CN107241336A - Auth method and device - Google Patents
Auth method and device Download PDFInfo
- Publication number
- CN107241336A CN107241336A CN201710465761.8A CN201710465761A CN107241336A CN 107241336 A CN107241336 A CN 107241336A CN 201710465761 A CN201710465761 A CN 201710465761A CN 107241336 A CN107241336 A CN 107241336A
- Authority
- CN
- China
- Prior art keywords
- user
- terminal
- additional identification
- malicious
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims abstract description 73
- 238000010200 validation analysis Methods 0.000 claims description 56
- 230000005540 biological transmission Effects 0.000 claims description 30
- 238000012360 testing method Methods 0.000 claims description 20
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 16
- 230000008859 change Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of auth method and device, belong to Internet technical field.Method includes:The first checking request that first terminal is sent is received, first checking request carries the user profile of user and the target verification mode of user request, and the user profile at least includes user and identified;Whether according to the user profile, it is malicious user to determine the user;If the user is malicious user, additional identification is carried out to the user based on the first additional identification mode, the first additional identification mode is different with the target verification mode;Based on the first additional identification mode to user's additional identification by when, identified based on the target verification mode and the user, authentication carried out to the user.Therefore the present invention, adds the checking cost of malicious user, reduces the attack to server due to adding the first additional identification mode.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of auth method and device.
Background technology
With the development of Internet technology, the application program installed in terminal is more and more;Also, major applications program
It is required for user's registered user's account, and login password is set in the server in advance.When user uses application program, terminal
Based on the user account and login password login service device.But user may forget login password, now server needs
Authentication is carried out to user;And when being verified, it is allowed to terminal logs in server or modification login password.
At present, user in the server registered user's account when, phone number can be reserved in the server.When terminal Shen
Please server when carrying out authentication to user, server sends the first identifying code to the corresponding mobile phone of the reserved phone number;
If the second identifying code of terminal return is received in the preset duration after server the first identifying code of transmission, and the first checking
Code is identical with the second identifying code, and server determines that the authentication to user passes through;Otherwise, server determines the identity to user
Checking does not pass through.If checking does not pass through, terminal can apply for that server is tested user identity based on above step again
Card, until be verified or terminal stop application checking.
During the present invention is realized, inventor has found that prior art at least has problems with:
If malicious user arbitrarily fills in telephone number in registered user's account;But user is carried out in server
During authentication, malicious user automated procedures constantly apply for that checking is laid equal stress on examination identifying code, attacks so as to be caused to server
Hit.
The content of the invention
In order to solve problem of the prior art, the invention provides a kind of auth method and device.Technical scheme is such as
Under:
The invention provides a kind of auth method, methods described includes:
The first checking request that first terminal is sent is received, first checking request carries user profile and the institute of user
The target verification mode of user's request is stated, the user profile at least includes user and identified;
Whether according to the user profile, it is malicious user to determine the user;
If the user is malicious user, additional identification, institute are carried out to the user based on the first additional identification mode
State the first additional identification mode different with the target verification mode;
Based on the first additional identification mode to user's additional identification by when, based on the target verification side
Formula and user mark, authentication is carried out to the user.
Whether described according to the user profile in a possible implementation, it is that malice is used to determine the user
Family, including:
Identified according to the user, count first number, first number is preset for first before current time
The number of times for the checking request for carrying user's mark is received in duration;If first number is more than first default time
Number, it is malicious user to determine the user;And/or,
When the user profile also including the first terminal first terminal identify, determine be in malicious peer home banking
It is no to there is the first terminal mark;If there is the first terminal mark in the malicious peer home banking, it is determined that described
User is malicious user, and the terminal iidentification for the terminal that malicious user is used is stored in the malicious peer home banking;And/or,
When the user profile also first terminal including the first terminal is identified, identified according to the first terminal,
Second number is counted, second number is sent out to receive the first terminal in the second preset duration before current time
The number of times for the checking request sent;If second number is more than the second preset times, it is malicious user to determine the user;
And/or,
When the user profile also including the first terminal first terminal identify, according to the first terminal mark and
User mark, counting user number, the number of users is passes through institute in the 3rd preset duration before current time
State the number of users that first terminal sends checking request;If the number of users is more than preset number, determine that the user is
Malicious user.
In a possible implementation, the first additional identification mode that is based on carries out additional test to the user
Card, including:
The first checking information is sent to the first terminal, and receives the first terminal and is based on first checking information
The second checking information returned;
If first checking information and second checking information matching, it is determined that based on the first additional identification side
Formula passes through to user's additional identification.
In a possible implementation, methods described also includes:
Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification
Mode carries out additional identification again to the user, when the 4th before additional identification is by or current time presets
The first failed validation number of times in length reaches the 3rd preset times.
It is described to be based on the mesh when the target verification mode is short-message verification in a possible implementation
Verification mode and user mark are marked, authentication is carried out to the user, including:
Identified according to the user, the second terminal that the second terminal mark reserved to the user is indicated sends first and tested
Demonstrate,prove code;
If the second identifying code is received in the 5th preset duration after current time, and first identifying code and
Second identifying code is identical, and the subscriber authentication is passed through;
If second identifying code is not received by the 5th preset duration after current time, or described
One identifying code and second identifying code are differed, and the subscriber authentication is not passed through.
In a possible implementation, methods described also includes:
If do not passed through to the subscriber authentication, sixth preset duration of the user before current time is determined
The second interior failed validation number of times;
If the second failed validation number of times is not more than the 4th preset times, execution is described to be identified according to the user,
The step of terminal that the second terminal mark reserved to the user is indicated sends three checking informations;
If the second failed validation number of times is more than the 4th preset times, perform described based on the first additional identification
The step of mode carries out additional identification to the user.
In a possible implementation, methods described also includes:
User's additional identification is not passed through based on the first additional identification mode, or to the user identity
Verify obstructed out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time;
According to the 3rd failed validation number of times, determine the user forbid retry duration;
If it is described forbid retrying the second checking request that the first terminal is sent is received in duration, ignore described
Second checking request, second checking request carries user's mark.
Second aspect, the invention provides a kind of authentication means, described device includes:
Receiving module, the first checking request for receiving first terminal transmission, first checking request carries user
User profile and the user request target verification mode, the user profile at least include user identify;
Determining module, for according to the user profile, determining whether the user is malicious user;
Additional identification module, if being malicious user for the user, is used described based on the first additional identification mode
Family carries out additional identification, and the first additional identification mode is different with the target verification mode;
Authentication module, for based on the first additional identification mode to user's additional identification by when,
Identified based on the target verification mode and the user, authentication is carried out to the user.
In a possible implementation, the determining module is additionally operable to be identified according to the user, statistics is for the first time
Number, first number is that the checking that carrying user's mark is received in the first preset duration before current time is asked
The number of times asked;If first number is more than the first preset times, it is malicious user to determine the user;And/or,
The determining module, is additionally operable to the first terminal mark also including the first terminal when the user profile, really
Determine in malicious peer home banking with the presence or absence of first terminal mark;If having described in the malicious peer home banking
One terminal iidentification, determines the user for malicious user, the terminal that storage malicious user is used in the malicious peer home banking
Terminal iidentification;And/or,
The determining module, is additionally operable to the first terminal mark also including the first terminal, root when the user profile
Identified according to the first terminal, count second number, second number is in the second preset duration before current time
Receive the number of times for the checking request that the first terminal is sent;If second number is more than the second preset times, it is determined that
The user is malicious user;And/or,
The determining module, is additionally operable to the first terminal mark also including the first terminal, root when the user profile
According to first terminal mark and user mark, counting user number, the number of users is before current time
The number of users of checking request is sent in 3rd preset duration by the first terminal;If the number of users is more than default
Number, it is malicious user to determine the user.
