CN107846391A - The login authentication method and device of application, system - Google Patents
The login authentication method and device of application, system Download PDFInfo
- Publication number
- CN107846391A CN107846391A CN201610840199.8A CN201610840199A CN107846391A CN 107846391 A CN107846391 A CN 107846391A CN 201610840199 A CN201610840199 A CN 201610840199A CN 107846391 A CN107846391 A CN 107846391A
- Authority
- CN
- China
- Prior art keywords
- application
- client device
- verified
- document information
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application discloses a kind of login authentication method of application and device, system.Wherein, this method includes:The logging request that the application on client device is sent is received, wherein, the condition code of the current operating environment for reflecting the client device is carried in the logging request;Verified according to current login behavior of the described document information to the client device, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
Description
Technical field
The application is related to network safety filed, login authentication method and device in particular to a kind of application, is
System.
Background technology
Substantial amounts of illegal login user in some applications be present, traditional processing means are that user logs in ejection checking
Code, according to identifying code prevent illegal login user due to optical character identification (Optical Character Recognition,
Referred to as OCR) technological progress or it is artificial steal user's login, identifying code is relatively easily skipped.Also, Most current
Some financial transaction behaviors are often supported in, therefore, if some account has substantial amounts of financial transaction behavior, are examined
The illegal lag time more length that logs in means that the possibility that original subscriber suffers a loss is bigger.
At present, login authentication mode mainly has following three kinds of modes:1) identifying code early stage checking logs in;2) logged rear inspection
User is surveyed to log in;3) account disposal is carried out according to report, but above-mentioned three kinds of modes have following defect:
Mode 1) is planted on the, with the raising of the technologies such as OCR, identifying code has been easier to be cracked by machine, and people
Work steals Account Logon and is then more easy to skip identifying code checking;
Mode 2) is planted on the, detects whether illegally to log in after user is logged, serious time delay, the bigger use of time delay be present
The possibility of family loss is bigger;
Mode 3) is planted on the, account disposal is carried out according to report, report user causes a large amount of disabled users can not be by less
Detection, because some applications are the weaker financial type immediate communication tools of friend relation, friend relation is weak, and report data volume is few
It is and with a low credibility.
As can be seen here, there is the low technical problem of authentication efficiency in the login authentication mode in correlation technique, for above-mentioned
Problem, effective solution is not yet proposed at present.
The content of the invention
The embodiment of the present application provides the login authentication method and device, system of a kind of application, at least to solve related skill
The less efficient technical problem of login authentication mode in art.
According to the one side of the embodiment of the present application, there is provided a kind of login authentication method of application, including:Receive client
The logging request that application in end equipment is sent, wherein, carried in the logging request for reflecting the client device
The condition code of current operating environment;Verified according to current login behavior of the described document information to the client device, its
In, in the case where being verified, it is allowed to Account Logon corresponding with the application.
According to the another aspect of the embodiment of the present application, a kind of accession authorization system of application, including client are additionally provided
Equipment and server, the client device, for providing running environment for application;The server, for receiving client
The logging request that application in equipment is sent, wherein, carried in the logging request for reflecting working as the client device
The condition code of preceding running environment;Verified according to current login behavior of the described document information to the client device, wherein,
In the case where being verified, it is allowed to Account Logon corresponding with the application.
Alternatively, described document information includes:Marker bit and characteristic parameter, wherein, the marker bit be used for identify with it is described
Feature database is preset corresponding to current operating environment, the characteristic parameter is used to reflect the current operating environment.
Alternatively, the characteristic parameter includes at least one of:Network type;The cpu type of the client device,
The physical address of the client device, the login times of the client device, the login times of the application, the client
That is currently run in the quantity applied in the memory size of end equipment, the client device, the client device enters number of passes;
The geographical position of the client device.
According to the another aspect of the embodiment of the present application, a kind of login authentication method of application is additionally provided, including:Start visitor
Application in the end equipment of family;The logging request of the application is sent to server, wherein, carried in the logging request for anti-
Reflect the condition code of the current operating environment of the client device;This feature code is used for the current login to the client device
Behavior verified, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
According to the another aspect of the embodiment of the present application, a kind of login authentication device of application is additionally provided, including:Receive mould
Block, the logging request that the application for receiving on client device is sent, wherein, carried in the logging request for reflecting institute
State the condition code of the current operating environment of client device;Authentication module, for being set according to described document information to the client
Standby current login behavior verified, wherein, in the case where being verified, it is allowed to which account corresponding with the application is stepped on
Record.
