示意图；FIG. 1 is a schematic diagram of an implementation flow of an application login method provided in Embodiment 1 of the present application;

图2是本申请实施例一提供的一种将登录账号写入TEE的存储器的实现方法流程图；FIG. 2 is a flow chart of a method for writing a login account into a memory of a TEE provided in Embodiment 1 of the present application;

图3是本申请实施例二提供的另一种应用程序登录方法的实现流程示意图；FIG. 3 is a schematic flow diagram of another application login method provided in Embodiment 2 of the present application;

图4是本申请实施例三提供的一种应用程序登录装置的结构示意图；FIG. 4 is a schematic structural diagram of an application login device provided in Embodiment 3 of the present application;

图5是本申请实施例四提供的移动终端的结构示意图。FIG. 5 is a schematic structural diagram of a mobile terminal provided in Embodiment 4 of the present application.

具体实施方式detailed description

以下描述中，为了说明而不是为了限定，提出了诸如特定系统结构、技术之类的具体细节，以便透彻理解本申请实施例。然而，本领域的技术人员应当清楚，在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中，省略对众所周知的系统、装置、电路以及方法的详细说明，以免不必要的细节妨碍本申请的描述。In the following description, specific details such as specific system structures and technologies are presented for the purpose of illustration rather than limitation, so as to thoroughly understand the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

本申请实施例提供的应用程序登录方法适用于移动终端，示例性地，该移动终端包括但不限于：智能手机、掌上电脑、笔记本、可穿戴设备等。The application log-in method provided in the embodiment of the present application is applicable to mobile terminals. Exemplarily, the mobile terminals include but are not limited to: smartphones, palmtop computers, notebooks, wearable devices, and the like.

应当理解，当在本说明书和所附权利要求书中使用时，术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在，但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in this specification and the appended claims, the term "comprising" indicates the presence of described features, integers, steps, operations, elements and/or components, but does not exclude one or more other features. , whole, step, operation, element, component and/or the presence or addition of a collection thereof.

还应当理解，在此本申请说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本申请。如在本申请说明书和所附权利要求书中所使用的那样，除非上下文清楚地指明其它情况，否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should also be understood that the terminology used in the specification of this application is for the purpose of describing particular embodiments only and is not intended to limit the application. As used in this specification and the appended claims, the singular forms "a", "an" and "the" are intended to include plural referents unless the context clearly dictates otherwise.

还应当进一步理解，在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合，并且包括这些组合。It should also be further understood that the term "and/or" used in the description of the present application and the appended claims refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations .

如在本说明书和所附权利要求书中所使用的那样，术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地，短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the term "if" may be construed as "when" or "once" or "in response to determining" or "in response to detecting" depending on the context . Similarly, the phrase "if determined" or "if [the described condition or event] is detected" may be construed, depending on the context, to mean "once determined" or "in response to the determination" or "once detected [the described condition or event] ]” or “in response to detection of [described condition or event]”.

另外，在本申请的描述中，术语“第一”、“第二”等仅用于区分描述，而不能理解为指示或暗示相对重要性。In addition, in the description of the present application, the terms "first", "second" and the like are only used to distinguish descriptions, and cannot be understood as indicating or implying relative importance.

为了说明本申请上述的技术方案，下面通过具体实施例来进行说明。In order to illustrate the above-mentioned technical solutions of the present application, specific examples are used below to illustrate.

实施例1Example 1

下面对本申请实施例一提供的应用程序登录方法进行描述，该应用程序登录方法应用于移动终端，该移动终端中安装有目标应用程序，请参阅附图1，本申请实施例一中的应用程序登录方法包括：The following describes the application program login method provided by Embodiment 1 of the present application. The application program login method is applied to a mobile terminal, and the target application program is installed in the mobile terminal. Please refer to FIG. 1 , the application program in Embodiment 1 of the present application Login methods include:

在步骤S101中，读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号；In step S101, read the login account stored in the memory of the trusted execution environment TEE in the mobile terminal;

该步骤S101所述的登录账号具体为用于登录上述目标应用程序的登录账号。该步骤S101所述的登录账号可以是“用户名+密码”形式的登录账号，比如，用户名为sunshine，密码为12345；或者，该步骤S101所述的登录账号也可以是电话号码，比如，13588888888；或者，还可以是身份证号码，比如，411XXX19950808XXXX，本申请对登录账号的具体形式不作限定。The login account described in step S101 is specifically a login account used to log in the above-mentioned target application program. The login account described in step S101 may be a login account in the form of "username+password", for example, the username is sunshine, and the password is 12345; or, the login account described in step S101 may also be a phone number, such as, 13588888888; or, it can also be an ID card number, for example, 411XXX19950808XXXX. This application does not limit the specific form of the login account.

目前，对于许多移动终端而言，都能够同时支持丰富执行环境(Rich ExecutionEnvironment，REE)以及可信执行环境(Trusted Execution Environment，TEE)，基于REE运行的程序在运行时会共用相同的硬件资源，因此，基于REE运行的程序中的数据很容易被盗取。TEE是不同于REE的另一种运行环境，TEE的代码在运行时所占用的硬件资源，与REE的代码在运行时所占用的硬件资源是完全不同的，对于TEE的代码在运行时所能访问的硬件资源来说，REE的代码在运行时是无法访问的，在步骤S101中，上述可信执行环境TEE的存储器为只能被TEE的代码访问的存储器，并且，基于TEE运行的程序往往是移动终端厂商规定的程序，并非任意一个安装在移动终端中的程序都能够基于TEE运行。因此，基于TEE运行的程序，相比于基于REE运行的程序来说，数据更不容易被盗取。At present, for many mobile terminals, both Rich Execution Environment (REE) and Trusted Execution Environment (Trusted Execution Environment, TEE) can be supported at the same time. Programs running based on REE will share the same hardware resources at runtime. Therefore, data in programs running on REE can be easily stolen. TEE is another operating environment different from REE. The hardware resources occupied by the TEE code at runtime are completely different from the hardware resources occupied by the REE code at runtime. For the TEE code at runtime, it can In terms of access to hardware resources, codes of REEs cannot be accessed during runtime. In step S101, the memory of the above-mentioned trusted execution environment TEE is a memory that can only be accessed by codes of TEEs, and programs running based on TEEs often It is a program specified by the mobile terminal manufacturer, and not any program installed in the mobile terminal can run based on the TEE. Therefore, programs running on TEE are less likely to be stolen than programs running on REE.

