CN109257321A - Safe login method and device - Google Patents

Safe login method and device Download PDF

Info

Publication number
CN109257321A
CN109257321A CN201710569411.6A CN201710569411A CN109257321A CN 109257321 A CN109257321 A CN 109257321A CN 201710569411 A CN201710569411 A CN 201710569411A CN 109257321 A CN109257321 A CN 109257321A
Authority
CN
China
Prior art keywords
account name
terminal
user
risk class
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710569411.6A
Other languages
Chinese (zh)
Other versions
CN109257321B (en
Inventor
许丹丹
张伟
张亮
罗达
年静
温树庭
祝光明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201710569411.6A priority Critical patent/CN109257321B/en
Publication of CN109257321A publication Critical patent/CN109257321A/en
Application granted granted Critical
Publication of CN109257321B publication Critical patent/CN109257321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

This application discloses safe login methods and device, this method comprises: receiving the logging request that user is sent by terminal, wherein logging request includes the account name and account number cipher of user;It is matched in response to account name with account number cipher, inquires preset list, determine the corresponding risk class of account name, wherein list is used to indicate the corresponding relationship between account name and risk class;It is default risk class in response to the corresponding risk class of account name, secure log certification is carried out to terminal, determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully the page to terminal return.Which improves the safety of terminal and website.