According to the another aspect of the embodiment of the present application, a kind of login authentication device of application is additionally provided, including:Start mould
Block, for starting the application on client device;Sending module, for sending the logging request of the application to server, its
In, the condition code of the current operating environment for reflecting the client device is carried in the logging request;This feature code is used
Verified in the current login behavior to the client device, wherein, in the case where being verified, it is allowed to answered with described
With corresponding Account Logon.
In the embodiment of the present application, using the feature using the login environment for being used to indicate application carried in logging request
Code carries out the mode of login authentication to account, realizes and logs in accurate, rapid authentication technique effect to application, and then solves
The less efficient technical problem of login authentication mode in correlation technique.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, forms the part of the application, this Shen
Schematic description and description please is used to explain the application, does not form the improper restriction to the application.In the accompanying drawings:
Fig. 1 is the structured flowchart according to a kind of accession authorization system of application of the embodiment of the present application;
Fig. 2 is a kind of optional identifying procedure schematic diagram according to the embodiment of the present application;
Fig. 3 is the schematic diagram according to a kind of optional condition code form of the embodiment of the present application;
Fig. 4 is the principle schematic according to a kind of optional data storage method of the embodiment of the present application;
Fig. 5 is the structural representation according to a kind of terminal of the embodiment of the present application;
Fig. 6 is the flow chart according to a kind of login authentication method of application of the embodiment of the present application;
Fig. 7 is the structured flowchart according to a kind of login authentication device of application of the embodiment of the present application;
Fig. 8 is the flow chart according to another login authentication method applied of the embodiment of the present application;
Fig. 9 is the structured flowchart according to another login authentication device applied of the embodiment of the present application.
Embodiment
In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application
Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application part, rather than whole embodiments.Based on the embodiment in the application, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, it should all belong to the model of the application protection
Enclose.
It should be noted that term " first " in the description and claims of this application and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so as to embodiments herein described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
First, the part noun or term occurred during the embodiment of the present application is described is applied to following solution
Release:
Condition code:Characteristic, or field or character string according to characteristic generation.For example, utilize reflection application
The condition code of the characteristic generation of current operating environment.
Data encryption standards (Data Encryption Standard, referred to as DES):It is a kind of to be encrypted using key
Block algorithm.
Tair:The solution of one Key/Value structured data, it, which gives tacit consent to, supports that two kinds based on internal memory and file are deposited
Storage mode, it is corresponding with caching and persistent storage respectively.
Naive Bayesian:A kind of production Supervised machine learning sorting algorithm.For test sample d, by comparing it
The probability P (d | Ci) occurred in each classification Ci determines to classify belonging to the sample.
Support vector machines (Support Vector Machine, referred to as SVM):It it is one in machine learning field
There is the learning model of supervision, commonly used to carry out pattern-recognition, classification and regression analysis.
Running environment:It is a kind of semicompiling or environment that compiled operation code is run on the target machine.Mainly include
The aspect of software and hardware two, wherein, software aspects include:The operating system of terminal, such as Windows, Linux, Andorid,
IOS etc.;Some softwares, such as Office can also be included;Hardware aspect mainly includes:The configuration of terminal, for example, CPU, internal memory,
Line card, hard disk etc..
Embodiment 1
In the login process of application, often in the presence of the login of illegal account, in correlation technique, there is provided corresponding account
Verification mode, 1) identifying code checking login early stage;2) logged rear detection user logs in;3) account disposal is carried out according to report,
But exist in above-mentioned login mode and be easily cracked, the technical problem that time delay is larger, the result is with a low credibility.For above-mentioned
Problem, the embodiment of the present application provide corresponding solution.
Fig. 1 is the structured flowchart according to a kind of accession authorization system of application of the embodiment of the present application.As shown in figure 1, should
System includes client device 10 and server 12.Client device 10, for providing running environment for application;For example, using A
Run in terminal (i.e. client device 10), the terminal can be the computer equipments such as mobile terminal or desktop computer.Service
Device 12, the logging request that the application for receiving on client device is sent, wherein, carried in the logging request for reflecting
The condition code of the current operating environment (running environment when applying is logged according to destiny account) of above-mentioned client device 10;According to
Verified according to current login behavior of the features described above code to above-mentioned client device 10, wherein, in the case where being verified,
Allow Account Logon corresponding with above-mentioned application.Describe the working flow of the accession authorization system of application in detail below in conjunction with Fig. 2.
As shown in Fig. 2 the flow includes step S202-S210:
Step S202, start and apply A on client device 10, after user inputs account and password, start to log in and be somebody's turn to do
Using A.
Step S204, the collection of client device 10 log in running environment feature when applying A.For example, the C logins that access to your account
During using A, running environment feature now is gathered
Wherein, because the type of client device is different (such as mobile phone and computer), log in environment and (log in application
Running environment during A) it is also different, its running environment parameter (also known as logging in environmental characteristic) gathered is also different.
Login environment for mobile phone, it is short because network factors may need to frequently log on because mobile phone has mobility
The number logged in time is more.The network format that mobile phone terminal logs in also has a variety of, wifi, 3g, 4g, gprs etc..Mobile phone ring
Border characterizing definition is as shown in table 1:
Table 1
Login environment for computer end, relative to the login environment of mobile phone terminal, computer mobility is on the weak side, and network relatively moves
Hold more stable.Now the characterizing definition of the login environment of computer end is as shown in table 2:
Table 2
Step S206, generate condition code according to above-mentioned login environmental characteristic and send this feature code to server 12.
Wherein, the generating process of condition code is as follows:When opening application, features described above is extracted, wherein:
Define mobile phone terminal feature string for Featurem=MobileFeature.sNetwork+ ";”+
MobileFeature.sCpuType+“;”+...+“;”+MobileFeature.sLocation.
Define computer end feature string be Featurec=ComputerFeature.sNetwork+ ";”+
ComputerFeature.sCpuType+“;”+...+“;”+ComputerFeature.iMemoryRemainSize.
Features described above string is marked (flag), generation condition code (also known as login feature sequence,
LoginFeatureSequence), as shown in figure 3, LoginFeatureSequence is spelled by flag and Feature character strings
Encrypt and generate by DES additions after connecing." ## " is used to be spliced between flag and Feature.When flag is equal to 0,
Feature=Featurem;When flag is equal to 1, Feature=Featurec。
Optionally, condition code can also be characteristic in itself.
Step S208, server 12 receive features described above code, and this feature code are parsed (if condition code is encryption
Condition code afterwards, also need to decrypt before being parsed), and storage features described above code.
Optionally, features described above code is in the storage format of server end:
typedef std::set<std::string>FeatureSet;
typedef std::map<std::string,FeatureSet>UserCache;
FeatureSet is used for storing the common login environmental characteristic string LoginFeatureSequence of a certain user (i.e.
Features described above code).For UserCache using ID as major key, FeatureSet is the key assignments of the ID.As shown in figure 4, user
Log in the main storage of environmental characteristic string and acquisition modes are mainly made up of three parts:Interface stratum server, data storage service
Device and TAIR.PUT, which refers to, pushes the request that a certain storage user logs in environmental characteristic string, and GET refers to be obtained according to a certain ID
It logs in environmental characteristic string.Interface stratum server is responsible for the PUT and GET request at customer in response end, and according to ID
Hash values go to inquire about corresponding data storage server.The major function of data storage server is responsible for response interface layer service
The request of device, caching and the timing renewal corresponding characteristic UserCache of user, and push corresponding data and deposit to TAIR
Storage.TAIR is mainly responsible for storage user characteristic data (i.e. features described above code).
Whether step S210, server 12 judge user in conventional login environment according to LoginFeatureSequence
In, if user just directly judges that user is legal, it is allowed to log in conventional login environment;If user is not logging in environment
In, then carry out login environmental forecasting.
Optionally, environmental forecasting is logged in, is divided into two parts:If mobile phone logs in, then it is pre- to log in environment using mobile phone
Brake;If computer end logs in, then environmental forecasting function is logged in using computer.It is legal if logged on judging, then server
12 allow user to log in, and user LoginFeatureSequence is inserted in conventional login environment, and remember login times
For 1.If prediction is illegal, server 12 does not allow to log in.
Based on the embodiment of the present application, by server can log in the login ring of application according to current account (or user)
Border carries out validity judgement to current login behavior, it is thereby achieved that being imitated to accurate, rapid authentication the technology that logs in of application
Fruit, and then solve the less efficient technical problem of the login authentication mode in correlation technique.
Embodiment 2
According to the embodiment of the present application, a kind of embodiment of the method for the login authentication method of application is additionally provided, it is necessary to illustrate
, can be held the step of the flow of accompanying drawing illustrates in the computer system of such as one group computer executable instructions
OK, although also, show logical order in flow charts, in some cases, can be with different from order herein
Perform shown or described step.
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune
Calculate and performed in device.Fig. 5 shows a kind of terminal (or mobile device) for being used to realize the login authentication method of application
Hardware block diagram.(adopted as shown in figure 5, terminal 50 (or mobile device 50) can include one or more in figure
With 502a, 502b ... ..., 502n is shown) processor 502 (processor 502 can include but is not limited to Micro-processor MCV or
PLD FPGA etc. processing unit), the memory 504 for data storage and the biography for communication function
Defeated device 506.In addition, can also include:Display, input/output interface (I/O interfaces), USB (USB)
Port (can be included as a port in the port of I/O interfaces), network interface, power supply and/or camera.This area is general
Logical technical staff is appreciated that the structure shown in Fig. 5 is only to illustrate, and it does not cause to limit to the structure of above-mentioned electronic installation.
For example, terminal 50 may also include than shown in Fig. 5 more either less components or with different from shown in Fig. 5
Configuration.
It is to be noted that said one or multiple processors 502 and/or other data processing circuits lead to herein
It can often be referred to as " data processing circuit ".The data processing circuit can be presented as software, hardware, firmware with all or part of
Or other any combination.In addition, data processing circuit can be single independent processing module, or all or part of it is attached to meter
In any one in other elements in calculation machine terminal 50 (or mobile device).As involved in the embodiment of the present application,
The data processing circuit controls (such as the selection for the variable resistor end path being connected with interface) as a kind of processor.
Memory 504 can be used for the software program and module of storage application software, such as the application in the embodiment of the present application
Login authentication method corresponding to programmed instruction/data storage device, processor 502 by operation be stored in memory 504
Software program and module, so as to perform various function application and data processing, that is, realize the leakage of above-mentioned application program
Hole detection method.Memory 504 may include high speed random access memory, may also include nonvolatile memory, such as one or more
Individual magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 504 can be further
Including network connection to computer end can be passed through relative to the remotely located memory of processor 502, these remote memories
End 50.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Transmitting device 506 is used to data are received or sent via a network.Above-mentioned network instantiation may include
The wireless network that the communication providerses of terminal 50 provide.In an example, transmitting device 506 is fitted including a network
Orchestration (Network Interface Controller, NIC), its can be connected by base station with other network equipments so as to
Internet is communicated.In an example, transmitting device 506 can be radio frequency (Radio Frequency, RF) module, its
For wirelessly being communicated with internet.
Display, can be the liquid crystal display (LCD) of touch-screen type, and the liquid crystal display may be such that user can be with meter
The user interface of calculation machine terminal 50 (or mobile device) interacts.
Under above-mentioned running environment, this application provides the login authentication method of application as shown in Figure 6.Fig. 6 is basis
The flow chart of the login authentication method of the application of the embodiment of the present application 2.As shown in fig. 6, the method comprising the steps of S602-S604:
Step S602, the logging request that the application on client device is sent is received, wherein, carried in the logging request
For the condition code for the current operating environment for reflecting above-mentioned client device;Wherein, this feature code can show as character string
Form, such as condition code include features described above code and included:Characteristic parameter features described above parameter is used to reflect above-mentioned current operation ring
Border.Because application runtime environment is different, such as application operates in mobile phone and the running environment difference on computer, in an optional reality
Apply in example, in order to improve the accuracy of checking, different running environment can be directed to and safeguard different default feature databases, now,
It can also include in features described above code:Marker bit, the marker bit are used to identify default spy corresponding with above-mentioned current operating environment
Levy storehouse.
Optionally, features described above code can be by generating after flag and feature string splicing, it is contemplated that security, can also
Generated after flag and feature string are spliced using DES algorithm for encryption.Wherein, flag is used to indicate to condition code
When being verified, for different running environment used by Different Rule, for example, for mobile phone and computer, Liang Zhesuo
The rule of use is different.
Optionally, features described above code can be characterized the operation result between character string, or feature string, for example,
For security purposes, each feature string is mixed using default algorithm (such as default mixing length).For example, the
One character string A includes A1A2, and the second character string B includes B1B2, and A1, A2, B1, B2 length is all preset length, two features
Character string merges into A1B1A2B2, and recipient can carry out condition code extraction according to mixing length, reduce two feature string A
And B.
Step S604, verified according to current login behavior of the features described above code to above-mentioned client device, wherein,
In the case of being verified, it is allowed to Account Logon corresponding with above-mentioned application.Alternatively, the verification process in step S604 can be with
Realize in the following ways, but not limited to this:Judge in default feature database with the presence or absence of the feature matched with features described above code;Its
In, if it is present above-mentioned currently login behavior is determined by checking, if it does not exist, then determining above-mentioned current login behavior
It is not verified.Now, above-mentioned different rule shows as verifying features described above code using different default feature databases,
I.e. before in judging default feature database with the presence or absence of the feature matched with features described above code, it is also necessary to according to the choosing of features described above code
Select above-mentioned presetting database corresponding with features described above code.
Alternatively, the verification process in step S604 can also by being MD5 values by the Feature Conversion of current operating environment,
The MD5 values are compared with the MD5 values preset in feature database, if unanimously, passing through checking;Otherwise it is not verified.
Wherein, features described above parameter includes but is not limited at least one of:Network type;Above-mentioned client device
Cpu type, the physical address of above-mentioned client device, the login times of above-mentioned client device, above-mentioned application login times,
Currently run in the quantity applied in the memory size of above-mentioned client device, above-mentioned client device, above-mentioned client device
Enter number of passes;The geographical position of above-mentioned client device.
In one alternate embodiment, above-mentioned default feature database determines in the following manner:Count above-mentioned client device
The condition code of transmission;And the first subseries is carried out to features described above code according to account, obtain feature database corresponding with above-mentioned account;
Second subseries is carried out to the feature database corresponding to each account, obtains illegal feature database and legal feature database, wherein, it is above-mentioned non-
Method feature database is used to store characteristic parameter when above-mentioned account illegally logs in, and above-mentioned legal feature database is used to store above-mentioned account conjunction
Characteristic parameter when method logs in., can be to illegal feature in order to ensure the accuracy of above-mentioned illegal feature database and legal feature database
The data of storehouse and legal feature database are trained:
Wherein, training data is collected and is broadly divided into two parts, and normal login account logs in environmental characteristic and collected and illegal
Account logs in environmental characteristic and collected.
First, in the cell-phone customer terminal and computer client of application, implantation extraction respectively logs in environmental characteristic code, treats
During the gradual updating client of user, login service device, which will receive, logs in environmental characteristic string corresponding to the user
LoginFeatureSequence, and stored, data format is Info={ uid, time, Feature }
Secondly, definition application logs in and produces successfully the Wang Wang logins of order transaction, is logged in for normal account, its
Feature information is reliable information;Application is logged in not produce Transaction Information and logged on as illegally by the account that customer complaint is fed back
Log in, its Feature information is can not letter information.
Finally, the login environmental characteristic information Info data of collection are divided into four parts:
Mobile phone normally logs in Info data, is designated as Infomy;
Mobile phone illegally logs in Info data, is designated as Infomn;
Computer normally logs in Info data, is designated as Infocy;
Computer illegally logs in Info data, is designated as Infocn;
Wherein, Infomy and Infomn forms mobile phone terminal and logs in prediction training data, and Infocy and Infocn form computer
End logs in prediction training data.
Training process:Count Infomy, Infomn respectively, the frequency that each feature in Infocy and Infocn occurs,
And carry out record and be updated to model file on line.The model file can use the model realization in correlation technique, herein no longer
Repeat.
In one alternate embodiment, it is necessary to be carried out in advance to the legitimacy of environmental characteristic in the case of checking is unsanctioned
Survey:It is determined that the probability illegally logged in corresponding with features described above code;When above-mentioned probability is more than predetermined threshold value, features described above is determined
Feature indicated by code is illegal feature, and is stored to invalid data storehouse;When above-mentioned probability is less than above-mentioned predetermined threshold value,
It is legal feature to determine the feature indicated by features described above code, and by above-mentioned legal characteristic storage to above-mentioned legal feature database.Can
Choosing, prediction mode uses Nae Bayesianmethod, carries out normally and illegally logging in probability calculation;step1:Parsing logs in environment
Spy's string LoginFeatureSequence;step2:Distinguished according to flag is that mobile phone logs in or computer logs in;step3:If
It is that mobile phone logs in, then calculates normal and illegal login probability respectively using mobile phone model-naive Bayesian;If computer logs in,
Then normal and illegal login probability is calculated respectively using computer model-naive Bayesian;step4:If illegally log in probability to exceed
The threshold value of setting, then it is judged to illegally logging in, is otherwise legal login.
In order to more fully understand above-mentioned verification process, described in detail below in conjunction with an alternative embodiment, in the embodiment
In, condition code generates after being spliced by marker bit flag and feature string.Optionally, the verification process includes following processing step
Suddenly:
step1:The special string LoginFeatureSequence of login environment of the login ID, extraction are decrypted using DES algorithms
Flag and Feature
step2:The ID is obtained from server according to ID and commonly uses login environmental characteristic accordingly, and carries out DES
Decryption.
step3:According to flag values, mobile phone corresponding with flag values or the login environmental characteristic storehouse (bag of computer end are contrasted
Include hardware parameter and environmental information), such as in cpu type in Featurem and Featurec, brand, memory size, mobile phone
APP quantity, conventional network type etc..Wherein, above-mentioned " contrast " process shows as the mobile phone that will currently gather or computer end
Log in the login environmental characteristic storehouse (equivalent to one white list) of environmental characteristic and server end, now verification process show as by
Mobile phone or the environmental characteristic of computer end are compared with logging in the feature in environmental characteristic storehouse.
step4:If meet the running environment feature for existing in above-mentioned login environmental characteristic storehouse and currently gathering, directly
Allow user to log in, otherwise enter and log in forecast period.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should know, the application is not limited by described sequence of movement because
According to the application, some steps can use other orders or carry out simultaneously.Secondly, those skilled in the art should also know
Know, embodiment described in this description belongs to preferred embodiment, involved action and module not necessarily the application
It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but a lot
In the case of the former be more preferably embodiment.Based on such understanding, the technical scheme of the application is substantially in other words to existing
The part that technology contributes can be embodied in the form of software product, and the computer software product is stored in a storage
In medium (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, calculate
Machine, server, or network equipment etc.) perform each embodiment of the application described in method.
Embodiment 3
According to the embodiment of the present application, a kind of device for being used to implement the login authentication method of above-mentioned application is additionally provided, such as
Shown in Fig. 7, the device includes:
Receiving module 70, the logging request that the application for receiving on client device is sent, wherein, in the logging request
Carry the condition code of the current operating environment for reflecting the client device;
Authentication module 72, it is of coupled connections with receiving module 70, for foundation described document information to the client device
Current login behavior verified, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
It should be noted that above-mentioned receiving module 70 and authentication module 72 are can be realized by the form of software or hardware
, for the latter, following form, but not limited to this can be shown as:Receiving module 70 is realized by a communicator;Verify mould
Block, realized by a processor.
It should be noted that the preferred embodiment of the present embodiment may refer to, embodiment 1 is related in embodiment 2 to retouch
State, here is omitted.
Embodiment 4
The embodiment of the present application also provides the login authentication method of another application, as shown in figure 8, the method comprising the steps of
S802-S804:
Step S802, start the application on client device;
Step S804, the logging request of above-mentioned application is sent to server, wherein, carried in the logging request for anti-
Reflect the condition code of the current operating environment of above-mentioned client device;This feature code is used for the current login to above-mentioned client device
Behavior verified, wherein, in the case where being verified, it is allowed to Account Logon corresponding with above-mentioned application.
It is alternatively possible to above-mentioned current login behavior is verified in the following manner:Judging to preset in feature database is
It is no the feature matched with features described above code to be present;Wherein, if it is present determining above-mentioned current login behavior by verifying, such as
Fruit is not present, it is determined that above-mentioned current login behavior is not verified.
Alternatively, features described above code includes:Marker bit and characteristic parameter, wherein, above-mentioned marker bit be used for identify with it is above-mentioned
Database corresponding to current operating environment, features described above parameter are used to reflect above-mentioned current operating environment.Certainly, if some should
Running environment is fixed, such as is only allowed on mobile phone, then being not provided with (cancel) above-mentioned mark in condition code
Remember position.
It should be noted that the preferred embodiment of the present embodiment may refer to, embodiment 1 is related in embodiment 2 to retouch
State, here is omitted.
Embodiment 5
The embodiment of the present application also provides a kind of login authentication device of application, and the device is used to realize described in embodiment 4
Method, the device can be realized in the form of hardware, for example, can be realized in the form of the terminal in embodiment 2, but
Not limited to this.
As shown in figure 9, the device includes:Starting module 90, for starting the application on client device;Sending module
92, for sending the logging request of above-mentioned application to server, wherein, carried in the logging request for reflecting above-mentioned client
The condition code of the current operating environment of end equipment;The current login behavior that this feature code is used for above-mentioned client device is tested
Card, wherein, in the case where being verified, it is allowed to Account Logon corresponding with above-mentioned application.
It should be noted that the preferred embodiment of the present embodiment may refer to, embodiment 1 is related in embodiment 2 to retouch
State, here is omitted.
Embodiment 6
Embodiments herein additionally provides a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can
For preserving the program code performed by the login authentication method for the application that above-described embodiment 2 is provided.
Alternatively, in the present embodiment, above-mentioned storage medium can be located in computer network Computer terminal group
In any one terminal, or in any one mobile terminal in mobile terminal group.
Alternatively, in the present embodiment, storage medium is arranged to the program code that storage is used to perform following steps:Connect
The logging request that the application on client device is sent is received, wherein, carried in the logging request for reflecting the client
The condition code of the current operating environment of equipment;Tested according to current login behavior of the described document information to the client device
Card, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
The present embodiment also provides another storage medium, and the storage medium is arranged to storage and is used to perform following steps
Program code:Start the application on client device;The logging request of the application is sent to server, wherein, the login
The condition code of the current operating environment for reflecting the client device is carried in request;This feature code is used for the visitor
The current login behavior of family end equipment verified, wherein, in the case where being verified, it is allowed to account corresponding with the application
Family logs in.
Above-mentioned the embodiment of the present application sequence number is for illustration only, does not represent the quality of embodiment.
In above-described embodiment of the application, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, it may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through
Mode is realized.Wherein, device embodiment described above is only schematical, such as the division of the unit, is only
A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical scheme of the application is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server or network equipment etc.) perform each embodiment methods described of the application whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
Described above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as the protection domain of the application.
Claims (15)
1. a kind of accession authorization system of application, including client device and server, it is characterised in that:
The client device, for providing running environment for application;
The server, the logging request that the application for receiving on client device is sent, wherein, carried in the logging request
There is the condition code for reflecting the current operating environment of the client device;According to described document information to the client device
Current login behavior verified, wherein, in the case where being verified, it is allowed to which the account corresponding with the application is stepped on
Record.
2. system according to claim 1, it is characterised in that the server, being additionally operable to judge to preset in feature database is
It is no the feature matched with described document information to be present;Wherein, if it is present determining the current login behavior by verifying, such as
Fruit is not present, it is determined that the current login behavior is not verified.
A kind of 3. login authentication method of application, it is characterised in that including:
The logging request that the application on client device is sent is received, wherein, carried in the logging request described for reflecting
The condition code of the current operating environment of client device;
Verified according to current login behavior of the described document information to the client device, wherein, in the feelings being verified
Under condition, it is allowed to Account Logon corresponding with the application.
4. according to the method for claim 3, it is characterised in that according to described document information to the current of the client device
Login behavior verified, including:
Judge in default feature database with the presence or absence of the feature matched with described document information;Wherein, if it is present determining described work as
Preceding login behavior is by checking, if it does not exist, then determining that the current login behavior is not verified.
5. the method stated according to claim 4, it is characterised in that the default feature database determines in the following manner:
Count the condition code that the client device is sent;And the first subseries is carried out to described document information according to account, obtain
Feature database corresponding with the account;Second subseries is carried out to the feature database corresponding to each account, obtains illegal feature database
With legal feature database, wherein, the illegal feature database is used to store the characteristic parameter when account illegally logs in, described legal
Feature database is used to store characteristic parameter during the legal login of the account.
6. according to the method for claim 4, it is characterised in that judge to whether there is in default feature database and described document information
Before the feature of matching, methods described also includes:
The presetting database corresponding with described document information is selected according to described document information.
7. according to the method for claim 4, it is characterised in that described document information includes:Characteristic parameter, wherein, the mark
Remember that position is used to identify default feature database corresponding with the current operating environment.
8. according to the method for claim 7, it is characterised in that described document information also includes:Marker bit, the marker bit are used for
Mark default feature database corresponding with the current operating environment.
9. the method according to any one of claim 3 to 8, it is characterised in that described in the case of checking is unsanctioned
Method also includes:
It is determined that the probability illegally logged in corresponding with described document information;
When the probability is more than predetermined threshold value, determine that the feature indicated by described document information is illegal feature, and stored
To invalid data storehouse;When the probability is less than the predetermined threshold value, it is legal spy to determine the feature indicated by described document information
Sign, and by the legal characteristic storage to the legal feature database.
A kind of 10. login authentication method of application, it is characterised in that including:
Start the application on client device;
The logging request of the application is sent to server, wherein, carried in the logging request for reflecting the client
The condition code of the current operating environment of equipment;The current login behavior that this feature code is used for the client device is tested
Card, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
11. according to the method for claim 10, it is characterised in that in the following manner to the current of the client device
Login behavior is verified:
Judge in default feature database with the presence or absence of the feature matched with described document information;Wherein, if it is present determining described work as
Preceding login behavior is by checking, if it does not exist, then determining that the current login behavior is not verified.
12. according to the method for claim 10, it is characterised in that described document information includes:Characteristic parameter, wherein, it is described
Marker bit is used to identify default feature database corresponding with the current operating environment.
13. according to the method for claim 11, it is characterised in that described document information also includes:Marker bit, the marker bit are used
In mark default feature database corresponding with the current operating environment.
A kind of 14. login authentication device of application, it is characterised in that including:
Receiving module, the logging request that the application for receiving on client device is sent, wherein, carried in the logging request
For the condition code for the current operating environment for reflecting the client device;
Authentication module, for being verified according to current login behavior of the described document information to the client device, wherein,
In the case of being verified, it is allowed to Account Logon corresponding with the application.
A kind of 15. login authentication device of application, it is characterised in that including:
Starting module, for starting the application on client device;
Sending module, for sending the logging request of the application to server, wherein, carried in the logging request for anti-
Reflect the condition code of the current operating environment of the client device;This feature code is used for the current login to the client device
Behavior verified, wherein, in the case where being verified, it is allowed to Account Logon corresponding with the application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610840199.8A CN107846391B (en) | 2016-09-21 | 2016-09-21 | Login authentication method, device and system for application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610840199.8A CN107846391B (en) | 2016-09-21 | 2016-09-21 | Login authentication method, device and system for application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107846391A true CN107846391A (en) | 2018-03-27 |
| CN107846391B CN107846391B (en) | 2021-06-22 |
Family
ID=61657572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610840199.8A Active CN107846391B (en) | 2016-09-21 | 2016-09-21 | Login authentication method, device and system for application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107846391B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112751851A (en) * | 2020-12-29 | 2021-05-04 | 成都科来网络技术有限公司 | SSH login success behavior judgment method, device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050071668A1 (en) * | 2003-09-30 | 2005-03-31 | Yoon Jeonghee M. | Method, apparatus and system for monitoring and verifying software during runtime |
| CN1845119A (en) * | 2006-04-16 | 2006-10-11 | 许先才 | Storage and management of authentication information and method and system for proxy authentication |
| CN103873454A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Authentication method and equipment |
| CN104348624A (en) * | 2013-08-09 | 2015-02-11 | 阿里巴巴集团控股有限公司 | Method and device for authenticating credibility through Hash operation |
| CN105591743A (en) * | 2014-10-23 | 2016-05-18 | 腾讯科技(深圳)有限公司 | Method and device for carrying out identity authentication through equipment operation features of user terminal |
-
2016
- 2016-09-21 CN CN201610840199.8A patent/CN107846391B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050071668A1 (en) * | 2003-09-30 | 2005-03-31 | Yoon Jeonghee M. | Method, apparatus and system for monitoring and verifying software during runtime |
| CN1845119A (en) * | 2006-04-16 | 2006-10-11 | 许先才 | Storage and management of authentication information and method and system for proxy authentication |
| CN103873454A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Authentication method and equipment |
| CN104348624A (en) * | 2013-08-09 | 2015-02-11 | 阿里巴巴集团控股有限公司 | Method and device for authenticating credibility through Hash operation |
| CN105591743A (en) * | 2014-10-23 | 2016-05-18 | 腾讯科技(深圳)有限公司 | Method and device for carrying out identity authentication through equipment operation features of user terminal |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112751851A (en) * | 2020-12-29 | 2021-05-04 | 成都科来网络技术有限公司 | SSH login success behavior judgment method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107846391B (en) | 2021-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103679031B (en) | A kind of immune method and apparatus of file virus | |
| JP6100898B2 (en) | Method and device for processing messages | |
| CN104506522B (en) | vulnerability scanning method and device | |
| CN104580264B (en) | Login method, entering device and login and Accreditation System | |
| CN113574838A (en) | System and method for filtering internet traffic through client fingerprints | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| CN104200140B (en) | The offer method and device of identifying code | |
| CN110177108A (en) | A kind of anomaly detection method, device and verifying system | |
| CN103685308A (en) | Detection method and system of phishing web pages, client and server | |
| CN102158488B (en) | Dynamic countersign generation method and device and authentication method and system | |
| CN105184567B (en) | Processing method, processing unit and the mobile terminal of information | |
| CN103685307A (en) | Method, system, client and server for detecting phishing fraud webpage based on feature library | |
| CN105743905B (en) | A kind of method that realizing secure log, unit and system | |
| CN106453205A (en) | Identity verification method and identity verification device | |
| CN108418777A (en) | A kind of fishing mail detection method, apparatus and system | |
| CN104967594B (en) | Stolen account identification method and apparatus | |
| CN109547426B (en) | Service response method and server | |
| CN108062221A (en) | Processing method, device, storage medium and the processor of Software Development Kit | |
| CN110071924B (en) | Big data analysis method and system based on terminal | |
| CN108601023A (en) | Home-network linkups authentication method, device, electronic equipment and storage medium | |
| CN108960820A (en) | A kind of real name identification method based on block chain, system and storage medium | |
| CN108229157A (en) | Server attack early warning method and apparatus | |
| CN108965251B (en) | A kind of safe mobile phone guard system that cloud combines | |
| CN107644161A (en) | Safety detecting method, device and the equipment of sample | |
| CN108234441B (en) | Method, apparatus, electronic device and storage medium for determining forged access request |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |