CN108462704A - Login validation method, device, computer equipment and storage medium - Google Patents
Login validation method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108462704A CN108462704A CN201810163982.4A CN201810163982A CN108462704A CN 108462704 A CN108462704 A CN 108462704A CN 201810163982 A CN201810163982 A CN 201810163982A CN 108462704 A CN108462704 A CN 108462704A
- Authority
- CN
- China
- Prior art keywords
- login
- authentication
- historical log
- client
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of login validation method, device, computer equipment and storage mediums, wherein the login validation method includes:The authentication request that client is sent is obtained, authentication request includes identity characteristic information and terminal identification information;If identity characteristic information by authentication, does not obtain historical log number corresponding with identity characteristic information and terminal identification information;If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.In this method, when identity characteristic information and the corresponding historical log number of terminal identification information reach certification frequency threshold value, the second verification mode is pushed to client, good user experience can be obtained to verify user in a manner of by another authentication, client brute force attack crack servers are prevented to reach, safety is logged in achieve the purpose that ensure.
Description
Technical field
The present invention relates to authentication field more particularly to a kind of login validation method, device, computer equipment and storages
Medium.
Background technology
It is realized generally by client input login password currently, establishing secure connection between client and server
, there are security risks for such authentication mode.If malicious client takes Brute Force login password to server, have
Server may be invaded, to cause information leakage.
The malicious attack of client in order to prevent, server are needed in user login services device, and setting prevents client
The measure of malicious attack, but these measures need user to input much information login progress safety verification so that and user experience is poor,
Particularly with the mobile terminal that information input is more inconvenient.
Invention content
A kind of login validation method of offer of the embodiment of the present invention, device, computer equipment and storage medium, it is current to solve
User avoids the problem that malicious attack leads to information leakage when logging in.
In a first aspect, the embodiment of the present invention provides a kind of login validation method, including:
The authentication request that client is sent is obtained, authentication request includes identity characteristic information and terminal recognition letter
Breath;
If identity characteristic information by authentication, does not obtain corresponding with identity characteristic information and terminal identification information
Historical log number;
If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;
The secondary checking request that client is inputted based on the second verification mode is obtained, and is stepped on based on secondary checking request
Record verification.
Second aspect, the embodiment of the present invention provide a kind of login authentication device, including:
Authentication request module is obtained, the authentication request for obtaining client transmission, authentication request packet
Include identity characteristic information and terminal identification information;
Historical log number module is obtained, if for identity characteristic information not by authentication, is obtained special with identity
Reference ceases and the corresponding historical log number of terminal identification information;
The second verification mode module is pushed, if reaching certification frequency threshold value for historical log number, push second is tested
Card mode is to client;
Progress login authentication module, the secondary checking request inputted based on the second verification mode for obtaining client, and
Login authentication is carried out based on secondary checking request.
Third aspect present invention provides a kind of computer equipment, including memory, processor and is stored in the storage
In device and the computer program that can run on the processor, the processor are realized when executing the computer program such as this
The step of inventing the login validation method.
Fourth aspect present invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has
The step of computer program, the computer program realizes login validation method as described herein when being executed by processor.
Login validation method, device, computer equipment and storage medium provided in an embodiment of the present invention, by obtaining simultaneously
Historical log number corresponding with identity characteristic information and terminal identification information truer can comprehensively judge to come from client
The malicious attack at end;When identity characteristic information and terminal identification information historical log number reach certification frequency threshold value, push the
Two verification modes verify user in a manner of by another authentication, client are prevented to reach to client
Brute force attack crack servers log in safety to achieve the purpose that ensure.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the present invention
Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is a flow chart of login validation method in the embodiment of the present invention 1.
Fig. 2 is another particular flow sheet of login validation method in the embodiment of the present invention 1.
Fig. 3 is another particular flow sheet of login validation method in the embodiment of the present invention 1.
Fig. 4 is another particular flow sheet of login validation method in the embodiment of the present invention 1.
Fig. 5 is a functional block diagram of login authentication device in the embodiment of the present invention 2.
Fig. 6 is a schematic diagram of 4 Computer equipment of the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Embodiment 1
Fig. 1 shows the flow chart of login validation method in the present embodiment.The present embodiment is applied is carrying out letter by internet
Between the client and server for ceasing interaction, wherein client includes but not limited to browser and software login-port.This implementation
Client in example is preferably this mobile terminal of smart mobile phone.Server is to receive the request of client and be based on the request
Distribute the management end of application service.Following login validation method is using server as executive agent.As shown in Figure 1, the login authentication
Method includes the following steps:
S10. the authentication request that client is sent is obtained, authentication request includes that identity characteristic information and terminal are known
Other information.
Specifically, authentication request is that client needs to initiate to server when Connection Service device, for carrying out body
The request of part verification.Authentication request includes identity characteristic information and terminal identification information, so that server is based on therein
Identity characteristic information and terminal identification information verify identity, to determine that can the client establish secure connection with server.