通常情况下，对于一个移动终端而言，对该移动终端中TEE的存储器的数据读写往往只能由该移动终端的移动终端厂商规定的程序执行，因此，该TEE的存储器中的数据很难被非法程序读取，也很难被非法程序写入。所以，若将某一应用程序的登录账号保存在TEE的存储器中，则该登录账号是非常不易被盗取以及修改的。对于传统的登录方法，需要用户主动记忆各个不同的应用程序的登录账号，用户往往会将各个登录账号记录在纸质文件或者电子文件中，这种记录方式与将登录账号记录在TEE的存储器中相比，显然安全级别更低，因此，本申请提供了一种较为安全的登录账号记录方式。Usually, for a mobile terminal, the data reading and writing of the memory of the TEE in the mobile terminal can only be performed by the program specified by the mobile terminal manufacturer of the mobile terminal. Therefore, the data in the memory of the TEE is difficult to read and write. It is difficult to be read by illegal programs, and it is also difficult to be written by illegal programs. Therefore, if the login account of a certain application program is saved in the memory of the TEE, the login account is very difficult to be stolen and modified. For traditional login methods, users are required to actively memorize the login accounts of different applications. Users often record each login account in paper documents or electronic files. This recording method is the same as recording login accounts in TEE memory. Obviously, the security level is lower than that, so this application provides a relatively secure login account recording method.

本申请所提供的技术方案中，需要事先将登录上述目标应用程序的登录账号保存在移动终端中TEE的存储器中，由于对TEE的存储器的数据读写往往只能由移动终端厂商规定的程序执行，因此，为了实现将登录账号写入TEE的存储器中，可以预先开发一预设程序，该预设程序为经移动终端厂商认证的，可以对TEE的存储器写入数据的程序，用户通过开启该预设程序，在该预设程序提供的界面上填写登录上述目标应用程序的登录账号，该预设程序在接收到用户填写的登录账号之后，将用户填写的登录账号写入TEE的存储器中(通过该预设程序能够允许任何用户往TEE的存储器中写入数据，这会使得非法用户在窃取到合法用户的用于登录上述目标应用程序的登录账号之后，也能够通过该预设程序将所窃取的用于登录该目标应用程序的登录账号写入到某个移动终端X的TEE的存储器中，使非法用户能够在该移动终端X中冒充合法用户登录该目标应用程序，因此，在通过该预设程序允许用户往TEE的存储器中写入数据时，可以首先提醒用户上传身份证号、照片等信息，然后，根据用户上传的身份证号、照片等信息，对用户的身份进行验证，在验证通过之后，再允许用户对TEE的存储器进行数据写入)。此外，为了防止上述预设程序在将登录账号写入TEE的存储器的过程中，被非法程序窃取登录账号，该预设程序在接收到登录账号之后，首先对接收到的登录账号进行加密，然后将加密后的登录账号传输至TEE的存储器中，由基于TEE运行的解密程序对其进行解密，这样，登录账号在传递到TEE的存储器的过程中是被加密的，因此，能够在一定程度上降低在将登录账号写入TEE的存储器的过程中，被非法程序窃取登录账号的可能性；此外，为了防止上述预设程序在将登录账号写入TEE的存储器的过程中，被非法程序窃取登录账号，该预设程序也可以是基于TEE运行的程序。In the technical solution provided by this application, it is necessary to save the login account of the above-mentioned target application program in the memory of the TEE in the mobile terminal in advance, because the data reading and writing to the memory of the TEE can only be executed by the program specified by the mobile terminal manufacturer Therefore, in order to write the login account into the memory of the TEE, a preset program can be developed in advance, which is certified by the mobile terminal manufacturer and can write data into the memory of the TEE. A preset program, fill in the login account for logging into the above-mentioned target application program on the interface provided by the preset program, and after receiving the login account number filled in by the user, the preset program writes the login account number filled in by the user into the memory of the TEE ( Through this preset program, any user can be allowed to write data into the memory of the TEE, which will allow the illegal user to steal all the data through the preset program after stealing the login account of the legitimate user for logging into the above-mentioned target application program. The stolen login account for logging into the target application program is written into the memory of the TEE of a mobile terminal X, so that the illegal user can log in to the target application program as a legitimate user in the mobile terminal X. Therefore, through the When the preset program allows the user to write data into the memory of the TEE, it can first remind the user to upload ID number, photo and other information, and then verify the user's identity according to the ID number, photo and other information uploaded by the user. After the verification is passed, the user is allowed to write data to the memory of the TEE). In addition, in order to prevent the aforementioned default program from stealing the login account by an illegal program during the process of writing the login account into the memory of the TEE, the preset program first encrypts the received login account after receiving the login account, and then The encrypted login account is transmitted to the memory of the TEE, and it is decrypted by the decryption program running on the basis of the TEE. In this way, the login account is encrypted during the process of being transferred to the memory of the TEE. Therefore, it can be encrypted to a certain extent. Reduce the possibility of the login account being stolen by an illegal program during the process of writing the login account into the memory of the TEE; in addition, in order to prevent the above preset program from being stolen by the illegal program during the process of writing the login account into the memory of the TEE Account, the preset program can also be a program running based on TEE.

在本申请实施例中，为了将登录账号写入TEE的存储器中，除了用户通过上述预设程序填写登录账号的方式之外，也可以通过附图2所示的方式，将登录上述目标应用程序的登录账号写入到TEE的存储器中。如图2所示，移动终端通过执行步骤S201-S203将登录上述目标应用程序的登录账号写入到TEE的存储器中。In this embodiment of the application, in order to write the login account into the memory of the TEE, in addition to the way that the user fills in the login account through the above-mentioned preset program, the above-mentioned target application program can also be logged in through the method shown in Figure 2 The login account of the user is written into the memory of the TEE. As shown in FIG. 2, the mobile terminal writes the login account for logging into the target application program into the memory of the TEE by executing steps S201-S203.

在步骤S201中，发送登录账号请求信息至第二服务器，该登录账号请求信息用于指示上述第二服务器查找该登录账号；In step S201, sending login account request information to the second server, the login account request information is used to instruct the second server to search for the login account;

在步骤S202中，接收上述第二服务器返回的登录账号反馈信息，该登录账号反馈信息中包括该登录账号；In step S202, receiving the login account feedback information returned by the second server, the login account feedback information including the login account;

在步骤S203中，根据上述登录账号反馈信息，将该登录账号写入到上述TEE的存储器中；In step S203, write the login account into the memory of the TEE according to the feedback information of the login account;

也即是，通过上述第二服务器来保存登录上述目标应用程序的登录账号，移动终端通过与该第二服务器的通信，实现登录账号的获取，并将获取的登录账号写入到TEE的存储器中。此外，本领域技术人员不难看出，实现上述步骤S201-S203的程序需要向TEE的存储器中写入数据，因此，实现上述步骤S201-S203的程序也需要经过移动终端厂商的认证。另外，为了防止上述步骤S201-S203在执行时，被非法程序窃取登录账号，上述步骤S201-S203也可以是基于TEE运行的程序；或者，在将登录账号写入TEE的存储器的过程中，对登录账号进行加密，由基于TEE运行的解密程序对其进行解密，这样，登录账号在传递到TEE的存储器的过程中是被加密的，能够在一定程度上降低在将登录账号写入TEE的存储器的过程中，被非法程序窃取登录账号的可能性。That is, the login account for logging into the target application program is stored by the second server, and the mobile terminal obtains the login account through communication with the second server, and writes the acquired login account into the memory of the TEE. . In addition, those skilled in the art can easily see that the program implementing the above steps S201-S203 needs to write data into the memory of the TEE. Therefore, the program implementing the above steps S201-S203 also needs to be certified by the mobile terminal manufacturer. In addition, in order to prevent the above-mentioned steps S201-S203 from being stolen by an illegal program during the execution of the login account, the above-mentioned steps S201-S203 can also be a program running based on the TEE; or, during the process of writing the login account into the memory of the TEE, the The login account is encrypted and decrypted by a decryption program based on the TEE. In this way, the login account is encrypted during the process of being transferred to the memory of the TEE, which can reduce the problem of writing the login account to the memory of the TEE to a certain extent. During the process, the possibility of the login account being stolen by an illegal program.

本领域技术人员不难看出，当移动终端通过上述步骤S201-S203来获取登录目标应用程序的登录账号时，是需要与第二服务器进行通信的，为了避免移动终端与第二服务器之间相互通信的数据被非法截取，可以对相互之间通信的数据进行加密。比如，为了防止第二服务器返回的登录账号被非法截取，上述登录账号反馈信息为第二服务器利用预设的第一加密规则经加密处理得到；相应地，上述步骤S203包括：根据与上述第一加密规则对应的解密规则，对上述登录账号反馈信息进行解密处理，从而得到登录账号，并将该登录账号写入TEE的存储器中。Those skilled in the art can easily see that when the mobile terminal obtains the login account of the login target application program through the above steps S201-S203, it needs to communicate with the second server. The data is illegally intercepted, and the data communicated with each other can be encrypted. For example, in order to prevent the login account returned by the second server from being illegally intercepted, the above-mentioned login account feedback information is obtained by the second server through encryption processing using the preset first encryption rule; correspondingly, the above step S203 includes: The decryption rule corresponding to the encryption rule decrypts the above-mentioned login account feedback information to obtain the login account, and writes the login account into the memory of the TEE.

此外，该步骤S101可以是在用户启动上述目标应用程序时执行的，比如，当用户点击移动终端桌面上的该目标应用程序的图标时，移动终端就执行该步骤S101，获取TEE的存储器中所保存的用于登录该目标应用程序的登录账号。此外，在本申请实施例中，若从TEE的存储器中没有获取到登录上述目标应用程序的登录账号时，则可以提醒用户启动上述预设程序或者移动终端自动启动上述预设程序，获取用户手动输入的登录上述目标应用程序的登录账号；或者，执行上述步骤S201-S203，获取登录上述目标应用程序的登录账号。In addition, this step S101 may be executed when the user starts the above-mentioned target application program. For example, when the user clicks the icon of the target application program on the desktop of the mobile terminal, the mobile terminal executes this step S101 to obtain the information stored in the memory of the TEE. The saved login account used to log in to the target application. In addition, in the embodiment of the present application, if the login account for logging in to the target application program is not obtained from the memory of the TEE, the user may be reminded to start the above preset program or the mobile terminal may automatically start the above preset program, and the user may manually start the above preset program. The input login account for logging into the above target application program; or, perform the above steps S201-S203 to obtain the login account for logging into the above target application program.

在步骤S102中，将上述登录账号发送至第一服务器中，以指示该第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号；In step S102, the above-mentioned login account is sent to the first server to instruct the first server to judge whether the above-mentioned login account is a registered account for logging into the target application program;

在本申请实施例中，在通过步骤S101读取到登录上述目标应用程序的登录账号之后，将步骤S101读取的登录账号发送至第一服务器，其中，该第一服务器可以是与上述目标应用程序对应的服务器，该第一服务器中保存有各个用于登录该目标应用程序的已注册账号。In this embodiment of the present application, after the login account for logging in to the target application is read in step S101, the login account read in step S101 is sent to the first server, where the first server may be the same as the target application A server corresponding to the program, the first server stores various registered accounts used to log in to the target application program.

移动终端将步骤S101读取的登录账号发送至上述第一服务器中，以指示该第一服务器对该登录账号进行验证，该第一服务器判断该登录账号是否是用于登录该目标应用程序的已注册账号，并返回判断结果至移动终端。The mobile terminal sends the login account read in step S101 to the above-mentioned first server to instruct the first server to verify the login account, and the first server determines whether the login account is used to log in to the target application. Register an account, and return the judgment result to the mobile terminal.

此外，为了避免移动终端在与该第一服务器之间通信时，登录账号被截取，该步骤S102可以包括：In addition, in order to prevent the login account from being intercepted when the mobile terminal communicates with the first server, step S102 may include:

利用预设的第二加密规则对上述登录账号进行加密处理，得到加密处理后的加密登录账号；Encrypting the above login account by using a preset second encryption rule to obtain an encrypted login account after encryption;

将上述加密登录账号发送至第一服务器，以指示该第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号。The above-mentioned encrypted login account is sent to the first server to instruct the first server to judge whether the above-mentioned login account is a registered account for logging into the target application program.

在步骤S103中，接收上述第一服务器返回的判断结果；In step S103, receiving the judgment result returned by the above-mentioned first server;

在本申请实施例中，该步骤S103可以包括：在将上述登录账号发送至上述第一服务器之后，检测在预设时间段内(比如5毫秒)是否接收上述第一服务器返回的判断结果；若在预设时间段内，接收到上述第一服务器返回的判断结果，则执行后续步骤S104；若在预设时间段内，未接收到上述第一服务器返回的判断结果，则判断向上述第一服务器发送上述登录账号的次数是否达到预设次数；若未到达，则返回步骤S102，再次将步骤S101读取的登录账号发送至第一服务器；若达到上述预设次数，则提醒用户由于无法连接网络，因此无法实现目标应用程序的登录。In this embodiment of the present application, step S103 may include: after sending the above-mentioned login account number to the above-mentioned first server, detecting whether the judgment result returned by the above-mentioned first server is received within a preset time period (for example, 5 milliseconds); if Within the preset time period, if the judgment result returned by the above-mentioned first server is received, the subsequent step S104 is executed; Whether the number of times the server sends the above-mentioned login account reaches the preset number of times; if it does not arrive, then return to step S102, and send the login account number read in step S101 to the first server again; network, so login of the target application cannot be achieved.

在步骤S104中，若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号，则登录上述目标应用程序；In step S104, if the determination result indicates that the login account is a registered account used to log in the target application, then log in the target application;

在本申请实施例中，若上述第一服务器返回的判断结果指示步骤S101读取的登录账号为用于登录该目标应用程序的已注册账号，则自动登录该目标应用程序；否则，若上述判断结果指示上述登录账号不是用于登录上述目标应用程序的已注册账号，则生成提示信息，该提示信息用于提示用户无法登录该目标应用程序。In this embodiment of the application, if the judgment result returned by the above-mentioned first server indicates that the login account read in step S101 is a registered account used to log in to the target application, then the target application is automatically logged in; otherwise, if the above-mentioned judgment If the result indicates that the above-mentioned login account is not a registered account used to log in the above-mentioned target application program, a prompt message is generated, and the prompt message is used to prompt the user that the target application program cannot be logged in.

本申请实施例一提供的应用程序登录方法需要读取TEE存储器中所保存的登录账号，因此，实现本申请实施例一各个步骤的程序可以经过移动终端厂商的认证，从而使得本申请实施例一提供的方法能够实现读取TEE的存储器中的数据。The application program login method provided in Embodiment 1 of the present application needs to read the login account stored in the TEE memory. Therefore, the program for implementing each step in Embodiment 1 of the present application can be authenticated by the mobile terminal manufacturer, so that Embodiment 1 of the present application The provided method can realize reading the data in the memory of the TEE.

另外，本申请实施例一所述的各个步骤也可以完全由上述目标应用程序实现，移动终端可以提供给该目标应用程序一预设接口函数，当该目标应用程序在启动时，该目标应用程序可以通过调用该预设接口函数实现对TEE的存储器的数据读取，由于读取TEE的存储器中数据的程序必须经过移动终端厂商的认证，因此，该目标应用程序的开发商需事先与移动终端厂商沟通，申请调用该移动终端的该预设接口函数，实现读取该移动终端的TEE的存储器中的数据。In addition, the various steps described in Embodiment 1 of the present application can also be completely realized by the above-mentioned target application program, and the mobile terminal can provide a preset interface function for the target application program. When the target application program is started, the target application program The data reading of the TEE memory can be realized by calling the preset interface function. Since the program for reading data in the TEE memory must be certified by the mobile terminal manufacturer, the developer of the target application program needs to communicate with the mobile terminal in advance. The manufacturer communicates and applies for calling the preset interface function of the mobile terminal to read data in the memory of the TEE of the mobile terminal.

本申请实施例一提供了一种应用程序登录方法，在登录目标应用程序时，自动从可信执行环境TEE的存储器中读取登录账号，并在该登录账号合法时，自动登录该目标应用程序，由于TEE的存储器的数据读写往往只能由移动终端厂商规定的程序执行，因此，该TEE的存储器中的数据很难被非法程序读取(即很难被盗取)，也很难被非法程序写入(即便被非法用户盗取，也很难写入非法用户的移动终端中TEE的存储器中)，所以，保存在移动终端中TEE的存储器中的登录账号具有很高的可信度，一旦保存在TEE的存储器中的登录账号被验证成功，则很大程度上说明了使用该目标应用程序的用户为合法用户(因为登录账号被保存在TEE的存储器中，因此，被盗取的可能性很低，即便被盗取，也很难写入非法用户的移动终端的TEE存储器中)。而传统的登录方式，登录账号很容易被非法用户获取(以电话号码以及短信验证码的登录方法举例说明，非法用户可通过广播的方式，获取合法用户的国际移动用户识别码IMSI，进而通过合法用户的IMSI获取合法用户的电话号码，同时截取短信验证码，即可获得合法用户的电话号码以及短信验证码)，并且传统的登录方式需要用户手动输入登录账号，手动输入的过程很不安全，很容易被非法用户利用摄像头等工具偷看到用户输入的登录账号，所以，传统的登录账号较为容易被窃取，此外，对于传统的登录方法来说，一旦合法用户的登录账号被窃取，非法用户就可通过手动输入窃取的登录账号，冒充合法用户登录该目标应用程序，因此，对于传统的登录方式，即便登录账号验证成功，也不能说明使用该目标应用程序的用户就是合法用户(因为存在登录账号被窃取的可能)。综上，本申请所提供的登录方法，相比于传统的登录方法，更加安全，能够在一定程度上提高登录的安全性。此外，本申请所提供的登录方法，避免了手动输入登录账号，因此，相比于传统的登录方法，也可以在一定程度上减少了用户的操作步骤，能够提高用户体验。Embodiment 1 of the present application provides an application login method. When logging in to a target application, the login account is automatically read from the storage of the Trusted Execution Environment TEE, and when the login account is valid, the target application is automatically logged in. , because the data reading and writing of the memory of the TEE can only be performed by the program specified by the mobile terminal manufacturer, therefore, the data in the memory of the TEE is difficult to be read by illegal programs (that is, it is difficult to be stolen), and it is also difficult to be Illegal program writing (even if it is stolen by an illegal user, it is difficult to write into the memory of the TEE in the mobile terminal of the illegal user), so the login account stored in the memory of the TEE in the mobile terminal has a high degree of credibility , once the login account stored in the memory of the TEE is successfully verified, it largely indicates that the user using the target application is a legitimate user (because the login account is stored in the memory of the TEE, therefore, the stolen Possibility is very low, even if it is stolen, it is also difficult to write in the TEE memory of the mobile terminal of the illegal user). In the traditional login method, the login account is easily obtained by illegal users (using the login method of phone number and SMS verification code as an example, illegal users can obtain the IMSI of legal users by broadcasting, and then pass legal The user's IMSI obtains the legitimate user's phone number, and at the same time intercepts the SMS verification code to obtain the legitimate user's phone number and SMS verification code), and the traditional login method requires the user to manually enter the login account, which is very unsafe. It is easy for illegal users to peek at the login account entered by the user by using tools such as a camera. Therefore, the traditional login account is relatively easy to be stolen. In addition, for the traditional login method, once the login account of the legitimate user is stolen, the illegal user You can manually enter the stolen login account to pretend to be a legitimate user to log in to the target application. Therefore, for traditional login methods, even if the login account verification is successful, it cannot be explained that the user using the target application is a legitimate user (because there is a login The possibility of the account being stolen). To sum up, the login method provided by this application is more secure than the traditional login method, and can improve the security of login to a certain extent. In addition, the login method provided by the present application avoids manually inputting the login account number. Therefore, compared with the traditional login method, the user's operation steps can also be reduced to a certain extent, and the user experience can be improved.

实施例2Example 2

下面对本申请实施例二提供的另一种应用程序登录方法进行描述，同实施例一相同，该应用程序登录方法应用于移动终端，该移动终端中安装有目标应用程序。Another application registration method provided by Embodiment 2 of the present application is described below. Same as Embodiment 1, this application registration method is applied to a mobile terminal in which a target application is installed.

本申请实施例二所提供的技术方案中，将实施例一所提供的技术方案中的登录账号具体限定为上述移动终端对应的电话号码。请参阅附图3，本申请实施例二中的应用程序登录方法包括：In the technical solution provided in Embodiment 2 of the present application, the login account in the technical solution provided in Embodiment 1 is specifically limited to the phone number corresponding to the aforementioned mobile terminal. Please refer to accompanying drawing 3, the application login method in the second embodiment of the present application includes:

在步骤S301中，获取上述移动终端的国际移动设备标识码IMEI或者上述移动终端中用户识别模块SIM卡的国际移动用户识别码IMSI；In step S301, obtain the international mobile equipment identity code IMEI of the above-mentioned mobile terminal or the international mobile subscriber identity code IMSI of the subscriber identity module SIM card in the above-mentioned mobile terminal;

通常情况下，移动终端的电话号码是与该移动终端的IMEI(InternationalMobile Equipment Identification，国际移动设备识别码)或者该移动终端中安装的SIM(Subscriber Identification Module，用户识别模式)卡的IMSI(International MobileSubscriber Identification，国际移动用户识别码)对应的，因此，可以首先获取该移动终端的IMEI或者该移动终端中的SIM卡的IMSI，以便后续通过该IMEI或者IMSI获得该移动终端的电话号码。Usually, the phone number of a mobile terminal is the IMEI (International Mobile Equipment Identification, International Mobile Equipment Identity) of the mobile terminal or the IMSI (International Mobile Subscriber Identification Module, Subscriber Identification Module) card installed in the mobile terminal. Identification, International Mobile Subscriber Identity), therefore, can first obtain the IMEI of the mobile terminal or the IMSI of the SIM card in the mobile terminal, so that the phone number of the mobile terminal can be obtained subsequently through the IMEI or IMSI.

在步骤S302中，根据上述IMEI或者上述IMSI，生成登录账号请求信息，其中，该登录账号请求信息中包括上述IMEI或者上述IMSI；In step S302, generate login account request information according to the above-mentioned IMEI or the above-mentioned IMSI, wherein the login account request information includes the above-mentioned IMEI or the above-mentioned IMSI;

在获取到移动终端的IMEI以及该移动终端中SIM卡的IMSI之后，该移动终端利用该IMEI或者IMSI生成登录账号请求信息。After acquiring the IMEI of the mobile terminal and the IMSI of the SIM card in the mobile terminal, the mobile terminal uses the IMEI or IMSI to generate login account request information.

在步骤S303中，发送上述登录账号请求信息至第二服务器，该登录账号请求信息用于指示该第二服务器查找与该IMEI或者IMSI对于的电话号码；In step S303, the above-mentioned login account request information is sent to the second server, and the login account request information is used to instruct the second server to find the phone number corresponding to the IMEI or IMSI;

上述第二服务器中可以保存有预设的对应关系表，该对应关系表中记录有各个不同的IMEI与电话号码的对应关系信息或者各个不同的IMSI与电话号码的对应关系信息。该第二服务器接收到上述登录账号请求信息之后，提取该登录账号请求信息中的IMEI或者IMSI，并根据该IMEI或者该IMSI，在预设的对应关系表中查找对应的电话号码，并将查找到的电话号码返回至上述移动终端。The second server may store a preset correspondence table, and the correspondence table records correspondence information between different IMEIs and phone numbers or correspondence information between different IMSIs and phone numbers. After the second server receives the above-mentioned login account request information, it extracts the IMEI or IMSI in the login account request information, and according to the IMEI or the IMSI, searches for the corresponding phone number in the preset correspondence table, and searches The received phone number is returned to the above-mentioned mobile terminal.

在步骤S304中，接收上述第二服务器返回的登录账号反馈信息，该登录账号反馈信息中包括上述电话号码；In step S304, the login account feedback information returned by the second server is received, the login account feedback information includes the above phone number;

为了避免上述移动终端与上述第二服务器之间的通信数据被窃取，可以对该移动终端与该第二服务器之间的通信数据进行加密处理。比如，在步骤S303中，上述第二服务器对登录账号反馈信息进行加密，以确保该登录信息反馈信息中的电话号码不被非法用户截取。In order to prevent the communication data between the mobile terminal and the second server from being stolen, the communication data between the mobile terminal and the second server may be encrypted. For example, in step S303, the second server encrypts the login account feedback information to ensure that the phone number in the login information feedback information is not intercepted by illegal users.

在步骤S305中，根据上述登录账号反馈信息，将上述电话号码写入移动终端中可信执行环境TEE的存储器中；In step S305, according to the above-mentioned login account feedback information, the above-mentioned phone number is written into the memory of the trusted execution environment TEE in the mobile terminal;

在该步骤S305中，需要将电话号码写入到移动终端的TEE存储器中，因此，实现上述步骤S301-S305的程序需要经过移动终端厂商的认证。另外，为了防止上述步骤S301-S305在执行时，被非法程序窃取登录账号，上述步骤S301-S305可以是基于TEE运行的程序；或者，在将电话号码写入TEE的存储器的过程中，对电话号码进行加密，由基于TEE运行的解密程序对其进行解密，这样，电话号码在传递到TEE的存储器的过程中是被加密的，能够在一定程度上降低在将电话号码写入TEE的存储器的过程中，被非法程序窃取登录账号的可能性。In this step S305, the phone number needs to be written into the TEE memory of the mobile terminal. Therefore, the program for implementing the above steps S301-S305 needs to be certified by the mobile terminal manufacturer. In addition, in order to prevent the above-mentioned steps S301-S305 from being stolen by an illegal program during the execution of the login account, the above-mentioned steps S301-S305 can be a program running based on the TEE; or, during the process of writing the phone number into the memory of the TEE, the The number is encrypted, and it is decrypted by a decryption program based on the TEE. In this way, the phone number is encrypted during the process of being transferred to the TEE memory, which can reduce the cost of writing the phone number into the TEE memory to a certain extent. During the process, the possibility of the login account being stolen by an illegal program.

本领域技术人员应该理解，上述步骤S301-S305并非每次都与后续步骤S306-S309一起执行，步骤S301-S305可以仅仅是在用户更换电话号码时执行，比如，当检测到用于指示用户已更换完成SIM卡的触发信号时，获取移动终端的IMEI或者该移动终端中SIM卡的IMSI(比如，当移动终端检测到用户拔下SIM卡，又插上SIM时，则产生一触发信号，使得该移动终端重新获取该移动终端的IMEI或者更换后的SIM卡的IMSI)。此外，在某些情况下，即使用户更换了SIM卡，但是移动终端的IMEI可能并没有绑定更换后的手机号码，因此，通过移动终端的IMEI，可能并不能获取到正确的电话号码，所以，在本申请实施例中，为了保证在用户更换SIM卡时，能够通过IMEI获取到更换后的电话号码，运营商应该在交付用户新的SIM之前，及时更新上述第二服务器中移动终端的IMEI与电话号码的对应关系。Those skilled in the art should understand that the above steps S301-S305 are not executed together with the subsequent steps S306-S309 every time, and the steps S301-S305 may only be executed when the user changes the phone number, for example, when it is detected that the user has When changing the trigger signal of the SIM card, obtain the IMEI of the mobile terminal or the IMSI of the SIM card in the mobile terminal (for example, when the mobile terminal detects that the user pulls out the SIM card and plugs in the SIM again, a trigger signal is generated, so that The mobile terminal reacquires the IMEI of the mobile terminal or the IMSI of the replaced SIM card). In addition, in some cases, even if the user changes the SIM card, the IMEI of the mobile terminal may not be bound to the changed mobile phone number. Therefore, the correct phone number may not be obtained through the IMEI of the mobile terminal, so , in this embodiment of the application, in order to ensure that when the user changes the SIM card, the changed phone number can be obtained through the IMEI, the operator should update the IMEI and Correspondence between phone numbers.

在步骤S306中，读取上述TEE的存储器中所保存的上述电话号码；In step S306, read the above-mentioned telephone number stored in the memory of the above-mentioned TEE;

在步骤S307中，将上述电话号码发送至第一服务器，以指示该第一服务器执行判断该电话号码是否为用于登录目标应用程序的已注册账号；In step S307, the phone number is sent to the first server to instruct the first server to judge whether the phone number is a registered account for logging into the target application;

在步骤S308中，接收上述第一服务器返回的判断结果；In step S308, receiving the judgment result returned by the first server;

在步骤S309中，若上述判断结果指示上述电话号码为用于登录上述目标应用程序的已注册账号，则登录上述目标应用程序。In step S309, if the determination result indicates that the phone number is a registered account for logging in the target application, then log in the target application.

通常情况下，对于大多数应用程序来说，都支持基于电话号码的登录方法，因此，在本申请实施例二中，可以判断该移动终端的电话号码是否为登录上述目标应用程序的已注册账号，若是，则登录该目标应用程序。Normally, for most applications, the login method based on the phone number is supported. Therefore, in the second embodiment of the application, it can be judged whether the phone number of the mobile terminal is a registered account for logging in to the above-mentioned target application. , and if so, log into the target application.

此外，本申请实施例二相比于实施例一，仅仅是将登录账号限定为电话号码，除此之外，上述步骤S306-S309与实施例一中的步骤S101-S104的具体执行方式完全相同，具体可参见实施例一的描述，此处不再赘述。In addition, compared with the first embodiment, the second embodiment of the present application only limits the login account to the phone number. In addition, the specific execution method of the above steps S306-S309 is exactly the same as that of the steps S101-S104 in the first embodiment For details, refer to the description of Embodiment 1, which will not be repeated here.

通常情况下，在移动终端中TEE的存储器中，不会仅仅只保存一个应用程序的登录账号，往往会保存多个应用程序的登录账号。如果将实施例一所述的登录账号限定为用户名和密码，会占用较大的TEE的存储器空间，原因如下：对于同一用户来说，不同的应用程序在登录时对应的用户名和密码往往不同，比如，小明登录微信的用户名为：xiaoming，密码为：123，但是登录淘宝的用户名却为：xiaomifeng，密码为：happy123，所以，若将本申请实施例一所述的技术方案中的登录账号限定为用户名和密码，会占用大量的TEE的存储器的存储空间。然而，对于同一个用户来说，其往往只有一个电话号码或者几个电话号码，并且目前大多数应用程序都支持基于电话号码的登录方式，因此，为了避免在移动终端中TEE的存储器中保存太多的应用程序的登录账号，避免占用大量的TEE的存储器的存储空间，本申请实施例二将实施例一中的登录账号限定为电话号码。此外，本申请实施例二同实施例一相同，也能够在一定程度上提高登录的安全性，并且可以在一定程度上减少用户在登录应用程序时的操作步骤。Usually, in the memory of the TEE in the mobile terminal, not only the login account of one application program is stored, but the login account of multiple application programs is often stored. If the login account described in Embodiment 1 is limited to the username and password, it will take up a large TEE memory space, the reason is as follows: for the same user, different application programs often have different usernames and passwords when logging in. For example, Xiao Ming’s username for logging into WeChat is: xiaoming, and the password is: 123, but the username for logging into Taobao is: xiaomifeng, and the password is: happy123. Therefore, if the login The account is limited to the user name and password, which will occupy a large amount of storage space in the memory of the TEE. However, for the same user, there is often only one phone number or several phone numbers, and most of the current application programs support the login method based on the phone number. Therefore, in order to avoid saving too many phone numbers in the memory of the TEE Multiple login accounts for application programs avoid occupying a large amount of storage space in the TEE memory. Embodiment 2 of the present application limits the login account in Embodiment 1 to a phone number. In addition, the second embodiment of the present application is the same as the first embodiment, and can also improve the security of login to a certain extent, and can reduce the operation steps of the user when logging in to the application program to a certain extent.

应理解，上述实施例中各步骤的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，而不应对本申请实施例的实施过程构成任何限定。It should be understood that the sequence numbers of the steps in the above embodiments do not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.

实施例3Example 3

本申请实施例三提供了一种应用程序登录装置，该应用程序登录装置应用于移动终端，如图4所示，该应用程序登录装置400包括：Embodiment 3 of the present application provides an application registration device, which is applied to a mobile terminal. As shown in FIG. 4 , theapplication registration device 400 includes:

账号读取模块401，用于读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号；Anaccount reading module 401, configured to read the login account stored in the memory of the trusted execution environment TEE in the mobile terminal;

账号发送模块402，用于将上述登录账号发送至第一服务器，以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号；Theaccount sending module 402 is configured to send the above-mentioned login account to the first server, so as to instruct the above-mentioned first server to judge whether the above-mentioned login account is a registered account for logging into the target application program;

结果接收模块403，用于接收上述第一服务器返回的判断结果；Aresult receiving module 403, configured to receive the judgment result returned by the first server;

第一登录模块404，用于若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号，则登录上述目标应用程序。Thefirst login module 404 is configured to log in the target application program if the determination result indicates that the login account is a registered account used to log in the target application program.

可选地，上述应用程序登录装置400还包括：Optionally, the above-mentionedapplication registration device 400 further includes:

账号请求模块，用于发送登录账号请求信息至第二服务器，上述登录账号请求信息用于指示上述第二服务器查找上述登录账号；An account request module, configured to send login account request information to the second server, where the login account request information is used to instruct the second server to search for the login account;

账号接收模块，用于接收上述第二服务器返回的登录账号反馈信息，上述登录账号反馈信息中包括上述登录账号；The account receiving module is configured to receive the login account feedback information returned by the above-mentioned second server, the above-mentioned login account feedback information includes the above-mentioned login account;

账号写入模块，用于根据上述登录账号反馈信息，将上述登录账号写入上述TEE的存储器中。The account writing module is configured to write the above-mentioned login account into the memory of the above-mentioned TEE according to the feedback information of the above-mentioned login account.

可选地，上述登录账号反馈信息为上述第二服务器利用预设的第一加密规则经加密处理得到的信息；Optionally, the above-mentioned login account feedback information is information obtained through encryption processing by the above-mentioned second server using a preset first encryption rule;

相应地，上述账号写入模块具体用于：根据与上述第一加密规则对应的解密规则，对上述登录账号反馈信息进行解密处理，从而得到上述登录账号，并将上述登录账号写入上述TEE的存储器中。Correspondingly, the above-mentioned account writing module is specifically configured to: decrypt the above-mentioned login account feedback information according to the decryption rule corresponding to the above-mentioned first encryption rule, so as to obtain the above-mentioned login account, and write the above-mentioned login account into the TEE in memory.

可选地，上述登录账号为上述移动终端对应的电话号码；Optionally, the above-mentioned login account is a phone number corresponding to the above-mentioned mobile terminal;

相应地，上述账号请求模块，包括：Correspondingly, the above account request module includes:

识别码获取单元，用于获取上述移动终端的国际移动设备标识码IMEI或者上述移动终端中用户识别模式SIM卡的国际移动用户识别码IMSI；An identification code acquisition unit, configured to acquire the International Mobile Equipment Identity IMEI of the above-mentioned mobile terminal or the International Mobile Subscriber Identity IMSI of the subscriber identification mode SIM card in the above-mentioned mobile terminal;

请求信息生成单元，用于根据上述IMEI或者上述IMSI，生成上述登录账号请求信息，其中，上述登录账号请求信息中包括上述IMEI或者上述IMSI；The request information generation unit is configured to generate the above-mentioned login account request information according to the above-mentioned IMEI or the above-mentioned IMSI, wherein the above-mentioned login account request information includes the above-mentioned IMEI or the above-mentioned IMSI;

请求信息发送单元，用于发送上述登录账号请求信息至上述第二服务器，上述登录账号请求信息用于指示上述第二服务器查找与上述IMEI或者上述IMSI对应的电话号码。The request information sending unit is configured to send the above-mentioned login account request information to the above-mentioned second server, and the above-mentioned login account request information is used to instruct the above-mentioned second server to search for a phone number corresponding to the above-mentioned IMEI or the above-mentioned IMSI.

可选地，上述识别码获取单元具体用于：当检测到用于指示用户已更换完成上述SIM卡的触发信号时，获取上述移动终端的国际移动设备标识码IMEI或者上述SIM卡的国际移动用户识别码IMSI。Optionally, the above-mentioned identification code obtaining unit is specifically configured to: when a trigger signal indicating that the user has replaced the above-mentioned SIM card is detected, obtain the international mobile equipment identity code IMEI of the above-mentioned mobile terminal or the international mobile user of the above-mentioned SIM card Identification code IMSI.

可选地，上述账号发送模块402，包括：Optionally, theaccount sending module 402 includes:

账号加密单元，用于利用预设的第二加密规则对上述登录账号进行加密处理，得到加密处理后的加密登录账号；An account encryption unit, configured to encrypt the above-mentioned login account by using a preset second encryption rule, to obtain an encrypted encrypted login account;

加密账号发送单元，用于将上述加密登录账号发送至第一服务器，以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号。The encrypted account sending unit is configured to send the encrypted login account to the first server, so as to instruct the first server to judge whether the login account is a registered account used to log in the target application.

第二登录模块，用于若上述判断结果指示上述登录账号不是用于登录上述目标应用程序的已注册账号，则生成提示信息，上述提示信息用于提示用户无法登录上述目标应用程序。The second login module is configured to generate prompt information if the determination result indicates that the login account is not a registered account used to log in the target application, and the prompt information is used to prompt the user that the target application cannot be logged in.

可选地，上述账号读取模块401具体用于：当检测到用户启动上述目标应用程序时，读取上述移动终端中TEE的存储器中所保存的登录账号。Optionally, the above-mentionedaccount reading module 401 is specifically configured to: read the login account stored in the memory of the TEE in the above-mentioned mobile terminal when it is detected that the user starts the above-mentioned target application program.

可选地，上述账号读取模块401具体用于：当检测到用户启动上述目标应用程序时，则通过调用预设接口函数，读取上述移动终端中TEE的存储器中所保存的登录账号。Optionally, theaccount reading module 401 is specifically configured to read the login account saved in the memory of the TEE in the mobile terminal by calling a preset interface function when detecting that the user starts the target application.

需要说明的是，上述装置/单元之间的信息交互、执行过程等内容，由于与本申请方法实施例基于同一构思，其具体功能及带来的技术效果，具体可参见方法实施例部分，此处不再赘述。It should be noted that the information interaction and execution process between the above-mentioned devices/units are based on the same concept as the method embodiment of the present application, and its specific functions and technical effects can be found in the method embodiment section. I won't repeat them here.

实施例4Example 4

图5是本申请实施例四提供的移动终端的示意图。如图5所示，该实施例的移动终端5包括：处理器50、预设存储器51以及存储在上述预设存储器51中并可在上述处理器50上运行的计算机程序52。上述处理器50执行上述计算机程序52时实现上述各个方法实施例中的步骤，例如图1所示的步骤101至104。或者，上述处理器50执行上述计算机程序52时实现上述各装置实施例中各模块/单元的功能，例如图4所示模块401至404的功能。FIG. 5 is a schematic diagram of a mobile terminal provided in Embodiment 4 of the present application. As shown in FIG. 5 , themobile terminal 5 of this embodiment includes: aprocessor 50 , apreset memory 51 , and acomputer program 52 stored in thepreset memory 51 and operable on theprocessor 50 . When the above-mentionedprocessor 50 executes the above-mentionedcomputer program 52, the steps in the above-mentioned various method embodiments are implemented, for example, steps 101 to 104 shown in FIG. 1 . Alternatively, when theabove processor 50 executes theabove computer program 52, functions of the modules/units in the above device embodiments, such as the functions of themodules 401 to 404 shown in FIG. 4 , are realized.

示例性的，上述计算机程序52可以被分割成一个或多个模块/单元，上述一个或者多个模块/单元被存储在上述预设存储器51中，并由上述处理器50执行，以完成本申请。上述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段，该指令段用于描述上述计算机程序52在上述移动终端5中的执行过程。例如，上述计算机程序52可以被分割成账号读取模块、账号发送模块、结果接收模块以及第一登录模块，各模块具体功能如下：Exemplarily, the above-mentionedcomputer program 52 can be divided into one or more modules/units, and the above-mentioned one or more modules/units are stored in the above-mentionedpreset memory 51 and executed by the above-mentionedprocessor 50 to complete the application . The above-mentioned one or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the above-mentionedcomputer program 52 in the above-mentionedmobile terminal 5 . For example, the above-mentionedcomputer program 52 can be divided into an account reading module, an account sending module, a result receiving module and a first login module, and the specific functions of each module are as follows:

上述移动终端可包括，但不仅限于，处理器50、预设存储器51。本领域技术人员可以理解，图5仅仅是移动终端5的示例，并不构成对移动终端5的限定，可以包括比图示更多或更少的部件，或者组合某些部件，或者不同的部件，例如上述移动终端还可以包括输入输出设备、网络接入设备、总线等。The aforementioned mobile terminal may include, but not limited to, aprocessor 50 and apreset memory 51 . Those skilled in the art can understand that FIG. 5 is only an example of themobile terminal 5, and does not constitute a limitation to themobile terminal 5. It may include more or less components than those shown in the illustration, or combine certain components, or different components. For example, the above mobile terminal may also include an input and output device, a network access device, a bus, and the like.

所称处理器50可以是中央处理单元(Central Processing Unit，CPU)，还可以是其它通用处理器、数字信号处理器(Digital Signal Processor，DSP)、专用集成电路(Application Specific Integrated Circuit，ASIC)、现场可编程门阵列(Field-Programmable Gate Array，FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-calledprocessor 50 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

上述预设存储器51可以是上述移动终端5的内部存储单元，例如移动终端5的硬盘或内存。上述预设存储器51也可以是上述移动终端5的外部存储设备，例如上述移动终端5上配备的插接式硬盘，智能存储卡(Smart Media Card，SMC)，安全数字(Secure Digital，SD)卡，闪存卡(Flash Card)等。进一步地，上述预设存储器51还可以既包括上述移动终端5的内部存储单元也包括外部存储设备。上述预设存储器51用于存储上述计算机程序以及上述移动终端所需的其它程序和数据。上述预设存储器51还可以用于暂时地存储已经输出或者将要输出的数据。The above-mentionedpreset memory 51 may be an internal storage unit of the above-mentionedmobile terminal 5 , such as a hard disk or a memory of themobile terminal 5 . The above-mentionedpreset memory 51 can also be an external storage device of the above-mentionedmobile terminal 5, such as a plug-in hard disk equipped on the above-mentionedmobile terminal 5, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card , Flash Card (Flash Card) and so on. Further, thepreset memory 51 may also include both an internal storage unit of themobile terminal 5 and an external storage device. Thepreset memory 51 is used to store the computer program and other programs and data required by the mobile terminal. The aforementionedpreset memory 51 can also be used to temporarily store data that has been output or will be output.

所属领域的技术人员可以清楚地了解到，为了描述的方便和简洁，仅以上述各功能单元、模块的划分进行举例说明，实际应用中，可以根据需要而将上述功能分配由不同的功能单元、模块完成，即将上述装置的内部结构划分成不同的功能单元或模块，以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中，上述集成的单元既可以采用硬件的形式实现，也可以采用软件功能单元的形式实现。另外，各功能单元、模块的具体名称也只是为了便于相互区分，并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of description, only the division of the above-mentioned functional units and modules is used for illustration. In practical applications, the above-mentioned functions can be assigned to different functional units, Module completion means that the internal structure of the above-mentioned device is divided into different functional units or modules to complete all or part of the functions described above. Each functional unit and module in the embodiment can be integrated into one processing unit, or each unit can exist separately physically, or two or more units can be integrated into one unit, and the above-mentioned integrated units can either adopt hardware It can also be implemented in the form of software functional units. In addition, the specific names of the functional units and modules are only for the convenience of distinguishing each other, and are not used to limit the protection scope of the present application. For the specific working processes of the units and modules in the above system, reference may be made to the corresponding processes in the aforementioned method embodiments, and details will not be repeated here.

在上述实施例中，对各个实施例的描述都各有侧重，某个实施例中没有详述或记载的部分，可以参见其它实施例的相关描述。In the above-mentioned embodiments, the descriptions of each embodiment have their own emphases, and for parts that are not detailed or recorded in a certain embodiment, refer to the relevant descriptions of other embodiments.

本领域普通技术人员可以意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、或者外部设备软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of external device software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

在本申请所提供的实施例中，应该理解到，所揭露的装置和方法，可以通过其它的方式实现。例如，以上所描述的系统实施例仅仅是示意性的，例如，上述模块或单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口，装置或单元的间接耦合或通讯连接，可以是电性，机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. For example, the system embodiments described above are only illustrative. For example, the division of the above-mentioned modules or units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined Or it can be integrated into another system, or some features can be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

上述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读存储介质中。基于这样的理解，本申请实现上述实施例方法中的全部或部分流程，也可以通过计算机程序来指令相关的硬件来完成，上述的计算机程序可存储于一计算机可读存储介质中，该计算机程序在被处理器执行时，可实现上述各个方法实施例的步骤。其中，上述计算机程序包括计算机程序代码，上述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。上述计算机可读存储介质可以包括：能够携带上述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机可读存储器、只读存储器(ROM，Read-Only Memory)、随机存取存储器(RAM，Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是，上述计算机可读存储介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减，例如在某些司法管辖区，根据立法和专利实践，计算机可读存储介质不包括是电载波信号和电信信号。If the above integrated units are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the present application realizes all or part of the processes in the methods of the above-mentioned embodiments, and can also be completed by instructing related hardware through computer programs. The above-mentioned computer programs can be stored in a computer-readable storage medium. The computer program When executed by a processor, the steps in the above-mentioned various method embodiments can be realized. Wherein, the above-mentioned computer program includes computer program code, and the above-mentioned computer program code may be in the form of source code, object code, executable file or some intermediate form. The above-mentioned computer-readable storage medium may include: any entity or device capable of carrying the above-mentioned computer program code, a recording medium, a USB flash drive, a removable hard disk, a magnetic disk, an optical disk, a computer-readable memory, a read-only memory (ROM, Read-Only Memory ), Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunication signal, and software distribution medium, etc. It should be noted that the content contained in the above-mentioned computer-readable storage media can be appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction. For example, in some jurisdictions, computer-readable storage media The medium does not include electrical carrier signals and telecommunication signals.

以上上述实施例仅用以说明本申请的技术方案，而非对其限制；尽管参照前述实施例对本申请进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围，均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still apply to the foregoing embodiments Modifications to the technical solutions described, or equivalent replacement of some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the application, and should be included in this application. within the scope of the application.