Login information input method, login information storage method and related device
阅读说明:本技术 登录信息输入方法、登录信息保存方法及相关装置 (Login information input method, login information storage method and related device ) 是由 陈天雄 甘强 李想 李朋 季昀 张明修 于 2015-09-21 设计创作,主要内容包括:本发明实施例公开一种登录信息输入方法、登录信息保存方法及相关装置。该登录信息输入方法包括:识别出当前页面为应用程序的登录页面;识别出所述登录页面中用于输入登录信息的目标输入域;接收用户输入的生物特征信息;如果所述生物特征信息是预设生物特征信息,则从预设数据库中获取所述生物特征信息所表征的用户登录所述应用程序的登录信息;将所述登录信息填充到所述目标输入域中。上述方案可实现自动填充登录页面中的所述目标输入域,简化了用户的登录操作,并且适用范围广,不受应用程序开发平台的限制。(The embodiment of the invention discloses a login information input method, a login information storage method and a related device. The login information input method comprises the following steps: identifying that the current page is a login page of an application program; identifying a target input domain for inputting login information in the login page; receiving biological characteristic information input by a user; if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database; and filling the login information into the target input field. The scheme can realize automatic filling of the target input domain in the login page, simplifies the login operation of the user, has wide application range and is not limited by an application program development platform.)
1. A login information input method, comprising:
identifying that the current page is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving biological characteristic information input by a user;
if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database;
populating the login information into the target input field;
obtaining login information of the user, represented by the biological characteristic information, logging in the application program from a preset database comprises the following steps:
fetching the management password from a trusted execution environment;
generating the taken out management password into data to be verified through a salt adding algorithm;
determining that the data to be verified is matched with a verification code;
generating a decryption key through a salt adding algorithm according to the management password;
and decrypting the encrypted login information through a symmetric encryption algorithm according to the decryption key to obtain the original login information.
2. The method of claim 1, wherein the target input field comprises at least two input fields; the populating the login information into the target input field includes:
analyzing attributes of each of the at least two input domains;
according to the attribute of each input domain, respectively acquiring login information which is consistent with the attribute of each input domain from the login information;
and filling the login information corresponding to the attribute of each input field in each input field.
3. The method of claim 1, wherein said populating the login information into the target input field comprises: receiving a selection operation input by a user, wherein the selection operation is used for selecting a target input field needing to be filled with login information; analyzing the attribute of the target input domain selected by the selection operation; acquiring login information which is consistent with the attribute of the selected target input domain from the login information according to the attribute of the selected target input domain; and filling the selected target input field with login information corresponding to the attribute of the selected target input field.
4. The method of claim 1, wherein if the biometric information is preset biometric information, obtaining login information of the user represented by the biometric information for logging in the application from a preset database comprises:
the target operating system sends the biological characteristic information to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information, if so, the trusted execution environment obtains login information of the user represented by the biological characteristic information for logging in the application program from a preset database and sends the login information to the target operating system.
5. The method according to any one of claims 1 to 4, wherein the login information in the preset database is login information encrypted by a preset encryption rule; before the populating the target input field with the login information, the method further includes: and decrypting the login information through a decryption rule corresponding to the preset encryption rule.
6. A method according to any of claims 1-3, wherein said identifying a target input field in the login page for entering login information comprises:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
7. A method for saving login information is characterized by comprising the following steps:
identifying that the current page is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving login information input by a user in the target input field;
receiving biological characteristic information input by a user;
if the biological characteristic information is preset biological characteristic information, the login information is used as login information of a user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database;
wherein, the step of using the login information as the login information of the user represented by the biological characteristic information to login the application program and the step of saving the login information in a preset database comprises the steps of:
fetching the management password from a trusted execution environment;
generating the taken out management password into to-be-verified data through a salt adding algorithm
Determining that the data to be verified is matched with a verification code;
generating an encryption key by a salt addition algorithm according to the management password
And encrypting the login information through a symmetric encryption algorithm according to the encryption key to generate encrypted login information.
8. The method of claim 7, wherein if the biometric information is preset biometric information, the saving the login information in a preset database as login information of the user represented by the biometric information to the application comprises:
the target operating system sends the biological characteristic information to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information or not, and returns a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the target operating system sends the login information to the trusted execution environment;
and if the biological characteristic information is preset biological characteristic information, the trusted execution environment takes the login information as login information of a user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
9. The method according to claim 7 or 8, further comprising, before said saving said login information in a preset database: and encrypting the login information according to a preset encryption rule.
10. The method of claim 7, wherein said identifying a target input field in the landing page for entering landing information comprises:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
11. A terminal, comprising: an input device, an output device, a memory, and a processor coupled with the memory, wherein:
the processor reads instructions stored in the memory for performing the steps of:
identifying that a current page displayed in the output device is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving biometric information input by a user through the input device;
if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database;
populating the login information into the target input field;
obtaining login information of the user, represented by the biological characteristic information, logging in the application program from a preset database comprises the following steps:
fetching the management password from a trusted execution environment;
generating the taken out management password into data to be verified through a salt adding algorithm;
determining that the data to be verified is matched with a verification code;
generating a decryption key through a salt adding algorithm according to the management password;
and decrypting the encrypted login information through a symmetric encryption algorithm according to the decryption key to obtain the original login information.
12. The terminal of claim 11, wherein the target input field comprises at least two input fields; the step of populating the login information into the target input field includes:
analyzing, by the processor, attributes of each of the at least two input domains;
the processor respectively acquires login information which is consistent with the attribute of each input domain from the login information according to the attribute of each input domain;
and the processor fills the login information which is consistent with the attribute of each input field in each input field.
13. The terminal of claim 11, wherein the step of populating the target input field with the login information comprises:
the processor receives a selection operation input by a user through the input device, wherein the selection operation is used for selecting a target input field needing to be filled with login information; analyzing the attribute of the target input domain selected by the selection operation; acquiring login information which is consistent with the attribute of the selected target input domain from the login information according to the attribute of the selected target input domain; and filling the selected target input field with login information corresponding to the attribute of the selected target input field.
14. The terminal according to claim 11, wherein the step of obtaining login information of the user represented by the biometric information for logging in the application from a preset database if the biometric information is preset biometric information comprises:
the processor sends the biometric information to a trusted execution environment through a target operating system;
the processor verifies whether the biological characteristic information is the preset biological characteristic information through the trusted execution environment, if the biological characteristic information is the preset biological characteristic information, login information of a user, represented by the biological characteristic information, logging in the application program is obtained from a preset database through the trusted execution environment, and the login information is sent to the target operating system through the trusted execution environment.
15. The terminal according to any one of claims 11-14, wherein the login information in the preset database is login information encrypted by a preset encryption rule; the processor is further configured to: and before the login information is filled into the target input domain, decrypting the login information through a decryption rule corresponding to the preset encryption rule.
16. A terminal as claimed in any one of claims 11 to 13, wherein the step of identifying a target input field for entering login information in the login page comprises:
the processor acquires a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and the processor identifies the target input domain according to a preset context for identifying the target input domain in the context corresponding to the login page.
17. A terminal, comprising: an input device, an output device, a memory, and a processor coupled with the memory, wherein:
the processor reads instructions stored in the memory for performing the steps of:
identifying that a current page displayed in the output device is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving login information input by a user in the target input field through the input device;
receiving biometric information input by a user through the input device;
if the biological characteristic information is preset biological characteristic information, the login information is used as login information of a user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database;
wherein, the step of using the login information as the login information of the user represented by the biological characteristic information to login the application program and the step of saving the login information in a preset database comprises the steps of:
fetching the management password from a trusted execution environment;
generating the taken out management password into to-be-verified data through a salt adding algorithm
Determining that the data to be verified is matched with a verification code;
generating an encryption key by a salt addition algorithm according to the management password
And encrypting the login information through a symmetric encryption algorithm according to the encryption key to generate encrypted login information.
18. The terminal according to claim 17, wherein the step of saving the login information in a preset database as the login information of the user represented by the biometric information for logging in the application program if the biometric information is preset biometric information comprises:
the processor sends the biometric information to a trusted execution environment through a target operating system;
the processor verifies whether the biological characteristic information is the preset biological characteristic information through the trusted execution environment and returns a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the processor sends the login information to the trusted execution environment through the target operating system;
and if the biological characteristic information is preset biological characteristic information, the processor takes the login information as login information of a user represented by the biological characteristic information to log in the application program through the trusted execution environment, and stores the login information in a preset database.
19. The terminal of claim 17 or 18, wherein the processor is further configured to: and before storing the login information in a preset database, encrypting the login information according to a preset encryption rule.
20. The terminal of claim 17, wherein the step of identifying a target input field for inputting login information in the login page comprises:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
Technical Field
The invention relates to the field of terminal interaction, in particular to a login information input method, a login information storage method and a related device.
Background
With the rapid development of electronic technology and internet technology, a large number of applications or websites can be used only after users register and log in, and therefore, the users need to memorize a large amount of information such as accounts and passwords. In order to ensure the security of the account, many people prefer to set different passwords for different applications or websites, so that although the security is achieved, a large burden is brought to memorization.
In order to provide secure management of login information such as passwords, a number of password management tools have been developed to help users remember various online or offline accounts and passwords. The user only needs to set a key of the password box (namely, management password) to safely access the information such as the account and the password stored in the password box.
However, the conventional password management tool is poor in usability, and a user needs to input a management password to open the password box first, and then copy and paste an account and a password into an input field for inputting the account and the password in an application program, which is troublesome in operation.
In the prior art, when a website is logged in by using a browser (such as an IE browser), a user may automatically store login information by setting "save a user name and a password on a form", so that when subsequently logging in the website, a saved account and password may be automatically filled in a login page to realize fast login. However, such a fast login method is poor in compatibility, and is only applicable to an application program that implements a form management function module, and is not compatible with other application programs.
Disclosure of Invention
The embodiment of the invention provides a login information input method, a login information storage method and a related device, which can realize automatic filling of a target input domain in a login page by identifying the target input domain in the login page of an application program, simplify the login operation of a user, have wide application range and are not limited by an application program development platform.
In a first aspect, the present invention discloses a login information input method, which includes:
identifying that the current page is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving biological characteristic information input by a user;
if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database;
and filling the login information into the target input field.
With reference to the first aspect, in a first possible implementation manner, the target input field includes at least two input fields; the populating the login information into the target input field includes: analyzing attributes of each of the at least two input domains; according to the attribute of each input domain, respectively acquiring login information which is consistent with the attribute of each input domain from the login information; and filling the login information corresponding to the attribute of each input field in each input field.
With reference to the first aspect, in a second possible implementation manner, the populating the login information into the target input field includes: receiving a selection operation input by a user, wherein the selection operation is used for selecting a target input field needing to be filled with login information; analyzing the attribute of the target input domain selected by the selection operation; acquiring login information which is consistent with the attribute of the selected target input domain from the login information according to the attribute of the selected target input domain; and filling the selected target input field with login information corresponding to the attribute of the selected target input field.
With reference to the first aspect, in a third possible implementation manner, if the biometric information is preset biometric information, acquiring login information of a user, which is represented by the biometric information, logging in the application program from a preset database, includes:
the target operating system sends the biological characteristic information to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information, if so, the trusted execution environment obtains login information of the user represented by the biological characteristic information for logging in the application program from a preset database and sends the login information to the target operating system.
With reference to the first aspect, or with reference to any one of the first to third possible implementation manners of the first aspect, in a fourth possible implementation manner, the login information in the preset database is login information encrypted by using a preset encryption rule; before the populating the login information into the target input field, the method further comprises: and decrypting the login information through a decryption rule corresponding to the preset encryption rule.
With reference to the fourth possible implementation manner of the first aspect, or with reference to the first or the second possible implementation manner of the first aspect, in a fifth possible implementation manner, the identifying a target input field used for inputting login information in the login page includes:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
In a second aspect, the present invention discloses a method for saving login information, including:
identifying that the current page is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving login information input by a user in the target input field;
receiving biological characteristic information input by a user;
and if the biological characteristic information is preset biological characteristic information, the login information is used as login information of the user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
With reference to the second aspect, in a first possible implementation manner, if the biometric information is preset biometric information, the step of taking the login information as login information of the user represented by the biometric information to login the application program, and storing the login information in a preset database includes:
the target operating system sends the biological characteristic information to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information or not, and returns a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the target operating system sends the login information to the trusted execution environment;
and if the biological characteristic information is preset biological characteristic information, the trusted execution environment takes the login information as login information of a user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
With reference to the second aspect, or with reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, before the storing the login information in the preset database, the method further includes: and encrypting the login information according to a preset encryption rule.
With reference to the second aspect, in a third possible implementation manner, the identifying a target input field for inputting login information in the login page includes:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
In a third aspect, the present invention discloses a login information input device, including:
the first identification unit is used for identifying that the current page is a login page of the application program;
the second identification unit is used for identifying a target input domain for inputting login information in the login page;
a receiving unit for receiving biometric information input by a user;
the acquisition unit is used for acquiring login information of the user represented by the biological characteristic information for logging in the application program from a preset database if the biological characteristic information is preset biological characteristic information;
and the filling unit is used for filling the login information into the target input field.
With reference to the third aspect, in a first possible implementation manner, the target input field includes at least two input fields; the filling unit is specifically configured to: analyzing attributes of each of the at least two input domains; according to the attribute of each input domain, respectively acquiring login information which is consistent with the attribute of each input domain from the login information; and filling the login information corresponding to the attribute of each input field in each input field.
With reference to the third aspect, in a second possible implementation manner, the filling unit is specifically configured to: receiving a selection operation input by a user, wherein the selection operation is used for selecting a target input field needing to be filled with login information; analyzing the attribute of the target input domain selected by the selection operation; acquiring login information which is consistent with the attribute of the selected target input domain from the login information according to the attribute of the selected target input domain; and filling the selected target input field with login information corresponding to the attribute of the selected target input field.
With reference to the third aspect, in a third possible implementation manner, the obtaining unit is specifically configured to:
sending the biometric information to a trusted execution environment through a target operating system;
and verifying whether the biological characteristic information is the preset biological characteristic information or not through the trusted execution environment, if so, acquiring login information of the user represented by the biological characteristic information logging in the application program from a preset database through the trusted execution environment, and sending the login information to the target operating system.
With reference to the third aspect, or with reference to any one of the first to third possible implementation manners of the third aspect, in a fourth possible implementation manner, the login information in the preset database is login information encrypted by using a preset encryption rule; the device further comprises: and the decryption unit is used for decrypting the login information through a decryption rule corresponding to the preset encryption rule before the filling unit fills the login information into the target input domain.
With reference to the third aspect, or with reference to the first or second possible implementation manner of the third aspect, in a fifth possible implementation manner, the second identifying unit is specifically configured to: obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page; and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
In a fourth aspect, the present invention discloses a login information saving apparatus, including:
the first identification unit is used for identifying that the current page is a login page of the application program;
the second identification unit is used for identifying a target input domain for inputting login information in the login page;
a first receiving unit, configured to receive login information input by a user in the target input field;
a second receiving unit for receiving the biometric information input by the user;
and the storage unit is used for taking the login information as login information of the user represented by the biological characteristic information for logging in the application program if the biological characteristic information is preset biological characteristic information, and storing the login information in a preset database.
With reference to the fourth aspect, in a first possible implementation manner, the saving unit is specifically configured to:
sending the biometric information to a trusted execution environment through a target operating system;
verifying whether the biological characteristic information is the preset biological characteristic information or not through the trusted execution environment, and returning a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the login information is sent to the trusted execution environment through the target operating system;
and if the biological characteristic information is preset biological characteristic information, the login information is used as login information of a user represented by the biological characteristic information for logging in the application program through the trusted execution environment, and the login information is stored in a preset database.
With reference to the fourth aspect, or with reference to the first possible implementation manner of the fourth aspect, the apparatus further includes: and the encryption unit is used for encrypting the login information according to a preset encryption rule before the storage unit stores the login information in a preset database.
With reference to the fourth aspect, in a third possible implementation manner, the second identifying unit is specifically configured to: obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page; and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
In a fifth aspect, the present invention discloses a terminal, configured to implement the method in the first aspect, where the method includes: an input device, an output device, a memory, and a processor coupled with the memory, wherein:
the processor reads instructions stored in the memory for performing the steps of:
identifying that a current page displayed in the output device is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving biometric information input by a user through the input device;
if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database;
and filling the login information into the target input field.
With reference to the fifth aspect, in a first possible implementation manner, the target input field includes at least two input fields; the step of populating the login information into the target input field includes:
analyzing, by the processor, attributes of each of the at least two input domains;
the processor respectively acquires login information which is consistent with the attribute of each input domain from the login information according to the attribute of each input domain;
and the processor fills the login information which is consistent with the attribute of each input field in each input field.
With reference to the fifth aspect, in a second possible implementation manner, the step of populating the login information into the target input field includes:
the processor receives a selection operation input by a user through the input device, wherein the selection operation is used for selecting a target input field needing to be filled with login information; analyzing the attribute of the target input domain selected by the selection operation; acquiring login information which is consistent with the attribute of the selected target input domain from the login information according to the attribute of the selected target input domain; and filling the selected target input field with login information corresponding to the attribute of the selected target input field.
With reference to the fifth aspect, in a third possible implementation manner, if the biometric information is preset biometric information, the step of obtaining login information of the user, which is characterized by the biometric information, logging in the application program from a preset database includes:
the processor sends the biometric information to a trusted execution environment through a target operating system;
the processor verifies whether the biological characteristic information is the preset biological characteristic information through the trusted execution environment, if the biological characteristic information is the preset biological characteristic information, login information of a user, represented by the biological characteristic information, logging in the application program is obtained from a preset database through the trusted execution environment, and the login information is sent to the target operating system through the trusted execution environment.
With reference to the fifth aspect, or with reference to any one of the first to third possible implementation manners of the fifth aspect, in a fourth possible implementation manner, the login information in the preset database is login information encrypted by using a preset encryption rule; the processor is further configured to: and before the login information is filled into the target input domain, decrypting the login information through a decryption rule corresponding to the preset encryption rule.
With reference to the fifth aspect, or with reference to any one of the first or second possible implementation manners of the fifth aspect, in a fifth possible implementation manner, the identifying a target input field for inputting login information in the login page includes:
the processor acquires a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and the processor identifies the target input domain according to a preset context for identifying the target input domain in the context corresponding to the login page.
In a sixth aspect, the present invention discloses a terminal, configured to implement the method in the second aspect, including: an input device, an output device, a memory, and a processor coupled with the memory, wherein:
the processor reads instructions stored in the memory for performing the steps of:
identifying that a current page displayed in the output device is a login page of an application program;
identifying a target input domain for inputting login information in the login page;
receiving login information input by a user in the target input field through the input device;
receiving biometric information input by a user through the input device;
and if the biological characteristic information is preset biological characteristic information, the login information is used as login information of the user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
With reference to the sixth aspect, in a first possible implementation manner, if the biometric information is preset biometric information, the step of using the login information as login information of the user represented by the biometric information to login the application program, and saving the login information in a preset database includes:
the processor sends the biometric information to a trusted execution environment through a target operating system;
the processor verifies whether the biological characteristic information is the preset biological characteristic information through the trusted execution environment and returns a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the processor sends the login information to the trusted execution environment through the target operating system;
and if the biological characteristic information is preset biological characteristic information, the processor takes the login information as login information of a user represented by the biological characteristic information to log in the application program through the trusted execution environment, and stores the login information in a preset database.
With reference to the sixth aspect, or the first possible implementation manner of the sixth aspect, in a second possible implementation manner, the processor is further configured to: and before storing the login information in a preset database, encrypting the login information according to a preset encryption rule.
With reference to the sixth aspect, in a third possible implementation manner, the identifying a target input field for inputting login information in the login page includes:
obtaining a context corresponding to the login page; the context is used for representing the control object and the resource which are referred by the login page;
and in the context corresponding to the login page, identifying the target input domain according to the preset context for identifying the target input domain.
By implementing the embodiment of the invention, the target input domain used for inputting the login information in the login page of the application program is identified, the biological characteristic information input by the user is verified, if the biological characteristic information is verified, the login information of the user for logging in the application program is acquired from the preset database, and the login information is filled in the target input domain, so that the target input domain in the login page can be automatically filled, the login operation of the user is simplified, the application range is wide, and the application range is not limited by an application program development platform.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below.
Fig. 1 is a schematic flowchart of a login information saving method according to an embodiment of the present invention;
FIG. 2A is an exemplary landing page of an application provided by an embodiment of the present invention;
FIG. 2B is an exemplary interface for saving login information according to an embodiment of the present invention;
FIG. 2C is an exemplary interface for identity verification to store login information according to an embodiment of the present invention;
fig. 3A is a schematic diagram of a login information encryption process according to an embodiment of the present invention;
fig. 3B is a schematic diagram of a generation process of an encryption key according to an embodiment of the present invention;
fig. 3C is a schematic diagram of another login information encryption process provided by the embodiment of the present invention;
FIG. 3D is a diagram illustrating a generation process of a verification code according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a login information input method according to an embodiment of the present invention;
FIG. 5A is an exemplary interface for entry of login information provided by embodiments of the present invention;
FIG. 5B is an exemplary interface for authentication of login information according to an embodiment of the present invention;
FIG. 6A is a diagram illustrating a decryption process for login information according to an embodiment of the present invention;
fig. 6B is a schematic diagram of a decryption key generation process according to an embodiment of the present invention;
FIG. 6C is a diagram illustrating another decryption process for login information according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a login information holding apparatus according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a login information input device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a terminal for implementing a login information saving method according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a terminal for implementing a login information input method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention can be realized by a mobile terminal, and can also be realized by computing equipment such as a personal computer, network equipment and the like. The following description will be given taking a mobile terminal as an example.
Preferably, the solution of the present invention can be implemented by an APP installed and running in a mobile terminal. Specifically, the scheme of the present invention can be implemented by an APP running in the background all the time. Furthermore, the scheme of the invention can be integrated in an APP running in the background all the time as a functional module.
Here, the mobile terminal includes, but is not limited to, any handheld electronic product based on a smart operating system, which can perform human-computer interaction with a user through an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as a smart phone, a tablet computer, and the like. The smart operating system includes, but is not limited to, any operating system that enriches device functionality by providing various mobile applications to the mobile device, such as Android (Android), IOS, Windows Phone, etc.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for saving login information according to an embodiment of the present invention. In the login information saving method shown in fig. 1, the mobile terminal identifies a target input field for inputting login information in a login page of an application program, and if the biometric information input by the user passes verification, the login information input in the target input field is used as the login information of the user for logging in the application program and is saved in a preset database, so that the login information input by the user on the login page can be automatically saved in the preset data, and support is provided for a login information input method described later in the invention. As shown in fig. 1, the method includes:
s101, identifying that the current page is a login page of the application program.
S103, identifying a target input domain for inputting login information in the login page.
And S105, receiving login information input by the user in the target input domain.
And S107, receiving the biological characteristic information input by the user.
And S109, if the biological characteristic information is preset biological characteristic information, using the login information as login information of the user represented by the biological characteristic information to login the application program, and storing the login information in a preset database.
Specifically, the application program related to the embodiment of the present invention refers to an application program currently opened by a user, and may be a Web application (Web App), a Hybrid App (Hybrid App), or a Native App (Native App). The login page related to the embodiment of the invention refers to a page provided by the application program for the user to input login information. The login information related to the embodiment of the invention refers to information required by the user to login the application program, specifically, a user name, a password and the like.
In a specific implementation, the mobile terminal may identify the application program to which the current page belongs according to the interface element included in the current page. For example, the application program to which the current page belongs is identified according to information such as characters, pictures or trademarks in a title bar of the current page. In practical applications, the mobile terminal may further identify the application program to which the current page belongs according to other information, for example, a prompt in a pop-up window, which is not limited herein.
Further, the mobile terminal needs to identify whether the current page is the login page.
In one implementation, the mobile terminal may analyze whether the current page is the login page according to interface elements included in the current page. For example, if the current page contains a "login" control for triggering a login request, the mobile terminal may determine that the current page is the login page.
In another implementation manner, the terminal may determine whether the target input domain exists in the current page, and if the target input domain exists, determine that the current page is the login page.
In the embodiment of the invention, the terminal can obtain the context corresponding to the login page and identify the target input domain according to the context.
The context is used to characterize the control objects and resources referenced by the landing page. For example, in Android, an interface Context (Activity Context) is created when an application interface (Activity) is started, mainly to save references to current interface controls and resources.
Here, control objects include, but are not limited to: input type controls for receiving user input, such as buttons (Button), text input boxes (e.g., EditText in Android), etc., and output type controls for displaying information to the user, such as labels (Label), text display boxes (e.g., TextView in Android), etc. Here, resources include, but are not limited to: and displaying resources such as characters and pictures in the output type control.
In a specific implementation, the mobile terminal may first identify an input field for inputting text information in a current page according to the control type. For example, as shown in fig. 2A, the mobile terminal may recognize a control object in the login page 301, in which the control type is a text input box, as an input field, including: input field 302, input field 304, and input field 306.
It should be noted that the login information according to the embodiment of the present invention does not include dynamic information such as a dynamic authentication code that is temporarily generated to prevent malicious login. Accordingly, the target input field does not include an input field for inputting temporary login information such as a dynamic authentication code.
In a specific implementation, the mobile terminal may preset a context for identifying the target input domain, and identify the target input domain according to the preset context for identifying the target input domain in the context corresponding to the login page. The context corresponding to the target input field may include: the target input field comprises adjacent controls on the page layout and resources referenced by the adjacent controls.
For example, the adjacent control of the user name field is preset as a text display box, and the text resources referred by the adjacent control comprise: a user name, an account number, a mailbox and other character strings. Then, the mobile terminal may recognize an input field after the text display box in fig. 2A, in which the contents are displayed as a "user name", as a user name field.
It should be noted that the context corresponding to the target input field may also be customized by the user. For example, third party software needs to log in with an identification number. Then, the third party may use the text display box displaying the content as "identification number" as the adjacent control of the username domain.
The example is only one implementation manner of the embodiment of the present invention, and may be different in practical applications, and should not be construed as a limitation.
Further, the mobile terminal may analyze the attribute of the target input domain according to the context corresponding to the target input domain. Here, the attribute of the target input field may be used to indicate a type of information received by the target input field.
For example, in FIG. 2A, the adjacent control of input field 302 is a text display box displaying "username" and the adjacent control of input field 304 is a text display box displaying "password". Then, the mobile terminal may decide: the input field 302 is a username field for receiving a username; the input field 304 is a password field for receiving a password. The example is only one implementation manner of the embodiment of the present invention, and may be different in practical application, and should not be construed as a limitation.
It can be understood that the target input domain is identified by analyzing the context of the login page in the embodiment of the invention, the method is not limited by a development platform of an application program, and has wide application range and good compatibility.
In a specific implementation, after the target input domain in the login page is identified, the mobile terminal may monitor the target input domain, determine whether information is input in the target input domain, and if information is input, store the login information input in the target input domain in a preset database for secure storage.
For example, as shown in fig. 2B, when detecting that there is an information input in the target input field, the mobile terminal may pop up a prompt box on the login page to prompt the user to save the login information input in the target input field.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. Before the user accesses the preset database, the mobile terminal needs to perform identity authentication on the user, and the user who passes the authentication can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before storing the login information input in the target input domain in the preset database, the mobile terminal may receive biometric information input by a user, and if the biometric information is preset biometric information, the login information input in the target input domain is used as login information of the user, represented by the biometric information, for logging in the application program, and the login information is stored in the preset database.
For example, as shown in fig. 2C, the mobile terminal may verify the user identity by scanning the user's fingerprint. The example is only one implementation manner of the embodiment of the present invention, and in practical applications, the mobile terminal may also verify the identity of the user by verifying biometric information input by the user through face recognition, iris recognition, voice feature recognition, and the like, which is not limited herein. Of course, in addition to verifying the biometric information, the mobile terminal may also verify the user identity through other verification methods, such as password verification, and the embodiments of the present invention are not limited thereto.
In the embodiment of the present invention, the preset database may be as shown in table 1, and is only used for storing login information of a single legal user:
TABLE 1
The preset database shown in table 1 stores login information of the single legitimate user login "application 1" and "application 2". The user has 2 login information (i.e. 2 login accounts) for logging in the application program 2, which are respectively: login information B and login information C.
In the embodiment of the present invention, the preset database may also be used to store login information of a plurality of valid users as shown in table 2:
TABLE 2
The preset database shown in table 2 stores legitimate users: "user 1" and "user 2" log in the login information of "application 1" and "application 2". Wherein, the "user 1" corresponds to login information of 2 login "application programs 2", which are respectively: login information B and login information C; "user 2" corresponds to login information for 2 login "application 1", which are: login information D and login information E.
It should be noted that the single legal user may correspond to one (or more) preset biometric information. Each user of the plurality of valid users may also correspond to one (or more) preset biometric information. Namely: one (or more) predetermined biometric information may be used to characterize a legitimate user.
In practice, the user may set the preset biometric information (e.g., fingerprint) when using (or enrolling) the scheme of the present invention for the first time.
It should be noted that the preset databases shown in table 1 and table 2 are only one implementation manner of the embodiment of the present invention, and may be different in practical application, and should not be limited. The data storage form of the preset database may include, but is not limited to: databases, files, tables, and the like.
In the embodiment of the present invention, in order to enhance the security of the preset database, when saving the login information input in the target input field, the mobile terminal may encrypt the login information according to a preset encryption rule, and save the encrypted login information in the database.
The encryption process of the login information according to the embodiment of the present invention may be as shown in fig. 3A, where the mobile terminal encrypts the login information through a symmetric encryption algorithm (e.g., AES 256). Wherein, the encryption key may be a preset encryption key.
In the embodiment of the present invention, the mobile terminal may set the management password of the preset database, where the management password is used to generate the encryption and decryption keys of the symmetric encryption algorithm, that is, the encryption and decryption keys of the symmetric encryption algorithm do not need to be stored, and only the management password needs to be stored. In a specific implementation, the mobile terminal may store the management password in a Trusted Execution Environment (TEE) corresponding to preset biometric information, where the preset biometric information may be a credential for obtaining the management password.
In practice, the user may set the management password when using (or registering) the scheme of the present invention for the first time.
As shown in fig. 3B, the mobile terminal may generate an encryption key from the management password through a salt adding algorithm, so as to increase encryption complexity and improve security.
Preferably, an encryption process of login information according to an embodiment of the present invention may be as shown in fig. 3C, where the encryption process includes:
A. after the biometric information (such as a fingerprint) is verified, taking the management password from the TEE;
B. generating the taken out management password into data to be verified through a salt adding algorithm, wherein a salt value 2 can be preset;
C. comparing whether the data to be verified is consistent with the verification code, if so, indicating that the taken out management password is correct, and executing step D; the generation process of the verification code can be as shown in fig. 3D;
D. generating an encryption key by a salt adding algorithm by using the management password, wherein a salt value 1 can be preset;
E. the login information is encrypted by a symmetric encryption algorithm (such as AES256) using the encryption key to generate encrypted login information.
As can be seen from the encryption process shown in fig. 3C, after the management password is taken out from the TEE, the mobile terminal may verify whether the taken out management password is correct, and if so, the encryption key is generated by using the taken out management password to encrypt the login information, so that the correctness and the security of the encryption can be ensured, and a basis is provided for subsequently decrypting the login information.
It should be noted that, in practical applications, other encryption algorithms, such as an asymmetric encryption algorithm, may also be used in the encryption process of the login information according to the embodiment of the present invention, which is not limited herein.
In order to further enhance the security of the scheme of the present invention, it may be preferable that the steps related to user authentication and login information saving are performed by a Trusted Execution Environment (TEE), and the steps related to input and output of human-computer interaction (such as S101 to S107 described above) are performed by a target operating system. The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
Specifically, the specific implementation manner of S109 may include:
the target operating system may send the biometric information received in S107 above to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information or not, and returns a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the target operating system sends the login information to the trusted execution environment;
and if the biological characteristic information is preset biological characteristic information, the trusted execution environment takes the login information as login information of a user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
The steps related to the scheme of the invention are respectively executed by the trusted execution environment and the target operating system, so that the steps of user identity authentication and login information storage caused by malicious attack on the target operating system can be prevented from being maliciously tampered, and the safety of the scheme of the invention can be enhanced.
By implementing the embodiment of the invention, the mobile terminal can identify the target input domain for inputting the login information in the login page of the application program and verify the biological characteristic information input by the user, if the biological characteristic information passes the verification, the login information input in the target input domain is used as the login information of the user for logging in the application program and is stored in the preset database, so that the login information input by the user on the login page can be automatically stored, and support is provided for the login information input method described later in the invention.
Referring to fig. 4, fig. 4 is a schematic flowchart of a login information input method according to an embodiment of the present invention. In the login information input method shown in fig. 4, the mobile terminal identifies a target input field for inputting login information in a login page of an application program, and if the biometric information input by the user passes verification, the login information of the user logging in the application program is acquired from a preset database, and the login information is filled in the target input field, so that the target input field in the login page can be automatically filled, and the login operation of the user is simplified. As shown in fig. 4, the method includes:
s401, identifying that the current page is a login page of the application program.
S403, identifying a target input domain for inputting login information in the login page.
S405, receiving the biological feature information input by the user.
S407, if the biological characteristic information is preset biological characteristic information, obtaining login information of the user represented by the biological characteristic information for logging in the application program from a preset database.
S409, filling the login information into the target input domain.
Specifically, S401 and S403 may refer to relevant contents in the embodiment of fig. 1, which is not described herein again. That is, the mobile terminal may recognize the target input field in the login page through S401 and S403, and further analyze the attribute of the target input field.
In a specific implementation, as shown in fig. 5A, after the user opens the login page of the application program, the mobile terminal may query the preset database, determine whether login information of the application program exists in the preset database, and if so, pop up a prompt box on the login page to prompt the user to fill the target input field.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. Before the user accesses the preset database, the mobile terminal needs to perform identity authentication on the user, and the user who passes the authentication can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before obtaining login information of a user logging in the application program from the preset database, the mobile terminal may receive biometric information input by the user, and if the biometric information is preset biometric information, obtain login information of the user logging in the application program, which is represented by the biometric information, from the preset database, and fill the obtained login information in the target input domain.
For example, as shown in fig. 5B, the mobile terminal may verify the user identity by scanning the user's fingerprint. The example is only one implementation manner of the embodiment of the present invention, and in practical applications, the mobile terminal may also verify the identity of the user by verifying biometric information input by the user through face recognition, iris recognition, voice feature recognition, and the like, which is not limited herein. Of course, in addition to verifying the biometric information, the mobile terminal may also verify the user identity through other verification methods, such as password verification, and the embodiments of the present invention are not limited thereto.
In the embodiment of the present invention, the preset database may be only used to store login information of a single legal user, as shown in table 1 in the embodiment of fig. 1. In this embodiment of the present invention, the preset database may also be used to store login information of a plurality of valid users, as shown in table 2 in the embodiment of fig. 1.
It should be noted that the single legal user may correspond to one (or more) preset biometric information. Each user of the plurality of valid users may also correspond to one (or more) preset biometric information. Namely: one (or more) predetermined biometric information may be used to characterize a legitimate user.
In practice, the user may set the preset biometric information (e.g., fingerprint) when using (or enrolling) the scheme of the present invention for the first time.
In an embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. When the at least two input fields are filled, the mobile terminal may obtain, from the login information, login information that conforms to the attribute of each input field according to the attribute of each input field of the at least two input fields, and fill, in each input field, login information that conforms to the attribute of each input field.
Referring to the contents of the embodiment of fig. 1, the attribute of the target input field may be used to indicate the type of information received by the target input field. That is, the username domain is used to receive a username and the password domain is used to receive a password.
The filling of the target input field is described in detail below by taking the username field and the password field as examples:
if both the username domain and password domain are blank. Then, the mobile terminal may obtain, according to the identifier of the application program and the identifier of the user represented by the biometric information, a user name and a password of the user logging in the application program from the preset database, fill the user name into a blank user name field, and fill the password into a blank password field.
It should be noted that, if one user corresponds to multiple login information sets, that is, one user has multiple login accounts (for example, "user 1" in the foregoing table 2 corresponds to login information for 2 login "application 2"), the mobile terminal may preferably pop up a selection interface when filling the target input field, so that the user selects one account from the multiple login accounts to log in.
If the username field is not blank, the password field is blank. Then, the mobile terminal may obtain, from the preset database, a password for the user to log in the application program through the user name according to the identifier of the application program, the identifier of the user represented by the biometric information, and the user name input in the user name field, and fill the password in the blank password field.
Optionally, in this embodiment of the present invention, the mobile terminal may selectively fill the target input field according to a selection operation of the user.
Specifically, the mobile terminal may receive a selection operation input by a user, obtain login information that matches the attribute of the selected target input field from the login information (i.e., login information of the application program logged in by the user represented by the biometric information received in S405) according to the attribute of the target input field selected by the selection operation, and fill the selected target input field with login information that matches the attribute of the selected target input field.
For example, the user may select a target input field to fill in at the landing page by a single finger touch. Preferably, the mobile terminal may perform the above S405 while receiving the single-finger touch selection of the user. That is, the mobile terminal may acquire the fingerprint information of the user while receiving a selection operation (touch operation) of the user. Therefore, the operation times of the user can be reduced, and the user experience is improved.
It should be noted that, the user may select the target input field to be filled by using one finger on the login page, and input the fingerprint information by using another finger. In practical applications, the user may also select the target input field to be filled by other means, such as pressing the target input field for a long time, which is not limited herein.
Referring to the embodiment of fig. 1, in order to enhance the security of the preset database, the login information in the preset database may be login information encrypted by a preset encryption rule. Accordingly, the mobile terminal needs to decrypt the login information obtained in S407. The decryption rule may be a preset decryption rule corresponding to the preset encryption rule.
If the encryption process of the login information is as shown in fig. 3A, the mobile terminal may similarly decrypt the encrypted login information through a symmetric encryption algorithm as shown in fig. 6A. Wherein the decryption key is the same as the encryption key.
As can be seen from the content of the embodiment in fig. 1, the mobile terminal may set a management password of the preset database, where the management password is used to generate the encryption and decryption keys of the symmetric encryption algorithm, that is, the encryption and decryption keys of the symmetric encryption algorithm do not need to be stored, and only the management password needs to be stored. In a specific implementation, the mobile terminal may store the management password and preset biometric information in a Trusted Execution Environment (TEE) in a corresponding manner, where the preset biometric information may be a credential for obtaining the management password.
In practice, the user may set the management password when using (or registering) the scheme of the present invention for the first time.
If the generation process of the encryption key is as shown in fig. 3B, then in order to maintain the consistency of the encryption and decryption keys, the mobile terminal may likewise generate the decryption key using the management password as shown in fig. 6B.
If the encryption process of the login information is as shown in fig. 3C, then, correspondingly, the decryption process of the encrypted login information may be as shown in fig. 6C, including:
A. after the biometric information (such as a fingerprint) is verified, taking the management password from the TEE;
B. generating the taken out management password into data to be verified through a salt adding algorithm, wherein a salt value 2 can be preset;
C. comparing whether the data to be verified is consistent with the verification code, if so, indicating that the taken out management password is correct, and executing step D; the generation process of the verification code may be as shown in fig. 3D;
D. generating a decryption key by a salt adding algorithm by using the management password, wherein a salt value 1 can be preset;
E. and D, decrypting the encrypted login information by using a decryption key generated by D through a symmetric encryption algorithm (such as AES256) to obtain the original login information.
As can be seen from the decryption process shown in fig. 6C, after the management password is taken out from the TEE, the mobile terminal needs to verify whether the taken out management password is correct, and if the management password is correct, the mobile terminal generates the decryption key by using the taken out management password to decrypt the login information, so that the correctness and the security of the whole encryption and decryption process can be ensured.
It should be noted that the decryption rule of the encrypted login information may also be other decryption rules corresponding to the encryption rule of the login information, such as a decryption process agreed by an asymmetric encryption algorithm, which is not limited herein.
In order to further enhance the security of the scheme of the present invention, it may be preferable that the steps related to user authentication and login information acquisition are performed by a Trusted Execution Environment (TEE), and the steps related to input and output of human-computer interaction (such as S401 to S405, S409) are performed by a target operating system. The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
Specifically, the specific implementation manner of S407 may include:
the target operating system sends the biometric information received in the above S405 to a trusted execution environment;
the trusted execution environment verifies whether the biological characteristic information is the preset biological characteristic information, if so, the trusted execution environment obtains login information of the user represented by the biological characteristic information for logging in the application program from a preset database and sends the login information to the target operating system. Correspondingly, the target operating system acquires the login information sent by the trusted execution environment.
The steps related to the scheme of the invention are respectively executed by the trusted execution environment and the target operating system, so that the steps of user identity authentication and login information acquisition caused by malicious attack on the target operating system can be prevented from being maliciously tampered, and the safety of the scheme of the invention can be enhanced.
By implementing the embodiment of the invention, the mobile terminal can identify the target input domain for inputting the login information in the login page of the application program and verify the biological characteristic information input by the user, if the biological characteristic information passes the verification, the login information of the user for logging in the application program is obtained from the preset database, and the login information is filled in the target input domain, so that the target input domain in the login page can be automatically filled, the login operation of the user is simplified, the application range is wide, and the application range is not limited by an application program development platform.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a login information storage apparatus according to an embodiment of the present invention. As shown in fig. 7, the login information holding means 70 may include: first identifying section 701, second identifying section 703, first receiving section 705, second receiving section 707, and holding section 709. Wherein:
a first identifying unit 701, configured to identify that a current page is a login page of an application;
a second identifying unit 703, configured to identify a target input field for inputting login information in the login page;
a first receiving unit 705, configured to receive login information input by a user in the target input field;
a second receiving unit 707 for receiving biometric information input by a user;
a saving unit 709, configured to take the login information as login information of the user represented by the biometric information to log in the application, and save the login information in a preset database.
Specifically, the application program related to the embodiment of the present invention refers to an application program currently opened by a user, and may be a Web application (Web App), a Hybrid App (Hybrid App), or a Native App (Native App). The login page related to the embodiment of the invention refers to a page provided by the application program for the user to input login information. The login information related to the embodiment of the invention refers to information required by the user to login the application program, specifically, a user name, a password and the like.
In a specific implementation, the login information saving device 70 may identify the application program to which the current page belongs according to the interface element included in the current page. For example, the application program to which the current page belongs is identified according to information such as characters, pictures or trademarks in a title bar of the current page. In practical applications, the login information storage device 70 may also identify the application program to which the current page belongs according to other information, such as a prompt in a pop-up window, which is not limited herein.
Further, the first identifying unit 701 needs to identify whether the current page is the login page.
In one implementation manner, the first identifying unit 701 may analyze whether the current page is the login page according to interface elements included in the current page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 701 may determine that the current page is the login page.
In another implementation manner, the first identifying unit 701 may determine whether the target input field exists in the current page, and if the target input field exists, determine that the current page is the login page.
In this embodiment of the present invention, the second identifying unit 703 may obtain a context corresponding to the login page, and identify the target input domain according to the context.
The context is used to characterize the control objects and resources referenced by the landing page. . For example, in Android, an interface Context (Activity Context) is created when an application interface (Activity) is started, mainly to save references to current interface controls and resources.
Here, control objects include, but are not limited to: input type controls for receiving user input, such as buttons (Button), text input boxes (e.g., EditText in Android), etc., and output type controls for displaying information to the user, such as labels (Label), text display boxes (e.g., TextView in Android), etc. Here, resources include, but are not limited to: and displaying resources such as characters and pictures in the output type control.
In a specific implementation, the second identifying unit 703 may preset a context for identifying the target input field, and identify the target input field according to a preset context for identifying the target input field in the context corresponding to the login page. The context corresponding to the target input field may include: the target input field comprises adjacent controls on the page layout and resources referenced by the adjacent controls.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the authenticated user can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before the saving unit 709 saves the login information input in the target input field in the preset database, the second receiving unit 707 may receive the biometric information input by the user, and if the biometric information is preset biometric information, the saving unit 709 saves the login information input in the target input field in the preset database as the login information of the user logged in the application program represented by the biometric information.
It should be noted that one (or more) predetermined biometric information may be used to characterize a legitimate user.
In practice, the user may set the preset biometric information (e.g., fingerprint) when using (or enrolling) the scheme of the present invention for the first time.
In the embodiment of the present invention, in order to enhance the security of the preset database, when saving the login information input in the target input field, the login information saving device 70 needs to encrypt the login information.
Further, the login information holding means 70 includes: the first identifying unit 701, the second identifying unit 703, the first receiving unit 705, the second receiving unit 707, and the storing unit 709 may further include: an encrypting unit, configured to encrypt the login information according to a preset encryption rule before the storing unit 709 stores the login information in a preset database.
Further, to further enhance the security of the present solution, the saving unit 709 may preferably perform steps related to user authentication and login information saving through a Trusted Execution Environment (TEE). The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
In a specific implementation, the saving unit 709 may be specifically configured to:
sending, by the target operating system, the biometric information to a trusted execution environment;
verifying whether the biological characteristic information is the preset biological characteristic information or not through the trusted execution environment, and returning a verification result to the target operating system;
if the biological characteristic information is preset biological characteristic information, the login information is sent to the trusted execution environment through the target operating system;
and if the biological characteristic information is preset biological characteristic information, the login information is used as login information of a user represented by the biological characteristic information for logging in the application program through the trusted execution environment, and the login information is stored in a preset database.
The storing unit 709 executes the relevant steps of the scheme of the present invention through the trusted execution environment and the target operating system, so as to avoid the step of user authentication and login information storage from being maliciously tampered due to the target operating system being maliciously attacked, and enhance the security of the scheme of the present invention.
It is understood that the specific implementation of each functional module of the login information saving device 70 may also refer to the method in the embodiment of fig. 1, and is not described herein again.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a login information input device according to an embodiment of the present invention. As shown in fig. 8, the login information input means 80 may include: a first recognition unit 801, a second recognition unit 803, a receiving unit 805, an obtaining unit 807 and a padding unit 809. Wherein:
a first identifying unit 801, configured to identify that a current page is a login page of an application;
a second identifying unit 803, configured to identify a target input field for inputting login information in the login page;
a receiving unit 805 for receiving biometric information input by a user;
an obtaining unit 807 configured to obtain login information of the user represented by the biometric information logging in the application program from a preset database if the biometric information is preset biometric information;
a filling unit 809 for filling the login information into the target input field.
Specifically, the first identifying unit 801 needs to identify whether the current page is the login page.
In one implementation, the first identifying unit 801 may analyze whether the current page is the login page according to interface elements included in the current page. For example, if the current page contains a "login" control for triggering a login request, the first identifying unit 801 may determine that the current page is the login page.
In another implementation manner, the first identifying unit 801 may determine whether the target input field exists in the current page, and if the target input field exists in the current page, determine that the current page is the login page.
In this embodiment of the present invention, the second identifying unit 803 may obtain a context corresponding to the login page, and identify the target input domain according to the context.
The context is used to characterize the control objects and resources referenced by the landing page. Here, control objects include, but are not limited to: input type controls for receiving user input, such as buttons (Button), text input boxes (e.g., EditText in Android), etc., and output type controls for displaying information to the user, such as labels (Label), text display boxes (e.g., TextView in Android), etc. Here, resources include, but are not limited to: and displaying resources such as characters and pictures in the output type control.
In a specific implementation, the second identifying unit 803 may preset a context for identifying the target input domain, and identify the target input domain according to a preset context for identifying the target input domain in the context corresponding to the login page. The context corresponding to the target input field may include: the target input field comprises adjacent controls on the page layout and resources referenced by the adjacent controls.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. Before the user accesses the preset database, the user needs to be authenticated, and the authenticated user can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before the obtaining unit 807 obtains the login information of the user logging in the application program from the preset database, the receiving unit 805 may receive the biometric information input by the user, if the biometric information is preset biometric information, the obtaining unit 807 obtains the login information of the user logging in the application program, which is characterized by the biometric information, from the preset database, and then the filling unit 809 fills the obtained login information into the target input field.
It should be noted that one (or more) predetermined biometric information may be used to characterize a legitimate user.
In practice, the user may set the preset biometric information (e.g., fingerprint) when using (or enrolling) the scheme of the present invention for the first time.
In an embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. When the filling unit 809 fills the at least two input fields, the obtaining unit 807 may obtain, from the login information, login information that conforms to the attribute of each of the at least two input fields, respectively, according to the attribute of each of the at least two input fields, and trigger the filling unit 809 to fill the login information that conforms to the attribute of each of the input fields in each of the input fields.
Optionally, in this embodiment of the present invention, the filling unit 809 may selectively fill the target input field according to a selection operation of a user.
Specifically, the filling unit 809 may receive a selection operation input by a user, obtain login information corresponding to the attribute of the selected target input field from the login information according to the attribute of the target input field selected by the selection operation, and fill login information corresponding to the attribute of the selected target input field in the selected target input field.
In order to enhance the security of the preset database, the login information in the preset database may be login information encrypted by a preset encryption rule.
Accordingly, the login information input device 80 needs to decrypt the login information obtained by the obtaining unit 807.
Further, the login information input means 80 includes: the first identifying unit 801, the second identifying unit 803, the receiving unit 805, the obtaining unit 807 and the filling unit 809 may further include: a decryption unit, configured to decrypt the login information according to a decryption rule corresponding to the preset encryption rule before the padding unit 809 pads the login information in the target input domain.
Furthermore, in order to further enhance the security of the inventive solution, the obtaining unit 807 may preferably perform steps related to user authentication and login information obtaining through a Trusted Execution Environment (TEE). The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
In a specific implementation, the obtaining unit 807 may be specifically configured to:
sending the biometric information to a trusted execution environment through a target operating system;
and verifying whether the biological characteristic information is the preset biological characteristic information or not through the trusted execution environment, if so, acquiring login information of the user represented by the biological characteristic information logging in the application program from a preset database through the trusted execution environment, and sending the login information to the target operating system.
The obtaining unit 807 executes the relevant steps of the scheme of the present invention respectively through the trusted execution environment and the target operating system, so as to avoid the steps of user authentication and login information obtaining from being maliciously tampered due to the target operating system being maliciously attacked, and enhance the security of the scheme of the present invention.
It is understood that the specific implementation of each functional module of the login information input device 80 may also refer to the method in the embodiment of fig. 4, and will not be described herein again.
In order to implement the embodiment of the present invention, the present invention provides a terminal, which is used to implement the login information storage method described in the embodiment of fig. 1. Referring to fig. 9, the terminal 100 may include: baseband chip 100, memory 105 (which may include one or more computer-readable storage media), Radio Frequency (RF) module 106, peripheral system 107, display (LCD)113, camera 114, audio circuitry 115, touch screen 116, and sensors 117 (which may include one or more sensors). Among them, the baseband chip 100 may integrally include: one or more processors 101, a clock module 102, and a power management module 103. These components may communicate over one or more communication buses 104.
It should be understood that terminal 100 is only one example of the invention and that terminal 100 may have more or fewer components than shown, may combine two or more components, or may have a different configuration implementation of the components.
Memory 105 is coupled to processor 101 for storing various software programs and/or sets of instructions. In particular implementations, memory 105 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.
The Radio Frequency (RF) module 106 is used to receive and transmit radio frequency signals. The Radio Frequency (RF) module 106 communicates with a communication network and other communication devices through radio frequency signals. In particular implementations, the Radio Frequency (RF) module 106 may include, but is not limited to: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, a storage medium, and the like. In some embodiments, the Radio Frequency (RF) module 106 may be implemented on a separate chip.
The peripheral system 107 is mainly used to implement an interactive function between the terminal 100 and a user/external environment, and mainly includes an input and output device of the terminal 200. In a specific implementation, the peripheral system 107 may include: a display (LCD) controller 108, a camera controller 109, an audio controller 110, a touch screen controller 111, and a sensor management module 112. Wherein each controller may be coupled with a respective peripheral device. In some embodiments, the peripheral system 107 may also include controllers for other I/O peripherals.
The clock module 102 integrated in the baseband chip 100 is mainly used for generating clocks required for data transmission and timing control for the processor 101. The power management module 103 integrated in the baseband chip 100 is mainly used for providing stable and high-precision voltage for the processor 101, the rf module 106 and peripheral systems. The processor 101 integrated in the baseband chip 100 is mainly used for calling the log-in information saving program stored in the memory 105, and executing the following steps:
recognizing that the current page displayed in the display 113 is a login page of the application;
identifying a target input domain for inputting login information in the login page;
receiving login information input by a user in the target input field through the touch screen 116;
receiving biometric information input by a user through the camera 114 or the sensor 117;
and if the biological characteristic information is preset biological characteristic information, the login information is used as login information of the user represented by the biological characteristic information for logging in the application program, and the login information is stored in a preset database.
In the embodiment of the invention, the biometric information can be fingerprint information. The processor 101 may receive a user input fingerprint through a fingerprint sensor.
In the embodiment of the present invention, the biometric information may also be voice feature information. The processor 101 may receive user input of voice information via the audio circuit 115.
In the embodiment of the invention, the biological characteristic information can also be iris information. The processor 101 may scan and acquire the iris information of the user through the camera 114.
In practical applications, the biometric information may also be other information, such as human face information, which is not limited herein. The processor 101 may obtain face information of the user through the camera 114.
The application program related to the embodiment of the invention refers to the application program which is currently opened by a user. The login page related to the embodiment of the invention refers to a page provided by the application program for the user to input login information. The login information related to the embodiment of the invention refers to information required by the user to login the application program, specifically, a user name, a password and the like.
In one implementation, the processor 101 may analyze whether the current page is the login page according to the interface elements included in the current page. For example, if the current page contains a "login" control for triggering a login request, then the processor 101 may determine that the current page is the login page.
In another implementation, the processor 101 may determine whether the target input field exists in the current page, and if the target input field exists, determine that the current page is the login page.
In the embodiment of the invention, the terminal can obtain the context corresponding to the login page and identify the target input domain according to the context.
The context is used to characterize the control objects and resources referenced by the landing page. . For example, in Android, an interface Context (Activity Context) is created when an application interface (Activity) is started, mainly to save references to current interface controls and resources.
Here, control objects include, but are not limited to: input type controls for receiving user input, such as buttons (Button), text input boxes (e.g., EditText in Android), etc., and output type controls for displaying information to the user, such as labels (Label), text display boxes (e.g., TextView in Android), etc. Here, resources include, but are not limited to: and displaying resources such as characters and pictures in the output type control.
In a specific implementation, the processor 101 may preset a context for identifying the target input domain, and identify the target input domain according to a preset context for identifying the target input domain in the context corresponding to the login page. The context corresponding to the target input field may include: the target input field comprises adjacent controls on the page layout and resources referenced by the adjacent controls.
For example, the adjacent control of the user name field is preset as a text display box, and the text resources referred by the adjacent control comprise: a user name, an account number, a mailbox and other character strings. Then the processor 101 may identify as the username field the input field following the text display box in fig. 2A displaying content as "username".
In a specific implementation, a preset context for identifying the target input field may be stored in the memory 105.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. The preset database may be located in the memory 105, and the data storage form of the preset database may include, but is not limited to: databases, files, tables, and the like. Before the user accesses the preset database, the processor 101 needs to authenticate the user, and the authenticated user can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before saving the login information input in the target input field in the preset database, the processor 101 may receive biometric information input by a user, and if the biometric information is preset biometric information, the login information is used as login information of the user represented by the biometric information to log in the application program, and the login information is saved in the preset database.
It should be noted that one (or more) predetermined biometric information may be used to characterize a legitimate user.
In this embodiment of the present invention, in order to enhance the security of the preset database, when saving the login information input in the target input field, the processor 101 may encrypt the login information according to a preset encryption rule, and save the encrypted login information in the database.
In order to further enhance the security of the scheme of the present invention, it may be preferable that the steps relating to user authentication and login information saving are performed by a Trusted Execution Environment (TEE), and the steps relating to input and output of human-computer interaction are performed by a target operating system. The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
In a specific implementation manner, the processor 101 may send the biometric information to a trusted execution environment through a target operating system, and then the processor 101 may verify whether the biometric information is the preset biometric information through the trusted execution environment, and return a verification result to the target operating system;
if the biometric information is preset biometric information, the processor 101 may send the login information to the trusted execution environment through the target operating system;
if the biometric information is preset biometric information, the processor 101 may use the login information as login information of the user represented by the biometric information to log in the application program through the trusted execution environment, and store the login information in a preset database.
The processor 101 executes the relevant steps of the scheme of the present invention through the trusted execution environment and the target operating system respectively, so that the steps of user identity authentication and login information storage caused by malicious attack on the target operating system can be avoided from being maliciously tampered, and the security of the scheme of the present invention can be enhanced.
It is understood that the steps executed by the processor 101 can also refer to the content of the embodiment in fig. 1, and are not described herein again.
In order to implement the embodiment of the present invention, the present invention provides a terminal, which is used to implement the login information input method described in the embodiment of fig. 4.
Referring to fig. 10, the terminal 200 may include: baseband chip 200, memory 205 (which may include one or more computer-readable storage media), Radio Frequency (RF) module 206, peripheral system 207, display (LCD)113, camera 114, audio circuitry 115, touch screen 116, and sensors 117 (which may include one or more sensors). Among them, the baseband chip 200 may integrally include: one or more processors 201, a clock module 202, and a power management module 203. These components may communicate over one or more communication buses 204.
It should be understood that terminal 200 is only one example of the present invention and that terminal 200 may have more or fewer components than shown, may combine two or more components, or may have a different configuration implementation of components.
A memory 205 is coupled to the processor 201 for storing various software programs and/or sets of instructions. In particular implementations, memory 205 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.
A Radio Frequency (RF) module 206 is used to receive and transmit RF signals. Radio Frequency (RF) module 206 communicates with a communication network and other communication devices via radio frequency signals. In particular implementations, the Radio Frequency (RF) module 206 may include, but is not limited to: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, a storage medium, and the like. In some embodiments, the Radio Frequency (RF) module 206 may be implemented on a separate chip.
The peripheral system 207 is mainly used to implement an interactive function between the terminal 200 and a user/external environment, and mainly includes an input and output device of the terminal 200. In a specific implementation, the peripheral system 207 may include: a display (LCD) controller 208, a camera controller 209, an audio controller 210, a touch screen controller 111, and a sensor management module 112. Wherein each controller may be coupled with a respective peripheral device. In some embodiments, the peripheral system 207 may also include controllers for other I/O peripherals.
The clock module 202 integrated in the baseband chip 200 is mainly used for generating clocks required for data transmission and timing control for the processor 201. The power management module 203 integrated in the baseband chip 200 is mainly used for providing stable and high-precision voltage for the processor 201, the rf module 206 and peripheral systems. The processor 201 integrated in the baseband chip 200 is mainly used for calling the log-in information saving program stored in the memory 205 and executing the following steps:
recognizing that a current page displayed on a display (LCD)213 is a login page of an application;
identifying a target input domain for inputting login information in the login page;
receiving biometric information input by a user through the camera 214 or the sensor 217;
if the biological characteristic information is preset biological characteristic information, obtaining login information of a user, represented by the biological characteristic information, logging in the application program from a preset database;
and filling the login information into the target input field.
In the embodiment of the invention, the biometric information can be fingerprint information. The processor 201 may receive a user input fingerprint through a fingerprint sensor.
In the embodiment of the present invention, the biometric information may also be voice feature information. The processor 201 may receive user input of voice information via the audio circuitry 215.
In the embodiment of the invention, the biological characteristic information can also be iris information. The processor 201 may scan and acquire the iris information of the user through the camera 214.
In practical applications, the biometric information may also be other information, such as human face information, which is not limited herein. The processor 201 may acquire face information of the user through the camera 214.
In one implementation, the processor 201 may analyze whether the current page is the login page according to the interface elements included in the current page. For example, if the current page contains a "login" control for triggering a login request, the processor 201 may determine that the current page is the login page.
In another implementation, the processor 201 may determine whether the target input field exists in the current page, and if the target input field exists, determine that the current page is the login page.
The context is used to characterize the control objects and resources referenced by the landing page. Here, control objects include, but are not limited to: input type controls for receiving user input, such as buttons (Button), text input boxes (e.g., EditText in Android), etc., and output type controls for displaying information to the user, such as labels (Label), text display boxes (e.g., TextView in Android), etc. Here, resources include, but are not limited to: and displaying resources such as characters and pictures in the output type control.
In a specific implementation, the processor 201 may preset a context for identifying the target input domain, and identify the target input domain according to a preset context for identifying the target input domain in the context corresponding to the login page. The context corresponding to the target input field may include: the target input field comprises adjacent controls on the page layout and resources referenced by the adjacent controls.
In the embodiment of the invention, the preset database is used for safely storing the login information of the user. The preset database may be located in the memory 205, and the data storage form of the preset database may include, but is not limited to: databases, files, tables, and the like. Before the user accesses the preset database, the processor 201 may need to authenticate the user, and the authenticated user can: writing information into the preset database, or changing the information in the preset database, or reading the information in the preset database.
In a specific implementation, before obtaining login information of the user logging in the application program from the preset database, the processor 201 may receive biometric information input by the user, and if the biometric information is preset biometric information, obtain login information of the user logging in the application program, which is represented by the biometric information, from the preset database, and fill the obtained login information in the target input field.
It should be noted that one (or more) predetermined biometric information may be used to characterize a legitimate user.
In an embodiment of the present invention, the target input field may include at least two input fields, such as a username field and a password field. In populating the at least two input fields, the processor 201 may obtain login information corresponding to the attribute of each of the at least two input fields from the login information according to the attribute of each of the at least two input fields, and populate login information corresponding to the attribute of each of the at least two input fields with the login information.
Optionally, in this embodiment of the present invention, the processor 201 may selectively fill the target input field according to a selection operation of the user.
Specifically, the processor 201 may receive a selection operation input by a user, obtain login information corresponding to an attribute of a selected target input field from the login information according to the attribute of the target input field selected by the selection operation, and fill the login information corresponding to the attribute of the selected target input field in the selected target input field.
In the embodiment of the present invention, the login information in the preset database may be login information encrypted by a preset encryption rule. Accordingly, the processor 201 needs to decrypt the login information. The decryption rule may be a preset decryption rule corresponding to the preset encryption rule.
To further enhance the security of the inventive solution, it may be preferable that the steps relating to user authentication and login information acquisition are performed by a Trusted Execution Environment (TEE), and the steps relating to input and output of human-computer interaction are performed by a target operating system. The trusted execution environment and a target operating system communicate with each other. The target operating system may typically be an open operating system.
In a specific implementation manner, the processor sends the biometric information to a trusted execution environment through a target operating system;
the processor 101 may verify whether the biometric information is the preset biometric information through the trusted execution environment, and if the biometric information is the preset biometric information, may obtain login information of the user, which is represented by the biometric information, logging in the application program from a preset database through the trusted execution environment, and send the login information to the target operating system through the trusted execution environment.
The processor 101 executes the relevant steps of the scheme of the present invention through the trusted execution environment and the target operating system respectively, so that the steps of user identity authentication and login information acquisition caused by the target operating system suffering from malicious attack can be prevented from being maliciously tampered, and the security of the scheme of the present invention can be enhanced.
It is understood that the steps executed by the processor 201 can also refer to the content of the embodiment in fig. 4, and are not described herein again.
In summary, with the embodiments of the present invention, by identifying the target input field for inputting the login information in the login page of the application program and verifying the biometric information input by the user, if the biometric information is verified, the login information of the user logging in the application program is obtained from the preset database, and the login information is filled in the target input field, the target input field in the login page can be automatically filled, the login operation of the user is simplified, and the application range is wide and is not limited by the application program development platform.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
While the invention has been described with reference to a number of embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:一种工业互联网的异构协议适配方法