In a possible implementation, the additional identification module is additionally operable to send first to the first terminal
Checking information, and receive the second checking information that the first terminal is returned based on first checking information;If described
One checking information and second checking information matching, are tested it is determined that being added based on the first additional identification mode to the user
Card passes through.
In a possible implementation, the additional identification module is additionally operable to based on first additional identification
Mode is obstructed out-of-date to user's additional identification, carries out additional test again to the user based on the second additional identification mode
Card, until the first failed validation number of times in the 4th preset duration before additional identification is by or current time reaches the
Three preset times.
In a possible implementation, when the target verification mode is short-message verification, the authentication mould
Block, is additionally operable to be identified according to the user, the second terminal reserved to the user identifies the second terminal indicated and sends first
Identifying code;If the second identifying code is received in the 5th preset duration after current time, and first identifying code and
Second identifying code is identical, and the subscriber authentication is passed through;If in the 5th preset duration after current time
Second identifying code is not received by, or first identifying code and second identifying code are differed, to the user
Authentication does not pass through.
In a possible implementation, the additional identification module, if be additionally operable to the subscriber authentication
Do not pass through, determine second failed validation number of times of the user in the 6th preset duration before current time;
The authentication module, if being additionally operable to the second failed validation number of times is not more than the 4th preset times, root
Identified according to the user, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information;
The additional identification module, if being additionally operable to the second failed validation number of times more than the 4th preset times,
Additional identification is carried out to the user based on the first additional identification mode.
In a possible implementation, described device also includes:Ignore module;
The determining module, is additionally operable to obstructed to user's additional identification based on the first additional identification mode
Cross, or it is obstructed out-of-date to the subscriber authentication, determine the user in the 7th preset duration before current time
The 3rd failed validation number of times;
The determining module, is additionally operable to, according to the 3rd failed validation number of times, determine when forbidding retrying of the user
It is long;
It is described to ignore module, if be additionally operable to it is described forbid retrying receive that the first terminal sends in duration the
Two checking requests, ignore second checking request, and second checking request carries user's mark.
In embodiments of the present invention, when carrying out authentication to user, the use is first determined according to the user profile of user
Whether family is malicious user;If the user is malicious user, additional test is carried out to the user based on the first additional identification mode
Card, based on the first additional identification mode to user's additional identification by when, just based on target verification mode and the user
User is identified, and authentication is carried out to the user.Due to adding the first additional identification mode, therefore, malicious user is added
Checking cost, reduce the attack to server.
Brief description of the drawings
Fig. 1 is a kind of implementation environment schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of auth method flow chart provided in an embodiment of the present invention;
Fig. 3-1 is a kind of auth method signaling interaction diagram provided in an embodiment of the present invention;
Fig. 3-2 is a kind of auth method flow chart provided in an embodiment of the present invention;
Fig. 4 is a kind of identification means structural representation provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation of server provided in an embodiment of the present invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention
Formula is described in further detail.
At present, when user is using the application program installed on first terminal, first terminal needs to be identified and stepped on based on user
Record password login server.But when user forgets login password, user can apply for that server carries out identity to user and tested
Card.When being verified, first terminal can change login password or login service device.
In another scene, user in the server registered user's account when, server be also required to user carry out body
Part checking.When being verified, the user's mark and the corresponding relation of login password of the server storage user.
In the prior art, server is usually the corresponding second terminal of phone number reserved in the server to user
The first identifying code is sent, and receives the second identifying code that first terminal is returned based on first identifying code;Based on the first identifying code
With the second identifying code, authentication is carried out to user.But if malicious user arbitrarily fills in phone in registered user's account
Number, when server carries out authentication to user, malicious user automated procedures constantly apply for that checking is laid equal stress on and test card
Code, so as to cause attack to server.
The embodiment of the present invention is precisely in order to attack of the reduction to server, the first checking that first terminal is sent to server
User profile is carried in request, the user profile at least includes user and identified, user mark can be user in advance in service
The user account registered in device.The user account can be title or phone number of user etc..The user profile can be with
First terminal mark including first terminal, first terminal mark can be telephone number, the ID of first terminal of user
(Identity, identity number) or IP (agreement interconnected between Internet Protocol, network) etc..Server
Before authentication is carried out to user, server is based on the user profile, and whether determine the user is malicious user.If should
User is malicious user, and server to user based on target verification mode before authentication is carried out, and server is first based on the
One additional identification mode carries out additional identification to user, and the first additional identification mode can be charting piece identifying code, instruction second
Terminal to server sends first specify information etc..Based on the first additional identification mode to user's additional identification by when,
Identified based on target verification mode and user, authentication is carried out to user.
In embodiments of the present invention, because server to user before authentication is carried out, server is believed based on user
Breath, whether be malicious user, if user is malicious user if determining user, user is carried out based on the first additional identification mode attached
Plus checking, so as to add the checking cost of malicious user, reduce the attack to server.
The embodiments of the invention provide a kind of schematic diagram of implementation environment, referring to Fig. 1, the implementation environment includes server 10
With first terminal 20.Connected between server 10 and first terminal 20 by communication network.Runtime server in first terminal 20
The application of 10 associations, can be based on user's mark and login password login service device 10, so as to be interacted with server 10.Should
Using can for social networking application, Video Applications, live application, voice applications, cloud storage application etc. a variety of applications.
When user forgets login password, first terminal 20, for sending the first checking request to server 10, this first
Checking request carries the user profile of user and the target verification mode of user's request.Wherein, user profile at least includes user
Mark, includes the first terminal mark of first terminal.Target verification mode can be short-message verification or mail checking etc..
Server 10, for receiving the first checking request, whether according to the user profile, it is malicious user to determine user;
If user be malicious user, based on the first additional identification mode to user carry out additional identification, the first additional identification mode and
Target verification is different, and the first additional identification mode can send first for charting piece identifying code, instruction first terminal to server
Specify information etc..
Server 10, be additionally operable to based on the first additional identification mode to user's additional identification by when, tested based on target
Card mode and the user are identified, and authentication is carried out to the user.
The implementation environment also include second terminal 30, second terminal 30 be user in registered user's account in server 10
In reserve the corresponding terminal of telephone number.Wherein, first terminal 20 and second terminal 30 can be same terminal, can also
For different terminals.
Accordingly, when target verification mode is short-message verification, server 10 is additionally operable to be identified according to user, to user
The second terminal that reserved second terminal mark is indicated sends the first identifying code;If when the 5th after current time is default
The second identifying code is received in long, and the first identifying code and the second identifying code are identical, and the subscriber authentication is passed through;If
The second identifying code is not received by the 5th preset duration after current time, or the first identifying code and the second identifying code are not
It is identical, the subscriber authentication is not passed through.
First terminal 20 can be for mobile phone terminal equipment, PAD (Portable Android Device, tablet personal computer) eventually
End equipment or pcs terminal equipment etc.;Second terminal 30 can be mobile phone terminal etc..Server 10 can be thought as a service
Device, or by some server groups into server cluster, an or cloud computing server center, the embodiment of the present invention
This is not limited.
The embodiments of the invention provide a kind of auth method, the executive agent of this method can be server.Referring to
Fig. 2, this method includes:
Step 201:The first checking request that first terminal is sent is received, the first checking request carries the user profile of user
The target verification mode asked with the user, the user profile at least includes user and identified.
Step 202:Whether according to the user profile, it is malicious user to determine the user.
Step 203:If the user is malicious user, additional test is carried out to the user based on the first additional identification mode
Card, the first additional identification mode is different with target verification mode.