Identity characteristic information is available to server to identify the information of user identity.Terminal identification information is available to
The environmental information of the client for identification of server.
Specifically, server can first be based on the identity characteristic after the authentication request for receiving client transmission
Information carries out authentication, if identity characteristic information by authentication, that is, executes step S50;If identity characteristic information is not led to
Authentication is crossed, S20 is thened follow the steps.The method of authentication has very much, includes but not limited in the present embodiment:Based on shared
The authentication of key, the authentication based on biological property and the authentication etc. based on public key encryption algorithm.This
Step first passes through authentication request and carries out first time verification to the identity of user, preliminary to ensure that server and client side establishes company
The safety connect.
If S20. identity characteristic information obtains and identity characteristic information and terminal identification information phase not by authentication
Corresponding historical log number.
Specifically, historical log number is specific spy in the characteristic item for indicate identity characteristic information and terminal identification information
Levy number most in the number of item login service device.For example, the characteristic item of identity characteristic information includes but not limited to register ID,
The characteristic item of terminal identification information includes but not limited to device id and logs in IP, and registers ID, device id and log in IP three,
The highest number of login service device number is exactly historical log number.Wherein, it was registered when registration ID is user login services device
Can unique mark user identity information, such as user name, cell-phone number and identification card number etc..Device id is stepped on for client
The unique production equipment number in the whole world of the hardware of record, for example, mobile phone device id be mobile phone production sequence number, desktop computer sets
Standby ID can be the MAC Address etc. of network interface card.Log in the address or privately owned of used public network distribution when IP is client online
IP address.
Further, going through for user login services device is investigated by two aspects of identity characteristic information and terminal identification information
History login times, the case where can be more comprehensive and truly investigate user login services device.If for example, using the same registration
ID, when by different smart mobile phone repeat logon servers, the login times of the registration ID recognized are most, it is thus determined that being
Historical log number.If alternatively, when same smart mobile phone uses different registration ID repeat logon servers, the equipment that recognizes
The login times of ID are most, it is thus determined that being historical log number.Or if different intelligent mobile phone is corresponded in different login IP
Network under use different registration ID repeat logon servers when, recognize login IP login times maximum, it is thus determined that
For historical log number.Therefore, its corresponding history is determined by the different situations of identity characteristic information and terminal identification information
Login times are conducive to occur the case where preventing malicious client attack server to a certain extent, to avoid information leakage,
To ensure information security.
The historical log number referred in the present embodiment can be the note within a preset period of time being recorded in server
The most login times of number are determined as historical log number by volume ID, device id login times corresponding with IP is logged in.
If S30. historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.
Wherein, certification frequency threshold value, which is the historical log number of identity characteristic information and terminal identification information, can log in clothes
The maximum login times of business device.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server is not
Receive same type of authentication request again, then takes the second authentication mode.
Specifically, the second verification mode includes but not limited to:Sliding block, picture mosaic, letter and number etc., with artificial subjective sense
The verification mode received.
The mode of authentication is forced to be switched to the second authentication mode with artificial subjective feeling, can effectively be judged
The authenticity of client prevents client from invading server by the malicious way of Brute Force.
S40. obtain the secondary checking request that input based on the second verification mode of client, and be based on secondary checking request into
Row login authentication.
Specifically, secondary checking request is the checking request that client is directed to that the second verification mode gives a response.
Server verifies the secondary checking request that client is sent, if for example, client is directed to graphical verification code
In word beam back the secondary checking request with word, server judges the correctness of the word, to complete login authentication.This
In embodiment, server is tested by the second checking request fed back based on the second authentication mode that client is sent log in
Card, can avoid passing through Brute Force machine make client to server initiate malicious attack so that server be cracked into
And lead to information leakage.
Preferably, after step slo, i.e., after the step of obtaining the authentication request that client is sent, this is stepped on
It further includes following steps to record verification method:
If S50. identity characteristic information is by authentication, by authentication request, establishes safety with client and connect
It connects.
It is to be appreciated that when the authentication request that server authentication is sent by client, illustrate that server can lead to
The safety of the identity characteristic information of the stored validation of information client of database is crossed, and then safety can be established with client
Connection.By this step, secure connection has been established with server in client, and server offer is further obtained convenient for client
Specific business information.
Preferably, after step S20, that is, history corresponding with identity characteristic information and terminal identification information is being obtained
After the step of login times, the method for the login authentication further includes following steps:
If S60. historical log number is not up to certification frequency threshold value, prompts client to retransmit authentication and ask
It asks.
Specifically, certification frequency threshold value, which is the historical log number of identity characteristic information and terminal identification information, to log in
The maximum login times of server.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server
No longer receive same type authentication request, then takes other authentication modes.
Further, historical log number does not reach the cognition frequency threshold value of server formulation, illustrates that server may be used also
To receive the same type of authentication request of client transmission again, enhancing server is to the flexible of client certificate
Property.Login validation method provided in an embodiment of the present invention, by obtaining and identity characteristic information and terminal identification information phase simultaneously
Corresponding historical log number more really comprehensively can judge the malicious attack from client;When historical log number reaches
When to certification frequency threshold value, push the second verification mode to client, in a manner of by another authentication to user into
Row verification, client brute force attack crack servers are prevented to reach, and log in safety to achieve the purpose that ensure, and can obtain
Good user experience is obtained, especially for the mobile terminal user that information input is more inconvenient.
In a specific embodiment, identity characteristic information includes registration ID, and terminal identification information includes device id and steps on
IP is recorded, as shown in Fig. 2, in step S20, that is, obtains historical log corresponding with identity characteristic information and terminal identification information
Number specifically comprises the following steps:
S21. the historical log data in preset time period are counted, are obtained respectively and registration ID, device id or login IP phases
Corresponding first login times, the second login times and third login times.
Wherein, historical log data are to register ID, device id and the phase for logging in IP login service devices within a preset period of time
Close data, including respective login times, login time etc..Server prestores all historical log data, each history
Logon data be corresponding with registration ID, device id and log in IP, also with its login time associated storage.It is to be appreciated that first steps on
Record number refers to the number for registering ID login service devices within a preset period of time, and the second login times refer to device id when default
Between in section login service device number, third login times are the numbers for logging in IP login service devices within a preset period of time.This
Preset time period in embodiment can be fallen since the time or current time in system for getting the authentication request
The a period of time moved back could be provided as 1 day or 1 week.
S22. maximum value is chosen from the first login times, the second login times and third login times as historical log
Number.
For example, registration ID, device id or corresponding first login times of login IP, the second login times and third login time
Number be respectively 3,5 and 8, then historical log number be the corresponding third login times of historical log number, i.e., 8 times.
In order to which the client to login service device accomplishes all-around defense, need to investigate client login service from three angles
The case where device.As shown in this example, corresponding first login times of registration ID only have 3 times, and the login IP that login IP is used
It is used 8 times, the corresponding third login times of login IP is determined as historical log number due to safety concerns, so as to
In the Prevention-Security to server is better achieved.The situation that accessing server by customer end is investigated by multi-angle, can be more
Information security that is comprehensive and being effectively protected in server.
Preferably, after step s 22, i.e., from the first login times, the second login times and third login times
After choosing the step of maximum value is as historical log number, which further includes:
If S23. historical log number is not up to certification frequency threshold value, make the first login times, the second login times and
The corresponding number of three login times adds 1, and updates historical log number.
It is to be appreciated that server is connected to the authentication request namely the corresponding note of client of this client transmission
Volume ID, device id and login IP are logged in once again, corresponding first login times, the second login times and third should be given to log in secondary
Number plus 1, while updating corresponding historical log number.
For example, if certification frequency threshold value is 5, the history after authentication request three times is received for server below
The record form of login times:
| Register ID | Device id | Log in IP | |
| Authentication request 1 | 0 | 1 | 1 |
| Authentication request 2 | 1 | 1 | 0 |
| Authentication request 3 | 0 | 1 | 1 |
| Register ID | Device id | Log in IP | Historical log number |
| 1 | 3 | 2 | 3 |
At this point, historical log number is 3, not up to certification frequency threshold value 5.Therefore, when server receives four identity
The record form of historical log number after checking request is changed to:
| Register ID | Device id | Log in IP | |
| Authentication request 1 | 0 | 1 | 1 |
| Authentication request 2 | 1 | 1 | 0 |
| Authentication request 3 | 0 | 1 | 1 |
| Authentication request 4 | 1 | 1 | 1 |
| Register ID | Device id | Log in IP | Historical log number |
| 2 | 4 | 3 | 4 |
For the client of all-around defense login service device, history of the present embodiment from registration ID, device id and login IP
The case where logon data is set out, integrated survey accessing server by customer end more comprehensively and can be effectively protected server.And
And timely updated historical log number according to the authentication request of accessing server by customer end, keep the true of server data
Real validity.
In a specific embodiment, as shown in figure 3, before step S21, i.e., the history in statistics preset time period is stepped on
Before the step of recording data, login validation method further includes following steps:
S70. the historical log data stored in the form of KEY-VALUE in REDIS databases are counted, by registration ID, equipment
ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding
VALUE。
Specifically, the present embodiment uses REDIS database purchase historical log data.REDIS is one high performance
KEY-VALUE databases play good supplementary function to relational database.The type of REDIS intermediate values is not limited only to character string,
Also support following abstract data type:Character string list, unordered unduplicated string assemble, orderly unduplicated character trail
It is the Hash table of character string to close key, value all.The type of value determines the operation that value itself is supported.REDIS supports that difference is unordered, has
The list of sequence, the advanced server end atomic operations such as intersection, union between unordered, orderly set.
The historical log data stored in the form of KEY-VALUE in the present embodiment, EDIS databases by registration ID, are set
Standby ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding
VALUE, as shown in the table.
| Register ID | First login times |
| X1 | 5 |
| Device id | Second login times |
| 00-01-6C-06-A6-29 | 6 |
| Log in IP | Third login times |
| 183.53.240.209 | 9 |
In this implementation, by KEY-VALUE forms store involved in authentication request to registration ID, device id and step on
The historical log data of IP are recorded, it is concise, obtain corresponding log-on message in time conducive to server.
S80. the historical log data between current time in system and preset time period are obtained, are inquired using KEY-VALUE
Mode obtains the first login times corresponding with registration ID, device id or login IP, the second login times and third and steps on respectively
Record number.
Specifically, preset time period is the specified refresh data of server, by the period in relation to zeros data.In order to protect
The timeliness of authentication request is held, server specifies preset time period to be zeroed out processing to the data of database purchase.In
, can be by KEY corresponding data setting preset times end, such as 24 hours in the present embodiment, then every 24 hours by the number in KEY
It is handled according to being zeroed out.
It is to be appreciated that registration ID, device id or login IP that server is stored according to KEY keys, can directly acquire opposite
The VALUE that should be stored:First login times, the second login times and the corresponding concrete numerical value of third login times, it is simple and fast.
The present embodiment stores the registration arrived involved in authentication request by REDIS databases in the form of KEY-VALUE
ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And
And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.
In a specific embodiment, identity characteristic information includes registration ID and customer authentication code, as shown in figure 4, step
In S20, even identity characteristic information specifically comprises the following steps not by authentication:
S24. it is based on registration ID, obtains corresponding server authentication code.
Specifically, registration ID when being user login services device it is registered can unique mark user identity information, such as
User name, cell-phone number and identification card number etc..
Server authentication code includes but not limited to:Preserve in the server with the corresponding log-in passwords of registration ID or
Identifying code etc..
Server registers the corresponding server authentication codes of ID, the customer authentication code that can be used for sending client by storage
It is compared, to judge the authenticity of the corresponding identity of client, so that it is guaranteed that server and client side establishes the peace of connection
Quan Xing.
If S25. authentication server identifying code and the matching of customer authentication code are inconsistent, identity characteristic information is not by testing
Card.
It is to be appreciated that if authentication server identifying code and the matching of customer authentication code are inconsistent, server not can determine that visitor
The authenticity at family end needs client to do further or re-start authentication namely this identity characteristic information is not led to
Cross verification.
In the present embodiment the authenticity of client, simple and fast, reliability are verified by registering ID and server identifying code
It is high.
Login validation method provided in an embodiment of the present invention is believed by obtaining simultaneously with identity characteristic information and terminal recognition
The corresponding historical log number of manner of breathing more really comprehensively can determine the malicious attack from client;Only work as history
Login times reach certification frequency threshold value, just push the second verification mode to client, can obtain good user experience, especially
It is for the more inconvenient mobile terminal user of information input.
For the client of all-around defense login service device, the present embodiment also investigates client from multi-angle comprehensive and logs in clothes
The case where business device, more comprehensively and can be effectively protected server.Also, according to the authentication of accessing server by customer end
The historical log number that timely updates is asked, the real effectiveness of server data is kept.
The present embodiment stores the registration arrived involved in authentication request by REDIS databases in the form of KEY-VALUE
ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And
And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Embodiment 2
Fig. 5 shows the functional block diagram with the one-to-one login authentication device of login validation method in embodiment 1.Such as Fig. 5
Shown, which includes obtaining authentication request module 10, obtains historical log number module 20, push second
Verification mode module 30 and progress login authentication module 40.Wherein, authentication request module 10 is obtained, historical log time is obtained
Digital-to-analogue block 20 pushes the realization function of the second verification mode module 30 and progress login authentication module 40 and is logged in embodiment and tested
The corresponding step of card method corresponds, and to avoid repeating, the present embodiment is not described in detail one by one.
Authentication request module 10 is obtained, the authentication request for obtaining client transmission, authentication request
Including identity characteristic information and terminal identification information.
Historical log number module 20 is obtained, if not passing through authentication, acquisition and identity for identity characteristic information
Characteristic information and the corresponding historical log number of terminal identification information.
It pushes the second verification mode module 30 and pushes second if reaching certification frequency threshold value for historical log number
Verification mode is to client.
Progress login authentication module 40, the secondary checking request inputted based on the second verification mode for obtaining client,
And login authentication is carried out based on secondary checking request.
Preferably, login authentication device further includes establishing secure connection module 50.
Secure connection module 50 is established, if for identity characteristic information by authentication, by authentication request,
Secure connection is established with client.
Preferably, login authentication device further includes retransmitting authentication request module 60.
Authentication request module 60 is retransmitted, if being not up to certification frequency threshold value for historical log number, is carried
Show that client retransmits authentication request.
Preferably, identity characteristic information includes registration ID, and terminal identification information includes device id and login IP.
It further includes statistical history logon data unit 21 and selection historical log number to obtain historical log number module 20
Unit 22.
Statistical history logon data unit 21, for counting the historical log data in preset time period, respectively obtain with
It registers ID, device id or logs in corresponding first login times of IP, the second login times and third login times.
Historical log time counting unit 22 is chosen, is used for from the first login times, the second login times and third login times
Middle selection maximum value is as historical log number.
Preferably, it further includes update historical log time counting unit 23 to obtain historical log number module 20.
Update historical log time counting unit 23 makes first to step on if being not up to certification frequency threshold value for historical log number
Record number, the second login times and the corresponding number of third login times add 1, and update historical log number.
Preferably, login authentication device further includes statistical history logon data module 70 and acquisition historical log data module
80。
Statistical history logon data module 70, for counting the history stored in the form of KEY-VALUE in REDIS databases
Logon data using registration ID, device id and logs in IP as KEY, the first login times, the second login times and third is logged in
Number is respectively as corresponding VALUE.
Historical log data module 80 is obtained, for obtaining the historical log between current time in system and preset time period
Data obtain the first login time corresponding with registration ID, device id or login IP using KEY-VALUE inquiry modes respectively
Number, the second login times and third login times.
Preferably, identity characteristic information includes registration ID and customer authentication code.
It further includes obtaining server authentication code unit 24 and not verified unit 25 to obtain historical log number module 20.
Server authentication code unit 24 is obtained, for based on registration ID, obtaining corresponding server authentication code.
Not verified unit 25, if matching inconsistent, identity for authentication server identifying code and customer authentication code
Characteristic information is not verified.
Embodiment 3
The present embodiment provides a computer readable storage medium, computer journey is stored on the computer readable storage medium
Sequence realizes login validation method in embodiment 1 when the computer program is executed by processor, no longer superfluous here to avoid repeating
It states.Alternatively, realizing the work(of each module/unit in login authentication device in embodiment 2 when the computer program is executed by processor
Can, to avoid repeating, which is not described herein again.
It is to be appreciated that the computer readable storage medium may include:The computer program code can be carried
Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal and telecommunications letter
Number etc..
Embodiment 4
Fig. 6 is the schematic diagram for the computer equipment that one embodiment of the invention provides.As shown in fig. 6, the calculating of the embodiment
Machine equipment 90 includes:Processor 91, memory 92 and it is stored in the calculating that can be run in memory 92 and on processor 91
Machine program 93.The step of processor 91 realizes login validation method in above-described embodiment 1 when executing computer program 93, such as scheme
Step S10 to S40 shown in 1.Alternatively, processor 91 realizes each mould in above-mentioned each device embodiment when executing computer program 93
The function of block/unit, such as authentication request module 10 is obtained shown in Fig. 5, obtains historical log number module 20, push the
Two verification mode modules 30 and the function of carrying out login authentication module 40.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion
The all or part of function of description.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations.Although with reference to aforementioned reality
Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each
Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed
Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of login validation method, which is characterized in that including:
The authentication request that client is sent is obtained, the authentication request includes identity characteristic information and terminal recognition letter
Breath;
If identity characteristic information by authentication, does not obtain and the identity characteristic information and the terminal identification information phase
Corresponding historical log number;
If the historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;
Obtain the secondary checking request that input based on second verification mode of client, and be based on the secondary checking request into
Row login authentication.
2. login validation method as described in claim 1, which is characterized in that it is described acquisition with the identity characteristic information and
After the step of terminal identification information corresponding historical log number, the login validation method further includes:
If the historical log number is not up to the certification frequency threshold value, prompts client to retransmit authentication and ask
It asks.
3. login validation method as described in claim 1, which is characterized in that the identity characteristic information includes registration ID, institute
It includes device id and login IP to state terminal identification information;
The acquisition historical log number corresponding with the identity characteristic information and the terminal identification information, including:
The historical log data in preset time period are counted, are obtained and the registration ID, the device id or the login respectively
Corresponding first login times of IP, the second login times and third login times;
It is chosen from first login times, second login times and the third login times described in maximum value conduct
Historical log number.
4. login validation method as claimed in claim 3, which is characterized in that it is described from first login times, it is described
After choosing the step of maximum value is as the historical log number in second login times and the third login times, this is stepped on
Recording verification method further includes:
If the historical log number is not up to the certification frequency threshold value, first login times, described second is made to log in
Number and the corresponding number of the third login times add 1, and update the historical log number.
5. login validation method as claimed in claim 3, which is characterized in that the history in the statistics preset time period is stepped on
Before the step of recording data, the login validation method further includes:
The historical log data stored in the form of KEY-VALUE in REDIS databases are counted, by registration ID, device id and login
IP is as KEY, using first login times, second login times and the third login times as corresponding
VALUE;
The historical log data between current time in system and preset time period are obtained, are distinguished using KEY-VALUE inquiry modes
Obtain corresponding with the registration ID, the device id or the login IP the first login times, the second login times and the
Three login times.
6. login validation method as described in claim 1, which is characterized in that in the authentication that the acquisition client is sent
After the step of request, the login validation method further includes:
If identity characteristic information is by authentication, by the authentication request, secure connection is established with client.
7. login validation method as described in claim 1, which is characterized in that the identity characteristic information includes registration ID and visitor
Family identifying code;
If the identity characteristic information not by authentication, including:
Based on the registration ID, corresponding server authentication code is obtained;
If verifying the server authentication code and customer authentication code matching being inconsistent, the identity characteristic information does not pass through
Verification.
8. a kind of login authentication device, which is characterized in that including:
Authentication request module is obtained, the authentication request for obtaining client transmission, the authentication request packet
Include identity characteristic information and terminal identification information;
Historical log number module is obtained, if for identity characteristic information not by authentication, is obtained special with the identity
Reference ceases and the corresponding historical log number of the terminal identification information;
The second verification mode module is pushed, if reaching certification frequency threshold value for the historical log number, push second is tested
Card mode is to client;
Progress login authentication module, the secondary checking request inputted based on second verification mode for obtaining client, and
Login authentication is carried out based on the secondary checking request.
9. a kind of computer equipment, including memory, processor and it is stored in the memory and can be in the processor
The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to
The step of any one of 7 login validation method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist
In the step of realization login validation method as described in any one of claim 1 to 7 when the computer program is executed by processor
Suddenly.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810163982.4A CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
| PCT/CN2018/081548 WO2019165675A1 (en) | 2018-02-27 | 2018-04-02 | Login verification method and apparatus, computer device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810163982.4A CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108462704A true CN108462704A (en) | 2018-08-28 |
| CN108462704B CN108462704B (en) | 2019-08-06 |
Family
ID=63216595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810163982.4A Active CN108462704B (en) | 2018-02-27 | 2018-02-27 | Login validation method, device, computer equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108462704B (en) |
| WO (1) | WO2019165675A1 (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108900557A (en) * | 2018-09-12 | 2018-11-27 | 北京英视睿达科技有限公司 | Login method and system |
| CN109617901A (en) * | 2018-12-29 | 2019-04-12 | 上海点融信息科技有限责任公司 | Determine the method and device thereof of white list |
| CN109815669A (en) * | 2019-01-14 | 2019-05-28 | 平安科技(深圳)有限公司 | Authentication method and server based on recognition of face |
| CN110276183A (en) * | 2019-06-19 | 2019-09-24 | 同盾控股有限公司 | Reversed Turing verification method and device, storage medium, electronic equipment |
| CN110322250A (en) * | 2019-05-22 | 2019-10-11 | 深圳壹账通智能科技有限公司 | The recognition methods of inactive users courses of action, device, equipment and storage medium |
| CN110753036A (en) * | 2019-09-27 | 2020-02-04 | 苏州浪潮智能科技有限公司 | Method and system for client quick authentication under CS framework |
| CN110781466A (en) * | 2019-10-22 | 2020-02-11 | 京信通信系统(中国)有限公司 | Equipment safety management method and device, computer equipment and storage medium |
| CN111062010A (en) * | 2019-11-08 | 2020-04-24 | 支付宝(杭州)信息技术有限公司 | Identity verification method, device and equipment |
| CN111181927A (en) * | 2019-12-13 | 2020-05-19 | 福建天泉教育科技有限公司 | Login method and server |
| CN111241139A (en) * | 2020-01-15 | 2020-06-05 | 平安医疗健康管理股份有限公司 | Data statistical method, device, computer equipment and storage medium |
| CN112613020A (en) * | 2020-12-31 | 2021-04-06 | 中国农业银行股份有限公司 | Identity verification method and device |
| WO2021072866A1 (en) * | 2019-10-16 | 2021-04-22 | 平安科技(深圳)有限公司 | Information authentication method and device, computer apparatus, and storage medium |
| WO2021082023A1 (en) * | 2019-11-02 | 2021-05-06 | 游戏橘子数位科技股份有限公司 | Method for forcibly changing a password |
| CN113099453A (en) * | 2021-03-30 | 2021-07-09 | 厦门理工学院 | Authentication method, device and equipment for access server and readable storage medium |
| CN113806712A (en) * | 2020-06-11 | 2021-12-17 | 马上消费金融股份有限公司 | Authentication processing method, processing device and computer readable storage medium |
| CN113965345A (en) * | 2021-09-08 | 2022-01-21 | 福建库克智能科技有限公司 | Identity recognition method and device, electronic equipment and storage medium |
| CN114745360A (en) * | 2022-03-28 | 2022-07-12 | 慧之安信息技术股份有限公司 | Online registration method based on open source protocol stack eXosip |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN115766164A (en) * | 2022-11-08 | 2023-03-07 | 云南电网有限责任公司信息中心 | Unified authentication management's automation instrument sharing platform |
| CN116029811A (en) * | 2022-12-23 | 2023-04-28 | 杭州快付连接科技有限公司 | Bank marketing business digital management system, intelligent equipment and storage medium |
| CN116028909A (en) * | 2023-02-24 | 2023-04-28 | 深圳市赛柏特通信技术有限公司 | Security office control method, system and medium |
| CN116094848A (en) * | 2023-04-11 | 2023-05-09 | 中国工商银行股份有限公司 | Access control method, device, computer equipment and storage medium |
| CN116800544A (en) * | 2023-08-21 | 2023-09-22 | 成都数智创新精益科技有限公司 | User authentication method, system and device and medium |
| CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
| WO2024001109A1 (en) * | 2022-06-27 | 2024-01-04 | 中国电信股份有限公司 | Authentication method and system based on owner number login, device, and storage medium |
| CN112613020B (en) * | 2020-12-31 | 2024-05-28 | 中国农业银行股份有限公司 | Identity verification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150089621A1 (en) * | 2013-09-24 | 2015-03-26 | Cellco Partnership (D/B/A Verizon Wireless) | Secure login for subscriber devices |
| CN104539604A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Website protection method and device |
| CN105654303A (en) * | 2015-12-31 | 2016-06-08 | 拉扎斯网络科技(上海)有限公司 | High-risk user recognition method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104144419B (en) * | 2014-01-24 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Identity authentication method, device and system |
| US9514294B1 (en) * | 2015-11-12 | 2016-12-06 | International Business Machines Corporation | Accessing a computing resource |
| CN107438049B (en) * | 2016-05-25 | 2020-03-17 | 百度在线网络技术(北京)有限公司 | Malicious login identification method and device |
-
2018
- 2018-02-27 CN CN201810163982.4A patent/CN108462704B/en active Active
- 2018-04-02 WO PCT/CN2018/081548 patent/WO2019165675A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150089621A1 (en) * | 2013-09-24 | 2015-03-26 | Cellco Partnership (D/B/A Verizon Wireless) | Secure login for subscriber devices |
| CN104539604A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Website protection method and device |
| CN105654303A (en) * | 2015-12-31 | 2016-06-08 | 拉扎斯网络科技(上海)有限公司 | High-risk user recognition method and device |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108900557B (en) * | 2018-09-12 | 2023-09-22 | 国际商业机器(中国)投资有限公司 | Login method and system |
| CN108900557A (en) * | 2018-09-12 | 2018-11-27 | 北京英视睿达科技有限公司 | Login method and system |
| CN109617901A (en) * | 2018-12-29 | 2019-04-12 | 上海点融信息科技有限责任公司 | Determine the method and device thereof of white list |
| CN109815669A (en) * | 2019-01-14 | 2019-05-28 | 平安科技(深圳)有限公司 | Authentication method and server based on recognition of face |
| CN110322250A (en) * | 2019-05-22 | 2019-10-11 | 深圳壹账通智能科技有限公司 | The recognition methods of inactive users courses of action, device, equipment and storage medium |
| CN110276183A (en) * | 2019-06-19 | 2019-09-24 | 同盾控股有限公司 | Reversed Turing verification method and device, storage medium, electronic equipment |
| CN110753036A (en) * | 2019-09-27 | 2020-02-04 | 苏州浪潮智能科技有限公司 | Method and system for client quick authentication under CS framework |
| WO2021072866A1 (en) * | 2019-10-16 | 2021-04-22 | 平安科技(深圳)有限公司 | Information authentication method and device, computer apparatus, and storage medium |
| CN110781466A (en) * | 2019-10-22 | 2020-02-11 | 京信通信系统(中国)有限公司 | Equipment safety management method and device, computer equipment and storage medium |
| WO2021082023A1 (en) * | 2019-11-02 | 2021-05-06 | 游戏橘子数位科技股份有限公司 | Method for forcibly changing a password |
| CN111062010A (en) * | 2019-11-08 | 2020-04-24 | 支付宝(杭州)信息技术有限公司 | Identity verification method, device and equipment |
| CN111181927B (en) * | 2019-12-13 | 2021-12-28 | 福建天泉教育科技有限公司 | Login method and server |
| CN111181927A (en) * | 2019-12-13 | 2020-05-19 | 福建天泉教育科技有限公司 | Login method and server |
| CN111241139A (en) * | 2020-01-15 | 2020-06-05 | 平安医疗健康管理股份有限公司 | Data statistical method, device, computer equipment and storage medium |
| CN111241139B (en) * | 2020-01-15 | 2022-09-30 | 深圳平安医疗健康科技服务有限公司 | Data statistical method, device, computer equipment and storage medium |
| CN113806712A (en) * | 2020-06-11 | 2021-12-17 | 马上消费金融股份有限公司 | Authentication processing method, processing device and computer readable storage medium |
| CN112613020A (en) * | 2020-12-31 | 2021-04-06 | 中国农业银行股份有限公司 | Identity verification method and device |
| CN112613020B (en) * | 2020-12-31 | 2024-05-28 | 中国农业银行股份有限公司 | Identity verification method and device |
| CN113099453A (en) * | 2021-03-30 | 2021-07-09 | 厦门理工学院 | Authentication method, device and equipment for access server and readable storage medium |
| CN113965345A (en) * | 2021-09-08 | 2022-01-21 | 福建库克智能科技有限公司 | Identity recognition method and device, electronic equipment and storage medium |
| CN114745360A (en) * | 2022-03-28 | 2022-07-12 | 慧之安信息技术股份有限公司 | Online registration method based on open source protocol stack eXosip |
| CN114745360B (en) * | 2022-03-28 | 2023-10-17 | 慧之安信息技术股份有限公司 | Online registration method based on open source protocol stack eXosip |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN114978749B (en) * | 2022-06-14 | 2023-10-10 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| WO2024001109A1 (en) * | 2022-06-27 | 2024-01-04 | 中国电信股份有限公司 | Authentication method and system based on owner number login, device, and storage medium |
| CN115766164A (en) * | 2022-11-08 | 2023-03-07 | 云南电网有限责任公司信息中心 | Unified authentication management's automation instrument sharing platform |
| CN116029811A (en) * | 2022-12-23 | 2023-04-28 | 杭州快付连接科技有限公司 | Bank marketing business digital management system, intelligent equipment and storage medium |
| CN116029811B (en) * | 2022-12-23 | 2023-09-15 | 杭州快付连接科技有限公司 | Bank marketing business digital management system, intelligent equipment and storage medium |
| CN116028909B (en) * | 2023-02-24 | 2023-12-19 | 深圳市赛柏特通信技术有限公司 | Security office control method, system and medium |
| CN116028909A (en) * | 2023-02-24 | 2023-04-28 | 深圳市赛柏特通信技术有限公司 | Security office control method, system and medium |
| CN116094848A (en) * | 2023-04-11 | 2023-05-09 | 中国工商银行股份有限公司 | Access control method, device, computer equipment and storage medium |
| CN116094848B (en) * | 2023-04-11 | 2023-06-27 | 中国工商银行股份有限公司 | Access control method, device, computer equipment and storage medium |
| CN116800544B (en) * | 2023-08-21 | 2023-11-24 | 成都数智创新精益科技有限公司 | User authentication method, system and device and medium |
| CN116800544A (en) * | 2023-08-21 | 2023-09-22 | 成都数智创新精益科技有限公司 | User authentication method, system and device and medium |
| CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019165675A1 (en) | 2019-09-06 |
| CN108462704B (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108462704B (en) | Login validation method, device, computer equipment and storage medium | |
| CN105007280B (en) | A kind of application login method and device | |
| US9407622B2 (en) | Methods and apparatus for delegated authentication token retrieval | |
| US9491155B1 (en) | Account generation based on external credentials | |
| US8806591B2 (en) | Authentication risk evaluation | |
| CN105871838B (en) | A kind of log-in control method and customer center platform of third party's account | |
| CN104717261B (en) | A kind of login method and desktop management equipment | |
| CN105246073B (en) | The access authentication method and server of wireless network | |
| US20130239173A1 (en) | Computer program and method for administering secure transactions using secondary authentication | |
| CN110401655A (en) | Access control right management system based on user and role | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN105162775A (en) | Logging method and device of virtual machine | |
| CN104901970B (en) | A kind of Quick Response Code login method, server and system | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN109831310B (en) | Identity verification method, system, equipment and computer readable storage medium | |
| CN109067785A (en) | Cluster authentication method, device | |
| CN105262588A (en) | Log-in method based on dynamic password, account number management server and mobile terminal | |
| CN112651011A (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| CN105022939B (en) | Information Authentication method and device | |
| CN105337967B (en) | Realize that user logs in method, system and the central server of destination server | |
| CN106161348A (en) | A kind of method of single-sign-on, system and terminal | |
| US20220191202A1 (en) | Consent-based authorization system | |
| CN105162774A (en) | Virtual machine login method and device used for terminal | |
| CN106331003A (en) | Method and device for accessing application portal system on cloud desktop | |
| CN102833247A (en) | Method for anti-sweeping ciphers in user login system and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |