CN109714149B - Login control method and device for preventing brute force cracking - Google Patents
Login control method and device for preventing brute force cracking Download PDFInfo
- Publication number
- CN109714149B CN109714149B CN201811581095.5A CN201811581095A CN109714149B CN 109714149 B CN109714149 B CN 109714149B CN 201811581095 A CN201811581095 A CN 201811581095A CN 109714149 B CN109714149 B CN 109714149B
- Authority
- CN
- China
- Prior art keywords
- elevator shaft
- user
- login
- target
- elevator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Maintenance And Inspection Apparatuses For Elevators (AREA)
Abstract
The application discloses a login control method and device for preventing brute force cracking. Aiming at brute force cracking of a login authentication authorization system, the application scheme can control continuous multiple login operations in the brute force cracking process based on each elevator well from the first elevator well to the Nth elevator well in the authentication elevator, and finally can limit the login operations of brute force cracking or completely forbid the login operation based on longer limiting time required by the Nth elevator well, so the application scheme can effectively prevent the brute force cracking of the login authentication authorization system, related parameters of the authentication elevator in the application are configurable and have the function of dynamically preventing login attack, meanwhile, compared with the conventional verification mode based on verification codes, verification pictures and the like in the prior art, the application focuses on using an intelligent authentication means based on the authentication elevator at the system end to prevent the attack without the need of a user to execute complex interactive operation, the intelligent degree is high, the user experience is effectively improved.
Description
Technical Field
The invention belongs to the field of industrial internet, information internet and telecommunication network application, and particularly relates to a login control method and device for preventing brute force cracking.
Background
In the field of industrial internet, the problem that a login authentication authorization system of a plurality of industrial internet applications and industrial internet operating system platforms is cracked and attacked violently exists, so that corresponding measures are needed to prevent the cracking of the login authentication authorization system violently, and login attack of the industrial internet system and leakage of user information are avoided.
The traditional method for preventing brute force cracking is to add verification codes on a front-end login page of a system; in the currently widely used JWT (Json Web Token ) authentication mode, in the case of a failed login of a client, a server may adopt the following login attack prevention measures:
a) using picture authentication;
b) using the animation picture for authentication;
c) using manual identification to request interactive operation;
d) using a pre-determined customer code, such as a pin code;
e) the cipher is sufficiently complex that it is longer than 8 bits, preferably longer than 20 bits. The high complexity of the password means that the password is required to be formed by mixing various characters such as numbers, upper and lower case letters, special symbols and the like as much as possible;
f) modifying the default port number;
g) the password login is not allowed, and the system can only be logged in through the authenticated secret key;
h) by means of third-party tool defense, the IP login of the other party is forbidden;
and locking the user account when the failure times of login reach the limit.
The violence-preventing cracking method is basically carried out from the perspective of user identity information authentication, and the interaction participation degree of a user is high, so that the violence-preventing cracking method can achieve a certain effect, but also improves the operation complexity and workload of the user when logging in a system, and the more complex the verification process during user identity authentication, the higher the failure rate of user login; meanwhile, for the system side, after the user login fails, the user identity authentication complexity is increased only by adopting the conventional authentication mode based on the authentication code, the authentication picture and the like, and the attack is prevented without using a means with higher intelligence degree. Therefore, the existing anti-brute force cracking method has the problems of high complexity of user operation, poor user experience, low intellectualization degree of the anti-brute force cracking means of the system end and the like.
Disclosure of Invention
In view of the above, the present invention provides a login control method and device for preventing brute force attack, which aims to overcome the above problems in the prior art, improve the intelligence of a system-side brute force attack prevention means, reduce the operation complexity of user login authentication, and improve user experience.
Therefore, the invention discloses the following technical scheme:
a login control method for preventing brute force comprises the following steps:
judging whether the user logs in the system successfully or not;
under the condition that the user fails to log in, determining a target elevator shaft corresponding to the next log-in operation of the user in the authentication elevator in the control stage based on the current log-in failure times of the user; the certified elevator comprises a plurality of pre-configured elevator shafts: the first elevator shaft … is the Nth elevator shaft, N is an integer more than 1, each elevator shaft comprises a pre-configured login failure time limit value and a minimum time interval allowed for login again after login failure; the minimum time intervals corresponding to the elevator shafts from the first elevator shaft to the Nth elevator shaft are sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or is specified to forbid logging; the elevator shaft with the smaller corresponding minimum time interval is used earlier;
and performing login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and returning to the execution step of judging whether the user successfully logs in the system or not until the login is successful or the login is abandoned, or the user login is limited or prohibited based on the minimum time interval corresponding to the Nth elevator shaft.
The above method, preferably, where the determining, based on the number of times of the current login failure of the user, a target elevator shaft corresponding to the control phase in which the next login operation of the user is performed in the authentication elevator in the case of the login failure of the user, includes:
obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft;
judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft;
if so, determining that the next adjacent elevator shaft of the elevator shaft is the target elevator shaft;
and if not, determining the elevator shaft as the target elevator shaft.
Preferably, the method, wherein performing entry control on the next entry operation of the user based on the minimum time interval corresponding to the target elevator shaft includes:
starting timing from the latest time of failure of the user in logging in, and allowing the user to log in again until the timing duration reaches the minimum time interval corresponding to the target elevator shaft;
recording relevant parameters of the target elevator shaft and the login failure times of a user in the control stage of the target elevator shaft in the control stage corresponding to the target elevator shaft; the relevant parameters of the target elevator shaft comprise stage data of the target elevator shaft, a login failure frequency limit value corresponding to the target elevator shaft and a minimum time interval;
if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated;
if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
The above method, preferably, further comprises:
and under the condition that the user fails to log in for the first time, recording user information and/or user client information, so that when the user login is required to be limited or prohibited in the subsequent time, the user and/or the user client is limited or prohibited from logging in the system based on the recorded user information and/or user client information.
Preferably, the method further includes, before the determining whether the user successfully logs in the system, the step of:
accepting elevator parameters configured by an administrator for the authentication elevator so as to perform login control for preventing brute force cracking on a user based on the elevator parameters configured by the administrator;
wherein the elevator parameters comprise at least one of the following parameters:
the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
A brute force resistant login control device, comprising:
the judging unit is used for judging whether the user logs in the system successfully or not;
the determining unit is used for determining a target elevator shaft corresponding to the authentication elevator in the control stage where the next login operation of the user is located based on the number of times of current login failures of the user under the condition that the user fails to login; the certified elevator comprises a plurality of pre-configured elevator shafts: the first elevator shaft … is the Nth elevator shaft, N is an integer more than 1, each elevator shaft comprises a pre-configured login failure time limit value and a minimum time interval allowed for login again after login failure; the minimum time intervals corresponding to the elevator shafts from the first elevator shaft to the Nth elevator shaft are sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or is specified to forbid logging; the elevator shaft with the smaller corresponding minimum time interval is used earlier;
and the login control unit is used for performing login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and returning to the execution step of judging whether the user successfully logs in the system or not until the login is successful or the login is abandoned or the user login is limited or prohibited based on the minimum time interval corresponding to the Nth elevator shaft.
The above apparatus, preferably, the determining unit is specifically configured to:
obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft;
judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft;
if so, determining the next adjacent elevator shaft of the elevator shaft as the target elevator shaft;
and if not, determining the elevator shaft as the target elevator shaft.
Preferably, the login control unit of the apparatus is specifically configured to:
starting timing from the latest time of failure of the user in logging in, and allowing the user to log in again until the timing duration reaches the minimum time interval corresponding to the target elevator shaft;
recording relevant parameters of the target elevator shaft and the login failure times of a user in the control stage of the target elevator shaft in the control stage corresponding to the target elevator shaft; the relevant parameters of the target elevator shaft comprise stage data of the target elevator shaft, a login failure frequency limit value corresponding to the target elevator shaft and a minimum time interval;
if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated;
if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
The above apparatus, preferably, further comprises:
the recording unit is used for recording the user information and/or the user client information under the condition that the user fails to log in for the first time, so that the user and/or the user client is limited or prohibited from logging in the system based on the recorded user information and/or the user client information when the user needs to be limited or prohibited from logging in subsequently.
The above apparatus, preferably, further comprises:
the configuration unit is used for receiving elevator parameters configured by the administrator for the authentication elevator so as to perform anti-brute force login control on the user based on the elevator parameters configured by the administrator;
wherein the elevator parameters comprise at least one of the following parameters:
the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
From the above solutions, the present application discloses a login control method and device for preventing brute force attack, aiming at the brute force attack of the login authentication authorization system, by using the present application, the continuous multiple login operations in the brute force attack process can be controlled based on each elevator well from the first to the nth in the authentication elevator, and finally the login operations of brute force attack can be limited or completely prohibited based on the longer limit time required by the nth elevator well, therefore, the brute force attack of the login authentication authorization system can be effectively prevented by using the present application, and the relevant parameters of the authentication elevator in the present application are configurable, and have the function of dynamically preventing login attack, meanwhile, compared with the conventional verification method based on verification codes, verification pictures and the like in the prior art, the present application focuses on using the intelligent authentication means based on the authentication elevator at the system end to prevent attack, the user is not required to execute complex interactive operation, the intelligent degree is high, and the user experience is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a login control method for preventing brute force attack according to an embodiment of the present application;
fig. 2 is a schematic architecture diagram of an authenticated elevator provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of a login control method for preventing brute force attack according to a third embodiment of the present application;
fig. 4 is a schematic flow chart of an application example of the method of the present application for anti-brute force cracking according to a third embodiment of the present application;
fig. 5 to fig. 7 are schematic structural diagrams of a login control device for preventing brute force attack according to a fourth embodiment of the present application.
Detailed Description
For the sake of reference and clarity, the technical terms, abbreviations or abbreviations used hereinafter are to be interpreted in summary as follows:
industrial internet system: the system is an industrial internet platform, an industrial big data platform and an industrial artificial intelligence platform which take enterprises as cores. The method is characterized in that factory full information is integrated as a breakthrough, the fusion application of multidimensional and multivariate data such as production control, production management and enterprise management is realized, object model modeling, big data analysis DIY, intelligent APP configuration development, intelligent decision and analysis services are provided, the comprehensive problems of production control, production management and enterprise management are solved by integrated, digital and intelligent means, and an intelligent brain which is enabled to be industrial and is served to enterprises is created.
Breaking violence: the basic idea is to determine the approximate range of answers according to some conditions of the questions and verify all possible conditions one by one within the range until the correct answers are obtained or all conditions are verified.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
In order to improve the intelligent degree of brute force prevention of a login authentication and authorization system, reduce the operation complexity of a user during login authentication and improve the user experience, the application provides a brute force prevention login control method and a brute force prevention login control device. The detailed description of the method and the device for controlling entry against brute force in the present application will be given below by using specific embodiments.
Example one
Referring to fig. 1, a schematic flowchart of a login control method for preventing brute force attack according to an embodiment of the present application is shown, and as shown in fig. 1, the login control method for preventing brute force attack includes the following steps:
In the present application, the user is a general term of a user who normally uses systems such as an industrial internet, an information internet, a telecommunication internet, and the like, and a user who violently cracks a login authentication authorization system of these systems.
When a user logs in systems such as an industrial internet, an information internet, a telecommunication internet and the like, in order to prevent the login authentication authorization system from being violently cracked and further prevent the systems such as the industrial internet, the information internet, the telecommunication internet and the like from being attacked, the specific login authentication condition of the user is detected according to the login operation of the user, and whether the user successfully logs in the system is judged based on the detection result.
If the user logs in successfully, the user passes login authentication and is an authorized user who normally uses systems such as an industrial internet, an information internet, a telecommunication internet and the like, so that the next violence-preventing cracking step is not required to be executed; on the contrary, if the user is not logged in successfully, the user may be an unauthorized user who performs brute force attack on the login authentication and authorization system (certainly, the authorized user may also perform login failure due to a login information input error), and thus, in order to prevent the login authentication and authorization system from being brute force attack, the next steps of brute force attack prevention need to be continuously performed.
And 102, under the condition that the user fails to log in, determining a target elevator shaft corresponding to the authentication elevator in the control stage where the next login operation of the user is performed based on the current login failure times of the user.
Referring to fig. 2, a schematic diagram of an architecture of an certified elevator is shown, which in the present application comprises a plurality of pre-configured elevator shafts: the first hoistway … is the nth hoistway, N is an integer greater than 1, and is exemplarily shown as 5 in fig. 2, but in other embodiments, N may be configured as other values by an administrator based on actual needs, and each hoistway includes a pre-configured corresponding registration failure time limit (i.e., the maximum number of registrable failures) and a minimum time interval allowed for registration again after a registration failure; the minimum time interval corresponding to each of the first elevator shaft to the Nth elevator shaft is sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or directly stipulates that the registration is forbidden; the elevator hoistway is used earlier the smaller the corresponding minimum time interval.
In the case that the user fails to log in, in this step 102, the corresponding target elevator shaft in the authentication elevator in the control stage where the user performs the next log-in operation can be determined through the following processing procedures:
1) obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft;
2) judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft;
3) if so, determining that the next adjacent elevator shaft of the elevator shaft is the target elevator shaft;
4) and if not, determining the elevator shaft as the target elevator shaft.
Therefore, based on the authentication elevator, under the condition that the user fails to log in for the first time, the elevator shaft enters a first elevator shaft in the authentication elevator, namely the first elevator shaft is determined as a target elevator shaft needing to perform login control on the next login operation of the user, if the user fails to log in for multiple times in the control stage of the first elevator shaft and the login failure times do not reach the login failure time limit value corresponding to the first elevator shaft, the first elevator shaft is maintained as the target elevator shaft, otherwise, if the login failure times reach the login failure time limit value corresponding to the first elevator shaft, the next login control enters a second elevator shaft of the authentication elevator, namely the second elevator shaft is determined as a new target elevator shaft, the next login operation of the user is controlled continuously, and until the next adjacent elevator shaft is determined as a new elevator shaft when the login failure times of the second elevator shaft are limited, namely a third elevator shaft is determined as a new elevator shaft The target elevator shaft, and so on until the last elevator shaft.
Taking fig. 2 as an example, under the condition that the user logs in for the first time and fails, the first elevator shaft is determined as a target elevator shaft, in the control stage corresponding to the first elevator shaft, if the number of times of the user login failure does not reach 8 times, the first elevator shaft is kept to be the target elevator shaft, if the number of times of the user login failure reaches 8 times, the user can enter the second elevator shaft in fig. 2 for subsequent login operation of the user, the second elevator shaft is used as a new target elevator shaft, the new target elevator shaft can be used by the user for logging in for 4 times at most, after the user logs in for 4 times, the third elevator shaft can be used as a new target elevator shaft continuously for subsequent login operation of the user, and so on until the fifth elevator shaft.
103, performing login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and returning to the execution step of judging whether the user successfully logs in the system or not until the login is successful or the login is abandoned, or the user login is limited or prohibited based on the minimum time interval corresponding to the Nth elevator shaft.
After determining that the target elevator shaft corresponding to the elevator is authenticated in the control stage where the next login operation of the user is located based on the current login failure times of the user, performing login control on the next login operation of the user based on the minimum time interval corresponding to the determined target elevator shaft, specifically, taking the architecture of the authentication elevator in fig. 2 as an example, if the target elevator shaft is the first elevator shaft, after the previous login failure, the user needs to wait for at least 1 second before logging in the system again, and the user is rejected from logging in the system again within 1 second; if the target elevator shaft is a second elevator shaft, after the last login fails, the user needs to wait for at least 2 minutes before logging in the system again, and the user is refused to log in again within 2 minutes; similarly, if the target elevator shaft is the third elevator shaft, the target elevator shaft needs to wait at least 20 minutes before logging again after the last logging failure.
The method comprises the following steps that in the process of controlling login of a user on the basis of a target elevator shaft, relevant parameters of the target elevator shaft and the number of times of login failures of the user in the control stage of the target elevator shaft can be recorded; the relevant parameters of the target elevator shaft comprise phase data of the target elevator shaft (particularly which elevator shaft is positioned in), a corresponding login failure time limit value of the target elevator shaft and a minimum time interval; if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
And while performing login control on the next login operation of the user based on the determined minimum time interval corresponding to the target elevator shaft, returning to the step 101 to continuously judge whether the user successfully logs in, so that the login control process is circularly executed for multiple login operations of the user until the login is successful or the login is abandoned, or the login of the user is limited or the login of the user is forbidden based on the minimum time interval corresponding to the Nth elevator shaft.
The control process for the registration control of the user on the basis of the individual elevator shafts in the authenticated elevator is a progressive process, wherein, as shown in fig. 2, the minimum time interval allowed for the corresponding re-registration of each previously performed elevator shaft is smaller than the minimum time interval allowed for the corresponding re-registration of the subsequently performed elevator shaft. Therefore, as the number of times of login failures of the user is gradually increased, the adopted elevator shafts are changed towards the direction that the corresponding minimum time interval is increased, and the login time of the user is limited to be out of a constant (for example, the user is limited to be out of 3 days, namely, the user is not allowed to login again within 3 days) or the user is prohibited from logging in based on the minimum time interval of the last elevator shaft until the number of times of login failures of the user is accumulated to a certain number so as to play a role in preventing brute force.
From the above solutions, the present embodiment discloses a login control method for preventing brute force attack, aiming at the brute force attack of a login authentication authorization system, by using the present embodiment, a plurality of continuous login operations in the brute force attack process can be controlled based on each elevator well from the first to the nth in the authentication elevator, and finally the login operation of brute force attack can be limited or completely prohibited based on the longer limit time required by the nth elevator well, therefore, by using the present application, the brute force attack of the login authentication authorization system can be effectively prevented, and the relevant parameters of the authentication elevator in the present application are configurable, and have a function of dynamically preventing login attack, meanwhile, compared with the conventional verification method based on verification codes, verification pictures and the like in the prior art, the present application focuses on using an intelligent authentication means based on the authentication elevator at the system end to prevent attack, the user is not required to execute complex interactive operation, the intelligent degree is high, and the user experience is effectively improved.
Example two
In an embodiment of the present application, the login control method for preventing brute force attack may further include the following processing steps:
and under the condition that the user fails to log in for the first time, recording user information and/or user client information so as to limit or prohibit the user and/or the user client from logging in the system based on the recorded user information and/or user client information when the user needs to be limited or prohibited from logging in subsequently.
By way of example and not limitation, the user information may be a user account, and the user client information may be a user client IP (Internet Protocol Address).
In the case that the user fails to log in for the first time, the user information and/or the user client information may be recorded, for example, the user account and/or the user client IP may be recorded, so that when the user login needs to be restricted/prohibited in the following, the user and/or the user client may be restricted/prohibited from logging in the system again based on the recorded user information and/or the user client information.
For a system with higher security level requirement, preferably, the limitation/prohibition mode of simultaneously limiting/prohibiting the user and the user client is adopted, so that the login authentication authorization system can be more comprehensively prevented from being violently cracked from the user and the user client.
EXAMPLE III
Referring to the flowchart of the login control method for preventing brute force attack shown in fig. 3, in a third embodiment of the present application, the login control method for preventing brute force attack may further include the following steps:
step 101', accepting elevator parameters configured by an administrator for the authentication elevator, so that a user can be subjected to login control for preventing brute force based on the elevator parameters configured by the administrator; .
Wherein the elevator parameters comprise at least one of the following parameters:
the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
In the method, the elevator parameters such as the number of elevator shafts corresponding to the authentication elevator, the login failure frequency limit value corresponding to each elevator shaft, the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft and the like are dynamically configurable, before the method is used for login control of brute force prevention, one or more of the parameters can be configured by a security manager of systems such as an industrial internet, an information internet, a telecommunication internet and the like based on actual requirements, and subsequently, the login operation of a user can be controlled based on the dynamically configured elevator parameters.
The embodiment provides a dynamic login attack prevention function for the scheme of the application through the configurability of the elevator parameters.
A specific example of an application of the method of the present application is provided below, which specifically employs the certified elevator architecture with five elevator shafts illustrated in fig. 2. In this example, based on the authentication elevator structure shown in fig. 2, as shown in fig. 4, the following processing flow can be used to prevent brute force attack on the login authentication authorization system:
1) after the system is installed, the security administrator of the system can configure the relevant parameters of the authenticated elevator, and the configured parameters can include but are not limited to: the number of elevator shafts, the allowed login times (namely the login failure time limit value) of each elevator shaft, and the minimum time interval allowed for logging in again after the login failure of each elevator shaft;
2) detecting the login authentication condition of a user, judging whether the user successfully logs in, recording user client information and/or user information and the failure times of trying to log in under the condition that the user fails to log in for the first time, and initializing the elevator stage where login control is located as a first elevator shaft;
3) controlling the user to log in based on the first elevator shaft, wherein the system refuses the user to log in again within the minimum time interval (specifically 1 second in fig. 2) allowed by the first elevator shaft, and if the minimum time interval allowed by the first elevator shaft is exceeded, the user is allowed to log in again;
meanwhile, the related parameters of the first elevator shaft can be recorded (for example, the elevator stage is recorded as the first elevator shaft, the login failure time limit of the first elevator shaft and login limit data such as the minimum time interval allowed for logging in again after the login failure are recorded), and the login failure time in the first elevator shaft is recorded;
4) if the registration is successful within the control phase of the first elevator shaft, clearing the recorded phase data, registration limit data and the number of registration failures of the first elevator shaft or setting the data as invalid;
5) if the user fails to log in the first elevator shaft for more than the limit number (8 times in the figure for example) and the user still fails to log in, entering a second elevator shaft;
6) after entering the second elevator shaft, performing login control on login operation of a user based on login limiting data (such as login failure frequency limit and the minimum time interval allowed for login again after login failure) of the second elevator shaft, wherein the login control process is the same as the control process of the first elevator shaft;
7) and so on, and ending when the login is successful or the login is abandoned or the user login is limited or prohibited based on the corresponding minimum time interval (such as 3 days) of the last elevator shaft.
For the situation that the user is prohibited from logging in, the login can be continued only after the administrator is subsequently prohibited.
Example four
Corresponding to the above login control method for preventing brute force from being cracked, an embodiment of the present application further provides a login control device for preventing brute force from being cracked, as shown in fig. 5, the login control device for preventing brute force from being cracked includes:
a judging unit 501, configured to judge whether a user logs in the system successfully;
the determining unit 502 is used for determining a corresponding target elevator shaft in the authentication elevator in the control stage where the next login operation of the user is located based on the number of times of current login failures of the user under the condition that the user fails to login; the certified elevator comprises a plurality of pre-configured elevator shafts: the first elevator shaft … is the Nth elevator shaft, N is an integer more than 1, each elevator shaft comprises a pre-configured login failure time limit value and a minimum time interval allowed for login again after login failure; the minimum time intervals corresponding to the elevator shafts from the first elevator shaft to the Nth elevator shaft are sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or is specified to forbid logging; the elevator shaft with the smaller corresponding minimum time interval is used earlier;
and a login control unit 503, configured to perform login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and return to the execution step of determining whether the user successfully logs in the system until the login is successful or the login is abandoned, or the user login is limited or prohibited based on the minimum time interval corresponding to the nth elevator shaft.
In an implementation manner of the embodiment of the present application, the determining unit 502 is specifically configured to: obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft; judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft; if so, determining that the next adjacent elevator shaft of the elevator shaft is the target elevator shaft; and if not, determining the elevator shaft as the target elevator shaft.
In an implementation manner of the embodiment of the present application, the login control unit 503 is specifically configured to: starting timing from the latest time of failure of the user in logging in, and allowing the user to log in again until the timing duration reaches the minimum time interval corresponding to the target elevator shaft; recording relevant parameters of the target elevator shaft and the login failure times of a user in the control stage of the target elevator shaft in the control stage corresponding to the target elevator shaft; the relevant parameters of the target elevator shaft comprise stage data of the target elevator shaft, a login failure frequency limit value corresponding to the target elevator shaft and a minimum time interval; if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
In an implementation manner of the embodiment of the present application, referring to a schematic structural diagram of a brute force-resistant login control device shown in fig. 6, the brute force-resistant login control device further includes: a recording unit 504, configured to record the user information and/or the user client information when the user fails to log in for the first time, so that when the user login needs to be subsequently limited or prohibited, the user and/or the user client is limited or prohibited from logging in the system based on the recorded user information and/or the user client information.
In an implementation manner of the embodiment of the present application, referring to a schematic structural diagram of a brute force-resistant login control device shown in fig. 7, the brute force-resistant login control device further includes: a configuration unit 505, configured to accept elevator parameters configured by the administrator for the authentication elevator, so that the user is subjected to login control for preventing brute force based on the elevator parameters configured by the administrator; wherein the elevator parameters comprise at least one of the following parameters: the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
As for the anti-brute force login control device disclosed in the fourth embodiment of the present invention, since it corresponds to the anti-brute force login control method disclosed in the first to third embodiments, the description is relatively simple, and for the relevant similar points, reference is made to the description of the anti-brute force login control method section in the first to third embodiments, and the detailed description is omitted here.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
For convenience of description, the above system or apparatus is described as being divided into various modules or units by function, respectively. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
Finally, it is further noted that, herein, relational terms such as first, second, third, fourth, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (8)
1. A login control method for preventing brute force is characterized by comprising the following steps:
judging whether the user logs in the system successfully or not;
under the condition that the user fails to log in, determining a target elevator shaft corresponding to the next log-in operation of the user in the authentication elevator in the control stage based on the current log-in failure times of the user; the certified elevator comprises a plurality of pre-configured elevator shafts: the first elevator shaft … is the Nth elevator shaft, N is an integer more than 1, each elevator shaft comprises a pre-configured login failure time limit value and a minimum time interval allowed for login again after login failure; the minimum time intervals corresponding to the elevator shafts from the first elevator shaft to the Nth elevator shaft are sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or is specified to forbid logging; the elevator shaft with the smaller corresponding minimum time interval is used earlier;
performing login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and returning to the execution step of judging whether the user successfully logs in the system or not until the login is successful or the login is abandoned or the user login is limited or the user login is forbidden based on the minimum time interval corresponding to the Nth elevator shaft;
the login control of the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft comprises the following steps: starting timing from the latest time of failure of the user in logging in, and allowing the user to log in again until the timing duration reaches the minimum time interval corresponding to the target elevator shaft;
under the condition that the user fails to log in for the first time, recording user information and/or user client information, so that when the user login is subsequently required to be limited or prohibited, the user and/or the user client login system is limited or prohibited based on the recorded user information and/or the user client information, and the user can continue to log in after the user is prohibited from logging in and being unlocked by an administrator.
2. The method of claim 1, wherein determining a target elevator shaft corresponding to the control phase in which the user performs the next login operation in the authenticated elevator based on the number of times of the current login failures of the user in case of the login failures of the user comprises:
obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft;
judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft;
if so, determining that the next adjacent elevator shaft of the elevator shaft is the target elevator shaft;
and if not, determining the elevator shaft as the target elevator shaft.
3. The method of claim 1, wherein the controlling the next log-in operation of the user based on the corresponding minimum time interval of the target elevator shaft further comprises:
recording relevant parameters of the target elevator shaft and the login failure times of a user in the control stage of the target elevator shaft in the control stage corresponding to the target elevator shaft; the relevant parameters of the target elevator shaft comprise stage data of the target elevator shaft, a login failure frequency limit value corresponding to the target elevator shaft and a minimum time interval;
if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated;
if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
4. The method of claim 1, before said determining whether the user successfully logs in to the system, further comprising:
accepting elevator parameters configured by an administrator for the authentication elevator so as to perform login control for preventing brute force cracking on a user based on the elevator parameters configured by the administrator;
wherein the elevator parameters comprise at least one of the following parameters:
the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
5. A brute force resistant login control device, comprising:
the judging unit is used for judging whether the user logs in the system successfully or not;
the determining unit is used for determining a target elevator shaft corresponding to the authentication elevator in the control stage where the next login operation of the user is located based on the number of times of current login failures of the user under the condition that the user fails to login; the certified elevator comprises a plurality of pre-configured elevator shafts: the first elevator shaft … is the Nth elevator shaft, N is an integer more than 1, each elevator shaft comprises a pre-configured login failure time limit value and a minimum time interval allowed for login again after login failure; the minimum time intervals corresponding to the elevator shafts from the first elevator shaft to the Nth elevator shaft are sequentially increased, and the Nth elevator shaft specifically corresponds to a minimum time interval larger than a preset time threshold or is specified to forbid logging; the elevator shaft with the smaller corresponding minimum time interval is used earlier;
the login control unit is used for performing login control on the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft, and returning to the execution step of judging whether the user successfully logs in the system or not until the login is successful or the login is abandoned or the user login is limited or prohibited based on the minimum time interval corresponding to the Nth elevator shaft;
the login control of the next login operation of the user based on the minimum time interval corresponding to the target elevator shaft comprises the following steps: starting timing from the latest time of failure of the user in logging in, and allowing the user to log in again until the timing duration reaches the minimum time interval corresponding to the target elevator shaft;
the recording unit is used for recording the user information and/or the user client information under the condition that the user fails to log in for the first time, so that the user and/or the user client is limited or prohibited from logging in the system based on the recorded user information and/or the user client information when the user needs to be limited or prohibited in the follow-up process, and the user can continue to log in after the user is prohibited from logging in and the administrator is prohibited.
6. The apparatus according to claim 5, wherein the determining unit is specifically configured to:
obtaining a corresponding elevator shaft of the current login failure login operation of the user in the authentication elevator, and obtaining the corresponding login failure times of the user in the control stage of the elevator shaft;
judging whether the corresponding login failure times of the user in the control stage of the elevator shaft reach the login failure time limit value of the elevator shaft;
if so, determining that the next adjacent elevator shaft of the elevator shaft is the target elevator shaft;
and if not, determining the elevator shaft as the target elevator shaft.
7. The apparatus according to claim 5, wherein the login control unit is specifically configured to:
recording relevant parameters of the target elevator shaft and the login failure times of a user in the control stage of the target elevator shaft in the control stage corresponding to the target elevator shaft; the relevant parameters of the target elevator shaft comprise stage data of the target elevator shaft, a login failure frequency limit value corresponding to the target elevator shaft and a minimum time interval;
if the user successfully logs in the corresponding control stage of the target elevator shaft, related parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated;
if the user does not successfully log in the corresponding control stage of the target elevator shaft and enters the next adjacent elevator shaft of the target elevator shaft, the recorded relevant parameters of the target elevator shaft and the number of times of login failure of the user in the control stage of the target elevator shaft are eliminated; and recording the relevant parameters of the next elevator shaft of the target elevator shaft and the login failure times of the user in the control phase of the target elevator shaft.
8. The apparatus of claim 5, further comprising:
the configuration unit is used for receiving elevator parameters configured by the administrator for the authentication elevator so as to perform anti-brute force login control on the user based on the elevator parameters configured by the administrator;
wherein the elevator parameters comprise at least one of the following parameters:
the number of elevator shafts, the threshold value of the number of login failures corresponding to each elevator shaft, and the minimum time interval allowed for logging in again after the login failure corresponding to each elevator shaft.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811581095.5A CN109714149B (en) | 2018-12-24 | 2018-12-24 | Login control method and device for preventing brute force cracking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811581095.5A CN109714149B (en) | 2018-12-24 | 2018-12-24 | Login control method and device for preventing brute force cracking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109714149A CN109714149A (en) | 2019-05-03 |
| CN109714149B true CN109714149B (en) | 2022-08-12 |
Family
ID=66256157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811581095.5A Active CN109714149B (en) | 2018-12-24 | 2018-12-24 | Login control method and device for preventing brute force cracking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109714149B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995738B (en) * | 2019-12-13 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Violent cracking behavior identification method and device, electronic equipment and readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104537286A (en) * | 2014-12-17 | 2015-04-22 | 深圳市金立通信设备有限公司 | Terminal unlocking method |
| CN106778135A (en) * | 2016-12-15 | 2017-05-31 | 余仁植 | A kind of image processing equipment unlocking method, image processing equipment and system |
| CN107229868A (en) * | 2017-05-27 | 2017-10-03 | 郑州云海信息技术有限公司 | A kind of information security management and control method and system based on storage management system |
| CN107770150B (en) * | 2017-08-25 | 2020-09-22 | 北京元心科技有限公司 | Terminal protection method and device |
| CN108090331A (en) * | 2017-12-04 | 2018-05-29 | 珠海格力电器股份有限公司 | Unlocking method and equipment |
-
2018
- 2018-12-24 CN CN201811581095.5A patent/CN109714149B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109714149A (en) | 2019-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12011094B2 (en) | Multi-factor authentication with increased security | |
| US6587032B2 (en) | System and method for controlling access to a computer resource | |
| US8856892B2 (en) | Interactive authentication | |
| US8151344B1 (en) | Method and apparatus to authenticate a user | |
| US20090172788A1 (en) | Techniques for credential strength analysis via failed intruder access attempts | |
| US20180191697A1 (en) | Multi-party authentication in a zero-trust distributed system | |
| US20090235345A1 (en) | Authentication system, authentication server apparatus, user apparatus and application server apparatus | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| CN110995672B (en) | Network security authentication method for software development | |
| US20120284778A1 (en) | Controlling access to a protected network | |
| US20050114673A1 (en) | Method and system for establishing a consistent password policy | |
| US8230485B2 (en) | Method and system for controlling access privileges for trusted network nodes | |
| JP2004510215A (en) | Adaptable multi-tier authentication system | |
| US11012468B2 (en) | Detecting and responding to attempts to gain unauthorized access to user accounts in an online system | |
| CN101183940A (en) | Method for multi-application system to perform authentication to user identification | |
| US9092599B1 (en) | Managing knowledge-based authentication systems | |
| US20210400049A1 (en) | Dynamic Access Evaluation and Control System | |
| US9754209B1 (en) | Managing knowledge-based authentication systems | |
| CN109714149B (en) | Login control method and device for preventing brute force cracking | |
| US11616774B2 (en) | Methods and systems for detecting unauthorized access by sending a request to one or more peer contacts | |
| US20220247738A1 (en) | Multi-factor authentication system and method | |
| CN112671786B (en) | System and method for safe login based on third party authentication | |
| CN111339527B (en) | Weak password detection method and system | |
| CN112491897A (en) | Remote anti-brute force cracking method based on database security | |
| US11533306B2 (en) | Processes and method for safe of use, monitoring and management of device accounts in terminal manner |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 1-1-180, No. 150, Changpu Road, Jishigang Town, Haishu District, Ningbo, Zhejiang 315016 Patentee after: Lanzhuo Digital Technology Co.,Ltd. Address before: 315000 room 150 (1-1-180), Chang Po Road, Ji Shi Gang Town, Haishu District, Ningbo, Zhejiang. Patentee before: ZHEJIANG LANZHUO INDUSTRIAL INTERNET INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address |