Step 204:Based on the first additional identification mode to user's additional identification by when, based on target verification mode
Identified with the user, to carrying out authentication with the family.
In a possible implementation, whether according to the user profile, it is malicious user to determine the user, including:
Identified according to the user, count first number, first number is in the first preset duration before current time
Receive the number of times for the checking request for carrying user mark;If first time number is more than the first preset times, the user is determined
For malicious user;And/or,
When the user profile also first terminal including first terminal is identified, determine to whether there is in malicious peer home banking
First terminal is identified;If there is first terminal mark in the malicious peer home banking, malicious user is determined that the user is, the evil
The terminal iidentification for the terminal that storage malicious user is used in meaning terminal iidentification storehouse;And/or,
When the user profile also first terminal including first terminal is identified, identified according to first terminal, second of statistics
Number, second number is time for the checking request that first terminal transmission is received in the second preset duration before current time
Number;If second time number is more than the second preset times, malicious user is determined that the user is;And/or,
When the user profile also first terminal including first terminal is identified, marked according to first terminal mark and the user
Know, counting user number, the number of users is to send to test by first terminal in the 3rd preset duration before current time
Demonstrate,prove the number of users of request;If the number of users is more than preset number, malicious user is determined that the user is.
In a possible implementation, additional identification is carried out to the user based on the first additional identification mode, including:
The first checking information is sent to first terminal, and receives first terminal and is tested based on the first checking information is returned second
Demonstrate,prove information;
If the first checking information and the matching of the second checking information, it is determined that attached to the user based on the first additional identification mode
Plus be verified.
In a possible implementation, this method also includes:
Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification mode pair
The user carries out additional identification again, until in the 4th preset duration before additional identification is by or current time
One failed validation number of times reaches the 3rd preset times.
In a possible implementation, when target verification mode is short-message verification, based on target verification mode and
The user is identified, and authentication is carried out to the user, including:
Identified according to the user, the second terminal reserved to the user identifies the second terminal indicated and sends the first checking
Code;
If the second identifying code is received in the 5th preset duration after current time, and the first identifying code and second
Identifying code is identical, and the subscriber authentication is passed through;
If the second identifying code is not received by the 5th preset duration after current time, or the first identifying code
Differed with the second identifying code, the subscriber authentication is not passed through.
In a possible implementation, this method also includes:
If do not passed through to the subscriber authentication, determine the user in the 6th preset duration before current time
Second failed validation number of times;
If the second failed validation number of times is not more than the 4th preset times, performs and identified according to the user, it is pre- to the user
The step of terminal that the second terminal mark stayed is indicated sends three checking informations;
If the second failed validation number of times is more than the 4th preset times, perform based on the first additional identification mode to this
The step of user carries out additional identification.
In a possible implementation, this method also includes:
User's additional identification is not passed through based on the first additional identification mode, or it is obstructed to the subscriber authentication
It is out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time;
According to the 3rd failed validation number of times, determine the user forbid retry duration;
If this forbid retrying received in duration first terminal transmission the second checking request, ignore the second checking please
Ask, second checking request carries user mark.
In embodiments of the present invention, when carrying out authentication to user, the use is first determined according to the user profile of user
Whether family is malicious user;If the user is malicious user, additional test is carried out to the user based on the first additional identification mode
Card, based on the first additional identification mode to user's additional identification by when, just based on target verification mode and the user
User is identified, and authentication is carried out to the user.Due to adding the first additional identification mode, therefore, malicious user is added
Checking cost, reduce the attack to server.
The embodiments of the invention provide a kind of authentication mode, this method is applied between first terminal and server;
Referring to Fig. 3-1, this method includes:
Step 301:First terminal sends the first checking request to server, and first checking request carries the user of user
Information and the target verification mode of user's request.
When first terminal is based on the application program login service device installed thereon, first terminal shows login interface, steps on
Recording interface includes the first input frame, the second input frame and login button.First input frame is used to input user's mark, the second input
Frame is used to input login password.User can input user's mark in the first input frame, input and log in the second input frame
Password, and click on login button.When first terminal detects login button and is triggered, first terminal obtains defeated in the first input frame
The user's mark entered and the login password inputted in the second input frame, logging request is sent to server, and the logging request is carried
The user identifies and the login password.Server receives the logging request that first terminal is sent, if the user identifies and this is stepped on
Password match is recorded, determines that first terminal is logined successfully.If the user is identified and the login password is mismatched, first terminal is determined
Login failure.
The login interface also includes:Authentication button, the authentication button can be " forget Password button ".The body
Part checking button is used for server and carries out authentication to user.When first terminal login failure or user forget that login is close
Code, user can click on the authentication button.When first terminal detects the authentication button and is triggered, display checking circle
Face, the checking interface includes at least one verification mode and application button.User can be based on the selection of at least one verification mode
One target verification mode simultaneously clicks on application button.Now, first terminal detects application button when being clicked, and obtains user's choosing
The target verification mode selected, the first checking request is sent to server, and the first checking request carries user profile and target verification
Mode.First checking request can also carry object run.
In another implement scene, first terminal is based on the application program installed thereon registered user's account in the server
During family, first terminal shows register interface, and the register interface includes the 3rd input frame and registration button.3rd input frame is used for defeated
Access customer is identified.User can input user's mark in the 3rd input frame, and click on registration button.First terminal detects note
When volume button is triggered, display checking interface, the checking interface includes at least one verification mode and application button.User can be with
One target verification mode is selected based at least one verification mode and application button is clicked on.Now, first terminal detects Shen
Please button when being clicked, obtain the target verification mode of user's selection, send the first checking request to server, the first checking please
Ask carrying user profile and target verification mode.First checking request can also carry object run.
Wherein, user profile at least includes user's mark, and user is designated the user that user registers in the server in advance
Account, user profile also includes first terminal and identified, and first terminal mark can be phone number, the ID of first terminal of user
Or IP etc..Target verification mode can be short-message verification or mail checking etc.., purpose operation can for register or
Person's modification login password operation.
Step 302:Server receives the first checking request that first terminal is sent, and according to the user profile, determines the use
Whether family is malicious user.
When user profile, which only includes user, to be identified, this step can be realized by following first way;When user's letter
When breath also includes first terminal and identified, this step can be realized by following second, the third or the 4th kind of mode.And
And, when it is malicious user to determine the user, perform step 303;When it is not malicious user to determine the user, step is performed
Rapid 304.
(1) user profile is identified including user;If user multiple requests verification, the user within a period of time
It may be malicious user;Accordingly, for the first implementation, this step can be:
Server is identified according to the user, counts first number, and first number is preset for first before current time
The number of times for the checking request for carrying user mark is received in duration.Server determines whether first number is more than first and presets
Number of times;If first time number is more than the first preset times, server determines that the user is malicious user;If first number is less
In the first preset times, server determines that the user is not malicious user.
Server receive first terminal transmission the first checking request when, server obtain current time as this first
The transmission time of checking request, the corresponding relation storage that the transmission time and the user are identified, should into user's checking record
Transmission time and user mark that the user's history sends the first checking request by terminal are stored in user's checking record
Corresponding relation.Accordingly, server is identified according to the user, and the step of counting first number can be:
Server is identified according to the user, and statistics includes user mark from user's checking record, and the transmission time exists
The number of the corresponding relation in the first preset duration before current time, regard the number as first number.
First preset duration and the first preset times can be configured and change as needed, in the embodiment of the present invention
In, the first preset duration and the first preset times are not especially limited.For example, the first preset duration can for half a day, 1 day or
Person 2 days.First preset times can be 5 times or 8 times.
Because server may take less than the corresponding relation from current time transmission time farther out and user's mark, because
This, in order to save memory space and improve statistical efficiency, server regularly updates user's checking record, and detailed process can be with
For:
Server sends the transmission of time not in the 8th preset duration before current time during user's checking is recorded
The corresponding relation of time and user's mark is deleted.
8th preset duration is more than or equal to the first preset duration.Also, the 8th preset duration can also be as needed
It is configured and changes, in embodiments of the present invention, the 8th preset duration is not especially limited.For example, the 8th preset duration
Can it be 1 month or two weeks etc..
(2):The user profile also includes first terminal and identified;Server forms malice eventually by constantly accumulating in advance
Home banking is held, the malicious peer home banking is used for the terminal iidentification for storing the terminal that malicious user is used;Accordingly, for second
Implementation is planted, this step can be:
Server is determined in the malicious peer home banking with the presence or absence of first terminal mark.If the malicious peer home banking
In there is first terminal mark, server determines that the user is malicious user;If the is not present in the malicious peer home banking
One terminal iidentification, server determines that the user is not malicious user.
(3):The user profile also includes first terminal and identified;If first terminal within a certain period of time repeatedly test by request
Card, then the user is probably malicious user;Accordingly, for the third implementation, this step can be:
Server is identified according to first terminal, counts second number, and second number is pre- for second before current time
If receiving the number of times of the checking request of first terminal transmission in duration.Server determines whether second number is more than second and presets
Number of times;If second time number is more than the second preset times, server determines that the user is malicious user;If second number is less
In the second preset times, server determines that the user is not malicious user.
When server receives the first checking request of first terminal transmission, it is whole as first that server obtains current time
End sends the transmission time of first checking request, and the corresponding relation storage that the transmission time and first terminal are identified is arrived into terminal
In checking record, storage first terminal history sends the transmission time and first of the first checking request eventually in terminal authentication record
Hold the corresponding relation of mark.Accordingly, server is identified according to first terminal, statistics first terminal before current time the
Can be the step of second number of the first checking request of transmission in two preset durations:
Server is identified according to first terminal, and statistics includes first terminal mark from terminal authentication record, and when sending
Between corresponding relation in the second preset duration before current time number, regard the number as second number.
Second preset duration and the first preset duration be able to can also be differed with identical.Second preset times and first pre-
If number of times be able to can also be differed with identical.Second preset times and the second preset duration can be configured simultaneously as needed
Change, in embodiments of the present invention, is not especially limited to the second preset duration and the second preset times.For example, second is default
Duration can be half a day, 1 day or 2 days.Second preset times can be 5 times or 8 times.
The corresponding relation from current time transmission time farther out and first terminal mark may be taken less than due to server;
Therefore, in order to save memory space and improve statistical efficiency, server regularly updates terminal authentication record, and detailed process can be with
For:
Server sends the transmission of time not in the 9th preset duration before current time during terminal authentication is recorded
The corresponding relation of time and first terminal mark is deleted.
9th preset duration is more than or equal to the second preset duration.Also, the 9th preset duration can also be as needed
It is configured and changes, in embodiments of the present invention, the 9th preset duration is not especially limited.For example, the 9th preset duration
Can it be 1 month or two weeks etc..
(4):The user profile also includes first terminal and identified;If thering are many people to be sent out using first terminal in a period of time
The first checking request is sent, then the user may be malicious user;Accordingly, for the 4th kind of implementation, this step can be:
Server is identified according to first terminal and the user identifies, counting user number, and the number of users is when current
Between before the 3rd preset duration in by first terminal send the first checking request number of users.Server determines the user
Whether number is more than preset number;If the number of users is more than preset number, server determines that the user is malicious user;Such as
Really the number of users is not more than preset number, and server determines that the user is not malicious user.
When server receives the first checking request of first terminal transmission, it is whole as first that server obtains current time
End sends the transmission time of first checking request, and the correspondence of the transmission time, user mark and first terminal mark are closed
System is stored in user-terminal authentication record, and the user is stored in the user-terminal authentication record and sends the by first terminal
The corresponding relation for sending time, user mark and first terminal mark of one checking request.Accordingly, server is according to first
Terminal iidentification and the user identify, and can be the step of counting user number:
Server is identified according to first terminal and the user identifies, and statistics includes the use from user-terminal authentication record
Family is identified and first terminal mark, and sends of corresponding relation of the time in the 3rd preset duration before current time
Number, regard the number as number of users.
3rd preset duration and the first preset duration be able to can also be differed with identical.3rd preset duration and second pre-
If duration be able to can also be differed with identical.Preset number and the first preset times be able to can also be differed with identical.It is default
Number and the second preset times be able to can also be differed with identical.3rd preset duration and preset number can be entered as needed
Row is set and changed, and in embodiments of the present invention, the 3rd preset duration and preset number are not especially limited.For example, the 3rd
Preset duration can be half a day, 1 day or 2 days.Preset number can be 3 times or 5 times.
Identified due to transmission time, user's mark and first terminal that server may be taken less than from current time farther out
Corresponding relation;Therefore, in order to save memory space and improve statistical efficiency, server regularly updates user-terminal authentication note
Record, detailed process can be:
Server will send the time not in the tenth preset duration before current time in user-terminal authentication record
The corresponding relation of transmission time, user mark and first terminal mark are deleted.
Tenth preset duration is more than or equal to the 3rd preset duration.Also, the tenth preset duration can also be as needed
It is configured and changes, in embodiments of the present invention, the tenth preset duration is not especially limited.For example, the tenth preset duration
Can it be 1 month or two weeks etc..
It should be noted that server is according to the user profile, when whether determine the user be malicious user, server can
With one or more kinds of implementations in four kinds of implementations of the first implementation-the more than.Also, if service
Device is according to the user profile, when whether determine the user be malicious user, second of implementation more than;Also,
When server determines the user for malicious user, first terminal mark is added in malicious peer home banking by server, with
When being easy to follow-up the first checking request of first terminal transmission, server is by the second way, and whether determine the user is malice
User.
Further, auth method provided in an embodiment of the present invention is effective in order to be carried out to the checking of malicious user
Intercept, if normal users are in authentication process itself, server judges error, and normal users are mistaken for into malicious user, this
When user can also carry out complaint correction, detailed process can be:
When server determines that the user is malicious user, the first prompt message is shown, first prompt message includes malice
User's configured information and complaint correction mode.Wherein, malicious user configured information can be " you are suspicious user ".Complaint is corrected
Mode can be to send the 3rd specify information to server, or dial assigned telephone number.3rd specify information includes the use
Family is identified and given content.Given content can be " I is not suspicious user ".
Further, if server receives the 3rd specify information or customer service receives the phone feedback of the user,
Server determines that the user is not malicious user, is identified based on target verification mode and the user, and carrying out identity to the user tests
Card.
Further, when server determines that the user is not malicious user, first terminal mark is identified from malicious peer
Deleted in storehouse.
Step 303:If the user is malicious user, it is attached to user progress that server is based on the first additional identification mode
Plus verify, the first additional identification mode is different with target verification mode.
First additional identification mode can send first to server for charting piece identifying code, instruction first terminal and specify letter
Breath etc..When the first additional identification mode to fill out picture validation code, this step can be realized by following first way;When first
Additional identification mode is indicates that second terminal sends the first specify information to server, and this step can pass through following second of side
Formula is realized.Also, if based on the first additional identification mode to user's additional identification by when, perform step 305;If base
It is obstructed out-of-date to user's additional identification in the first additional identification mode, perform step 304.
For the first implementation, this step can be realized by following steps (1) to (4), including:
(1):Server sends the first checking information to first terminal.
First checking information includes the image data and the second prompt message of multiple pictures.Second prompt message is used to refer to
Show that user selects picture from multiple pictures.For example, multiple pictures are respectively stool, desk and school bag.Second prompt message is
" desk picture is please selected from multiple pictures ".
(2):The first checking information that first terminal the reception server is sent, and returned based on the first checking information to server
Return the second checking information.
Image data of the first terminal based on multiple pictures, renders multiple pictures;And show second prompt message.User
Based on second prompt message, the picture identification for selecting second prompt message to indicate from multiple pictures.First terminal is obtained
The picture identification of user's selection, the second checking information is constituted by the picture identification.
(3):Server receives the second checking information that first terminal is returned, and determines the first checking information and the second checking letter
Whether breath matches.
Server determines the picture identification that second prompt message is indicated according to the first checking information.If this second is carried
Show that the picture identification that information is indicated is identical with the picture identification that the second checking information includes;Server determine the first checking information and
Second checking information is matched.If the picture identification that picture identification and the second checking information that second prompt message is indicated include
Differ, server determines that the first checking information and the second checking information are mismatched.
(4):If the first checking information and the matching of the second checking information, server determines logical to user's additional identification
Cross;If the first checking information and the second checking information are mismatched, server determines not pass through user's additional identification.
For second of implementation, this step can be realized by following steps (A) to (D), including:
(A):Server sends the 3rd checking information to first terminal, and the 3rd checking information is used to indicate second terminal to clothes
Business device sends the first specify information.
First specify information can be short message or wechat.And first specify information include the user identify and object run
Information.For example, when user wants to reset login password, object run information is replacement login password information;For another example, user is worked as
When wanting to pass through first terminal login service device, object run information is log-on message.
In embodiments of the present invention, when first designates the information as short message, the checking cost of malicious user can be increased.
(B):The 3rd checking information that first terminal the reception server is sent, shows the 3rd checking information.
User can be based on the 3rd checking information, and first specify information is sent to server by second terminal.
(C):Second terminal sends the 4th checking information to server.
(D):Server receives the 4th checking information that second terminal is sent, if the 4th checking information includes first finger
Determine information, then server determines to pass through user's additional identification;If the 4th checking information does not include first specify information,
Then server determines not pass through user's additional identification.
Step 304:If server is not passed through based on the first additional identification mode to user's additional identification, server base
Additional identification is carried out again to the user in the second additional identification mode, until additional identification by or current time before
The first failed validation number of times in 4th preset duration reaches the 3rd preset times, and the validation difficulty of the second additional identification mode can
With greater than, equal to or less than the first additional identification mode validation difficulty.And first additional identification mode and second additional test
Card mode is used to prevent automated procedures.
Second additional identification mode can also be to fill out picture validation code or indicate that first terminal sends second to server
Specify information etc..The corresponding picture number of second additional identification mode is greater than, equal to or less than the first additional identification mode pair
The picture number answered.The difficulty of second specify information greater than, equal to or less than the first specify information difficulty.
If based on the second additional identification mode to user's additional identification by when, perform step 305;If based on
Two additional identification modes are obstructed out-of-date to user's additional identification, the user carried out based on the second additional identification mode again attached
Plus checking, until first in the 4th preset duration before carrying out additional identification by or current time to the user is lost
Lose checking number of times and reach the 3rd preset times.
4th preset duration and the 3rd preset times can be configured and change as needed, in the embodiment of the present invention
In, the 4th preset duration and the 3rd preset times are not especially limited;For example, the 4th preset duration can be with half an hour or 1
Hour, the 3rd preset times can be 3 times or 5 times.First failed validation number of times can be secondary for the failed validation of additional identification
Number, or the failed validation number of times of authentication, can also include failed validation number of times and the authentication of additional identification
Failed validation number of times.
Step 305:Server additional identification by when, identified based on target verification mode and the user, to the user
Carry out authentication.
Target verification mode can be that short-message verification or mail are verified.When target verification mode is short-message verification, this
Step can be realized by following steps (1) to (4), including:
(1):Server is identified according to the user, and the second terminal reserved to the user identifies the second terminal indicated and sent
First identifying code.
Second terminal mark reserved during each user's registration is stored in server, second terminal mark can be for user's
Phone number;Accordingly, this step can be:
Server is identified according to the user, obtains the second terminal mark that the user reserves;Identified according to second terminal, to
The second terminal that second terminal mark is indicated sends the first identifying code.
(2):The first identifying code that second terminal the reception server is sent, shows the first identifying code.
User can be based on the first identifying code, and the second identifying code is sent to server by first terminal.
(3):Server receives the second identifying code, and the first identifying code in the 5th preset duration after current time
Identical with the second identifying code, server passes through to the subscriber authentication.If the 5th preset duration after current time
The second identifying code is inside not received by, or the first identifying code and the second identifying code are differed, server is tested the user identity
Card does not pass through.
5th preset duration can be configured and change as needed, in the disclosed embodiments, when default to the 5th
Length is not especially limited.For example, the 5th preset duration can be 60 seconds or 90 seconds.First identifying code and the second identifying code are
Short message verification code, and the first identifying code can include the character of default number of words, the character can be in numeral, letter or Chinese character
One or more.Default number of words can be configured and change as needed, in embodiments of the present invention, to presetting number of words
It is not especially limited.For example, default number of words can be 4 or 6 etc..
In embodiments of the present invention, if because user is malicious user, entered by the first additional identification mode to user
Row additional identification.If additional identification by when, ordinary circumstance can consider the user be automated procedures;If additional test
Card does not pass through, and continues through additional identification mode and is verified, until being verified or verifying that number of times reaches certain number of times.By
This is visible, and the embodiment of the present invention can reduce short-message verification cost, reduce economic loss.
When target verification mode is that mail is verified, this step can be realized by following steps (A) to (C), including:
(A):Server is identified according to the user, and the corresponding third terminal of email address reserved to the user sends the 5th
Checking information, wherein, the 5th checking information can connect or reset cryptographic chaining for Login chain.
(B):Third terminal receives the 5th checking information, shows the 5th checking information.
User can click on the link in the 5th checking information and send auth response to server to trigger third terminal.
(C):If server receives testing for third terminal transmission in the 11st preset duration after current time
Card response, server determines to pass through the subscriber authentication;If server is when the 11st after current time is default
The auth response of third terminal transmission is not received by long, server determines not pass through the subscriber authentication.
11st preset duration can be configured and change as needed, in embodiments of the present invention, pre- to the 11st
If duration is not especially limited;For example, the 11st preset duration can be 2 minutes or 5 minutes etc..
Further, if server does not pass through to the subscriber authentication, of user before current time is determined
The second failed validation number of times in six preset durations;If the second failed validation number of times is not more than the 4th preset times, again base
Identified in target verification mode and the user and authentication is carried out to user, namely perform step (1) or (A).If second
Failed validation number of times is more than the 4th preset times, performs step 303.
6th preset duration and the 4th preset times can be configured and change as needed, in the embodiment of the present invention
In, the 6th preset duration and the 4th preset times are not especially limited.For example, the 6th preset duration can be 1 day or half
My god.4th preset times can be 3 times or 5 times.
In order to further increase the time cost of malicious user, in this step, server is not passing through to user's checking
When, server, which can be set, to be forbidden retrying duration, this forbid retrying do not allow in duration the user carry out authentication request.
Accordingly, method also includes:
Server is not passed through based on the first additional identification mode to user's additional identification, or to subscriber authentication
It is obstructed out-of-date, determine threeth authentication failed number of times of the user in the 7th preset duration before current time;According to the 3rd
Failed validation number of times, determine the user forbid retry duration;If this forbid retrying in duration receive first terminal hair
The second checking request sent, ignores the second checking request, and second checking request carries user mark.Further, at this
When forbidding retrying duration arrival, based on the first additional identification mode, additional identification is carried out to the user.
Failed validation number of times is previously stored in server and forbids retrying the corresponding relation of duration;Accordingly, server root
According to the 3rd failed validation number of times, determine the user can be the step of forbidding retrying duration:
Server is obtained according to the 3rd failed validation number of times from failed validation number of times and in forbidding the corresponding relation for retrying duration
Take the user forbid retry duration.
Can be with Memory Reference duration in server, accordingly, server determines the use according to the 3rd failed validation number of times
Family the step of forbidding retrying duration can be:
Server is multiplied the 3rd failed validation number of times and the reference time length, obtain the user forbid retry duration.
7th preset duration can be configured and change as needed, in embodiments of the present invention, when default to the 7th
Length is not especially limited;For example, the 7th preset duration can be 1 hour or 2 hours etc..
Further, server is judged in the 12nd preset duration before current time before step 305 is performed
Receive the third time number for the checking request for carrying user mark;If third time number is more than the 5th preset times;Set and prohibit
Only retry duration.If third time number is not more than the 5th preset times, step 305 is performed.
12nd preset duration and the 5th preset times can be configured and change as needed, in present invention implementation
In example, the 12nd preset duration and the 5th preset times are all not especially limited;For example, the 12nd preset duration can be 1
Hour or half an hour;5th preset times can be that 5 times or 8 are inferior.
For example, with reference to Fig. 3-2, the first additional identifications mode topic is challenged to push.Server receives the first checking please
When asking, judge whether the user is malicious user according to the user profile.If the user is malicious user, challenge topic is pushed
Mesh;It is determined that whether challenge topic passes through;If passed through, follow-up process;If do not passed through, whether challenge number of times is default more than the 3rd
Number of times M;If it exceeds the 3rd preset times M, setting is forbidden retrying duration, when this is forbidden retrying duration and reached, continues to push
Challenge topic.
If the user is not malicious user, normal authentication code stream journey;Determine sending times whether more than the 5th default time
Number K;If sending times are more than the 5th preset times K, challenge topic is pushed;If sending times are not above the 5th default time
Number K, determines whether identifying code is correct;If correct, follow-up process is carried out;If incorrect, it is pre- whether identifying code inputs the 4th by mistake
If times N;If it is, pushing challenge topic;If not, carrying out follow-up process.
Further, to subscriber authentication by when, server performance objective operation.For example, when object run is
During register, server allows first terminal login service device.For another example, when object run is that Modify password is operated, service
Device receives the login password that first terminal is sent, and the user stored is identified into corresponding login password is revised as first terminal
The login password of transmission.
In embodiments of the present invention, when carrying out authentication to user, the use is first determined according to the user profile of user
Whether family is malicious user;If the user is malicious user, additional test is carried out to the user based on the first additional identification mode
Card, based on the first additional identification mode to user's additional identification by when, just based on target verification mode and the user
User is identified, and authentication is carried out to the user.Due to adding the first additional identification mode, therefore, malicious user is added
Checking cost, reduce the attack to server.
The embodiments of the invention provide a kind of authentication means, device application is in the server, above-mentioned for performing
The step of server in auth method is performed.Referring to Fig. 4, the device includes:
Receiving module 401, the first checking request for receiving first terminal transmission, first checking request, which is carried, to be used
The user profile at family and the target verification mode of user request, the user profile at least include user and identified;
Determining module 402, for according to the user profile, determining whether the user is malicious user;
Additional identification module 403, if being malicious user for the user, based on the first additional identification mode to described
User carries out additional identification, and the first additional identification mode is different with the target verification mode;
Authentication module 404, for passing through based on the first additional identification mode to user's additional identification
When, identified based on the target verification mode and the user, authentication is carried out to the user.
In a possible implementation, the determining module 402 is additionally operable to be identified according to the user, statistics the
Number, first number is to receive to carry testing for user's mark in the first preset duration before current time
Demonstrate,prove the number of times of request;If first number is more than the first preset times, it is malicious user to determine the user;And/or,
The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile,
Determine in malicious peer home banking with the presence or absence of first terminal mark;If existed in the malicious peer home banking described
First terminal is identified, and determines the user for malicious user, the end that storage malicious user is used in the malicious peer home banking
The terminal iidentification at end;And/or,
The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile,
Identified according to the first terminal, count second number, second number is the second preset duration before current time
Inside receive the number of times for the checking request that the first terminal is sent;If second number is more than the second preset times, really
The fixed user is malicious user;And/or,
The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile,
According to first terminal mark and user mark, counting user number, the number of users is before current time
The 3rd preset duration in by the first terminal send checking request number of users;If the number of users is more than pre-
If number, it is malicious user to determine the user.
In a possible implementation, the additional identification module 403 is additionally operable to send the to the first terminal
One checking information, and receive the second checking information that the first terminal is returned based on first checking information;If described
First checking information and second checking information matching, it is determined that additional to the user based on the first additional identification mode
It is verified.
In a possible implementation, the additional identification module 403 is additionally operable to additional test based on described first
Card mode is obstructed out-of-date to user's additional identification, carries out additional test again to the user based on the second additional identification mode
Card, until the first failed validation number of times in the 4th preset duration before additional identification is by or current time reaches the
Three preset times.
In a possible implementation, when the target verification mode is short-message verification, the authentication mould
Block 404, is additionally operable to be identified according to the user, and the second terminal reserved to the user identifies the second terminal indicated and sends the
One identifying code;If the second identifying code is received in the 5th preset duration after current time, and first identifying code
It is identical with second identifying code, the subscriber authentication is passed through;If the 5th preset duration after current time
Second identifying code is inside not received by, or first identifying code and second identifying code are differed, and are used described
Family authentication does not pass through.
In a possible implementation, the additional identification module 403, if being additionally operable to test the user identity
Card does not pass through, and determines second failed validation number of times of the user in the 6th preset duration before current time;
The authentication module 404, if being additionally operable to the second failed validation number of times is not more than the 4th preset times,
Identified according to the user, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information;
The additional identification module 403, if being additionally operable to the second failed validation number of times more than the described 4th default time
Number, additional identification is carried out based on the first additional identification mode to the user.
In a possible implementation, described device also includes:Ignore module;
The determining module 402, be additionally operable to based on the first additional identification mode to user's additional identification not
Pass through, or it is obstructed out-of-date to the subscriber authentication, determine seventh preset duration of the user before current time
The 3rd interior failed validation number of times;
The determining module 402, is additionally operable to according to the 3rd failed validation number of times, determine the user forbid retry
Duration;
It is described to ignore module, if be additionally operable to it is described forbid retrying receive that the first terminal sends in duration the
Two checking requests, ignore second checking request, and second checking request carries user's mark.
In embodiments of the present invention, when carrying out authentication to user, the use is first determined according to the user profile of user
Whether family is malicious user;If the user is malicious user, additional test is carried out to the user based on the first additional identification mode
Card, based on the first additional identification mode to user's additional identification by when, just based on target verification mode and the user
User is identified, and authentication is carried out to the user.Due to adding the first additional identification mode, therefore, malicious user is added
Checking cost, reduce the attack to server.
It should be noted that:The authentication means that above-described embodiment is provided are in authentication, only with above-mentioned each function
The division progress of module is for example, in practical application, as needed can distribute above-mentioned functions by different function moulds
Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of work(described above
Energy.In addition, the authentication means that above-described embodiment is provided belong to same design with auth method embodiment, it is specific real
Existing process refers to embodiment of the method, repeats no more here.
Fig. 5 is a kind of server for authentication according to an exemplary embodiment.Reference picture 5, server
500 include processing assembly 522, and it further comprises one or more processors, and as the memory representated by memory 532
Resource, for store can by the execution of processing assembly 522 instruction, such as application program.The application journey stored in memory 532
Sequence can include it is one or more each correspond to the module of one group of instruction.In addition, processing assembly 522 is configured as
Function in execute instruction, the method to perform said extracted label information performed by server.
Server 500 can also include the power management that a power supply module 526 is configured as execute server 500, one
Individual wired or wireless network interface 550 is configured as server 500 being connected to network, and input and output (I/O) interface
558.Server 500 can be operated based on the operating system for being stored in memory 532, such as Windows ServerTM, Mac OS
XTM, UnixTM,LinuxTM, FreeBSDTMOr it is similar.
The embodiment of the present invention additionally provides a kind of computer-readable recording medium, and the computer-readable recording medium can be
The computer-readable recording medium included in memory in above-described embodiment;It can also be individualism, be taken without supplying
The computer-readable recording medium being engaged in device.The computer-readable recording medium storage has one or more than one program, should
The method that one or more than one program are used for performing extraction label information by one or more than one processor.
Term " first ", " second " are only used for describing purpose, and it is not intended that indicating or implying relative importance or hidden
Quantity containing indicated technical characteristic.Thus, the feature of " first ", " second " of restriction can express or implicitly include one
Individual or more this feature.In the description of the invention, unless otherwise indicated, " multiple " be meant that two or two with
On.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can be by hardware
To complete, the hardware of correlation can also be instructed to complete by program, described program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included in the scope of the protection.
Claims (14)
1. a kind of auth method, it is characterised in that methods described includes:
The first checking request that first terminal is sent is received, first checking request carries the user profile and the use of user
The target verification mode of family request, the user profile at least includes user and identified;
Whether according to the user profile, it is malicious user to determine the user;
If the user is malicious user, additional identification, described the are carried out to the user based on the first additional identification mode
One additional identification mode is different with the target verification mode;
Based on the first additional identification mode to user's additional identification by when, based on the target verification mode and
User's mark, authentication is carried out to the user.
2. according to the method described in claim 1, it is characterised in that described according to the user profile, determine that the user is
No is malicious user, including:
Identified according to the user, count first number, first number is the first preset duration before current time
Inside receive the number of times for the checking request for carrying user's mark;If first number is more than the first preset times, really
The fixed user is malicious user;And/or,
When the user profile also first terminal including the first terminal is identified, determine whether deposited in malicious peer home banking
In first terminal mark;If there is the first terminal mark in the malicious peer home banking, the user is determined
For malicious user, the terminal iidentification for the terminal that storage malicious user is used in the malicious peer home banking;And/or,
When the user profile also first terminal including the first terminal is identified, identified according to the first terminal, statistics
Second number, second number is to receive what the first terminal was sent in the second preset duration before current time
The number of times of checking request;If second number is more than the second preset times, it is malicious user to determine the user;And/or,
When the user profile also first terminal including the first terminal is identified, identified according to the first terminal and described
User identifies, counting user number, and the number of users is by described the in the 3rd preset duration before current time
One terminal sends the number of users of checking request;If the number of users is more than preset number, it is malice to determine the user
User.
3. according to the method described in claim 1, it is characterised in that the first additional identification mode that is based on is entered to the user
Row additional identification, including:
The first checking information is sent to the first terminal, and receives the first terminal and is returned based on first checking information
The second checking information;
If first checking information and second checking information matching, it is determined that based on the first additional identification mode pair
User's additional identification passes through.
4. according to the method described in claim 1, it is characterised in that methods described also includes:
Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification mode
Additional identification is carried out again to the user, until in the 4th preset duration before additional identification is by or current time
The first failed validation number of times reach the 3rd preset times.
5. according to the method described in claim 1, it is characterised in that described when the target verification mode is short-message verification
Identified based on the target verification mode and the user, authentication is carried out to the user, including:
Identified according to the user, the second terminal reserved to the user identifies the second terminal indicated and sends the first checking
Code;
If the second identifying code is received in the 5th preset duration after current time, and first identifying code and described
Second identifying code is identical, and the subscriber authentication is passed through;
If second identifying code were not received by the 5th preset duration after current time, or described first would test
Card code and second identifying code are differed, and the subscriber authentication is not passed through.
6. method according to claim 5, it is characterised in that methods described also includes:
If do not passed through to the subscriber authentication, determine the user in the 6th preset duration before current time
Second failed validation number of times;
If the second failed validation number of times is not more than the 4th preset times, execution is described to be identified according to the user, to institute
The step of terminal for stating the second terminal mark instruction that user reserves sends three checking informations;
If the second failed validation number of times is more than the 4th preset times, perform described based on the first additional identification mode
The step of additional identification is carried out to the user.
7. according to any described methods of claim 1-6, it is characterised in that methods described also includes:
User's additional identification is not passed through based on the first additional identification mode, or to the subscriber authentication
It is obstructed out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time;
According to the 3rd failed validation number of times, determine the user forbid retry duration;
If it is described forbid retrying the second checking request that the first terminal is sent is received in duration, ignore described second
Checking request, second checking request carries user's mark.
8. a kind of authentication means, it is characterised in that described device includes:
Receiving module, the first checking request for receiving first terminal transmission, first checking request carries the use of user
Family information and the target verification mode of user request, the user profile at least include user and identified;
Determining module, for according to the user profile, determining whether the user is malicious user;
Additional identification module, if being malicious user for the user, is entered based on the first additional identification mode to the user
Row additional identification, the first additional identification mode is different with the target verification mode;
Authentication module, for based on the first additional identification mode to user's additional identification by when, be based on
The target verification mode and user mark, authentication is carried out to the user.
9. device according to claim 8, it is characterised in that
The determining module, is additionally operable to be identified according to the user, counts first number, and first number is in current time
The number of times for the checking request for carrying user's mark is received in the first preset duration before;If first number is big
In the first preset times, it is malicious user to determine the user;And/or,
The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, it is determined that disliking
With the presence or absence of first terminal mark in meaning terminal iidentification storehouse;If having described first in the malicious peer home banking eventually
End mark, determines the user for malicious user, the end for the terminal that storage malicious user is used in the malicious peer home banking
End mark;And/or,
The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, according to institute
First terminal mark is stated, second number is counted, second number is to be received in the second preset duration before current time
The number of times of the checking request sent to the first terminal;If second number is more than the second preset times, it is determined that described
User is malicious user;And/or,
The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, according to institute
First terminal mark and user mark are stated, counting user number, the number of users is the 3 before current time
The number of users of checking request is sent in preset duration by the first terminal;If the number of users is more than present count
Mesh, it is malicious user to determine the user.
10. device according to claim 8, it is characterised in that
The additional identification module, is additionally operable to send the first checking information to the first terminal, and receive the first terminal
The second checking information returned based on first checking information;If first checking information and second checking information
Matching, it is determined that being passed through based on the first additional identification mode to user's additional identification.
11. device according to claim 8, it is characterised in that
The additional identification module, is additionally operable to not pass through user's additional identification based on the first additional identification mode
When, additional identification is carried out based on the second additional identification mode again to the user, until additional identification is by or current
The first failed validation number of times in the 4th preset duration before time reaches the 3rd preset times.
12. device according to claim 8, it is characterised in that described when the target verification mode is short-message verification
Authentication module, is additionally operable to be identified according to the user, the second terminal reserved to the user identifies second indicated eventually
End sends the first identifying code;If the second identifying code is received in the 5th preset duration after current time, and described
One identifying code is identical with second identifying code, and the subscriber authentication is passed through;If the after current time the 5th
Second identifying code is not received by preset duration, or first identifying code and second identifying code are differed,
The subscriber authentication is not passed through.
13. device according to claim 12, it is characterised in that
The additional identification module, if being additionally operable to not pass through the subscriber authentication, determines the user when current
Between before the 6th preset duration in the second failed validation number of times;
The authentication module, if being additionally operable to the second failed validation number of times is not more than the 4th preset times, according to institute
User's mark is stated, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information;
The additional identification module, if being additionally operable to the second failed validation number of times more than the 4th preset times, is based on
First additional identification mode carries out additional identification to the user.
14. according to any described devices of claim 8-13, it is characterised in that described device also includes:Ignore module;
The determining module, is additionally operable to not pass through user's additional identification based on the first additional identification mode, or
Person is obstructed to the subscriber authentication out-of-date, determines the 3rd of the user in the 7th preset duration before current time
Failed validation number of times;
The determining module, is additionally operable to according to the 3rd failed validation number of times, determine the user forbid retry duration;
It is described to ignore module, if being additionally operable to forbid retrying second testing of receiving that the first terminal sends in duration described
Card request, ignores second checking request, and second checking request carries user's mark.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710465761.8A CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710465761.8A CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241336A true CN107241336A (en) | 2017-10-10 |
CN107241336B CN107241336B (en) | 2020-05-19 |
Family
ID=59986411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710465761.8A Active CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107241336B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107749844A (en) * | 2017-10-16 | 2018-03-02 | 维沃移动通信有限公司 | Auth method and mobile terminal |
CN108171024A (en) * | 2017-11-28 | 2018-06-15 | 苏州市东皓计算机***工程有限公司 | A kind of encryption method of computer system |
CN108183924A (en) * | 2018-03-01 | 2018-06-19 | 深圳市买买提信息科技有限公司 | A kind of login validation method and terminal device |
CN108810831A (en) * | 2018-04-17 | 2018-11-13 | 平安科技(深圳)有限公司 | Method for pushing, electronic device and the readable storage medium storing program for executing of short message verification code |
CN108900525A (en) * | 2018-07-19 | 2018-11-27 | 中国联合网络通信集团有限公司 | The processing method and device of identifying code request |
CN109121100A (en) * | 2018-09-27 | 2019-01-01 | 沈文策 | A kind of short message communication control method and device |
CN110839217A (en) * | 2019-10-24 | 2020-02-25 | 深圳市梦网科技发展有限公司 | Addressing method, device, server and medium for mobile terminal |
CN113852630A (en) * | 2021-09-24 | 2021-12-28 | 广东睿住智能科技有限公司 | Data transmission method, data transmission device, server and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102347929A (en) * | 2010-07-28 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Verification method of user identity and apparatus thereof |
CN104125062A (en) * | 2013-04-26 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Login method, device, login authentication device, server, terminals and system |
CN104518876A (en) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Service login method and device |
CN104917740A (en) * | 2014-03-14 | 2015-09-16 | ***通信集团广东有限公司 | Password resetting method and password verifying method and device |
CN105323253A (en) * | 2015-11-17 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
CN105656898A (en) * | 2016-01-07 | 2016-06-08 | 广西英腾教育科技股份有限公司 | Multi-dimensional information based activation code data processing system and method |
-
2017
- 2017-06-19 CN CN201710465761.8A patent/CN107241336B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102347929A (en) * | 2010-07-28 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Verification method of user identity and apparatus thereof |
CN104125062A (en) * | 2013-04-26 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Login method, device, login authentication device, server, terminals and system |
CN104518876A (en) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Service login method and device |
CN104917740A (en) * | 2014-03-14 | 2015-09-16 | ***通信集团广东有限公司 | Password resetting method and password verifying method and device |
CN105323253A (en) * | 2015-11-17 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
CN105656898A (en) * | 2016-01-07 | 2016-06-08 | 广西英腾教育科技股份有限公司 | Multi-dimensional information based activation code data processing system and method |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107749844A (en) * | 2017-10-16 | 2018-03-02 | 维沃移动通信有限公司 | Auth method and mobile terminal |
CN108171024A (en) * | 2017-11-28 | 2018-06-15 | 苏州市东皓计算机***工程有限公司 | A kind of encryption method of computer system |
CN108183924A (en) * | 2018-03-01 | 2018-06-19 | 深圳市买买提信息科技有限公司 | A kind of login validation method and terminal device |
CN108810831A (en) * | 2018-04-17 | 2018-11-13 | 平安科技(深圳)有限公司 | Method for pushing, electronic device and the readable storage medium storing program for executing of short message verification code |
CN108810831B (en) * | 2018-04-17 | 2020-03-10 | 平安科技(深圳)有限公司 | Short message verification code pushing method, electronic device and readable storage medium |
CN108900525A (en) * | 2018-07-19 | 2018-11-27 | 中国联合网络通信集团有限公司 | The processing method and device of identifying code request |
CN109121100A (en) * | 2018-09-27 | 2019-01-01 | 沈文策 | A kind of short message communication control method and device |
CN110839217A (en) * | 2019-10-24 | 2020-02-25 | 深圳市梦网科技发展有限公司 | Addressing method, device, server and medium for mobile terminal |
CN110839217B (en) * | 2019-10-24 | 2022-03-11 | 深圳市梦网科技发展有限公司 | Addressing method, device, server and medium for mobile terminal |
CN113852630A (en) * | 2021-09-24 | 2021-12-28 | 广东睿住智能科技有限公司 | Data transmission method, data transmission device, server and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107241336B (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107241336A (en) | Auth method and device | |
US8255983B2 (en) | Method and apparatus for email communication | |
US20170149772A1 (en) | Identity authentication method, system, business server and authentication server | |
US9705893B2 (en) | Mobile human challenge-response test | |
CN104092542B (en) | A kind of account login method, Apparatus and system | |
CN104967997B (en) | A kind of Wi-Fi cut-in method, Wi-Fi equipment, terminal device and system | |
US8646051B2 (en) | Automated password reset via an interactive voice response system | |
US7353394B2 (en) | System and method for digital signature authentication of SMS messages | |
CN112735050B (en) | Cabinet opening processing method, device and system based on intelligent cabinet | |
CN106790267A (en) | A kind of method and apparatus of access server operating system | |
US9049596B1 (en) | Prevention of fraud in mobile SIM reissuing via knowledge based authentication | |
US9092599B1 (en) | Managing knowledge-based authentication systems | |
CN101808094A (en) | Identity authentication system and method | |
US9918223B2 (en) | Fingerprint based communication terminal and method, server and method thereof | |
CN106790199B (en) | Verification code processing method and device | |
CN105337739B (en) | Safe login method, device, server and terminal | |
CN106230702A (en) | Identity information verification method, Apparatus and system | |
CN109981677A (en) | A kind of credit management method and device | |
CN109040056B (en) | User verification method based on server | |
CN105812138B (en) | Processing method, device, user terminal and the login system of login | |
CN108235310A (en) | Method, server and the system of identification camouflage telephone number | |
CN106899613B (en) | The method that enhancing differential service broadcasts safety | |
CN109474626A (en) | A kind of method for network authorization and device based on SNS | |
CN109246707A (en) | A kind of communication authentication method, equipment and storage medium | |
CN110493785A (en) | A kind of login method of mobile client, SIM card and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211126 Address after: 31a, 15 / F, building 30, maple mall, bangrang Road, Brazil, Singapore Patentee after: Baiguoyuan Technology (Singapore) Co.,Ltd. Address before: 511442 room 2705, 27 / F, building B-1, Wanda Plaza North, Wanbo business district, 79 Wanbo 2nd Road, Nancun Town, Panyu District, Guangzhou City, Guangdong Province Patentee before: GUANGZHOU BAIGUOYUAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right |