CN108462704B - Login validation method, device, computer equipment and storage medium - Google Patents
Login validation method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108462704B CN108462704B CN201810163982.4A CN201810163982A CN108462704B CN 108462704 B CN108462704 B CN 108462704B CN 201810163982 A CN201810163982 A CN 201810163982A CN 108462704 B CN108462704 B CN 108462704B
- Authority
- CN
- China
- Prior art keywords
- login
- authentication
- historical log
- client
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of login validation method, device, computer equipment and storage mediums, wherein the login validation method includes: the authentication request for obtaining client and sending, and authentication request includes identity characteristic information and terminal identification information;If identity characteristic information does not pass through authentication, historical log number corresponding with identity characteristic information and terminal identification information is obtained;If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.In this method, when identity characteristic information and the corresponding historical log number of terminal identification information reach certification frequency threshold value, the second verification mode is pushed to client, good user experience can be obtained to verify user in a manner of through another authentication, client brute force attack crack servers are prevented to reach, log in safety to achieve the purpose that ensure.
Description
Technical field
The present invention relates to authentication field more particularly to a kind of login validation method, device, computer equipment and storages
Medium.
Background technique
It is realized currently, establishing secure connection between client and server generally by client input login password
, there are security risks for such authentication mode.If malicious client takes Brute Force login password to server, have
Server may be invaded, to cause information leakage.
The malicious attack of client in order to prevent, server are needed in user login services device, and setting prevents client
The measure of malicious attack, but these measures need user to input much information login progress safety verification, so that user experience is poor,
Particularly with the mobile terminal that information input is more inconvenient.
Summary of the invention
The embodiment of the present invention provides a kind of login validation method, device, computer equipment and storage medium, current to solve
User avoids the problem that malicious attack leads to information leakage when logging in.
In a first aspect, the embodiment of the present invention provides a kind of login validation method, comprising:
The authentication request that client is sent is obtained, authentication request includes identity characteristic information and terminal recognition letter
Breath;
If identity characteristic information does not pass through authentication, obtain corresponding with identity characteristic information and terminal identification information
Historical log number;
If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;
The secondary checking request that client is inputted based on the second verification mode is obtained, and is stepped on based on secondary checking request
Record verifying.
Second aspect, the embodiment of the present invention provide a kind of login authentication device, comprising:
Authentication request module is obtained, for obtaining the authentication request of client transmission, authentication request packet
Include identity characteristic information and terminal identification information;
Historical log number module is obtained, if not passing through authentication for identity characteristic information, is obtained special with identity
Reference ceases historical log number corresponding with terminal identification information;
The second verification mode module is pushed, if reaching certification frequency threshold value for historical log number, push second is tested
Card mode is to client;
Progress login authentication module, the secondary checking request inputted for obtaining client based on the second verification mode, and
Login authentication is carried out based on secondary checking request.
Third aspect present invention provides a kind of computer equipment, including memory, processor and is stored in the storage
In device and the computer program that can run on the processor, the processor are realized when executing the computer program such as this
The step of inventing the login validation method.
Fourth aspect present invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has
The step of computer program, the computer program realizes login validation method as described herein when being executed by processor.
Login validation method, device, computer equipment and storage medium provided in an embodiment of the present invention, by obtaining simultaneously
Historical log number corresponding with identity characteristic information and terminal identification information truer comprehensively can determine to come from client
The malicious attack at end;When identity characteristic information and terminal identification information historical log number reach certification frequency threshold value, push the
Two verification modes verify user in a manner of through another authentication, prevent client to reach to client
Brute force attack crack servers log in safety to achieve the purpose that ensure.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without any creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is a flow chart of login validation method in the embodiment of the present invention 1.
Fig. 2 is another specific flow chart of login validation method in the embodiment of the present invention 1.
Fig. 3 is another specific flow chart of login validation method in the embodiment of the present invention 1.
Fig. 4 is another specific flow chart of login validation method in the embodiment of the present invention 1.
Fig. 5 is a functional block diagram of login authentication device in the embodiment of the present invention 2.
Fig. 6 is a schematic diagram of computer equipment in the embodiment of the present invention 4.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
Embodiment 1
Fig. 1 shows the flow chart of login validation method in the present embodiment.The present embodiment, which is applied, is carrying out letter by internet
Between the client and server for ceasing interaction, wherein client includes but is not limited to browser and software login-port.This implementation
Client in example is preferably this mobile terminal of smart phone.Server is to receive the request of client and based on the request
Distribute the management end of application service.Following login validation method is using server as executing subject.As shown in Figure 1, the login authentication
Method includes the following steps:
S10. the authentication request that client is sent is obtained, authentication request includes that identity characteristic information and terminal are known
Other information.
Specifically, authentication request is that client is initiated when needing to connect server to server, for carrying out body
The request of part verifying.Authentication request includes identity characteristic information and terminal identification information, so that server is based on therein
Identity characteristic information and terminal identification information verify identity, to determine that can the client establish secure connection with server.
Identity characteristic information is available to information of the server to identify user identity.Terminal identification information is available to
The environmental information of the client for identification of server.
Specifically, server can first be based on the identity characteristic after the authentication request for receiving client transmission
Information carries out authentication, if identity characteristic information passes through authentication, i.e. execution step S50;If identity characteristic information is not led to
Authentication is crossed, S20 is thened follow the steps.The method of authentication has very much, includes but is not limited in the present embodiment: based on shared
The authentication of key, the authentication based on biological property and authentication based on public key encryption algorithm etc..This
Step first passes through authentication request and carries out first time verifying to the identity of user, preliminary to ensure that server and client side establishes company
The safety connect.
If S20. identity characteristic information does not pass through authentication, obtain and identity characteristic information and terminal identification information phase
Corresponding historical log number.
Specifically, historical log number is specific spy in the characteristic item for indicate identity characteristic information and terminal identification information
Levy number most in the number of item login service device.For example, the characteristic item of identity characteristic information includes but is not limited to register ID,
The characteristic item of terminal identification information includes but is not limited to device id and logs in IP, and registers ID, device id and log in IP three,
The highest number of login service device number is exactly historical log number.Wherein, it was registered when registration ID is user login services device
Can unique identification user identity information, such as user name, cell-phone number and identification card number etc..Device id is stepped on for client
The unique production equipment number in the whole world of the hardware of record, for example, mobile phone device id be mobile phone production sequence number, desktop computer sets
Standby ID can be the MAC Address etc. of network interface card.Log in the address or privately owned of used public network distribution when IP is client online
IP address.
Further, going through for user login services device is investigated by two aspects of identity characteristic information and terminal identification information
History login times, the case where can be more comprehensive and truly investigate user login services device.For example, if using the same registration
ID, when by different smart phone repeat logon servers, the login times of the registration ID recognized are most, it is thus determined that being
Historical log number.Alternatively, if when same smart phone uses different registration ID repeat logon servers, the equipment that recognizes
The login times of ID are most, it is thus determined that being historical log number.Or if different intelligent mobile phone is corresponding in different login IP
Network under use different registration ID repeat logon servers when, recognize login IP login times maximum, it is thus determined that
For historical log number.Therefore, its corresponding history is determined by the different situations of identity characteristic information and terminal identification information
Login times, the case where being beneficial to prevent malicious client attack server to a certain extent appearance, to avoid information leakage,
To ensure information security.
The historical log number referred in the present embodiment can be the note within a preset period of time being recorded in server
The most login times of number are determined as historical log number by volume ID, device id login times corresponding with IP is logged in.
If S30. historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.
Wherein, certification frequency threshold value is that the historical log number of identity characteristic information and terminal identification information can log in clothes
The maximum login times of business device.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server is not
Receive same type of authentication request again, then takes the second authentication mode.
Specifically, the second verification mode includes but is not limited to: sliding block, picture mosaic, letter and number etc., with artificial subjective sense
The verification mode received.
The mode of authentication is forced to be switched to the second authentication mode with artificial subjective feeling, can effectively be determined
The authenticity of client prevents client from invading server by the malicious way of Brute Force.
S40. obtain the secondary checking request that input based on the second verification mode of client, and be based on secondary checking request into
Row login authentication.
Specifically, secondary checking request is the checking request that client is directed to that the second verification mode gives a response.
Server verifies the secondary checking request that client is sent, for example, if client is directed to graphical verification code
In text send back to the secondary checking request with text, server determines the correctness of the text, to complete login authentication.This
In embodiment, server is tested by log in the second checking request fed back based on the second authentication mode that client is sent
Card, can avoid passing through Brute Force machine make client to server initiate malicious attack so that server be cracked into
And lead to information leakage.
Preferably, after step slo, i.e., after the step of obtaining the authentication request that client is sent, this is stepped on
Recording verification method further includes following steps:
If S50. identity characteristic information is established safety with client and is connected by authentication by authentication request
It connects.
It is to be appreciated that illustrating that server can lead to when the authentication request that server authentication is sent by client
The safety of the identity characteristic information of the stored validation of information client of database is crossed, and then safety can be established with client
Connection.By this step, secure connection is had been established in client and server, and server offer is further obtained convenient for client
Specific business information.
Preferably, after step S20, that is, history corresponding with identity characteristic information and terminal identification information is being obtained
After the step of login times, the method for the login authentication further includes following steps:
If S60. historical log number not up to authenticates frequency threshold value, prompts client to retransmit authentication and ask
It asks.
Specifically, certification frequency threshold value is that the historical log number of identity characteristic information and terminal identification information can log in
The maximum login times of server.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server
No longer receive same type authentication request, then takes other authentication modes.
Further, historical log number does not reach the cognition frequency threshold value of server formulation, illustrates that server may be used also
To receive the same type of authentication request of client transmission again, enhance server to the flexible of client certificate
Property.Login validation method provided in an embodiment of the present invention, by obtaining and identity characteristic information and terminal identification information phase simultaneously
Corresponding historical log number more really can comprehensively determine the malicious attack from client;When historical log number reaches
To certification frequency threshold value when, push the second verification mode to client, in a manner of through another authentication to user into
Row verifying, prevents client brute force attack crack servers to reach, and logs in safety to achieve the purpose that ensure, and can obtain
Good user experience is obtained, especially for the mobile terminal user that information input is more inconvenient.
In a specific embodiment, identity characteristic information includes registration ID, and terminal identification information includes device id and steps on
IP is recorded, as shown in Fig. 2, obtaining historical log corresponding with identity characteristic information and terminal identification information in step S20
Number specifically comprises the following steps:
S21. the historical log data in preset time period are counted, are obtained respectively and registration ID, device id or login IP phase
Corresponding first login times, the second login times and third login times.
Wherein, historical log data are to register ID, device id and the phase for logging in IP login service device within a preset period of time
Close data, including respective login times, login time etc..All historical log data, each history is stored in advance in server
Logon data be corresponding with registration ID, device id and log in IP, also with its login time associated storage.It is to be appreciated that first steps on
Record number refers to that the number of registration ID login service device within a preset period of time, the second login times refer to device id when default
Between in section login service device number, third login times are the numbers for logging in IP login service device within a preset period of time.This
Preset time period in embodiment can be falls since the time or current time in system for getting the authentication request
The a period of time moved back can be set to 1 day or 1 week.
S22. maximum value is chosen from the first login times, the second login times and third login times as historical log
Number.
For example, registration ID, device id or corresponding first login times of login IP, the second login times and third login time
Number be respectively 3,5 and 8, then historical log number be the corresponding third login times of historical log number, i.e., 8 times.
In order to which the client to login service device accomplishes all-around defense, need to investigate client login service from three angles
The case where device.As shown in this example, corresponding first login times of registration ID only have 3 times, and the login IP that login IP is used
It has been be used 8 times that, the corresponding third login times of login IP are determined as historical log number due to safety concerns, so as to
In the Prevention-Security to server is better achieved.The situation that accessing server by customer end is investigated by multi-angle, can be more
Information security that is comprehensive and being effectively protected in server.
Preferably, after step s 22, i.e., from the first login times, the second login times and third login times
After choosing the step of maximum value is as historical log number, the login validation method further include:
If S23. historical log number not up to authenticates frequency threshold value, make the first login times, the second login times and the
The corresponding number of three login times adds 1, and updates historical log number.
It is to be appreciated that server is connected to the authentication request namely the corresponding note of client of this client transmission
Volume ID, device id and login IP are logged in once again, should be logged in corresponding first login times, the second login times and third secondary
Number plus 1, while updating corresponding historical log number.
For example, if certification frequency threshold value is 5, the history after authentication request three times is received the following are server
The record form of login times:
Register ID | Device id | Log in IP | |
Authentication request 1 | 0 | 1 | 1 |
Authentication request 2 | 1 | 1 | 0 |
Authentication request 3 | 0 | 1 | 1 |
Register ID | Device id | Log in IP | Historical log number |
1 | 3 | 2 | 3 |
At this point, historical log number is 3, frequency threshold value 5 is not up to authenticated.Therefore, when server receives four identity
The record form of historical log number after checking request changes are as follows:
Register ID | Device id | Log in IP | |
Authentication request 1 | 0 | 1 | 1 |
Authentication request 2 | 1 | 1 | 0 |
Authentication request 3 | 0 | 1 | 1 |
Authentication request 4 | 1 | 1 | 1 |
Register ID | Device id | Log in IP | Historical log number |
2 | 4 | 3 | 4 |
For the client of all-around defense login service device, history of the present embodiment from registration ID, device id and login IP
The case where logon data is set out, integrated survey accessing server by customer end more comprehensively and can be effectively protected server.And
And timely updated historical log number according to the authentication request of accessing server by customer end, keep the true of server data
Real validity.
In a specific embodiment, as shown in figure 3, before step S21, i.e., the history in statistics preset time period is stepped on
Before the step of recording data, login validation method further includes following steps:
S70. the historical log data stored in the form of KEY-VALUE in REDIS database are counted, ID, equipment will be registered
ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding
VALUE。
Specifically, the present embodiment uses REDIS database purchase historical log data.REDIS is one high performance
KEY-VALUE database plays good supplementary function to relational database.The type of REDIS intermediate value is not limited only to character string,
Also support following abstract data type: character string list, unordered unduplicated string assemble, orderly unduplicated character trail
Closing key, value all is the Hash table of character string.The type of value determines the operation that value itself is supported.REDIS supports that difference is unordered, has
The list of sequence, the advanced server end atomic operations such as intersection, union between unordered, orderly set.
The historical log data stored in the form of KEY-VALUE in the present embodiment, EDIS database by registration ID, are set
Standby ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding
VALUE, as shown in the table.
Register ID | First login times |
X1 | 5 |
Device id | Second login times |
00-01-6C-06-A6-29 | 6 |
Log in IP | Third login times |
183.53.240.209 | 9 |
In this implementation, the registration ID being related in authentication request, device id are stored by KEY-VALUE form and stepped on
The historical log data of IP are recorded, it is concise, obtain corresponding log-on message in time conducive to server.
S80. the historical log data between current time in system and preset time period are obtained, are inquired using KEY-VALUE
Mode obtains the first login times corresponding with registration ID, device id or login IP, the second login times and third respectively and steps on
Record number.
Specifically, preset time period is the specified refresh data of server, by the period in relation to zeros data.In order to protect
The timeliness of authentication request is held, server specifies preset time period to be zeroed out processing to the data of database purchase.In
In the present embodiment, the corresponding data of KEY can be arranged to preset time end, such as 24 hours, then every 24 hours by the number in KEY
It is handled according to being zeroed out.
It is to be appreciated that registration ID, device id or login IP that server is stored according to KEY key, can directly acquire opposite
The VALUE: the first login times, the second login times and the corresponding specific value of third login times that should be stored, it is simple and fast.
The present embodiment stores the registration being related in authentication request by REDIS database in the form of KEY-VALUE
ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And
And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.
In a specific embodiment, identity characteristic information includes registration ID and customer authentication code, as shown in figure 4, step
In S20, even identity characteristic information does not pass through authentication, specifically comprises the following steps:
S24. based on registration ID, corresponding server authentication code is obtained.
Specifically, registration ID when being user login services device it is registered can unique identification user identity information, such as
User name, cell-phone number and identification card number etc..
Server authentication code includes but is not limited to: save in the server with the corresponding log-in password of registration ID or
Identifying code etc..
Server can be used for the customer authentication code sent to client by the storage registration corresponding server authentication code of ID
It compares, to determine the authenticity of the corresponding identity of client, so that it is guaranteed that server and client side establishes the peace of connection
Quan Xing.
If S25. authentication server identifying code and the matching of customer authentication code are inconsistent, identity characteristic information, which does not pass through, to be tested
Card.
It is to be appreciated that server not can determine that visitor if authentication server identifying code and the matching of customer authentication code are inconsistent
The authenticity at family end needs client to do further or re-start authentication namely this identity characteristic information is not led to
Cross verifying.
The authenticity of client, simple and fast, reliability are verified in the present embodiment by registration ID and server identifying code
It is high.
Login validation method provided in an embodiment of the present invention is believed by obtaining simultaneously with identity characteristic information and terminal recognition
The corresponding historical log number of manner of breathing more really can comprehensively determine the malicious attack from client;Only work as history
Login times reach certification frequency threshold value, just push the second verification mode to client, can obtain good user experience, especially
It is the mobile terminal user more inconvenient for information input.
For the client of all-around defense login service device, the present embodiment also investigates client from multi-angle comprehensive and logs in clothes
The case where business device, more comprehensively and can be effectively protected server.Also, according to the authentication of accessing server by customer end
The historical log number that timely updates is requested, the real effectiveness of server data is kept.
The present embodiment stores the registration being related in authentication request by REDIS database in the form of KEY-VALUE
ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And
And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Embodiment 2
Fig. 5 shows the functional block diagram with the one-to-one login authentication device of login validation method in embodiment 1.Such as Fig. 5
Shown, which includes obtaining authentication request module 10, obtains historical log number module 20, push second
Verification mode module 30 and progress login authentication module 40.Wherein, authentication request module 10 is obtained, historical log time is obtained
Digital-to-analogue block 20 pushes the realization function of the second verification mode module 30 and progress login authentication module 40 and logs in embodiment and tests
The corresponding step of card method corresponds, and to avoid repeating, the present embodiment is not described in detail one by one.
Authentication request module 10 is obtained, for obtaining the authentication request of client transmission, authentication request
Including identity characteristic information and terminal identification information.
Historical log number module 20 is obtained, if not passing through authentication, acquisition and identity for identity characteristic information
Characteristic information and the corresponding historical log number of terminal identification information.
It pushes the second verification mode module 30 and pushes second if reaching certification frequency threshold value for historical log number
Verification mode is to client.
Progress login authentication module 40, the secondary checking request inputted for obtaining client based on the second verification mode,
And login authentication is carried out based on secondary checking request.
Preferably, login authentication device further includes establishing secure connection module 50.
Secure connection module 50 is established, if passing through authentication request by authentication for identity characteristic information,
Secure connection is established with client.
Preferably, login authentication device further includes retransmitting authentication request module 60.
Authentication request module 60 is retransmitted, if not up to authenticating frequency threshold value for historical log number, is mentioned
Show that client retransmits authentication request.
Preferably, identity characteristic information includes registration ID, and terminal identification information includes device id and login IP.
Obtaining historical log number module 20 further includes statistical history logon data unit 21 and selection historical log number
Unit 22.
Statistical history logon data unit 21, for counting the historical log data in preset time period, respectively obtain with
It registers ID, device id or logs in corresponding first login times of IP, the second login times and third login times.
Historical log time counting unit 22 is chosen, is used for from the first login times, the second login times and third login times
Middle selection maximum value is as historical log number.
Preferably, obtaining historical log number module 20 further includes updating historical log time counting unit 23.
Update historical log time counting unit 23 makes first to step on if not up to authenticating frequency threshold value for historical log number
Record number, the second login times and the corresponding number of third login times add 1, and update historical log number.
Preferably, login authentication device further includes statistical history logon data module 70 and acquisition historical log data module
80。
Statistical history logon data module 70, for counting the history stored in the form of KEY-VALUE in REDIS database
Logon data using registration ID, device id and logs in IP as KEY, the first login times, the second login times and third is logged in
Number is respectively as corresponding VALUE.
Historical log data module 80 is obtained, for obtaining the historical log between current time in system and preset time period
Data obtain the first login time corresponding with registration ID, device id or login IP using KEY-VALUE inquiry mode respectively
Number, the second login times and third login times.
Preferably, identity characteristic information includes registration ID and customer authentication code.
Obtaining historical log number module 20 further includes obtaining server authentication code unit 24 and unverified unit 25.
Server authentication code unit 24 is obtained, for obtaining corresponding server authentication code based on registration ID.
Unverified unit 25, if matching inconsistent, identity for authentication server identifying code and customer authentication code
Characteristic information is unverified.
Embodiment 3
The present embodiment provides a computer readable storage medium, computer journey is stored on the computer readable storage medium
Sequence realizes login validation method in embodiment 1 when the computer program is executed by processor, no longer superfluous here to avoid repeating
It states.Alternatively, realizing the function of each module/unit in login authentication device in embodiment 2 when the computer program is executed by processor
Can, to avoid repeating, which is not described herein again.
It is to be appreciated that the computer readable storage medium may include: that can carry the computer program code
Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer storage, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal and telecommunications letter
Number etc..
Embodiment 4
Fig. 6 is the schematic diagram for the computer equipment that one embodiment of the invention provides.As shown in fig. 6, the calculating of the embodiment
Machine equipment 90 includes: processor 91, memory 92 and is stored in the calculating that can be run in memory 92 and on processor 91
Machine program 93.The step of processor 91 realizes login validation method in above-described embodiment 1 when executing computer program 93, such as scheme
Step S10 to S40 shown in 1.Alternatively, processor 91 realizes each mould in above-mentioned each Installation practice when executing computer program 93
Block/unit function, such as authentication request module 10 is obtained shown in Fig. 5, obtain historical log number module 20, push the
Two verification mode modules 30 and the function of carrying out login authentication module 40.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations.Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (9)
1. a kind of login validation method characterized by comprising
The authentication request that client is sent is obtained, the authentication request includes identity characteristic information and terminal recognition letter
Breath;
If identity characteristic information does not pass through authentication, obtain and the identity characteristic information and the terminal identification information phase
Corresponding historical log number;
If the historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;
Obtain the secondary checking request that input based on second verification mode of client, and be based on the secondary checking request into
Row login authentication;
Wherein, the identity characteristic information includes registration ID, and the terminal identification information includes device id and login IP;
It is described to obtain historical log number corresponding with the identity characteristic information and the terminal identification information, comprising:
The historical log data in preset time period are counted, are obtained and the registration ID, the device id or the login respectively
Corresponding first login times of IP, the second login times and third login times;
It is chosen from first login times, second login times and the third login times described in maximum value conduct
Historical log number.
2. login validation method as described in claim 1, which is characterized in that it is described acquisition with the identity characteristic information and
After the step of terminal identification information corresponding historical log number, the login validation method further include:
If the historical log number is not up to the certification frequency threshold value, prompts client to retransmit authentication and ask
It asks.
3. login validation method as described in claim 1, which is characterized in that it is described from first login times, it is described
After choosing the step of maximum value is as the historical log number in second login times and the third login times, this is stepped on
Record verification method further include:
If the historical log number is not up to the certification frequency threshold value, log in first login times, described second
Number and the corresponding number of the third login times add 1, and update the historical log number.
4. login validation method as described in claim 1, which is characterized in that the history in the statistics preset time period is stepped on
Before the step of recording data, the login validation method further include:
The historical log data stored in the form of KEY-VALUE in REDIS database are counted, by registration ID, device id and login
IP is as KEY, using first login times, second login times and the third login times as corresponding
VALUE;
The historical log data between current time in system and preset time period are obtained, are distinguished using KEY-VALUE inquiry mode
Obtain corresponding with the registration ID, the device id or the login IP the first login times, the second login times and the
Three login times.
5. login validation method as described in claim 1, which is characterized in that in the authentication that the acquisition client is sent
After the step of request, the login validation method further include:
If identity characteristic information establishes secure connection with client by the authentication request by authentication.
6. login validation method as described in claim 1, which is characterized in that the identity characteristic information includes registration ID and visitor
Family identifying code;
If the identity characteristic information does not pass through authentication, comprising:
Based on the registration ID, corresponding server authentication code is obtained;
If verifying the server authentication code and customer authentication code matching being inconsistent, the identity characteristic information does not pass through
Verifying.
7. a kind of login authentication device characterized by comprising
Authentication request module is obtained, for obtaining the authentication request of client transmission, the authentication request packet
Include identity characteristic information and terminal identification information;
Historical log number module is obtained, if not passing through authentication for identity characteristic information, is obtained special with the identity
Reference ceases historical log number corresponding with the terminal identification information;
The second verification mode module is pushed, if reaching certification frequency threshold value for the historical log number, push second is tested
Card mode is to client;
Progress login authentication module, the secondary checking request inputted for obtaining client based on second verification mode, and
Login authentication is carried out based on the secondary checking request;
Wherein, the identity characteristic information includes registration ID, and the terminal identification information includes device id and login IP;
It is described to obtain historical log number corresponding with the identity characteristic information and the terminal identification information, comprising:
The historical log data in preset time period are counted, are obtained and the registration ID, the device id or the login respectively
Corresponding first login times of IP, the second login times and third login times;
It is chosen from first login times, second login times and the third login times described in maximum value conduct
Historical log number.
8. a kind of computer equipment, including memory, processor and storage are in the memory and can be in the processor
The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to
The step of any one of 6 login validation method.
9. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In the step of realization login validation method as described in any one of claim 1 to 6 when the computer program is executed by processor
Suddenly.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810163982.4A CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
PCT/CN2018/081548 WO2019165675A1 (en) | 2018-02-27 | 2018-04-02 | Login verification method and apparatus, computer device, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810163982.4A CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108462704A CN108462704A (en) | 2018-08-28 |
CN108462704B true CN108462704B (en) | 2019-08-06 |
Family
ID=63216595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810163982.4A Active CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108462704B (en) |
WO (1) | WO2019165675A1 (en) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900557B (en) * | 2018-09-12 | 2023-09-22 | 国际商业机器(中国)投资有限公司 | Login method and system |
CN109617901A (en) * | 2018-12-29 | 2019-04-12 | 上海点融信息科技有限责任公司 | Determine the method and device thereof of white list |
CN109815669A (en) * | 2019-01-14 | 2019-05-28 | 平安科技(深圳)有限公司 | Authentication method and server based on recognition of face |
CN110322250A (en) * | 2019-05-22 | 2019-10-11 | 深圳壹账通智能科技有限公司 | The recognition methods of inactive users courses of action, device, equipment and storage medium |
CN110276183B (en) * | 2019-06-19 | 2020-11-03 | 同盾控股有限公司 | Reverse Turing verification method and device, storage medium and electronic equipment |
CN110753036B (en) * | 2019-09-27 | 2022-04-22 | 苏州浪潮智能科技有限公司 | Method and system for client quick authentication under CS framework |
CN111010675B (en) * | 2019-10-16 | 2022-06-24 | 平安科技(深圳)有限公司 | Information verification method and device, computer equipment and storage medium |
CN110781466A (en) * | 2019-10-22 | 2020-02-11 | 京信通信***(中国)有限公司 | Equipment safety management method and device, computer equipment and storage medium |
JP2022545593A (en) * | 2019-11-02 | 2022-10-28 | 遊戯橘子数位科技股▲ふん▼有限公司 | Forced password change method |
CN111062010B (en) * | 2019-11-08 | 2022-04-22 | 支付宝(杭州)信息技术有限公司 | Identity verification method, device and equipment |
CN111181927B (en) * | 2019-12-13 | 2021-12-28 | 福建天泉教育科技有限公司 | Login method and server |
CN111241139B (en) * | 2020-01-15 | 2022-09-30 | 深圳平安医疗健康科技服务有限公司 | Data statistical method, device, computer equipment and storage medium |
CN113806712A (en) * | 2020-06-11 | 2021-12-17 | 马上消费金融股份有限公司 | Authentication processing method, processing device and computer readable storage medium |
CN112613020B (en) * | 2020-12-31 | 2024-05-28 | 中国农业银行股份有限公司 | Identity verification method and device |
CN113099453A (en) * | 2021-03-30 | 2021-07-09 | 厦门理工学院 | Authentication method, device and equipment for access server and readable storage medium |
CN113965345A (en) * | 2021-09-08 | 2022-01-21 | 福建库克智能科技有限公司 | Identity recognition method and device, electronic equipment and storage medium |
CN114745360B (en) * | 2022-03-28 | 2023-10-17 | 慧之安信息技术股份有限公司 | Online registration method based on open source protocol stack eXosip |
CN114978749B (en) * | 2022-06-14 | 2023-10-10 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
CN117353951A (en) * | 2022-06-27 | 2024-01-05 | 中国电信股份有限公司 | Authentication method, system, equipment and storage medium based on local number login |
CN115766164A (en) * | 2022-11-08 | 2023-03-07 | 云南电网有限责任公司信息中心 | Unified authentication management's automation instrument sharing platform |
CN116029811B (en) * | 2022-12-23 | 2023-09-15 | 杭州快付连接科技有限公司 | Bank marketing business digital management system, intelligent equipment and storage medium |
CN116028909B (en) * | 2023-02-24 | 2023-12-19 | 深圳市赛柏特通信技术有限公司 | Security office control method, system and medium |
CN116318914A (en) * | 2023-03-01 | 2023-06-23 | 华能信息技术有限公司 | Security policy matching authentication method and system |
CN116094848B (en) * | 2023-04-11 | 2023-06-27 | 中国工商银行股份有限公司 | Access control method, device, computer equipment and storage medium |
CN116800544B (en) * | 2023-08-21 | 2023-11-24 | 成都数智创新精益科技有限公司 | User authentication method, system and device and medium |
CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9736131B2 (en) * | 2013-09-24 | 2017-08-15 | Cellco Partnership | Secure login for subscriber devices |
CN104144419B (en) * | 2014-01-24 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Identity authentication method, device and system |
CN104539604B (en) * | 2014-12-23 | 2017-11-24 | 北京奇安信科技有限公司 | Website protection method and device |
US9514294B1 (en) * | 2015-11-12 | 2016-12-06 | International Business Machines Corporation | Accessing a computing resource |
CN105654303B (en) * | 2015-12-31 | 2022-02-11 | 拉扎斯网络科技(上海)有限公司 | High-risk user identification method and device |
CN107438049B (en) * | 2016-05-25 | 2020-03-17 | 百度在线网络技术(北京)有限公司 | Malicious login identification method and device |
-
2018
- 2018-02-27 CN CN201810163982.4A patent/CN108462704B/en active Active
- 2018-04-02 WO PCT/CN2018/081548 patent/WO2019165675A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
CN108462704A (en) | 2018-08-28 |
WO2019165675A1 (en) | 2019-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108462704B (en) | Login validation method, device, computer equipment and storage medium | |
CN105007280B (en) | A kind of application login method and device | |
CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
US9491155B1 (en) | Account generation based on external credentials | |
CN103581108B (en) | Login authentication method, login authentication client, login authentication server and login authentication system | |
US20170289134A1 (en) | Methods and apparatus for assessing authentication risk and implementing single sign on (sso) using a distributed consensus database | |
CN103685267B (en) | Data access method and device | |
CN104717261B (en) | A kind of login method and desktop management equipment | |
CN105871838B (en) | A kind of log-in control method and customer center platform of third party's account | |
CN102201915B (en) | Terminal authentication method and device based on single sign-on | |
US20130239173A1 (en) | Computer program and method for administering secure transactions using secondary authentication | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
CN103930897A (en) | Mobile application, single sign-on management | |
CN105099707B (en) | A kind of offline authentication method, server and system | |
CN103427995B (en) | User authentication method, SSL (security socket layer) VPN (virtual private network) server and SSL VPN system | |
CN109067785A (en) | Cluster authentication method, device | |
CN106331003B (en) | The access method and device of application door system on a kind of cloud desktop | |
CN106357629B (en) | Intelligent terminal identity authentication and single sign-on system and method based on digital certificate | |
WO2014048749A1 (en) | Inter-domain single sign-on | |
CN105162775A (en) | Logging method and device of virtual machine | |
CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
CN109831310B (en) | Identity verification method, system, equipment and computer readable storage medium | |
US20170331808A1 (en) | Protection from data security threats | |
US20220029983A1 (en) | System and method for automated customer verification | |
CN109981680A (en) | A kind of access control implementation method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |