CN108449367B - Method and device for managing user login security, electronic equipment and readable medium - Google Patents
Method and device for managing user login security, electronic equipment and readable medium Download PDFInfo
- Publication number
- CN108449367B CN108449367B CN201810660985.9A CN201810660985A CN108449367B CN 108449367 B CN108449367 B CN 108449367B CN 201810660985 A CN201810660985 A CN 201810660985A CN 108449367 B CN108449367 B CN 108449367B
- Authority
- CN
- China
- Prior art keywords
- address
- user
- login
- managing
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method, a device, electronic equipment and a computer readable medium for managing user login security. The method comprises the following steps: acquiring an IP address of user login; judging whether the IP address is a common IP address of the user; if the IP address is judged to be the common IP address of the user, then: acquiring the current effective session number of the IP address; and managing user login according to the current effective session number of the IP address. The method, the device, the electronic equipment and the computer readable medium for managing the login security of the user can effectively and safely manage the session state and the IP address of the user login.
Description
Technical Field
The invention relates to the field of computers and the Internet, in particular to a method and a device for managing user login security, electronic equipment and a readable medium.
Background
In the information age of today, information assets of enterprises are the most important, especially for internet companies. Therefore, it is very important to protect the information assets of the company. The information asset security of a company is protected, and on one hand, the company staff are required to follow the information security management system of the company; on the other hand, the information assets of the company can be protected by writing a safety system.
From a user's point of view of use, security systems focus on the user's account's daily usage specification. Currently, the mainstream user account management system is usually a Single sign-on system (SSO). Early business categories of a company are likely to be single, and the scenes in which the company needs to log in are also single. As the size of an enterprise increases, the types of businesses increase, and accordingly, the login scenes provided for users increase. This trend of development has raised the following problems: if the user needs to log in once every time the user uses one login scene, and when the user logs out, the user needs to log out of each scene one by one. This phenomenon will bring a very poor user experience to the user.
The single sign-on system takes place against this phenomenon.
The single sign-on system is characterized in that a user can access other mutually trusted systems only by logging on once and is not limited by domain names and the like. However, just as the user needs to log in once, other authorized trust systems can also access, so that the single sign-on system also brings some potential safety hazards.
For example, single sign-on systems have no restrictions on access to different browsers. This is because single sign-on systems rely on cookies. Because different browsers store and read cookies in different modes, the cookies written by the server for different browsers are different. And thus the respective browsers cannot share cookies. If the user logs in the system by using the browser A, the user can also log in the system by using the browser B. In this case, the malicious use of multiple browsers by the user to log in will not be system-limited.
In addition, the single sign-on system has no restrictions on access to different machines. This is because the HTTP protocol is a stateless protocol and each request received by the server is independent of the other. If the source of the request is not limited, the same user account can access the system on different machines as long as login authentication is passed. This is also unsafe.
Disclosure of Invention
In view of this, the present disclosure provides a method and an apparatus for managing user login security, which can effectively manage the user login security.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to a first aspect of an embodiment of the present invention, a method for managing user login security is provided, where the method includes: acquiring an IP address of user login; judging whether the IP address is a common IP address of the user; if the IP address is judged to be the common IP address of the user, acquiring the current effective session number of the IP address; and managing user login according to the current effective session number of the IP address.
In an example embodiment of the present invention, said managing user login according to the current active session number of the IP address comprises: judging whether the current effective conversation quantity of the user reaches a conversation state threshold value; and enabling the user to normally log in when judging that the current effective conversation quantity of the user does not reach a conversation-shaped threshold value.
In an example embodiment of the present invention, when it is determined that the IP address is not a commonly used IP address of the user, user login is managed according to the IP address.
In an example embodiment of the present invention, said managing user login according to said IP address comprises: judging whether the IP address is an uncommon IP address of the user; and when the IP address is judged not to be the uncommon IP address of the user, the user logs in a strict verification mode.
In an example embodiment of the present invention, said managing user login according to said IP address further comprises: when the IP address is judged to be the unusual IP address of the user: obtaining the effective login times of the IP address; judging whether the effective login times of the IP address reach the login time threshold of the unusual IP address or not; and if the effective login times of the IP address reach the login time threshold of the IP address which is not commonly used, enabling the user to log in through a strict verification mode, otherwise, enabling the user to log in normally.
In an exemplary embodiment of the present invention, the prompting the user to log in through a strict authentication method includes: if the user authentication is successful: acquiring the number of the IP addresses which are currently logged in by the user and are not commonly used; and when the number of the users reaches the threshold value of the uncommon IP addresses, deleting the IP address with the least login times in the uncommon IP addresses, and listing the login IP address in the uncommon IP address.
In an exemplary embodiment of the present invention, the prompting the user to log in through a strict authentication method further includes: and when the user authentication fails, if the preset time authentication frequency of the user is judged to be less than the preset time authentication frequency threshold value, the user is enabled to re-authenticate the login.
According to a second aspect of the embodiments of the present invention, there is provided an apparatus for managing user login security, the apparatus comprising: the first acquisition module is configured to acquire an IP address of the user login equipment; the judging module is configured to judge whether the IP address is a common IP address of the user; the second acquisition module is configured to acquire the current effective session number of the IP address; and the login management module is configured to manage user login according to the current effective session number of the IP address when the IP address is the common IP address of the user.
In an example embodiment of the present invention, the login management module is further configured to: and when the IP address is not the common IP address of the user, managing user login according to the IP address.
According to a third aspect of embodiments of the present invention, there is provided an electronic apparatus, including: a memory; and a processor coupled to the memory, the processor configured to perform a method of managing user login security as described in any one of the above, based on instructions stored in the memory.
According to a fourth aspect of the embodiments of the present invention, a computer-readable medium is provided, on which a program is stored, which when executed by a processor implements the method for managing user login security as described in any one of the above.
According to the method and the system for managing the login security of the user, provided by the invention, the session state and the IP address of the user login can be effectively and safely managed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
FIG. 1 illustrates a flow diagram of a method of managing user login security in accordance with an embodiment of the present invention;
FIG. 2 illustrates a flow diagram of a method of managing user login security in accordance with an exemplary embodiment of the present invention;
FIG. 3 illustrates a flow diagram of a method of managing user login security in accordance with an exemplary embodiment of the present invention;
FIG. 4 is a flow diagram illustrating a user logging in via a strict authentication approach in accordance with an illustrative embodiment of the present invention;
FIG. 5 illustrates a block diagram of an apparatus for managing user login security according to an example embodiment of the present invention;
FIG. 6 illustrates a system architecture diagram of an apparatus for managing user login security according to an example embodiment of the present invention;
fig. 7 illustrates an electronic device according to an exemplary embodiment of the invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The drawings are merely schematic illustrations of the present invention, in which the same reference numerals denote the same or similar parts, and thus, a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and steps, nor do they necessarily have to be performed in the order described. For example, some steps may be decomposed, and some steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The following detailed description of exemplary embodiments of the invention refers to the accompanying drawings.
Fig. 1 illustrates a flowchart of a method of managing user login security according to an example embodiment of the present invention.
Referring to FIG. 1, a method 100 of managing user login security may include:
step S110, an IP address of the user login is obtained.
Step S120, judging whether the IP address is the common IP address of the user.
Step S130, if the IP address is judged to be the common IP address of the user, the current effective session number of the IP address is obtained;
step S140, managing user login according to the current effective session number of the IP address.
According to the method for managing the login security of the user, the login security of the user can be effectively managed according to the management of the IP address of the login of the user and the current effective session number.
Next, a method of managing user login security in the present exemplary embodiment will be described with reference to fig. 1.
In step S110, the IP address at which the user logs in is acquired.
The IP address is the unique identification of the equipment connected to the Internet. In general, when a user logs in to the internet through the same interface, the IP address thereof is not changed.
In step S120, it is determined whether the IP address is a common IP address of the user.
The common IP address of the user refers to the most common IP address when the user logs in the system.
According to an example embodiment, the number of the common IP addresses may be set to one or more. For example, the number of commonly used IP addresses is set to 2, and the IP addresses used by the user at home and when the user logs in the system are considered, respectively, but the present invention is not particularly limited thereto.
According to an example embodiment, operations may be performed using a Set data type, such as a Redis database. This data type may ensure that members of the collection are unique and non-repeatable. And generating a globally unique Key by using the unique ID + the specified identification of the user, wherein Value of the globally unique Key is the common login IP of the user. When a user logs in to the system, the SISMEMBER key command can be used to determine whether the user's login IP address is in the Set of the user's commonly used IP addresses. The function of the SISMEMBER command is to determine whether a member element is a member of a set, if so, return a 1, if not, or if a key does not exist, return a 0. However, the technical solution of the present invention is not limited thereto, and the common login IP may be managed in other manners.
In step S130, if the IP address is determined to be a commonly used IP address of the user, the current effective session number of the IP address is obtained.
According to an example embodiment, the number of currently active sessions may be managed by Session. Unlike cookies, sessions are stored in a server. The server may distinguish the sessions of each user by, for example, JSESSIONID. JSESSIONID is the name of Session Id in the Apache Tomcat application server, and the Session Id is created by the server and stored in a Cookie of the browser for distinguishing specific users. However, the technical solution of the present invention is not limited thereto, and other application servers and corresponding Session management modes may also be adopted.
According to an example embodiment, when it is determined that an IP address is not a common IP address of a user, a user login is managed according to the IP address.
In step S140, the user login is managed according to the current active session number of the IP address.
According to an example embodiment, managing user login based on the number of currently active sessions for the IP address may include: judging whether the current effective conversation quantity of the user reaches a conversation state threshold value; and when judging that the current effective conversation quantity of the user does not reach the conversation-shaped threshold value, enabling the user to normally log in.
According to an example embodiment, the session state threshold may be set to 3. Each browser can keep a session state, i.e. the same user can be controlled to log in the system by using 3 browsers at most on the common IP. As described above, in consideration of existence of a server cluster, sessions of servers may be shared by using a Redis database, and a globally unique Key is generated by a unique ID of a user + a user fixed login IP + a specified identifier, where Value is a Session number of the user logging in a system. Using String data type of the Redis database, when a user logs in, firstly judging whether the login times of the user reaches a specified session upper limit, if not, calling an INCR key command, and adding 1 to the recorded session times of the user logging in a system; otherwise, the user is prompted to log in the system by using too many browsers when the upper limit of the user login is reached. The INCR key command functions to increment the digital value stored in the key by one. However, the technical solution of the present invention is not limited thereto, and other databases and corresponding instructions may also be used to manage the current number of active sessions.
Fig. 2 illustrates a flowchart of a method of managing user login security according to an example embodiment of the present invention.
It should be understood that the flow chart shown in fig. 2 is only an example, and should not bring any limitation to the functions and applicable scope of the embodiment of the present invention.
Referring to fig. 2, taking an example that a current user logs in a system using an IP address other than a common login IP, a set of user's unusual IP addresses may be recorded in advance, and an unusual IP login upper limit may be set.
When the user logs in the system, steps S210 to S270 may be performed.
Step S210, obtaining the login IP of the user, and determining whether the login IP is the common login IP of the user. If not, step S220 is performed.
Step S220, obtain the unusual IP address set.
According to an exemplary embodiment, the set of uncommon IP addresses may contain IP addresses that were used when the user logged into the system, but were used a small number of times. For example, the IP address that is not commonly used may record an IP address used by a user to log in a system when the user is on business, but the technical solution of the present invention is not particularly limited to this.
Step S230, determine whether the login IP is in the uncommon IP address set. If so, go to step S240, otherwise go to step S270.
In step S240, the login times of the login IP is obtained.
Step S250, determining whether the login frequency of the login IP reaches the login upper limit of the uncommon IP address. If so, go to step S270, otherwise, go to step S260.
According to an exemplary embodiment, when the login times of the login IP reaches the login upper limit of the uncommon IP address, the data type of Sorted Set of Redis can be used, and the login times of the user can be recorded by using the score syntax. When the user authentication is successful, the number of the IP addresses which are currently logged in by the user and are not commonly used can be obtained; and if the number of the users reaches the upper limit of the IP addresses which are not commonly used, deleting the IP address with the least login times in the IP addresses which are not commonly used, and listing the login IP address into the IP address which is not commonly used. However, the technical solution of the present invention is not limited to this, and other databases and corresponding instructions may be used to manage the login IP.
In step S260, the user logs in normally.
And step S270, verifying the user identity by using the QR Code.
According to an example embodiment, QR Code is one of the strictly authenticated login methods. Step S270 is intended to prompt the user to log in by means of strict authentication. The strict authentication method may perform code scanning registration through QRCode, but the present invention is not limited thereto. For example, strict verification may be performed by sending a verification code to a binding mailbox or a mobile phone.
According to an example embodiment, when user authentication fails, if it is determined that the predetermined time authentication number of the user does not reach the predetermined time authentication number upper limit, the user is prompted to re-authenticate the login.
According to the flow chart shown in fig. 2, it can be realized that when the IP address is judged not to be the common IP address of the user as described above, the user login is managed according to the IP address.
Fig. 3 illustrates a flowchart of a method of managing user login security according to an example embodiment of the present invention.
It should be understood that the flow chart shown in fig. 3 is only an example, and should not bring any limitation to the functions and applicable scope of the embodiment of the present invention.
Referring to fig. 3, taking the current user using the common login IP login system as an example, the common login IP address of the user may be recorded in advance, and the session state threshold of a single machine may be set.
When the user logs in to the system, steps S310 to S370 may be performed.
Step S310, obtaining the IP address of the user login, and judging whether the IP address is the common IP address of the user. If so, step S320 is performed.
Step S320, obtaining the current active session number of the common IP.
Step S330, judging whether the current effective conversation quantity of the common IP reaches the conversation state threshold value of a single machine. If so, go to step S340, otherwise, go to step S360.
According to an exemplary embodiment, the upper limit of session login of a single machine may be 3, which means that the current user logs in the system using at most 3 different browsers, and the present invention is not limited in this respect.
Step S340, prompting the user to reach the single machine login upper limit.
In step S350, the user cannot log in, and the process ends.
Step S360, the session login count of the single user is updated.
According to an example embodiment, updating the session login count of the current user may provide for the user to manage his session state when he re-uses the current IP login system.
In step S370, the user logs in normally, and the process ends.
Fig. 4 shows a flowchart of a user logging in by means of strict authentication according to an exemplary embodiment of the invention.
It should be understood that the flow chart shown in fig. 4 is only an example, and should not bring any limitation to the functions and applicable scope of the embodiment of the present invention.
Referring to fig. 4, when a user logs in to the system using an IP address other than an uncommon IP address, the user may be allowed to log in using QR Code verification, and an upper limit of the number of times of verification for the user per day and an upper limit of the number of times of verification for the user per week may be preset. The QR Code is one of two-dimensional codes, particularly, the ZXing of Google can be used for generating, and the generation efficiency is high. The strict verification method of the present invention is not limited to the QR Code verification method, and the technical solution of the present invention is not limited thereto.
When the user identity is verified using the QR Code, steps S410 to S490 may be performed.
In step S410, it is determined whether the verification is successful. If successful, step S420 is performed, otherwise step S440 is performed.
According to an example embodiment, in consideration of timeliness of two-dimensional code verification, when a user scans and verifies a two-dimensional code, it is necessary to determine whether an interval between a generation time of the two-dimensional code and a current verification time is within a specified time range. If the user authentication times out, the user is required to refresh the authentication.
According to an example embodiment, the situation of the verification failure may be the case of performing verification by a non-current user, and may also include other cases of verification failure, and the technical solution of the present invention is not particularly limited to this.
In step S420, the present login IP is added to the Set and the Sorted Set, and the least used IP is shifted out.
According to an example embodiment, if the user authentication is successful, the machine IP of the least login record needs to be removed from the Set of different machine login IPs for recording the user, and the login IP is recorded into the Set and the Sorted Set. The Set can store the IP logged in by different machines, and the Sorted Set can store the login times of the IP. It should be understood that the technical solution of the present invention is not limited thereto, and other data types may be used to store the unusual IP address and the login times thereof.
In step S430, the user logs in normally, and the process ends.
In step S440, the number of times of day authentication is acquired.
According to an example embodiment, the number of code scanning verification times in one day of a user is recorded, the latest code scanning verification times of the user can be recorded by using an INCR Key of a String data type of Redis, and a globally unique Key is generated by using a user unique ID + time of day + a specified identification. The number of user authentications during the week is also recorded. However, the technical solution of the present invention is not limited thereto, and other databases and corresponding instructions may also be used to perform the reading operation on the verification times.
In step S450, it is determined whether the upper limit of the number of times of day authentication is reached. If yes, go to step S460, otherwise go to step S490.
In step S460, the user authentication number of one week is acquired.
In step S470, it is determined whether the user verification count for one week reaches the verification count upper limit for the week. If so, go to step S480, otherwise go to step S490.
In step S480, the user is requested to update the password, and the process ends.
According to an example embodiment, if the user's authentication times per day and week both reach an upper limit, the user is required to modify the password. For the sake of security, the password that can be regulated to last several times cannot be repeated, but the technical solution of the present invention is not limited thereto.
In step S490, the user is asked to re-authenticate the login, and step S410 is executed again after authentication.
Fig. 5 illustrates a block diagram of an apparatus for managing user login security according to an exemplary embodiment of the present invention.
Referring to fig. 5, the apparatus for managing user login security may include: a first obtaining module 510, a judging module 520, a second obtaining module 530, and a login management module 540.
In the apparatus for managing user login security, the first obtaining module 510 is configured to obtain an IP address of a user login device. The determining module 520 is configured to determine whether the IP address is a commonly used IP address of the user. The second retrieving module 530 is configured to retrieve the current active number of sessions for the IP address. The login management module 540 is configured to manage the user login according to the current effective session number of the IP address when the IP address is the commonly used IP address of the user.
According to an example embodiment, the login management module 540 is further configured to: and when the IP address is not the common IP address of the user, managing the user login according to the IP address.
Fig. 6 illustrates a system architecture diagram of an apparatus for managing user login security according to an exemplary embodiment of the present invention.
It should be understood that the system architecture diagram shown in fig. 6 is only an example, and should not bring any limitation to the function and applicability of the embodiments of the present invention.
Referring to fig. 6, the means for managing user login security may include a login IP interceptor 610, an application server cluster 620, and a data server cluster 630.
As previously described, with reference to fig. 1, the IP interceptor 610 may be configured to manage the user's login based on the user's login IP address.
According to an example embodiment, application server cluster 620 may be configured to manage a user's Session state according to a Session. As previously described, with reference to fig. 1, the application server cluster may be configured to manage user login according to the current active session number of commonly used IP when the user logs in using commonly used IP.
According to an example embodiment, the data server cluster 630 may include a Redis database or a MySQL database, and the like, and the technical solution of the present invention is not particularly limited in this respect.
Fig. 7 shows an electronic device according to an exemplary embodiment of the invention, which may be used to implement the aforementioned method.
As shown in FIG. 7, server device 700 may include a processor 710, a memory 720, a network adapter 730, and a monitor 740.
Memory 720 may store instructions for processor 710 to control the processing of operations. The memory 720 may include volatile or nonvolatile memory, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), and the like, which is not limited in this respect.
The processor 710 may call instructions stored in the memory 720 to control related operations. According to one embodiment, the memory 720 stores instructions for the processor 710 to control execution of methods according to embodiments of the invention described above. It will be readily appreciated that memory 720 may also store instructions for processor 710 to control other operations according to embodiments of the present invention, which will not be described in detail herein.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution of the embodiment of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computing device (which may be a personal computer, a server, a mobile terminal, or an intelligent device, etc.) to execute the method according to the embodiment of the present invention.
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It is to be understood that the invention is not limited to the details of construction, arrangement of drawings, or method of implementation, which have been set forth herein, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (7)
1. A method of managing user login security, comprising:
acquiring an IP address of user login;
judging whether the IP address is a common IP address of the user;
if the IP address is judged to be the common IP address of the user, then:
acquiring the current effective session number of the IP address;
managing user login according to the current effective session number of the IP address;
when the IP address is judged not to be the common IP address of the user, managing user login according to the IP address;
wherein, managing user login according to the IP address comprises: judging whether the IP address is an uncommon IP address of the user; when the IP address is judged not to be the uncommon IP address of the user, the user logs in a strict verification mode;
the managing user login according to the IP address further comprises: when the IP address is judged to be the unusual IP address of the user, acquiring the effective login times of the IP address; judging whether the effective login times of the IP address reach the login time threshold of the unusual IP address or not; and when the effective login times of the IP address reach the login time threshold of the unusual IP address, enabling the user to log in a strict verification mode, otherwise, enabling the user to log in normally.
2. The method of claim 1, wherein said managing user login based on a current number of active sessions for said IP address comprises:
judging whether the current effective conversation quantity of the user reaches a conversation state threshold value;
and enabling the user to normally log in when judging that the current effective conversation quantity of the user does not reach a conversation state threshold value.
3. The method of claim 1, wherein said logging in said user with strict authentication comprises:
upon successful authentication of the user:
acquiring the number of the IP addresses which are currently logged in by the user and are not commonly used;
and when the number of the users reaches the threshold value of the uncommon IP addresses, deleting the IP address with the least login times in the uncommon IP addresses, and listing the login IP address in the uncommon IP address.
4. The method of claim 1, wherein said logging in said user with strict authentication further comprises:
and when the user authentication fails, if the preset time authentication frequency of the user is judged to be less than the preset time authentication frequency threshold value, the user is enabled to re-authenticate the login.
5. An apparatus for managing user login security, comprising:
the first acquisition module is configured to acquire an IP address of the user login equipment;
the judging module is configured to judge whether the IP address is a common IP address of the user;
the second acquisition module is configured to acquire the current effective session number of the IP address;
the login management module is configured to manage user login according to the current effective session number of the IP address when the IP address is the common IP address of the user;
the login management module is further configured to: when the IP address is not the common IP address of the user, managing user login according to the IP address;
wherein, managing user login according to the IP address comprises: judging whether the IP address is an uncommon IP address of the user; when the IP address is judged not to be the uncommon IP address of the user, the user logs in a strict verification mode;
the managing user login according to the IP address further comprises: when the IP address is judged to be the unusual IP address of the user, acquiring the effective login times of the IP address; judging whether the effective login times of the IP address reach the login time threshold of the unusual IP address or not; and when the effective login times of the IP address reach the login time threshold of the unusual IP address, enabling the user to log in a strict verification mode, otherwise, enabling the user to log in normally.
6. An electronic device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of managing user login security as recited in any of claims 1-4 based on instructions stored in the memory.
7. A computer-readable medium, on which a program is stored which, when being executed by a processor, carries out the method of managing user login security as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810660985.9A CN108449367B (en) | 2018-06-25 | 2018-06-25 | Method and device for managing user login security, electronic equipment and readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810660985.9A CN108449367B (en) | 2018-06-25 | 2018-06-25 | Method and device for managing user login security, electronic equipment and readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108449367A CN108449367A (en) | 2018-08-24 |
| CN108449367B true CN108449367B (en) | 2021-03-30 |
Family
ID=63207226
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810660985.9A Active CN108449367B (en) | 2018-06-25 | 2018-06-25 | Method and device for managing user login security, electronic equipment and readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108449367B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109743306B (en) * | 2018-12-27 | 2021-09-24 | 奇安信科技集团股份有限公司 | Account security evaluation method, system, device and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664877A (en) * | 2012-03-30 | 2012-09-12 | 北京千橡网景科技发展有限公司 | Method and device for exception handling in login process |
| CN103731413A (en) * | 2013-11-18 | 2014-04-16 | 广州多益网络科技有限公司 | Abnormal login handling method |
| WO2015032318A1 (en) * | 2013-09-03 | 2015-03-12 | 腾讯科技(深圳)有限公司 | Exceptional account determination method and device |
| CN104917756A (en) * | 2015-05-08 | 2015-09-16 | 四川天上友嘉网络科技有限公司 | Login authentication method for network games |
| CN106789855A (en) * | 2015-11-25 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of user login validation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100944724B1 (en) * | 2007-08-21 | 2010-03-03 | 엔에이치엔비즈니스플랫폼 주식회사 | User authentication system using IP address and method thereof |
-
2018
- 2018-06-25 CN CN201810660985.9A patent/CN108449367B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664877A (en) * | 2012-03-30 | 2012-09-12 | 北京千橡网景科技发展有限公司 | Method and device for exception handling in login process |
| WO2015032318A1 (en) * | 2013-09-03 | 2015-03-12 | 腾讯科技(深圳)有限公司 | Exceptional account determination method and device |
| CN103731413A (en) * | 2013-11-18 | 2014-04-16 | 广州多益网络科技有限公司 | Abnormal login handling method |
| CN104917756A (en) * | 2015-05-08 | 2015-09-16 | 四川天上友嘉网络科技有限公司 | Login authentication method for network games |
| CN106789855A (en) * | 2015-11-25 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of user login validation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108449367A (en) | 2018-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3164795B1 (en) | Prompting login account | |
| CN102713926B (en) | Confidential information is revealed and is prevented system and method | |
| US9686344B2 (en) | Method for implementing cross-domain jump, browser, and domain name server | |
| CN111030812A (en) | Token verification method, device, storage medium and server | |
| CN104144419A (en) | Identity authentication method, device and system | |
| CN104580074A (en) | Logging method of client end application and corresponding server of logging method | |
| CN101771532A (en) | Method, device and system for realizing resource sharing | |
| CN110032842B (en) | Method and system for simultaneously supporting single sign-on and third party sign-on | |
| CN106776973B (en) | Blacklist data generation method and apparatus | |
| US11995176B2 (en) | Platform for generation of passwords and/or email addresses | |
| CN108156119B (en) | Login verification method and device | |
| US9769146B2 (en) | Information processing system, information processing method, and non-transitory computer-readable medium | |
| CN110795174B (en) | Application program interface calling method, device, equipment and readable storage medium | |
| SG189085A1 (en) | User account recovery | |
| WO2021164459A1 (en) | Identity verification method and apparatus, computer device, and readable storage medium | |
| CN111031074B (en) | Authentication method, server and client | |
| CN111339524A (en) | Multi-tenant permission control method and device | |
| CN112738100A (en) | Authentication method, device, authentication equipment and authentication system for data access | |
| CN112491890A (en) | Access method and device | |
| JP2018055582A (en) | Communication management program, communication management method and communication management apparatus | |
| CN108449367B (en) | Method and device for managing user login security, electronic equipment and readable medium | |
| US11032265B2 (en) | System and method for automated customer verification | |
| CN114915500B (en) | Self-media account management method and device based on PC desktop client | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN111935151B (en) | Cross-domain unified login method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |