CN104378346A - Method for preventing account number from being embezzled - Google Patents
Method for preventing account number from being embezzled Download PDFInfo
- Publication number
- CN104378346A CN104378346A CN201410306168.5A CN201410306168A CN104378346A CN 104378346 A CN104378346 A CN 104378346A CN 201410306168 A CN201410306168 A CN 201410306168A CN 104378346 A CN104378346 A CN 104378346A
- Authority
- CN
- China
- Prior art keywords
- user
- account number
- stolen
- telecom access
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention discloses a method for preventing an account number from being embezzled, and belongs to the field of the Internet. The method can effectively prevent the account number from being embezzled, and use is easy and convenient. According to the core of the method, a network application service enterprise utilizes the access account number, used by a user, of a third-party telecommunication access service provider for measuring whether the account number of the user is embezzled nor not. The access service account number used by the user is kept unchanged for a long time, and is usually bound with a physical line used by the user, though a cracker can possibly steal the account number set by the user in electronic commerce or a financial enterprise and a corresponding password by illegal means, the account number and the password are out of effect after leaving the physical line of the user, and therefore the account number can be effectively prevented from being embezzled.
Description
Technical field
The present invention relates to a kind of method preventing account number stolen, be applicable to internet arena.
Background technology
Along with the development of internet, applications, the technical merit of hacker is also in improve, grave danger is caused to ecommerce, network finance, the account number name that internet, applications adopts usually and password can not ensure the safety of network trading, hacker even also can steal the correlated digital safety certificate of user, thus needs more technological means to carry out Logistics networks transaction security.
The telecom access method of service that user uses, comprises and uses fixing IP access and use access account to access two kinds.Usually, large enterprises adopt the mode of fixing IP to access telco provider usually, and small enterprise and personal user adopt the mode of access account to access telco provider usually.Telecom access service provider can rely on the access account of user to distinguish different users, to carry out charging to it and to provide corresponding service.The access account of telecom access service provider has multiple, the PPPoE(Point to Point Protocol over Ethernet such as adopted during broadband access) account number, the IMSI(International Mobile Subscriber Identification adopted during mobile communication equipment access) number, phone number also can treat as access account in some cases.
Summary of the invention
Goal of the invention: the object of this invention is to provide a kind of method that can effectively prevent account number stolen, and the method is easy to use.
Technical scheme: for achieving the above object, a kind of method preventing account number stolen provided by the invention, comprises the following steps:
(1) network english teaching system obtains application account number and the network address mark of this user from the log-on message of user, and imports with this network address mark the telecom access account that Third-Party Service inquiry obtains this network address mark correspondence into;
(2) whether the telecom access account that obtains of network english teaching system determining step (1) is in the telecom access account list used safely that the application account number of this user is corresponding, if, network english teaching system validation application account number is not stolen, continue as user and service is provided, otherwise, enter step (3);
(3) network english teaching system initiates other security authentication request to this user, if this user passes through safety verification, then network english teaching system validation application account number is not stolen, terminate identifying procedure, continue as user and service is provided, if this user is not by safety verification, then network english teaching system validation application account number is just stolen, refuses as user provides service.
For the ease of its application account number of user management and the telecom access account relation that can use safely, the certification of employing telecom access account by and after other authentications pass through, network english teaching system to the processing mode of user's query to this telecom access account, and does corresponding process according to the selection of user.Concrete processing mode comprises: be appended to by this telecom access account in the telecom access account list used safely corresponding to the application account number of user, this telecom access account is replaced an information in the telecom access account list used safely corresponding to the application account number of described user or full detail, and, this telecom access account is not processed.
NAT444(Network Address Translation 444 is used for multiplexing IPv4 address) time, IPv4 address and telecom access account number are not one-to-one relationship, and IPv4 address now can be adopted to add TCP/UDP port numbers to confirm unique telecom access account number.
In order to protect privacy of user; the access account of user generally can not be supplied to third party by telecom access service provider; therefore can adopt after access account is encrypted and be supplied to third party; namely, when network english teaching system adds TCP/UDP port numbers to inquire about with IP address or IP address, what obtain is the result of access account after encryption.
When user uses telecom access service by access account, but when using telecom access to serve by fixing IP, network english teaching system is verified user by safety verification modes such as short message verification code, history question and answer, and allow user judge voluntarily its network access environment used be whether the comparatively safe network environment such as work unit, the need of adding the IP address list that can use safely.
Beneficial effect: the present invention compared with prior art, its distinguishing feature is this fixed value of access account using third party's telecom access service provider, serve as the factor judging that whether account number is stolen, it is easy to use but significantly can reduce the stolen possibility of account number.
Accompanying drawing explanation
Fig. 1 is the use scenes schematic diagram of the inventive method.
Embodiment
The core of method of the present invention is: whether the access account of third party's telecom access service provider that network english teaching enterprise utilizes its user to use is stolen to the account number weighing this user.The access service account number that user uses remains unchanged for a long time, and the physical circuit that usual and user uses bundlees, although hacker likely steals by illegal means the account number and corresponding password that user offers in ecommerce or financial company, but namely account and password lost efficacy after leaving the physical circuit of user, thus can effectively prevent account number stolen.
Below in conjunction with the drawings and specific embodiments, illustrate the present invention further, these embodiments should be understood only be not used in for illustration of the present invention and limit the scope of the invention, after having read the present invention, the amendment of those skilled in the art to the various equivalent form of value of the present invention has all fallen within the application's claims limited range.
The embodiment of the invention discloses a kind of method preventing account number stolen, suppose that a user uses the service of enterprise's first with account number A, the telecom access service using enterprise's second with access account B, comprises the following steps:
(1) user uses the service system of account number A and corresponding password login enterprise first, and the service system of enterprise's first obtains the IP address of the current use of this user, and goes third party to inquire about the telecom access account number B of this current correspondence in IP address with this IP address;
(2) service system of enterprise's first is inquired about the acknowledged telecom access account number used safely of account number A and whether is comprised account number B in its system, if comprised, so the service system of enterprise's first is thought that account number A is not stolen and continues to serve for it; If do not comprised, so the service system of enterprise's first initiates other security authentication request to this user, suppose that this user is by safety verification, then the service system of enterprise's first is thought that account number A is not stolen and can be determined whether account number B added the telecom access account number for using safely or account number B replaced one or all original telecom access account number that can use safely by the demand of this user; Suppose that this user is not by safety verification, then the service system of enterprise's first is thought that account number A is just stolen and stops current service.
The concrete implementation method of the present invention in practical application scene is illustrated below in conjunction with accompanying drawing 1:
(1) user is by telecom access service provider _ 1 accessing Internet, user uses the access pin of access account Access_12345@adsl and correspondence, AAA(Authentication, Authorization, Accounting through telecom access service provider _ 1) after system verification, AAA system can distribute an IP address automatically to this user;
(2) this user uses the service system of account number Zhangsan and corresponding cryptographic acess enterprise first, and the service system of enterprise's first obtains the IP address of this user;
(3) service system of enterprise's first utilizes this IP address, go to inquire about access service account number corresponding to this IP address to third-party IP address/access account real time inquiry system, inquiry request is forwarded to the AAA system of telecom access service provider _ 1 by this inquiry system, and checking in access account corresponding to this IP is Access_12345@adsl.The service system of enterprise's first retrieves in its database: Access_12345@adsl belongs to Zhangsan and confirms as safe telecom access account number, thus determines that account number Zhangsan is not stolen.
Telecom access service provider _ 2 are accessed with the access pin of account number Access_99999 and correspondence after supposing user's removal of home, and then go the service system of accessing enterprise's first with account number Zhangsan and corresponding password, similar with above-mentioned steps (3), the service system of enterprise's first retrieves in its database: Access_99999 is not that Zhangsan confirms as safe telecom access account number, the service system of enterprise's first then passes through short message verification code, the safety verification modes such as history question and answer are verified user, because this user is by safety verification, so the service system of enterprise's first thinks that account number Zhangsan is not stolen, and can determine whether account number Access_99999 added the telecom access account number for using safely or account number Access_99999 replaced Access_12345@adsl by the demand of this user, then continue to provide service.
Suppose that hacker has stolen the user account number Zhangsan of certain client of enterprise's first and corresponding password by illegal means, hacker is in the access pin of account number Access_44444 and correspondence access telecom access service provider _ 2, then the service system of accessing enterprise's first is gone with the account number Zhangsan stolen and corresponding password, similar with above-mentioned steps (3), the service system of enterprise's first retrieves in its database: Access_44444 is not that Zhangsan confirms as safe telecom access account number, the service system of enterprise's first then passes through short message verification code, the safety verification modes such as history question and answer are verified user, because hacker cannot by this checking, the service system of enterprise's first is thought that account number Zhangsan is just stolen and stops current service.
For under NAT444 environment; the network address that AAA system distributes to user is designated IP address and adds TCP/UDP port numbers; the service system of enterprise's first adds the access account of TCP/UDP port numbers to Third party system inquiring user by according to IP address; in order to protect privacy of user; it may be cipher-text information after encryption that Third party system gets access account from telecom access service provider; the service system of enterprise's first carries out follow-up process according to the access account of the plaintext got or ciphertext, and processing method is consistent with above-mentioned.
Claims (4)
1. prevent the method that account number is stolen, it is characterized in that the method comprises the following steps:
1) network english teaching system obtains application account number and the network address mark of this user from the log-on message of user, and imports with this network address mark the telecom access account that Third-Party Service inquiry obtains this network address mark correspondence into;
2) network english teaching system determining step 1) whether the telecom access account that obtains in the telecom access account list used safely that the application account number of this user is corresponding, if, network english teaching system validation application account number is not stolen, continue as user and service is provided, otherwise, enter step 3);
3) network english teaching system initiates other security authentication request to this user, if this user passes through safety verification, then network english teaching system validation application account number is not stolen, continue as user and service is provided, if this user does not pass through safety verification, then network english teaching system validation application account number is just stolen, refuses as user provides service.
2. the method preventing account number stolen according to claim 1, it is characterized in that: in described step 3) network english teaching system validation application account number not stolen after also comprises: network english teaching system to the processing mode of user's query to the telecom access account obtained in described step 1), and does corresponding process according to the selection of user;
Described processing mode comprises: be appended to by described telecom access account in the telecom access account list used safely corresponding to the application account number of described user, described telecom access account is replaced an information in the telecom access account list used safely corresponding to the application account number of described user, described telecom access account is replaced the full detail in the telecom access account list used safely corresponding to the application account number of described user, and described telecom access account is not dealt with.
3. the method preventing account number stolen according to claim 1, is characterized in that: the described network address is designated IP address or IP address and adds TCP/UDP port numbers.
4. the method preventing account number stolen according to claim 1, is characterized in that: described telecom access account is the plaintext of the telecom access account number of user or the ciphertext after the telecom access account number of user being encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410306168.5A CN104378346A (en) | 2014-06-30 | 2014-06-30 | Method for preventing account number from being embezzled |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410306168.5A CN104378346A (en) | 2014-06-30 | 2014-06-30 | Method for preventing account number from being embezzled |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104378346A true CN104378346A (en) | 2015-02-25 |
Family
ID=52557004
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410306168.5A Pending CN104378346A (en) | 2014-06-30 | 2014-06-30 | Method for preventing account number from being embezzled |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104378346A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005156A (en) * | 2018-07-05 | 2018-12-14 | 泰康保险集团股份有限公司 | The shared determination method and device of account |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829143A (en) * | 2004-07-27 | 2006-09-06 | 王鹏 | Novel method for network account number identity affirmation without cipher and encryption |
CN1925401A (en) * | 2006-10-12 | 2007-03-07 | 中国网通(集团)有限公司北京市分公司 | Internet access system and method |
US20070056022A1 (en) * | 2005-08-03 | 2007-03-08 | Aladdin Knowledge Systems Ltd. | Two-factor authentication employing a user's IP address |
CN101110674A (en) * | 2007-06-12 | 2008-01-23 | 中兴通讯股份有限公司 | Method for implementing reinforced authentication by binding access account number and business account number |
CN101378312A (en) * | 2007-08-31 | 2009-03-04 | 中国电信股份有限公司 | Safety payment control system and method based on broadband network |
CN101478416A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Service processing method, synthetic service platform and service processing system |
CN101521576A (en) * | 2009-04-07 | 2009-09-02 | 中国电信股份有限公司 | Method and system for identity authentication of internet user |
-
2014
- 2014-06-30 CN CN201410306168.5A patent/CN104378346A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829143A (en) * | 2004-07-27 | 2006-09-06 | 王鹏 | Novel method for network account number identity affirmation without cipher and encryption |
US20070056022A1 (en) * | 2005-08-03 | 2007-03-08 | Aladdin Knowledge Systems Ltd. | Two-factor authentication employing a user's IP address |
CN1925401A (en) * | 2006-10-12 | 2007-03-07 | 中国网通(集团)有限公司北京市分公司 | Internet access system and method |
CN101110674A (en) * | 2007-06-12 | 2008-01-23 | 中兴通讯股份有限公司 | Method for implementing reinforced authentication by binding access account number and business account number |
CN101378312A (en) * | 2007-08-31 | 2009-03-04 | 中国电信股份有限公司 | Safety payment control system and method based on broadband network |
CN101478416A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Service processing method, synthetic service platform and service processing system |
CN101521576A (en) * | 2009-04-07 | 2009-09-02 | 中国电信股份有限公司 | Method and system for identity authentication of internet user |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005156A (en) * | 2018-07-05 | 2018-12-14 | 泰康保险集团股份有限公司 | The shared determination method and device of account |
CN109005156B (en) * | 2018-07-05 | 2021-06-01 | 泰康保险集团股份有限公司 | Account sharing determination method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104519020B (en) | Manage method, server and the system of wireless network login password sharing function | |
AU2020202168B2 (en) | Method and system related to authentication of users for accessing data networks | |
CN104184713B (en) | Terminal identification method, machine identifier register method and corresponding system, equipment | |
CN105306211B (en) | A kind of identity identifying method of client software | |
CN101772024B (en) | User identification method, device and system | |
DK2924944T3 (en) | Presence authentication | |
CN101986598B (en) | Authentication method, server and system | |
CN105099690A (en) | OTP and user behavior-based certification and authorization method in mobile cloud computing environment | |
CN104618369A (en) | Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth | |
CN107204983B (en) | System for wind power plant SCADA system safety data transmission based on SIP protocol | |
US20160191482A1 (en) | System and method for providing authenticated communications from a remote device to a local device | |
CN107864475A (en) | The quick authentication methods of WiFi based on Portal+ dynamic passwords | |
CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN105187417B (en) | Authority acquiring method and apparatus | |
CN104901967A (en) | Registration method for trusted device | |
CN112272089A (en) | Cloud host login method, device, equipment and computer readable storage medium | |
CN111698203A (en) | Cloud data encryption method | |
CN104540136B (en) | A kind of method and system logging in WLAN | |
JPH11331181A (en) | Network terminal authenticating device | |
US11792314B2 (en) | Methods for acquiring an internet user's consent to be located and for authenticating the location information | |
CN104378346A (en) | Method for preventing account number from being embezzled | |
CN105871788B (en) | Password generation method and device for login server | |
CN106877996A (en) | User in PKI domains accesses the authentication key agreement method of the resource in IBC domains | |
CN108322430B (en) | Anonymous real name authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20190326 |