CN107241336A

CN107241336A - Auth method and device

Info

Publication number: CN107241336A
Application number: CN201710465761.8A
Authority: CN
Inventors: 李丹; 钟伟林
Original assignee: Guangzhou Baiguoyuan Information Technology Co Ltd
Current assignee: Bigo Technology Singapore Pte Ltd
Priority date: 2017-06-19
Filing date: 2017-06-19
Publication date: 2017-10-10
Anticipated expiration: 2037-06-19
Also published as: CN107241336B

Abstract

The invention discloses a kind of auth method and device, belong to Internet technical field.Method includes：The first checking request that first terminal is sent is received, first checking request carries the user profile of user and the target verification mode of user request, and the user profile at least includes user and identified；Whether according to the user profile, it is malicious user to determine the user；If the user is malicious user, additional identification is carried out to the user based on the first additional identification mode, the first additional identification mode is different with the target verification mode；Based on the first additional identification mode to user's additional identification by when, identified based on the target verification mode and the user, authentication carried out to the user.Therefore the present invention, adds the checking cost of malicious user, reduces the attack to server due to adding the first additional identification mode.

Description

Auth method and device

Technical field

The present invention relates to Internet technical field, more particularly to a kind of auth method and device.

Background technology

With the development of Internet technology, the application program installed in terminal is more and more；Also, major applications program It is required for user's registered user's account, and login password is set in the server in advance.When user uses application program, terminal Based on the user account and login password login service device.But user may forget login password, now server needs Authentication is carried out to user；And when being verified, it is allowed to terminal logs in server or modification login password.

At present, user in the server registered user's account when, phone number can be reserved in the server.When terminal Shen Please server when carrying out authentication to user, server sends the first identifying code to the corresponding mobile phone of the reserved phone number； If the second identifying code of terminal return is received in the preset duration after server the first identifying code of transmission, and the first checking Code is identical with the second identifying code, and server determines that the authentication to user passes through；Otherwise, server determines the identity to user Checking does not pass through.If checking does not pass through, terminal can apply for that server is tested user identity based on above step again Card, until be verified or terminal stop application checking.

During the present invention is realized, inventor has found that prior art at least has problems with：

If malicious user arbitrarily fills in telephone number in registered user's account；But user is carried out in server During authentication, malicious user automated procedures constantly apply for that checking is laid equal stress on examination identifying code, attacks so as to be caused to server Hit.

The content of the invention

In order to solve problem of the prior art, the invention provides a kind of auth method and device.Technical scheme is such as Under：

The invention provides a kind of auth method, methods described includes：

The first checking request that first terminal is sent is received, first checking request carries user profile and the institute of user The target verification mode of user's request is stated, the user profile at least includes user and identified；

Whether according to the user profile, it is malicious user to determine the user；

If the user is malicious user, additional identification, institute are carried out to the user based on the first additional identification mode State the first additional identification mode different with the target verification mode；

Based on the first additional identification mode to user's additional identification by when, based on the target verification side Formula and user mark, authentication is carried out to the user.

Whether described according to the user profile in a possible implementation, it is that malice is used to determine the user Family, including：

Identified according to the user, count first number, first number is preset for first before current time The number of times for the checking request for carrying user's mark is received in duration；If first number is more than first default time Number, it is malicious user to determine the user；And/or,

When the user profile also including the first terminal first terminal identify, determine be in malicious peer home banking It is no to there is the first terminal mark；If there is the first terminal mark in the malicious peer home banking, it is determined that described User is malicious user, and the terminal iidentification for the terminal that malicious user is used is stored in the malicious peer home banking；And/or,

When the user profile also first terminal including the first terminal is identified, identified according to the first terminal, Second number is counted, second number is sent out to receive the first terminal in the second preset duration before current time The number of times for the checking request sent；If second number is more than the second preset times, it is malicious user to determine the user； And/or,

When the user profile also including the first terminal first terminal identify, according to the first terminal mark and User mark, counting user number, the number of users is passes through institute in the 3rd preset duration before current time State the number of users that first terminal sends checking request；If the number of users is more than preset number, determine that the user is Malicious user.

In a possible implementation, the first additional identification mode that is based on carries out additional test to the user Card, including：

The first checking information is sent to the first terminal, and receives the first terminal and is based on first checking information The second checking information returned；

If first checking information and second checking information matching, it is determined that based on the first additional identification side Formula passes through to user's additional identification.

In a possible implementation, methods described also includes：

Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification Mode carries out additional identification again to the user, when the 4th before additional identification is by or current time presets The first failed validation number of times in length reaches the 3rd preset times.

It is described to be based on the mesh when the target verification mode is short-message verification in a possible implementation Verification mode and user mark are marked, authentication is carried out to the user, including：

Identified according to the user, the second terminal that the second terminal mark reserved to the user is indicated sends first and tested Demonstrate,prove code；

If the second identifying code is received in the 5th preset duration after current time, and first identifying code and Second identifying code is identical, and the subscriber authentication is passed through；

If second identifying code is not received by the 5th preset duration after current time, or described One identifying code and second identifying code are differed, and the subscriber authentication is not passed through.

In a possible implementation, methods described also includes：

If do not passed through to the subscriber authentication, sixth preset duration of the user before current time is determined The second interior failed validation number of times；

If the second failed validation number of times is not more than the 4th preset times, execution is described to be identified according to the user, The step of terminal that the second terminal mark reserved to the user is indicated sends three checking informations；

If the second failed validation number of times is more than the 4th preset times, perform described based on the first additional identification The step of mode carries out additional identification to the user.

In a possible implementation, methods described also includes：

User's additional identification is not passed through based on the first additional identification mode, or to the user identity Verify obstructed out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time；

According to the 3rd failed validation number of times, determine the user forbid retry duration；

If it is described forbid retrying the second checking request that the first terminal is sent is received in duration, ignore described Second checking request, second checking request carries user's mark.

Second aspect, the invention provides a kind of authentication means, described device includes：

Receiving module, the first checking request for receiving first terminal transmission, first checking request carries user User profile and the user request target verification mode, the user profile at least include user identify；

Determining module, for according to the user profile, determining whether the user is malicious user；

Additional identification module, if being malicious user for the user, is used described based on the first additional identification mode Family carries out additional identification, and the first additional identification mode is different with the target verification mode；

Authentication module, for based on the first additional identification mode to user's additional identification by when, Identified based on the target verification mode and the user, authentication is carried out to the user.

In a possible implementation, the determining module is additionally operable to be identified according to the user, statistics is for the first time Number, first number is that the checking that carrying user's mark is received in the first preset duration before current time is asked The number of times asked；If first number is more than the first preset times, it is malicious user to determine the user；And/or,

The determining module, is additionally operable to the first terminal mark also including the first terminal when the user profile, really Determine in malicious peer home banking with the presence or absence of first terminal mark；If having described in the malicious peer home banking One terminal iidentification, determines the user for malicious user, the terminal that storage malicious user is used in the malicious peer home banking Terminal iidentification；And/or,

The determining module, is additionally operable to the first terminal mark also including the first terminal, root when the user profile Identified according to the first terminal, count second number, second number is in the second preset duration before current time Receive the number of times for the checking request that the first terminal is sent；If second number is more than the second preset times, it is determined that The user is malicious user；And/or,

The determining module, is additionally operable to the first terminal mark also including the first terminal, root when the user profile According to first terminal mark and user mark, counting user number, the number of users is before current time The number of users of checking request is sent in 3rd preset duration by the first terminal；If the number of users is more than default Number, it is malicious user to determine the user.

In a possible implementation, the additional identification module is additionally operable to send first to the first terminal Checking information, and receive the second checking information that the first terminal is returned based on first checking information；If described One checking information and second checking information matching, are tested it is determined that being added based on the first additional identification mode to the user Card passes through.

In a possible implementation, the additional identification module is additionally operable to based on first additional identification Mode is obstructed out-of-date to user's additional identification, carries out additional test again to the user based on the second additional identification mode Card, until the first failed validation number of times in the 4th preset duration before additional identification is by or current time reaches the Three preset times.

In a possible implementation, when the target verification mode is short-message verification, the authentication mould Block, is additionally operable to be identified according to the user, the second terminal reserved to the user identifies the second terminal indicated and sends first Identifying code；If the second identifying code is received in the 5th preset duration after current time, and first identifying code and Second identifying code is identical, and the subscriber authentication is passed through；If in the 5th preset duration after current time Second identifying code is not received by, or first identifying code and second identifying code are differed, to the user Authentication does not pass through.

In a possible implementation, the additional identification module, if be additionally operable to the subscriber authentication Do not pass through, determine second failed validation number of times of the user in the 6th preset duration before current time；

The authentication module, if being additionally operable to the second failed validation number of times is not more than the 4th preset times, root Identified according to the user, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information；

The additional identification module, if being additionally operable to the second failed validation number of times more than the 4th preset times, Additional identification is carried out to the user based on the first additional identification mode.

In a possible implementation, described device also includes：Ignore module；

The determining module, is additionally operable to obstructed to user's additional identification based on the first additional identification mode Cross, or it is obstructed out-of-date to the subscriber authentication, determine the user in the 7th preset duration before current time The 3rd failed validation number of times；

The determining module, is additionally operable to, according to the 3rd failed validation number of times, determine when forbidding retrying of the user It is long；

It is described to ignore module, if be additionally operable to it is described forbid retrying receive that the first terminal sends in duration the Two checking requests, ignore second checking request, and second checking request carries user's mark.

In embodiments of the present invention, when carrying out authentication to user, the use is first determined according to the user profile of user Whether family is malicious user；If the user is malicious user, additional test is carried out to the user based on the first additional identification mode Card, based on the first additional identification mode to user's additional identification by when, just based on target verification mode and the user User is identified, and authentication is carried out to the user.Due to adding the first additional identification mode, therefore, malicious user is added Checking cost, reduce the attack to server.

Brief description of the drawings

Fig. 1 is a kind of implementation environment schematic diagram provided in an embodiment of the present invention；

Fig. 2 is a kind of auth method flow chart provided in an embodiment of the present invention；

Fig. 3-1 is a kind of auth method signaling interaction diagram provided in an embodiment of the present invention；

Fig. 3-2 is a kind of auth method flow chart provided in an embodiment of the present invention；

Fig. 4 is a kind of identification means structural representation provided in an embodiment of the present invention；

Fig. 5 is a kind of structural representation of server provided in an embodiment of the present invention.

Embodiment

To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention Formula is described in further detail.

At present, when user is using the application program installed on first terminal, first terminal needs to be identified and stepped on based on user Record password login server.But when user forgets login password, user can apply for that server carries out identity to user and tested Card.When being verified, first terminal can change login password or login service device.

In another scene, user in the server registered user's account when, server be also required to user carry out body Part checking.When being verified, the user's mark and the corresponding relation of login password of the server storage user.

In the prior art, server is usually the corresponding second terminal of phone number reserved in the server to user The first identifying code is sent, and receives the second identifying code that first terminal is returned based on first identifying code；Based on the first identifying code With the second identifying code, authentication is carried out to user.But if malicious user arbitrarily fills in phone in registered user's account Number, when server carries out authentication to user, malicious user automated procedures constantly apply for that checking is laid equal stress on and test card Code, so as to cause attack to server.

The embodiment of the present invention is precisely in order to attack of the reduction to server, the first checking that first terminal is sent to server User profile is carried in request, the user profile at least includes user and identified, user mark can be user in advance in service The user account registered in device.The user account can be title or phone number of user etc..The user profile can be with First terminal mark including first terminal, first terminal mark can be telephone number, the ID of first terminal of user (Identity, identity number) or IP (agreement interconnected between Internet Protocol, network) etc..Server Before authentication is carried out to user, server is based on the user profile, and whether determine the user is malicious user.If should User is malicious user, and server to user based on target verification mode before authentication is carried out, and server is first based on the One additional identification mode carries out additional identification to user, and the first additional identification mode can be charting piece identifying code, instruction second Terminal to server sends first specify information etc..Based on the first additional identification mode to user's additional identification by when, Identified based on target verification mode and user, authentication is carried out to user.

In embodiments of the present invention, because server to user before authentication is carried out, server is believed based on user Breath, whether be malicious user, if user is malicious user if determining user, user is carried out based on the first additional identification mode attached Plus checking, so as to add the checking cost of malicious user, reduce the attack to server.

The embodiments of the invention provide a kind of schematic diagram of implementation environment, referring to Fig. 1, the implementation environment includes server 10 With first terminal 20.Connected between server 10 and first terminal 20 by communication network.Runtime server in first terminal 20 The application of 10 associations, can be based on user's mark and login password login service device 10, so as to be interacted with server 10.Should Using can for social networking application, Video Applications, live application, voice applications, cloud storage application etc. a variety of applications.

When user forgets login password, first terminal 20, for sending the first checking request to server 10, this first Checking request carries the user profile of user and the target verification mode of user's request.Wherein, user profile at least includes user Mark, includes the first terminal mark of first terminal.Target verification mode can be short-message verification or mail checking etc..

Server 10, for receiving the first checking request, whether according to the user profile, it is malicious user to determine user； If user be malicious user, based on the first additional identification mode to user carry out additional identification, the first additional identification mode and Target verification is different, and the first additional identification mode can send first for charting piece identifying code, instruction first terminal to server Specify information etc..

Server 10, be additionally operable to based on the first additional identification mode to user's additional identification by when, tested based on target Card mode and the user are identified, and authentication is carried out to the user.

The implementation environment also include second terminal 30, second terminal 30 be user in registered user's account in server 10 In reserve the corresponding terminal of telephone number.Wherein, first terminal 20 and second terminal 30 can be same terminal, can also For different terminals.

Accordingly, when target verification mode is short-message verification, server 10 is additionally operable to be identified according to user, to user The second terminal that reserved second terminal mark is indicated sends the first identifying code；If when the 5th after current time is default The second identifying code is received in long, and the first identifying code and the second identifying code are identical, and the subscriber authentication is passed through；If The second identifying code is not received by the 5th preset duration after current time, or the first identifying code and the second identifying code are not It is identical, the subscriber authentication is not passed through.

First terminal 20 can be for mobile phone terminal equipment, PAD (Portable Android Device, tablet personal computer) eventually End equipment or pcs terminal equipment etc.；Second terminal 30 can be mobile phone terminal etc..Server 10 can be thought as a service Device, or by some server groups into server cluster, an or cloud computing server center, the embodiment of the present invention This is not limited.

The embodiments of the invention provide a kind of auth method, the executive agent of this method can be server.Referring to Fig. 2, this method includes：

Step 201：The first checking request that first terminal is sent is received, the first checking request carries the user profile of user The target verification mode asked with the user, the user profile at least includes user and identified.

Step 202：Whether according to the user profile, it is malicious user to determine the user.

Step 203：If the user is malicious user, additional test is carried out to the user based on the first additional identification mode Card, the first additional identification mode is different with target verification mode.

Step 204：Based on the first additional identification mode to user's additional identification by when, based on target verification mode Identified with the user, to carrying out authentication with the family.

In a possible implementation, whether according to the user profile, it is malicious user to determine the user, including：

Identified according to the user, count first number, first number is in the first preset duration before current time Receive the number of times for the checking request for carrying user mark；If first time number is more than the first preset times, the user is determined For malicious user；And/or,

When the user profile also first terminal including first terminal is identified, determine to whether there is in malicious peer home banking First terminal is identified；If there is first terminal mark in the malicious peer home banking, malicious user is determined that the user is, the evil The terminal iidentification for the terminal that storage malicious user is used in meaning terminal iidentification storehouse；And/or,

When the user profile also first terminal including first terminal is identified, identified according to first terminal, second of statistics Number, second number is time for the checking request that first terminal transmission is received in the second preset duration before current time Number；If second time number is more than the second preset times, malicious user is determined that the user is；And/or,

When the user profile also first terminal including first terminal is identified, marked according to first terminal mark and the user Know, counting user number, the number of users is to send to test by first terminal in the 3rd preset duration before current time Demonstrate,prove the number of users of request；If the number of users is more than preset number, malicious user is determined that the user is.

In a possible implementation, additional identification is carried out to the user based on the first additional identification mode, including：

The first checking information is sent to first terminal, and receives first terminal and is tested based on the first checking information is returned second Demonstrate,prove information；

If the first checking information and the matching of the second checking information, it is determined that attached to the user based on the first additional identification mode Plus be verified.

In a possible implementation, this method also includes：

Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification mode pair The user carries out additional identification again, until in the 4th preset duration before additional identification is by or current time One failed validation number of times reaches the 3rd preset times.

In a possible implementation, when target verification mode is short-message verification, based on target verification mode and The user is identified, and authentication is carried out to the user, including：

Identified according to the user, the second terminal reserved to the user identifies the second terminal indicated and sends the first checking Code；

If the second identifying code is received in the 5th preset duration after current time, and the first identifying code and second Identifying code is identical, and the subscriber authentication is passed through；

If the second identifying code is not received by the 5th preset duration after current time, or the first identifying code Differed with the second identifying code, the subscriber authentication is not passed through.

In a possible implementation, this method also includes：

If do not passed through to the subscriber authentication, determine the user in the 6th preset duration before current time Second failed validation number of times；

If the second failed validation number of times is not more than the 4th preset times, performs and identified according to the user, it is pre- to the user The step of terminal that the second terminal mark stayed is indicated sends three checking informations；

If the second failed validation number of times is more than the 4th preset times, perform based on the first additional identification mode to this The step of user carries out additional identification.

In a possible implementation, this method also includes：

User's additional identification is not passed through based on the first additional identification mode, or it is obstructed to the subscriber authentication It is out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time；

If this forbid retrying received in duration first terminal transmission the second checking request, ignore the second checking please Ask, second checking request carries user mark.

The embodiments of the invention provide a kind of authentication mode, this method is applied between first terminal and server； Referring to Fig. 3-1, this method includes：

Step 301：First terminal sends the first checking request to server, and first checking request carries the user of user Information and the target verification mode of user's request.

When first terminal is based on the application program login service device installed thereon, first terminal shows login interface, steps on Recording interface includes the first input frame, the second input frame and login button.First input frame is used to input user's mark, the second input Frame is used to input login password.User can input user's mark in the first input frame, input and log in the second input frame Password, and click on login button.When first terminal detects login button and is triggered, first terminal obtains defeated in the first input frame The user's mark entered and the login password inputted in the second input frame, logging request is sent to server, and the logging request is carried The user identifies and the login password.Server receives the logging request that first terminal is sent, if the user identifies and this is stepped on Password match is recorded, determines that first terminal is logined successfully.If the user is identified and the login password is mismatched, first terminal is determined Login failure.

The login interface also includes：Authentication button, the authentication button can be " forget Password button ".The body Part checking button is used for server and carries out authentication to user.When first terminal login failure or user forget that login is close Code, user can click on the authentication button.When first terminal detects the authentication button and is triggered, display checking circle Face, the checking interface includes at least one verification mode and application button.User can be based on the selection of at least one verification mode One target verification mode simultaneously clicks on application button.Now, first terminal detects application button when being clicked, and obtains user's choosing The target verification mode selected, the first checking request is sent to server, and the first checking request carries user profile and target verification Mode.First checking request can also carry object run.

In another implement scene, first terminal is based on the application program installed thereon registered user's account in the server During family, first terminal shows register interface, and the register interface includes the 3rd input frame and registration button.3rd input frame is used for defeated Access customer is identified.User can input user's mark in the 3rd input frame, and click on registration button.First terminal detects note When volume button is triggered, display checking interface, the checking interface includes at least one verification mode and application button.User can be with One target verification mode is selected based at least one verification mode and application button is clicked on.Now, first terminal detects Shen Please button when being clicked, obtain the target verification mode of user's selection, send the first checking request to server, the first checking please Ask carrying user profile and target verification mode.First checking request can also carry object run.

Wherein, user profile at least includes user's mark, and user is designated the user that user registers in the server in advance Account, user profile also includes first terminal and identified, and first terminal mark can be phone number, the ID of first terminal of user Or IP etc..Target verification mode can be short-message verification or mail checking etc.., purpose operation can for register or Person's modification login password operation.

Step 302：Server receives the first checking request that first terminal is sent, and according to the user profile, determines the use Whether family is malicious user.

When user profile, which only includes user, to be identified, this step can be realized by following first way；When user's letter When breath also includes first terminal and identified, this step can be realized by following second, the third or the 4th kind of mode.And And, when it is malicious user to determine the user, perform step 303；When it is not malicious user to determine the user, step is performed Rapid 304.

(1) user profile is identified including user；If user multiple requests verification, the user within a period of time It may be malicious user；Accordingly, for the first implementation, this step can be：

Server is identified according to the user, counts first number, and first number is preset for first before current time The number of times for the checking request for carrying user mark is received in duration.Server determines whether first number is more than first and presets Number of times；If first time number is more than the first preset times, server determines that the user is malicious user；If first number is less In the first preset times, server determines that the user is not malicious user.

Server receive first terminal transmission the first checking request when, server obtain current time as this first The transmission time of checking request, the corresponding relation storage that the transmission time and the user are identified, should into user's checking record Transmission time and user mark that the user's history sends the first checking request by terminal are stored in user's checking record Corresponding relation.Accordingly, server is identified according to the user, and the step of counting first number can be：

Server is identified according to the user, and statistics includes user mark from user's checking record, and the transmission time exists The number of the corresponding relation in the first preset duration before current time, regard the number as first number.

First preset duration and the first preset times can be configured and change as needed, in the embodiment of the present invention In, the first preset duration and the first preset times are not especially limited.For example, the first preset duration can for half a day, 1 day or Person 2 days.First preset times can be 5 times or 8 times.

Because server may take less than the corresponding relation from current time transmission time farther out and user's mark, because This, in order to save memory space and improve statistical efficiency, server regularly updates user's checking record, and detailed process can be with For：

Server sends the transmission of time not in the 8th preset duration before current time during user's checking is recorded The corresponding relation of time and user's mark is deleted.

8th preset duration is more than or equal to the first preset duration.Also, the 8th preset duration can also be as needed It is configured and changes, in embodiments of the present invention, the 8th preset duration is not especially limited.For example, the 8th preset duration Can it be 1 month or two weeks etc..

(2)：The user profile also includes first terminal and identified；Server forms malice eventually by constantly accumulating in advance Home banking is held, the malicious peer home banking is used for the terminal iidentification for storing the terminal that malicious user is used；Accordingly, for second Implementation is planted, this step can be：

Server is determined in the malicious peer home banking with the presence or absence of first terminal mark.If the malicious peer home banking In there is first terminal mark, server determines that the user is malicious user；If the is not present in the malicious peer home banking One terminal iidentification, server determines that the user is not malicious user.

(3)：The user profile also includes first terminal and identified；If first terminal within a certain period of time repeatedly test by request Card, then the user is probably malicious user；Accordingly, for the third implementation, this step can be：

Server is identified according to first terminal, counts second number, and second number is pre- for second before current time If receiving the number of times of the checking request of first terminal transmission in duration.Server determines whether second number is more than second and presets Number of times；If second time number is more than the second preset times, server determines that the user is malicious user；If second number is less In the second preset times, server determines that the user is not malicious user.

When server receives the first checking request of first terminal transmission, it is whole as first that server obtains current time End sends the transmission time of first checking request, and the corresponding relation storage that the transmission time and first terminal are identified is arrived into terminal In checking record, storage first terminal history sends the transmission time and first of the first checking request eventually in terminal authentication record Hold the corresponding relation of mark.Accordingly, server is identified according to first terminal, statistics first terminal before current time the Can be the step of second number of the first checking request of transmission in two preset durations：

Server is identified according to first terminal, and statistics includes first terminal mark from terminal authentication record, and when sending Between corresponding relation in the second preset duration before current time number, regard the number as second number.

Second preset duration and the first preset duration be able to can also be differed with identical.Second preset times and first pre- If number of times be able to can also be differed with identical.Second preset times and the second preset duration can be configured simultaneously as needed Change, in embodiments of the present invention, is not especially limited to the second preset duration and the second preset times.For example, second is default Duration can be half a day, 1 day or 2 days.Second preset times can be 5 times or 8 times.

The corresponding relation from current time transmission time farther out and first terminal mark may be taken less than due to server； Therefore, in order to save memory space and improve statistical efficiency, server regularly updates terminal authentication record, and detailed process can be with For：

Server sends the transmission of time not in the 9th preset duration before current time during terminal authentication is recorded The corresponding relation of time and first terminal mark is deleted.

9th preset duration is more than or equal to the second preset duration.Also, the 9th preset duration can also be as needed It is configured and changes, in embodiments of the present invention, the 9th preset duration is not especially limited.For example, the 9th preset duration Can it be 1 month or two weeks etc..

(4)：The user profile also includes first terminal and identified；If thering are many people to be sent out using first terminal in a period of time The first checking request is sent, then the user may be malicious user；Accordingly, for the 4th kind of implementation, this step can be：

Server is identified according to first terminal and the user identifies, counting user number, and the number of users is when current Between before the 3rd preset duration in by first terminal send the first checking request number of users.Server determines the user Whether number is more than preset number；If the number of users is more than preset number, server determines that the user is malicious user；Such as Really the number of users is not more than preset number, and server determines that the user is not malicious user.

When server receives the first checking request of first terminal transmission, it is whole as first that server obtains current time End sends the transmission time of first checking request, and the correspondence of the transmission time, user mark and first terminal mark are closed System is stored in user-terminal authentication record, and the user is stored in the user-terminal authentication record and sends the by first terminal The corresponding relation for sending time, user mark and first terminal mark of one checking request.Accordingly, server is according to first Terminal iidentification and the user identify, and can be the step of counting user number：

Server is identified according to first terminal and the user identifies, and statistics includes the use from user-terminal authentication record Family is identified and first terminal mark, and sends of corresponding relation of the time in the 3rd preset duration before current time Number, regard the number as number of users.

3rd preset duration and the first preset duration be able to can also be differed with identical.3rd preset duration and second pre- If duration be able to can also be differed with identical.Preset number and the first preset times be able to can also be differed with identical.It is default Number and the second preset times be able to can also be differed with identical.3rd preset duration and preset number can be entered as needed Row is set and changed, and in embodiments of the present invention, the 3rd preset duration and preset number are not especially limited.For example, the 3rd Preset duration can be half a day, 1 day or 2 days.Preset number can be 3 times or 5 times.

Identified due to transmission time, user's mark and first terminal that server may be taken less than from current time farther out Corresponding relation；Therefore, in order to save memory space and improve statistical efficiency, server regularly updates user-terminal authentication note Record, detailed process can be：

Server will send the time not in the tenth preset duration before current time in user-terminal authentication record The corresponding relation of transmission time, user mark and first terminal mark are deleted.

Tenth preset duration is more than or equal to the 3rd preset duration.Also, the tenth preset duration can also be as needed It is configured and changes, in embodiments of the present invention, the tenth preset duration is not especially limited.For example, the tenth preset duration Can it be 1 month or two weeks etc..

It should be noted that server is according to the user profile, when whether determine the user be malicious user, server can With one or more kinds of implementations in four kinds of implementations of the first implementation-the more than.Also, if service Device is according to the user profile, when whether determine the user be malicious user, second of implementation more than；Also, When server determines the user for malicious user, first terminal mark is added in malicious peer home banking by server, with When being easy to follow-up the first checking request of first terminal transmission, server is by the second way, and whether determine the user is malice User.

Further, auth method provided in an embodiment of the present invention is effective in order to be carried out to the checking of malicious user Intercept, if normal users are in authentication process itself, server judges error, and normal users are mistaken for into malicious user, this When user can also carry out complaint correction, detailed process can be：

When server determines that the user is malicious user, the first prompt message is shown, first prompt message includes malice User's configured information and complaint correction mode.Wherein, malicious user configured information can be " you are suspicious user ".Complaint is corrected Mode can be to send the 3rd specify information to server, or dial assigned telephone number.3rd specify information includes the use Family is identified and given content.Given content can be " I is not suspicious user ".

Further, if server receives the 3rd specify information or customer service receives the phone feedback of the user, Server determines that the user is not malicious user, is identified based on target verification mode and the user, and carrying out identity to the user tests Card.

Further, when server determines that the user is not malicious user, first terminal mark is identified from malicious peer Deleted in storehouse.

Step 303：If the user is malicious user, it is attached to user progress that server is based on the first additional identification mode Plus verify, the first additional identification mode is different with target verification mode.

First additional identification mode can send first to server for charting piece identifying code, instruction first terminal and specify letter Breath etc..When the first additional identification mode to fill out picture validation code, this step can be realized by following first way；When first Additional identification mode is indicates that second terminal sends the first specify information to server, and this step can pass through following second of side Formula is realized.Also, if based on the first additional identification mode to user's additional identification by when, perform step 305；If base It is obstructed out-of-date to user's additional identification in the first additional identification mode, perform step 304.

For the first implementation, this step can be realized by following steps (1) to (4), including：

(1)：Server sends the first checking information to first terminal.

First checking information includes the image data and the second prompt message of multiple pictures.Second prompt message is used to refer to Show that user selects picture from multiple pictures.For example, multiple pictures are respectively stool, desk and school bag.Second prompt message is " desk picture is please selected from multiple pictures ".

(2)：The first checking information that first terminal the reception server is sent, and returned based on the first checking information to server Return the second checking information.

Image data of the first terminal based on multiple pictures, renders multiple pictures；And show second prompt message.User Based on second prompt message, the picture identification for selecting second prompt message to indicate from multiple pictures.First terminal is obtained The picture identification of user's selection, the second checking information is constituted by the picture identification.

(3)：Server receives the second checking information that first terminal is returned, and determines the first checking information and the second checking letter Whether breath matches.

Server determines the picture identification that second prompt message is indicated according to the first checking information.If this second is carried Show that the picture identification that information is indicated is identical with the picture identification that the second checking information includes；Server determine the first checking information and Second checking information is matched.If the picture identification that picture identification and the second checking information that second prompt message is indicated include Differ, server determines that the first checking information and the second checking information are mismatched.

(4)：If the first checking information and the matching of the second checking information, server determines logical to user's additional identification Cross；If the first checking information and the second checking information are mismatched, server determines not pass through user's additional identification.

For second of implementation, this step can be realized by following steps (A) to (D), including：

(A)：Server sends the 3rd checking information to first terminal, and the 3rd checking information is used to indicate second terminal to clothes Business device sends the first specify information.

First specify information can be short message or wechat.And first specify information include the user identify and object run Information.For example, when user wants to reset login password, object run information is replacement login password information；For another example, user is worked as When wanting to pass through first terminal login service device, object run information is log-on message.

In embodiments of the present invention, when first designates the information as short message, the checking cost of malicious user can be increased.

(B)：The 3rd checking information that first terminal the reception server is sent, shows the 3rd checking information.

User can be based on the 3rd checking information, and first specify information is sent to server by second terminal.

(C)：Second terminal sends the 4th checking information to server.

(D)：Server receives the 4th checking information that second terminal is sent, if the 4th checking information includes first finger Determine information, then server determines to pass through user's additional identification；If the 4th checking information does not include first specify information, Then server determines not pass through user's additional identification.

Step 304：If server is not passed through based on the first additional identification mode to user's additional identification, server base Additional identification is carried out again to the user in the second additional identification mode, until additional identification by or current time before The first failed validation number of times in 4th preset duration reaches the 3rd preset times, and the validation difficulty of the second additional identification mode can With greater than, equal to or less than the first additional identification mode validation difficulty.And first additional identification mode and second additional test Card mode is used to prevent automated procedures.

Second additional identification mode can also be to fill out picture validation code or indicate that first terminal sends second to server Specify information etc..The corresponding picture number of second additional identification mode is greater than, equal to or less than the first additional identification mode pair The picture number answered.The difficulty of second specify information greater than, equal to or less than the first specify information difficulty.

If based on the second additional identification mode to user's additional identification by when, perform step 305；If based on Two additional identification modes are obstructed out-of-date to user's additional identification, the user carried out based on the second additional identification mode again attached Plus checking, until first in the 4th preset duration before carrying out additional identification by or current time to the user is lost Lose checking number of times and reach the 3rd preset times.

4th preset duration and the 3rd preset times can be configured and change as needed, in the embodiment of the present invention In, the 4th preset duration and the 3rd preset times are not especially limited；For example, the 4th preset duration can be with half an hour or 1 Hour, the 3rd preset times can be 3 times or 5 times.First failed validation number of times can be secondary for the failed validation of additional identification Number, or the failed validation number of times of authentication, can also include failed validation number of times and the authentication of additional identification Failed validation number of times.

Step 305：Server additional identification by when, identified based on target verification mode and the user, to the user Carry out authentication.

Target verification mode can be that short-message verification or mail are verified.When target verification mode is short-message verification, this Step can be realized by following steps (1) to (4), including：

(1)：Server is identified according to the user, and the second terminal reserved to the user identifies the second terminal indicated and sent First identifying code.

Second terminal mark reserved during each user's registration is stored in server, second terminal mark can be for user's Phone number；Accordingly, this step can be：

Server is identified according to the user, obtains the second terminal mark that the user reserves；Identified according to second terminal, to The second terminal that second terminal mark is indicated sends the first identifying code.

(2)：The first identifying code that second terminal the reception server is sent, shows the first identifying code.

User can be based on the first identifying code, and the second identifying code is sent to server by first terminal.

(3)：Server receives the second identifying code, and the first identifying code in the 5th preset duration after current time Identical with the second identifying code, server passes through to the subscriber authentication.If the 5th preset duration after current time The second identifying code is inside not received by, or the first identifying code and the second identifying code are differed, server is tested the user identity Card does not pass through.

5th preset duration can be configured and change as needed, in the disclosed embodiments, when default to the 5th Length is not especially limited.For example, the 5th preset duration can be 60 seconds or 90 seconds.First identifying code and the second identifying code are Short message verification code, and the first identifying code can include the character of default number of words, the character can be in numeral, letter or Chinese character One or more.Default number of words can be configured and change as needed, in embodiments of the present invention, to presetting number of words It is not especially limited.For example, default number of words can be 4 or 6 etc..

In embodiments of the present invention, if because user is malicious user, entered by the first additional identification mode to user Row additional identification.If additional identification by when, ordinary circumstance can consider the user be automated procedures；If additional test Card does not pass through, and continues through additional identification mode and is verified, until being verified or verifying that number of times reaches certain number of times.By This is visible, and the embodiment of the present invention can reduce short-message verification cost, reduce economic loss.

When target verification mode is that mail is verified, this step can be realized by following steps (A) to (C), including：

(A)：Server is identified according to the user, and the corresponding third terminal of email address reserved to the user sends the 5th Checking information, wherein, the 5th checking information can connect or reset cryptographic chaining for Login chain.

(B)：Third terminal receives the 5th checking information, shows the 5th checking information.

User can click on the link in the 5th checking information and send auth response to server to trigger third terminal.

(C)：If server receives testing for third terminal transmission in the 11st preset duration after current time Card response, server determines to pass through the subscriber authentication；If server is when the 11st after current time is default The auth response of third terminal transmission is not received by long, server determines not pass through the subscriber authentication.

11st preset duration can be configured and change as needed, in embodiments of the present invention, pre- to the 11st If duration is not especially limited；For example, the 11st preset duration can be 2 minutes or 5 minutes etc..

Further, if server does not pass through to the subscriber authentication, of user before current time is determined The second failed validation number of times in six preset durations；If the second failed validation number of times is not more than the 4th preset times, again base Identified in target verification mode and the user and authentication is carried out to user, namely perform step (1) or (A).If second Failed validation number of times is more than the 4th preset times, performs step 303.

6th preset duration and the 4th preset times can be configured and change as needed, in the embodiment of the present invention In, the 6th preset duration and the 4th preset times are not especially limited.For example, the 6th preset duration can be 1 day or half My god.4th preset times can be 3 times or 5 times.

In order to further increase the time cost of malicious user, in this step, server is not passing through to user's checking When, server, which can be set, to be forbidden retrying duration, this forbid retrying do not allow in duration the user carry out authentication request. Accordingly, method also includes：

Server is not passed through based on the first additional identification mode to user's additional identification, or to subscriber authentication It is obstructed out-of-date, determine threeth authentication failed number of times of the user in the 7th preset duration before current time；According to the 3rd Failed validation number of times, determine the user forbid retry duration；If this forbid retrying in duration receive first terminal hair The second checking request sent, ignores the second checking request, and second checking request carries user mark.Further, at this When forbidding retrying duration arrival, based on the first additional identification mode, additional identification is carried out to the user.

Failed validation number of times is previously stored in server and forbids retrying the corresponding relation of duration；Accordingly, server root According to the 3rd failed validation number of times, determine the user can be the step of forbidding retrying duration：

Server is obtained according to the 3rd failed validation number of times from failed validation number of times and in forbidding the corresponding relation for retrying duration Take the user forbid retry duration.

Can be with Memory Reference duration in server, accordingly, server determines the use according to the 3rd failed validation number of times Family the step of forbidding retrying duration can be：

Server is multiplied the 3rd failed validation number of times and the reference time length, obtain the user forbid retry duration.

7th preset duration can be configured and change as needed, in embodiments of the present invention, when default to the 7th Length is not especially limited；For example, the 7th preset duration can be 1 hour or 2 hours etc..

Further, server is judged in the 12nd preset duration before current time before step 305 is performed Receive the third time number for the checking request for carrying user mark；If third time number is more than the 5th preset times；Set and prohibit Only retry duration.If third time number is not more than the 5th preset times, step 305 is performed.

12nd preset duration and the 5th preset times can be configured and change as needed, in present invention implementation In example, the 12nd preset duration and the 5th preset times are all not especially limited；For example, the 12nd preset duration can be 1 Hour or half an hour；5th preset times can be that 5 times or 8 are inferior.

For example, with reference to Fig. 3-2, the first additional identifications mode topic is challenged to push.Server receives the first checking please When asking, judge whether the user is malicious user according to the user profile.If the user is malicious user, challenge topic is pushed Mesh；It is determined that whether challenge topic passes through；If passed through, follow-up process；If do not passed through, whether challenge number of times is default more than the 3rd Number of times M；If it exceeds the 3rd preset times M, setting is forbidden retrying duration, when this is forbidden retrying duration and reached, continues to push Challenge topic.

If the user is not malicious user, normal authentication code stream journey；Determine sending times whether more than the 5th default time Number K；If sending times are more than the 5th preset times K, challenge topic is pushed；If sending times are not above the 5th default time Number K, determines whether identifying code is correct；If correct, follow-up process is carried out；If incorrect, it is pre- whether identifying code inputs the 4th by mistake If times N；If it is, pushing challenge topic；If not, carrying out follow-up process.

Further, to subscriber authentication by when, server performance objective operation.For example, when object run is During register, server allows first terminal login service device.For another example, when object run is that Modify password is operated, service Device receives the login password that first terminal is sent, and the user stored is identified into corresponding login password is revised as first terminal The login password of transmission.

The embodiments of the invention provide a kind of authentication means, device application is in the server, above-mentioned for performing The step of server in auth method is performed.Referring to Fig. 4, the device includes：

Receiving module 401, the first checking request for receiving first terminal transmission, first checking request, which is carried, to be used The user profile at family and the target verification mode of user request, the user profile at least include user and identified；

Determining module 402, for according to the user profile, determining whether the user is malicious user；

Additional identification module 403, if being malicious user for the user, based on the first additional identification mode to described User carries out additional identification, and the first additional identification mode is different with the target verification mode；

Authentication module 404, for passing through based on the first additional identification mode to user's additional identification When, identified based on the target verification mode and the user, authentication is carried out to the user.

In a possible implementation, the determining module 402 is additionally operable to be identified according to the user, statistics the Number, first number is to receive to carry testing for user's mark in the first preset duration before current time Demonstrate,prove the number of times of request；If first number is more than the first preset times, it is malicious user to determine the user；And/or,

The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile, Determine in malicious peer home banking with the presence or absence of first terminal mark；If existed in the malicious peer home banking described First terminal is identified, and determines the user for malicious user, the end that storage malicious user is used in the malicious peer home banking The terminal iidentification at end；And/or,

The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile, Identified according to the first terminal, count second number, second number is the second preset duration before current time Inside receive the number of times for the checking request that the first terminal is sent；If second number is more than the second preset times, really The fixed user is malicious user；And/or,

The determining module 402, is additionally operable to the first terminal mark also including the first terminal when the user profile, According to first terminal mark and user mark, counting user number, the number of users is before current time The 3rd preset duration in by the first terminal send checking request number of users；If the number of users is more than pre- If number, it is malicious user to determine the user.

In a possible implementation, the additional identification module 403 is additionally operable to send the to the first terminal One checking information, and receive the second checking information that the first terminal is returned based on first checking information；If described First checking information and second checking information matching, it is determined that additional to the user based on the first additional identification mode It is verified.

In a possible implementation, the additional identification module 403 is additionally operable to additional test based on described first Card mode is obstructed out-of-date to user's additional identification, carries out additional test again to the user based on the second additional identification mode Card, until the first failed validation number of times in the 4th preset duration before additional identification is by or current time reaches the Three preset times.

In a possible implementation, when the target verification mode is short-message verification, the authentication mould Block 404, is additionally operable to be identified according to the user, and the second terminal reserved to the user identifies the second terminal indicated and sends the One identifying code；If the second identifying code is received in the 5th preset duration after current time, and first identifying code It is identical with second identifying code, the subscriber authentication is passed through；If the 5th preset duration after current time Second identifying code is inside not received by, or first identifying code and second identifying code are differed, and are used described Family authentication does not pass through.

In a possible implementation, the additional identification module 403, if being additionally operable to test the user identity Card does not pass through, and determines second failed validation number of times of the user in the 6th preset duration before current time；

The authentication module 404, if being additionally operable to the second failed validation number of times is not more than the 4th preset times, Identified according to the user, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information；

The additional identification module 403, if being additionally operable to the second failed validation number of times more than the described 4th default time Number, additional identification is carried out based on the first additional identification mode to the user.

In a possible implementation, described device also includes：Ignore module；

The determining module 402, be additionally operable to based on the first additional identification mode to user's additional identification not Pass through, or it is obstructed out-of-date to the subscriber authentication, determine seventh preset duration of the user before current time The 3rd interior failed validation number of times；

The determining module 402, is additionally operable to according to the 3rd failed validation number of times, determine the user forbid retry Duration；

It should be noted that：The authentication means that above-described embodiment is provided are in authentication, only with above-mentioned each function The division progress of module is for example, in practical application, as needed can distribute above-mentioned functions by different function moulds Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of work(described above Energy.In addition, the authentication means that above-described embodiment is provided belong to same design with auth method embodiment, it is specific real Existing process refers to embodiment of the method, repeats no more here.

Fig. 5 is a kind of server for authentication according to an exemplary embodiment.Reference picture 5, server 500 include processing assembly 522, and it further comprises one or more processors, and as the memory representated by memory 532 Resource, for store can by the execution of processing assembly 522 instruction, such as application program.The application journey stored in memory 532 Sequence can include it is one or more each correspond to the module of one group of instruction.In addition, processing assembly 522 is configured as Function in execute instruction, the method to perform said extracted label information performed by server.

Server 500 can also include the power management that a power supply module 526 is configured as execute server 500, one Individual wired or wireless network interface 550 is configured as server 500 being connected to network, and input and output (I/O) interface 558.Server 500 can be operated based on the operating system for being stored in memory 532, such as Windows Server^TM, Mac OS X^TM, Unix^TM,Linux^TM, FreeBSD^TMOr it is similar.

The embodiment of the present invention additionally provides a kind of computer-readable recording medium, and the computer-readable recording medium can be The computer-readable recording medium included in memory in above-described embodiment；It can also be individualism, be taken without supplying The computer-readable recording medium being engaged in device.The computer-readable recording medium storage has one or more than one program, should The method that one or more than one program are used for performing extraction label information by one or more than one processor.

Term " first ", " second " are only used for describing purpose, and it is not intended that indicating or implying relative importance or hidden Quantity containing indicated technical characteristic.Thus, the feature of " first ", " second " of restriction can express or implicitly include one Individual or more this feature.In the description of the invention, unless otherwise indicated, " multiple " be meant that two or two with On.

One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can be by hardware To complete, the hardware of correlation can also be instructed to complete by program, described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..

The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent substitution and improvements made etc. should be included in the scope of the protection.

Claims

1. a kind of auth method, it is characterised in that methods described includes：

The first checking request that first terminal is sent is received, first checking request carries the user profile and the use of user The target verification mode of family request, the user profile at least includes user and identified；

If the user is malicious user, additional identification, described the are carried out to the user based on the first additional identification mode One additional identification mode is different with the target verification mode；

Based on the first additional identification mode to user's additional identification by when, based on the target verification mode and User's mark, authentication is carried out to the user.

2. according to the method described in claim 1, it is characterised in that described according to the user profile, determine that the user is No is malicious user, including：

Identified according to the user, count first number, first number is the first preset duration before current time Inside receive the number of times for the checking request for carrying user's mark；If first number is more than the first preset times, really The fixed user is malicious user；And/or,

When the user profile also first terminal including the first terminal is identified, determine whether deposited in malicious peer home banking In first terminal mark；If there is the first terminal mark in the malicious peer home banking, the user is determined For malicious user, the terminal iidentification for the terminal that storage malicious user is used in the malicious peer home banking；And/or,

When the user profile also first terminal including the first terminal is identified, identified according to the first terminal, statistics Second number, second number is to receive what the first terminal was sent in the second preset duration before current time The number of times of checking request；If second number is more than the second preset times, it is malicious user to determine the user；And/or,

When the user profile also first terminal including the first terminal is identified, identified according to the first terminal and described User identifies, counting user number, and the number of users is by described the in the 3rd preset duration before current time One terminal sends the number of users of checking request；If the number of users is more than preset number, it is malice to determine the user User.

3. according to the method described in claim 1, it is characterised in that the first additional identification mode that is based on is entered to the user Row additional identification, including：

The first checking information is sent to the first terminal, and receives the first terminal and is returned based on first checking information The second checking information；

If first checking information and second checking information matching, it is determined that based on the first additional identification mode pair User's additional identification passes through.

4. according to the method described in claim 1, it is characterised in that methods described also includes：

Obstructed out-of-date to user's additional identification based on the first additional identification mode, based on the second additional identification mode Additional identification is carried out again to the user, until in the 4th preset duration before additional identification is by or current time The first failed validation number of times reach the 3rd preset times.

5. according to the method described in claim 1, it is characterised in that described when the target verification mode is short-message verification Identified based on the target verification mode and the user, authentication is carried out to the user, including：

If the second identifying code is received in the 5th preset duration after current time, and first identifying code and described Second identifying code is identical, and the subscriber authentication is passed through；

If second identifying code were not received by the 5th preset duration after current time, or described first would test Card code and second identifying code are differed, and the subscriber authentication is not passed through.

6. method according to claim 5, it is characterised in that methods described also includes：

If the second failed validation number of times is not more than the 4th preset times, execution is described to be identified according to the user, to institute The step of terminal for stating the second terminal mark instruction that user reserves sends three checking informations；

If the second failed validation number of times is more than the 4th preset times, perform described based on the first additional identification mode The step of additional identification is carried out to the user.

7. according to any described methods of claim 1-6, it is characterised in that methods described also includes：

User's additional identification is not passed through based on the first additional identification mode, or to the subscriber authentication It is obstructed out-of-date, determine threeth failed validation number of times of the user in the 7th preset duration before current time；

8. a kind of authentication means, it is characterised in that described device includes：

Receiving module, the first checking request for receiving first terminal transmission, first checking request carries the use of user Family information and the target verification mode of user request, the user profile at least include user and identified；

Additional identification module, if being malicious user for the user, is entered based on the first additional identification mode to the user Row additional identification, the first additional identification mode is different with the target verification mode；

Authentication module, for based on the first additional identification mode to user's additional identification by when, be based on The target verification mode and user mark, authentication is carried out to the user.

9. device according to claim 8, it is characterised in that

The determining module, is additionally operable to be identified according to the user, counts first number, and first number is in current time The number of times for the checking request for carrying user's mark is received in the first preset duration before；If first number is big In the first preset times, it is malicious user to determine the user；And/or,

The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, it is determined that disliking With the presence or absence of first terminal mark in meaning terminal iidentification storehouse；If having described first in the malicious peer home banking eventually End mark, determines the user for malicious user, the end for the terminal that storage malicious user is used in the malicious peer home banking End mark；And/or,

The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, according to institute First terminal mark is stated, second number is counted, second number is to be received in the second preset duration before current time The number of times of the checking request sent to the first terminal；If second number is more than the second preset times, it is determined that described User is malicious user；And/or,

The determining module, is additionally operable to when the user profile also first terminal including the first terminal is identified, according to institute First terminal mark and user mark are stated, counting user number, the number of users is the 3 before current time The number of users of checking request is sent in preset duration by the first terminal；If the number of users is more than present count Mesh, it is malicious user to determine the user.

10. device according to claim 8, it is characterised in that

The additional identification module, is additionally operable to send the first checking information to the first terminal, and receive the first terminal The second checking information returned based on first checking information；If first checking information and second checking information Matching, it is determined that being passed through based on the first additional identification mode to user's additional identification.

11. device according to claim 8, it is characterised in that

The additional identification module, is additionally operable to not pass through user's additional identification based on the first additional identification mode When, additional identification is carried out based on the second additional identification mode again to the user, until additional identification is by or current The first failed validation number of times in the 4th preset duration before time reaches the 3rd preset times.

12. device according to claim 8, it is characterised in that described when the target verification mode is short-message verification Authentication module, is additionally operable to be identified according to the user, the second terminal reserved to the user identifies second indicated eventually End sends the first identifying code；If the second identifying code is received in the 5th preset duration after current time, and described One identifying code is identical with second identifying code, and the subscriber authentication is passed through；If the after current time the 5th Second identifying code is not received by preset duration, or first identifying code and second identifying code are differed, The subscriber authentication is not passed through.

13. device according to claim 12, it is characterised in that

The additional identification module, if being additionally operable to not pass through the subscriber authentication, determines the user when current Between before the 6th preset duration in the second failed validation number of times；

The authentication module, if being additionally operable to the second failed validation number of times is not more than the 4th preset times, according to institute User's mark is stated, the second terminal reserved to the user identifies the terminal indicated and sends the 3rd checking information；

The additional identification module, if being additionally operable to the second failed validation number of times more than the 4th preset times, is based on First additional identification mode carries out additional identification to the user.

14. according to any described devices of claim 8-13, it is characterised in that described device also includes：Ignore module；

The determining module, is additionally operable to not pass through user's additional identification based on the first additional identification mode, or Person is obstructed to the subscriber authentication out-of-date, determines the 3rd of the user in the 7th preset duration before current time Failed validation number of times；

The determining module, is additionally operable to according to the 3rd failed validation number of times, determine the user forbid retry duration；

It is described to ignore module, if being additionally operable to forbid retrying second testing of receiving that the first terminal sends in duration described Card request, ignores second checking request, and second checking request carries user's mark.