With the rapid development of computer technology, more users are accustomed to acquiring services through applications (“app”) installed on mobile terminal devices.
In order to further expand the provided services, an app typically includes a browser (e.g., a built-in browser), which allows the user to acquire services through the built-in browser.
Specifically, a user can register an account on a first server, where the first server is associated with the app, and the user can then acquire services and resources from the first server by logging into that account. The first server can form a server-client relationship with the app. Therefore, from the perspective of the app, the first server can be regarded as an internal server, the account registered on the first server as an internal account, and the service provided by the first server as internal service. Moreover, a user can also register an account on a second server to obtain other services. From the perspective of the app, the second server is regarded as an external server, the account registered on the second server is regarded as an external account, and the other services provided by the second server are regarded as external services.
A user can use the app to log into an internal account to acquire internal services associated with the internal account. The user can also use the built-in browser of the app to log into an external account to acquire external services associated with the external account.
As an example, a mobile terminal can be installed with an instant messaging app that includes a built-in browser. After using the app to log into an instant messaging account hosted on an instant messaging server, the user can access the resources provided by the instant messaging server to engage in instant messaging with other users. The user can also use the built-in browser of the app to log into to a payment account hosted on a payment server to submit a payment. In this example, the instant messaging account is an internal account, and the instant messaging is an internal service. On the other hand, the payment account is an external account, while the processing of the payment is an external service provided by the payment server.
In the prior arts, an app can retrieve locally stored data to facilitate a user's login of an external account. Specifically, when the app acquires external account information, the app can store the information in the cookie data associated with the built-in browser. If the external account information is not yet stored in the cookie data, the built-in browser can direct the user to a login page of the external account, so that the user can input the external account information. The app can then store the received external account information in the cookie data. After obtaining the information (either from the cookie or from the user), the app can transmit the information to the external server associated with the external account, to facilitate the user's login of the account.
However, such arrangements pose security risk to the user, as majority of cookies data is not secure. Therefore, complete external account login information stored in the cookies, including the external account number and login credentials, can be accessed by unauthorized parties. Moreover, the built-in browser can also be directed to a fake login page, and the user can be cheated into giving out the account number, together with the login information. Therefore, requesting users to provide external account number and login information via a login page is also not secure.