Description

Safe login method and device
Technical field
This application involves field of computer technology, and in particular to Internet technical field more particularly to safe login method And device.
Background technique
With the development of information technology, internet can provide various conveniences for user.People can stay indoors into Row shopping online can use internet dispatch chapter, retrieval information etc..Internet while providing convenient for people there is also Certain security risk, such as hacker steal user account to carry out online transaction etc..
In the prior art, user name can usually be entered with password match and be requested when carrying out website log by user The Website page of login.So, it is difficult to tell whether the terminal that request logs in is hacker's terminal.
Summary of the invention
The purpose of the application is to propose a kind of improved safe login method and device, to solve background above technology department Divide the technical issues of mentioning.
In a first aspect, being sent this method comprises: receiving user by terminal this application provides a kind of safe login method Logging request, wherein logging request includes the account name and account number cipher of user;In response to account name and account number cipher Match, inquire preset list, determines the corresponding risk class of account name, wherein list is used to indicate account name and risk class Between corresponding relationship;It is default risk class in response to the corresponding risk class of account name, secure log is carried out to terminal and is recognized Card, determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully the page to terminal return.
In some embodiments, this method further includes the establishment step of list, which includes: acquisition preset time In the first account name and user information corresponding with the first account name of the historical user of targeted website registration in section;According to One account name and user information determine the corresponding risk class of the first account name;According to the first account name and identified Risk class establishes list.
In some embodiments, risk class includes the first risk class, and user information includes user in historical risk net The the second account name registered, historical risk website and current site stand as different web sites;And according to the first account name and use Family information determines the corresponding risk class of the first account name, comprising: determines whether the second account name and the first account name are identical; It is identical as the first account name in response to the second account name, determine that the corresponding risk class of the first account name is the first risk class.
In some embodiments, risk class includes the second risk class, and user information further includes the behavioral data of user Information;And according to the first account name and user information, determine the corresponding risk class of the first account name, comprising: according to row For data information, behavior value corresponding with behavioral data information is determined;It is identical in response to the second account name and the first account name, Whether the behavior value of determination is less than preset threshold;If behavior value is less than preset threshold, it is determined that the corresponding risk of the first account name Grade is the second risk class.
In some embodiments, secure log certification is carried out to terminal, determines whether terminal is security terminal, comprising: rung It should be the first risk class in the corresponding risk class of account name, the instruction for resetting account number cipher is issued to terminal;It receives The account number cipher that user resets determines whether the account number cipher reset and account number cipher are identical;In response to setting again The account number cipher set is different from account number cipher, determines that terminal is security terminal.
In some embodiments, secure log certification is carried out to terminal, determines whether terminal is security terminal, comprising: rung It should be the second risk class in the corresponding risk class of account name, communication information corresponding with account name is obtained according to account name; In response to obtaining communication information success, then the first login authentication information is issued to terminal;The second login for receiving user's input is tested Information is demonstrate,proved, and by the first login authentication information compared with the second login authentication information, determines the first login authentication information and second Whether login authentication information is identical;It is identical as the second login authentication information in response to the first login authentication information, determine that terminal is Security terminal.
In some embodiments, logging request further includes the entry address of user;And
Before obtaining communication information corresponding with account name according to account name, method further include: determine the login of user Whether address is historical log address;Entry address in response to user is not historical log address, then it is right with account name to obtain The communication information answered.
Second aspect, this application provides a kind of secure login device, which includes: receiving unit, is configured to connect Receive the logging request that user is sent by terminal, wherein logging request includes the account name and account number cipher of user;First really Order member, is configured to match in response to account name with account number cipher, inquires preset list, determine the corresponding risk of account name Grade, wherein list is used to indicate the corresponding relationship between account name and risk class;Second determination unit is configured to ring Should be default risk class in the corresponding risk class of account name, secure log certification is carried out to terminal, determine terminal whether be Security terminal;Return unit, is configured in response to terminal be security terminal, logins successfully the page to terminal return.
In some embodiments, device further includes that unit is established in list, and it includes: acquisition subelement that unit is established in list, is matched Set for obtain in preset time period targeted website registration historical user the first account name and with the first account name it is right The user information answered;It determines subelement, is configured to determine that the first account name is corresponding according to the first account name and user information Risk class;Subelement is established in list, is configured to establish column according to the first account name and identified risk class Table.
In some embodiments, risk class includes the first risk class, and user information includes user in historical risk net The the second account name registered, historical risk website and current site stand as different web sites;And determine that subelement further configures For determining whether the second account name and the first account name are identical;It is identical as the first account name in response to the second account name, it determines The corresponding risk class of first account name is the first risk class.
In some embodiments, risk class includes the second risk class, and user information further includes the behavioral data of user Information;And determine that subelement is further configured to determine row corresponding with behavioral data information according to behavioral data information For value;Not identical in response to the second account name and the first account name, whether the behavior value of determination is less than preset threshold;If behavior value Less than preset threshold, it is determined that the corresponding risk class of the first account name is the second risk class.
In some embodiments, second determine that subelement is further configured to risk class corresponding in response to account name For the first risk class, the instruction for resetting account number cipher is issued to terminal;The account number cipher that user resets is received, really Whether the account number cipher reset surely is identical as account number cipher;Not in response to the account number cipher that resets and account number cipher Together, determine that terminal is security terminal.
In some embodiments, second determine that subelement is further configured to risk class corresponding in response to account name For the second risk class, communication information corresponding with account name is obtained according to account name;In response to obtaining communication information success, then The first login authentication information is issued to terminal;The second login authentication information of user's input is received, and the first login authentication is believed Breath determines whether the first login authentication information is identical as the second login authentication information compared with the second login authentication information;Response It is identical as the second login authentication information in the first login authentication information, determine that terminal is security terminal.
In some embodiments, logging request further includes the entry address of user, is obtained and account name according to account name Before corresponding communication information, second determines that subelement is further configured to determine whether the entry address of user is that history is stepped on Record address;Entry address in response to user is not historical log address, then obtains communication information corresponding with account name.
Safe login method and device provided by the present application, the account name including user sent by reception user are stepped on Record request, inquires preset list, risk class corresponding with the account name of user is determined, in the corresponding risk class of account name In the case where for default risk class, secure log verifying is carried out to terminal, the safety of terminal is determined, finally to security terminal Return logins successfully the page, to reduce the risk of for example stolen account success log-on webpage page of abnormal account, improves account Number and website safety.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other Feature, objects and advantages will become more apparent upon:
Fig. 1 is that this application can be applied to exemplary system architecture figures therein;
Fig. 2 is the flow chart according to one embodiment of the safe login method of the application;
Fig. 3 is the schematic diagram according to an application scenarios of the safe login method of the application;
Fig. 4 is the flow chart according to another embodiment of the safe login method of the application;
Fig. 5 is the structural schematic diagram according to one embodiment of the secure login device of the application;
Fig. 6 is adapted for the structural representation of the computer system for the terminal device or server of realizing the embodiment of the present application Figure.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 is shown can be using the exemplary system of the embodiment of the safe login method or secure login device of the application System framework 100.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105. Network 104 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to receive or send out Send message etc..Various telecommunication customer end applications can be installed, such as web browser is answered on terminal device 101,102,103 With, shopping class application, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 101,102,103 can be the various electronic equipments with display screen and supported web page browsing, packet Include but be not limited to smart phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio level 4) it is player, on knee portable Computer and desktop computer etc..
Server 105 can be to provide the server of various services, such as to showing on terminal device 101,102,103 Webpage provides the backstage web page server supported.The data such as the logging request that backstage web page server can send user carry out Analysis processing, and processing result (such as page data) is fed back into terminal device.
It should be noted that safe login method provided by the embodiment of the present application is generally executed by server 105, accordingly Ground, secure login device are generally positioned in server 105.
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to realization need It wants, can have any number of terminal device, network and server.
With continued reference to Fig. 2, the process 200 of one embodiment of the safe login method according to the application is shown.The peace Full login method, comprising the following steps:
Step 201, the logging request that user is sent by terminal is received.
In the present embodiment, the electronic equipment (such as server shown in FIG. 1) of safe login method operation thereon can To receive logging request using the terminal that it is logged in from user by wired connection mode or radio connection, In, above-mentioned logging request includes that user is close in the account name for the website that expectation logs in and account corresponding with the account name Code.In practice, number of site for example do shopping class website, read class website etc. need register account number just and can carry out some behaviors it is living It is dynamic, such as shopping, reading etc..The server of electronic equipment operation thereon is stored with the account name of the user of register account number And account number cipher corresponding with account name, the account name can be arranged for user oneself, it can also be by server according in advance The logon mode of setting automatically generates, and account number cipher is usually set by user oneself.When registered user needs to log in certain When one website, the account name registered in the website and account number cipher corresponding with account name can be provided to server, with Authentication is carried out to the account name for server.
Step 202, it is matched in response to account name with account number cipher, inquires preset list, determine the corresponding wind of account name Dangerous grade.
In the present embodiment, the account due to being frequently present of user in existing computer network is stolen, user is in website (example Such as shopping website) situations such as carrying out some malicious acts (such as returning goods in batches after bulk purchase article), server can be to The account name of registration carries out risk and determines, and the risk class corresponding with account name determined is pre-stored in list. Above-mentioned risk class for example may include priming the pump grade, intermediate risk grade and highest risk class.When user passes through When terminal logs on the website for requesting to log in using chartered account name, server can be according to true in step 201 The account name of fixed user and account number cipher corresponding with the account name of user, account name is matched with account number cipher, After successful match, pre-set list can be further inquired, to further determine that risk corresponding with above-mentioned account name Grade.In the present embodiment, above-mentioned list is used to indicate the corresponding relationship between account name and risk class.
Step 203, it is default risk class in response to the corresponding risk class of account name, secure log is carried out to terminal and is recognized Card, determines whether terminal is security terminal.
Multiple default risk class can be preset in the present embodiment, in server, for example, default risk class can Think the first risk class, can be the second risk class, can be third level risk class etc..
According to the corresponding risk class of account name determined in step 202, server can further determine that right with account name Which rank of in default risk class the risk class answered be, to carry out secure log certification to terminal.In some applied fields Jing Zhong, secure log certification can be sent in short-message verification by the electronic equipment of the terminal operating of user thereon to server Hold to carry out secure log certification, the short message content that server is sent according to the user received in its pre-set encryption Appearance is matched, and is detected according to matching result and is sent whether the terminal of short message is security terminal.
In some optional implementations of the present embodiment, above-mentioned risk class may include the first risk class, should First risk class can represent highest risk class.For example, server can be by the corresponding wind of account name that account was stolen Dangerous grade is set as the first risk class.Since account was stolen, it is hidden to there is safety in the corresponding account number cipher of the account Suffer from.Server can be run when being the first risk class in response to the corresponding risk class of above-mentioned account name to electronic equipment Terminal thereon issues the instruction for resetting account number cipher.After the instruction to be sent for resetting account number cipher, server Can receive the account number cipher that user resets, and determine the account number cipher that resets and above-mentioned account number cipher whether phase Together.When server detects the account number cipher reset and above-mentioned account number cipher difference, above-mentioned terminal can be determined for peace Full terminal.Herein, when user carries out resetting the process of account number cipher, server can carry out account registration to user When be stored in registration information in mailbox send verifying instruction, and password resetting is carried out in the mailbox, so, can be into One step ensures the safety of terminal.
In some optional implementations of the present embodiment, above-mentioned risk class may include the second risk class, should Second risk class can represent time high-risk grade.In specific application scenarios, server can be by the credit value of user The corresponding risk class of lower account name is set as the second risk class.As an example, when user requests the website logged in When for shopping class website, behavioural information according to user in the website, the account name setting that user can register in the website Credit value.For example, user successfully buys in commodity and when the commodity bought in reasonably are evaluated in the website, letter can be increased With value;Product itself be not present quality problems, user batch buy in commodity carries out again in batches the return of goods when, credit can be reduced Value.User request log in websites response in the corresponding risk class of above-mentioned account name be the second risk class when, Ke Yigen Communication information corresponding with account name is obtained according to above-mentioned account name.Herein, communication information can carry out account note for user Phone number when volume in be stored in registration information, or the Email Accounts being stored in registration information.Server is rung It should be when obtaining the success of above-mentioned communication information, the terminal that can be run to electronic equipment thereon issues the first login authentication letter Breath.Wherein, which can be to state the verification code information that phone number or mailbox are sent upwards, or User is reminded to pass through the cell-phone number of registration to the information for the website platform transmission short message for requesting login.Server is to end After end issues the first login authentication information, the second login authentication information of user's input, second login authentication letter can receive Whether terminal of the breath for checking request to log in is security terminal.Then, server can be by above-mentioned first login authentication information Compared with the second login authentication information, determine whether the first login authentication information is identical as the second login authentication information.It is to be serviced When device is identical as the second login authentication information in response to above-mentioned first login authentication information, it can determine and request to log in the website Terminal be security terminal.For example, user passes through end when the identifying code that server is sent to the phone number of user is " 4321 " It holds when requesting the identifying code of the website logged in input to be also " 4321 ", can determine that terminal is security terminal.Herein, when When the available phone number to user of server, the first login authentication letter preferentially can be issued to the phone number of user Breath;When server obtains the phone number less than user, the Email Accounts of user is obtained, and send to the Email Accounts of user First login authentication information;Server can also send different first and log in the phone number or mailbox of user simultaneously to be recognized Information is demonstrate,proved, after user needs to verify above-mentioned two first login authentication information, just can determine above-mentioned account name corresponding end End is security terminal.When server obtains communication information corresponding with account and has not been obtained successfully according to account name, Ke Yixiang The terminal that request logs in sends the information for obtaining phone number or mailbox.
In some optional implementations of the present embodiment, above-mentioned logging request can also include the login of user Location, wherein the entry address may include the device id model that user is applicable in, the IP of user (Internet Protocol, Network protocol) address.Server can determine whether the entry address of the user is to go through in the logging request for receiving user History entry address.When server is not historical log address in response to the entry address of user, then available and above-mentioned account Number corresponding communication information of name.Server then issues the first login authentication information to terminal in response to obtaining communication information success; The second login authentication information of user's input is received, and by the first login authentication information compared with the second login authentication information, really Whether fixed first login authentication information and the second login authentication information are identical;It is logged in response to the first login authentication information with second Verification information is identical, determines that terminal is security terminal.Herein, above-mentioned historical log address can carry out account note for user Used entry address when volume, or user logs in used address when the website last time.
Step 204, it is security terminal in response to terminal, logins successfully the page to terminal return.
It whether is security terminal according to the terminal determined in step 203, server is in response to above-mentioned terminal in the present embodiment When for security terminal, the page that login successfully can be returned to terminal.Wherein, which can be asked by user Seek the page of login, or the page with " logining successfully " mark.
With continued reference to the schematic diagram that Fig. 3, Fig. 3 are according to the application scenarios of the safe login method of the present embodiment.? In the application scenarios of Fig. 3, " user a " issues the log in page currently presented to terminal device 301 by terminal device 301 first The logging request in face, the logging request include the account name " user a " and account number cipher " * * * * * * * * * " of user.Then, it takes After business device 302 receives the logging request of the sending of terminal device 301, examine whether above-mentioned account name matches with account number cipher.? List 3021 is previously provided on server 302, the account name that multiple users are recorded in list 3021 " user a, user b, is used Family c ... " and risk class corresponding with account name.For example, risk class corresponding with " user a " is " level-one ", with " user The corresponding risk class of b " is " second level ", and risk class corresponding with " user c " is " three-level " ....In account name and account number cipher In matched situation, server can inquire list 3021, determine risk class corresponding with " user a ".It is true in server 302 Determined the corresponding risk class of account name " user a " be preset " level-one " when, can according to risk class be " level-one " Authentication mode to terminal carry out secure log certification, such as the certification can for reset user login password.When with After family resets login password, server 302 can include the page of " logining successfully " several words to the return of terminal device 301 Face.
The logging request that the present embodiment is sent by receiving user, and preset list is inquired, determine that account name is corresponding After risk class, according to login authentication condition corresponding to default risk class, secure log certification carried out to terminal, in determination State whether terminal is security terminal, and is the page logined successfully to terminal return after security terminal in response to above-mentioned terminal, from And the risk of for example stolen account success log-on webpage page of abnormal account is reduced, improve the safety of account and website.
With further reference to Fig. 4, it illustrates the processes 400 of another embodiment of safe login method.The secure log The process 400 of method, comprising the following steps:
Step 401, it obtains in preset time period in the first account name of the historical user of targeted website registration and with the The corresponding user information of one account name.
In the present embodiment, user targeted website carry out account registration when, can be set account name and with the account name Corresponding user information.Wherein, above-mentioned targeted website is the website that terminal current request logs in, and above-mentioned user information may include The phone number of user, the identification card number of user, the Email Accounts of user, personal attribute information (such as the age, property of user Not) etc..After the account registration of user, above-mentioned account name and information corresponding with account name can be stored in server In.Therefore, server can be obtained according to preset time period the historical user registered in targeted website the first account name and User information corresponding with the first account name.Above-mentioned preset time period can be by manually setting, can also be with default setting.
Step 402, according to the first account name and user information, the corresponding risk class of the first account name is determined.
Server can the first account name according to the historical user got and user corresponding with the first account name Information assesses the first account name of historical user, so that it is determined that risk class corresponding with the first account name.
In some optional implementations of the present embodiment, above-mentioned risk class may include the first risk class, above-mentioned User information may include the second account name that user registers in historical risk website, above-mentioned historical risk website and current site For different websites.The historical risk website can steal user sensitive information once to there is the stolen website of account password Website, the website etc. of user information is allowed tampering with without user.In general, these historical risk websites can be by source code and use The register account number name at family is revealed, therefore, when user is when targeted website uses account name identical with historical risk website, with this The corresponding user information of account name (when the website be shopping class website when, user information for example can for user identification card number, Bank's card number of user, bank card password etc.) it will be leaked, so, server can pass through the net of inquiry risk website Page source code obtains the second account name that user is registered in these historical risk websites.Server exists getting user After second account name of historical risk website, can determine whether the second account name and above-mentioned first account name are identical.Such as When account name is collectively constituted by text and letter, can check the first account name text and letter whether with the second account name Whether text and letter are all the same, when above-mentioned text and letter all the same, can determine the second account name and the first account name It is identical.When above-mentioned second account name and the first account famous prime minister simultaneously, can determine the corresponding risk class of above-mentioned first account name For the first risk class.
In some optional implementations of the present embodiment, above-mentioned risk class may include the second risk class, on State the behavioral data information that user information can also include user.It, should when it is shopping class website that user, which requests the website logged in, Behavioral data information can buy the information of article in the website for user, evaluate the information etc. of article;When user requests to log in Website be blog class website when, behavior data information can be information, comment of the user in the website orientation article Information etc..According to above-mentioned behavioral data information, server can determine behavior value corresponding with behavioral data information.Work as user When buying article and objectively evaluating to commodity, behavior value can be increased, when user carries out false evaluation to commodity When, it is possible to reduce behavior value;When user's publication is not related to the article of sensitive word and is repeatedly quoted, behavior can be increased Value can reduce behavior value when user, which issues malice, to be commented on and have personal attack.Row can be preset in the server To be worth threshold value, server can determine whether user belongs to the second risk class according to preset behavior asset pricing.Service Device is different from the second account name in response to above-mentioned first account name, i.e. the corresponding risk class of account name is not belonging to first risk etc. In the case where grade, it may further determine that whether above-mentioned behavior value is less than preset threshold.When above-mentioned behavior value is less than preset threshold When, it may be determined that the corresponding risk class of above-mentioned first account name is the second risk class.
Step 403, according to the first account name and identified risk class, list is established.
In the present embodiment, it can be determined according in the first account name and step 402 of the historical user of target registered Corresponding with the first account name risk class establish list.
It can be seen from above-described embodiment that the present embodiment, which essentially describes, to be built unlike embodiment shown in Fig. 2 The step of vertical list, can delimit account name different risk class and be stored in service the step of establishing list by this In device, to there is verifying according to different risk class to the corresponding terminal of account name for the property being directed to, further increase The safety of terminal and the safety of website.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, this application provides a kind of secure log dresses The one embodiment set, the Installation practice is corresponding with embodiment of the method shown in Fig. 2, which specifically can be applied to respectively In kind electronic equipment.
As shown in figure 5, the secure login device 500 of the present embodiment include: receiving unit 501, the first determination unit 502, Second determination unit 503 and return unit 504.Wherein, receiving unit 501 be configured to receive user stepped on by what terminal was sent Record request, wherein the logging request includes the account name and account number cipher of the user;The configuration of first determination unit 502 For being matched in response to the account name with the account number cipher, preset list is inquired, determines the corresponding wind of the account name Dangerous grade, wherein the list is used to indicate the corresponding relationship between account name and risk class;Second determination unit 503 is matched It sets for being default risk class in response to the corresponding risk class of the account name, secure log is carried out to the terminal and is recognized Card, determines whether the terminal is security terminal;And return unit 504 is configured in response to the terminal be security terminal, The page is logined successfully to terminal return.
In the present embodiment, receiving unit 501, the first determination unit 502, the second determination unit 503 and return unit 505 specific processing can be with reference to Fig. 2 corresponding embodiment step 201, step 202, step 203, step 204 and step 205 Detailed description, details are not described herein.
In some optional implementations of the present embodiment, secure login device further includes that unit, list are established in list Establishing unit includes: to obtain subelement (not shown), is configured to obtain in preset time period in the history of targeted website registration The first account name of user and user information corresponding with the first account name;It determines subelement (not shown), is configured to root According to the first account name and user information, the corresponding risk class of the first account name is determined;Subelement (not shown) is established in list, It is configured to establish list according to the first account name and identified risk class.
In some optional implementations of the present embodiment, risk class includes the first risk class, user information packet The second account name that user registers in historical risk website is included, historical risk website and current site are different web sites;And really Stator unit (not shown) is further configured to determine whether the second account name and the first account name are identical;In response to the second account Number name is identical as the first account name, determines that the corresponding risk class of the first account name is the first risk class.
In some optional implementations of the present embodiment, risk class includes the second risk class, and user information is also Behavioral data information including user;And determine that subelement (not shown) is further configured to according to behavioral data information, Determine behavior value corresponding with behavioral data information;It is not identical in response to the second account name and the first account name, determine behavior value Whether preset threshold is less than;If behavior value is less than preset threshold, it is determined that the corresponding risk class of the first account name is second Risk class.
In some optional implementations of the present embodiment, the second determination unit 503 be further configured in response to The corresponding risk class of account name is the first risk class, and the instruction for resetting account number cipher is issued to terminal;Receive user The account number cipher reset determines whether the account number cipher reset and account number cipher are identical;In response to what is reset Account number cipher is different from account number cipher, determines that terminal is security terminal.
In some optional implementations of the present embodiment, the second determination unit 503 be further configured in response to The corresponding risk class of account name is the second risk class, obtains communication information corresponding with account name according to account name;Response In obtaining communication information success, then the first login authentication information is issued to terminal;Receive the second login authentication letter of user's input Breath, and by the first login authentication information compared with the second login authentication information, determine that the first login authentication information is logged in second Whether verification information is identical;It is identical as the second login authentication information in response to the first login authentication information, determine terminal for safety Terminal.
In some optional implementations of the present embodiment, logging request further includes the entry address of user, in basis Before account name obtains communication information corresponding with account name, the second determination unit 503 is further configured to determine user's Whether entry address is historical log address;Entry address in response to user is not historical log address, then acquisition and account The corresponding communication information of name.
Below with reference to Fig. 6, it illustrates the computer systems 600 for the server for being suitable for being used to realize the embodiment of the present application Structural schematic diagram.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in Program in memory (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage section 608 and Execute various movements appropriate and processing.In RAM 603, also it is stored with system 600 and operates required various programs and data. CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always Line 604.
I/O interface 605 is connected to lower component: the importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 606 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 608 including hard disk etc.; And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because The network of spy's net executes communication process.Driver 610 is also connected to I/O interface 605 as needed.Detachable media 611, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 610, in order to read from thereon Computer program be mounted into storage section 608 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description Application program.For example, embodiment of the disclosure includes a kind of computer program product comprising be tangibly embodied in machine readable Computer program on medium, the computer program include the program code for method shown in execution flow chart.At this In the embodiment of sample, which can be downloaded and installed from network by communications portion 609, and/or from removable Medium 611 is unloaded to be mounted.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of the module, program segment or code include one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer The combination of order is realized.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard The mode of part is realized.Described unit also can be set in the processor, for example, can be described as: a kind of processor packet Include receiving unit, the first determination unit, the second determination unit and return unit.Wherein, the title of these units is in certain situation Under do not constitute restriction to the unit itself, for example, receiving unit is also described as " receiving user and passing through terminal transmission Logging request unit ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media, the non-volatile calculating Machine storage medium can be nonvolatile computer storage media included in device described in above-described embodiment;It is also possible to Individualism, without the nonvolatile computer storage media in supplying terminal.Above-mentioned nonvolatile computer storage media is deposited One or more program is contained, when one or more program is executed by an equipment, so that equipment: receiving user and pass through The logging request that terminal is sent, wherein logging request includes the account name and account number cipher of user;In response to account name and account Number password match, inquires preset list, determines the corresponding risk class of account name, wherein list be used to indicate account name with Corresponding relationship between risk class;It is default risk class in response to the corresponding risk class of account name, terminal is pacified Full login authentication determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully page to terminal return Face.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein Can technical characteristic replaced mutually and the technical solution that is formed.

Claims (11)

1. a kind of safe login method, which is characterized in that the described method includes:
Receive the logging request that sends by terminal of user, wherein the logging request include the user account name and Account number cipher;
It is matched in response to the account name with the account number cipher, inquires preset list, determine the corresponding wind of the account name Dangerous grade, wherein the list is used to indicate the corresponding relationship between account name and risk class;
It is default risk class in response to the corresponding risk class of the account name, secure log certification is carried out to the terminal, Determine whether the terminal is security terminal;
It is security terminal in response to the terminal, logins successfully the page to terminal return.
2. the method according to claim 1, wherein the method also includes the establishment step of the list, institute Stating establishment step includes:
Obtain preset time period in targeted website registration historical user the first account name and with the first account name Corresponding user information;
According to the first account name and the user information, the corresponding risk class of the first account name is determined;
According to the first account name and identified risk class, the list is established.
3. according to the method described in claim 2, it is characterized in that, the risk class includes the first risk class, the use Family information includes the second account name that user registers in historical risk website, and the historical risk website is with the current site Different web sites;And
According to the first account name and the user information, the corresponding risk class of the first account name is determined, comprising:
Determine whether the second account name and the first account name are identical;
It is identical as the first account name in response to the second account name, determine the corresponding risk class of the first account name For first risk class.
4. according to the method described in claim 3, it is characterized in that, the risk class includes the second risk class, the use Family information further includes the behavioral data information of user;And
According to the first account name and the user information, the corresponding risk class of the first account name is determined, comprising:
According to the behavioral data information, behavior value corresponding with the behavioral data information is determined;
It is not identical in response to the second account name and the first account name, determine whether the behavior value is less than default threshold Value;
If the behavior value is less than preset threshold, it is determined that the corresponding risk class of the first account name is second wind Dangerous grade.
5. according to the method described in claim 3, it is characterized in that, described carry out secure log certification, determination to the terminal Whether the terminal is security terminal, comprising:
It is first risk class in response to the corresponding risk class of the account name, resets account to terminal sending The instruction of number password;
Receive the account number cipher that the user resets, determine the account number cipher that resets and the account number cipher whether phase Together;
It is different from the account number cipher in response to the account number cipher that resets, determine that the terminal is security terminal.
6. according to the method described in claim 4, it is characterized in that, described carry out secure log certification, determination to the terminal Whether the terminal is security terminal, comprising:
In response to the corresponding risk class of the account name be second risk class, according to the account name obtain with it is described The corresponding communication information of account name;
In response to obtaining the communication information success, then the first login authentication information is issued to the terminal;
The second login authentication information of user's input is received, and first login authentication information and described second are logged in Verification information compares, and determines whether first login authentication information and second login authentication information are identical;
It is identical as second login authentication information in response to first login authentication information, determine the terminal for safety eventually End.
7. according to the method described in claim 6, it is characterized in that, the logging request further includes the entry address of user;With And
Before the communication information corresponding with the account name according to account name acquisition, the method also includes:
Whether the entry address for determining the user is historical log address;
Entry address in response to user is not historical log address, then obtains communication information corresponding with the account name.
8. a kind of secure login device, which is characterized in that described device includes:
Receiving unit is configured to receive the logging request that user is sent by terminal, wherein the logging request includes described The account name and account number cipher of user;
First determination unit is configured to match in response to the account name with the account number cipher, inquires preset list, really Determine the corresponding risk class of the account name, wherein the list is used to indicate the corresponding pass between account name and risk class System;
Second determination unit is configured in response to the corresponding risk class of the account name be default risk class, to described Terminal carries out secure log certification, determines whether the terminal is security terminal;
Return unit, is configured in response to the terminal be security terminal, logins successfully the page to terminal return.
9. device according to claim 8, which is characterized in that described device further includes that unit, the list are established in list Establishing unit includes:
Obtain subelement, be configured to obtain preset time period in targeted website registration historical user the first account name with And user information corresponding with the first account name;
It determines subelement, is configured to determine the first account name according to the first account name and the user information Corresponding risk class;
Subelement is established in list, is configured to establish the column according to the first account name and identified risk class Table.
10. a kind of server, which is characterized in that the server includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now method as described in any in claim 1-7.
11. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The method as described in any in claim 1-7 is realized when being executed by processor.
CN201710569411.6A 2017-07-13 2017-07-13 Secure login method and device Active CN109257321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710569411.6A CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710569411.6A CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Publications (2)

Publication Number Publication Date
CN109257321A true CN109257321A (en) 2019-01-22
CN109257321B CN109257321B (en) 2021-12-03

Family

ID=65051670

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710569411.6A Active CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Country Status (1)

Country Link
CN (1) CN109257321B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN111447221A (en) * 2020-03-26 2020-07-24 支付宝(杭州)信息技术有限公司 Method and system for verifying identity using biometrics
CN112073404A (en) * 2020-09-03 2020-12-11 中国平安财产保险股份有限公司 Account login method and device based on browser
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device
CN113709082A (en) * 2020-05-20 2021-11-26 腾讯科技(深圳)有限公司 Application login method and device and account login mode setting method
CN115065512A (en) * 2022-05-31 2022-09-16 北京奇艺世纪科技有限公司 Account login method, system, device, electronic equipment and storage medium
CN116760646A (en) * 2023-08-22 2023-09-15 中信消费金融有限公司 Login processing method, login processing device, server and readable storage medium
TWI825963B (en) * 2021-08-31 2023-12-11 日商樂天集團股份有限公司 Fraud detection systems, fraud detection methods and program products

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852883A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Method and system for protecting safety of account information
CN104852888A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Method and device for setting static authentication information
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN105654303A (en) * 2015-12-31 2016-06-08 拉扎斯网络科技(上海)有限公司 High-risk user recognition method and device
US9628491B1 (en) * 2016-01-25 2017-04-18 International Business Machines Corporation Secure assertion attribute for a federated log in
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852883A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Method and system for protecting safety of account information
CN104852888A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Method and device for setting static authentication information
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL
CN105654303A (en) * 2015-12-31 2016-06-08 拉扎斯网络科技(上海)有限公司 High-risk user recognition method and device
US9628491B1 (en) * 2016-01-25 2017-04-18 International Business Machines Corporation Secure assertion attribute for a federated log in

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN111447221A (en) * 2020-03-26 2020-07-24 支付宝(杭州)信息技术有限公司 Method and system for verifying identity using biometrics
CN111447221B (en) * 2020-03-26 2022-07-19 支付宝(杭州)信息技术有限公司 Method and system for verifying identity using biometrics
CN113709082A (en) * 2020-05-20 2021-11-26 腾讯科技(深圳)有限公司 Application login method and device and account login mode setting method
CN112073404A (en) * 2020-09-03 2020-12-11 中国平安财产保险股份有限公司 Account login method and device based on browser
CN112073404B (en) * 2020-09-03 2023-09-29 中国平安财产保险股份有限公司 Account login method and device based on browser
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device
TWI825963B (en) * 2021-08-31 2023-12-11 日商樂天集團股份有限公司 Fraud detection systems, fraud detection methods and program products
CN115065512A (en) * 2022-05-31 2022-09-16 北京奇艺世纪科技有限公司 Account login method, system, device, electronic equipment and storage medium
CN115065512B (en) * 2022-05-31 2024-03-15 北京奇艺世纪科技有限公司 Account login method, system, device, electronic equipment and storage medium
CN116760646A (en) * 2023-08-22 2023-09-15 中信消费金融有限公司 Login processing method, login processing device, server and readable storage medium
CN116760646B (en) * 2023-08-22 2023-10-31 中信消费金融有限公司 Login processing method, login processing device, server and readable storage medium

Also Published As

Publication number Publication date
CN109257321B (en) 2021-12-03

Similar Documents

Publication Publication Date Title
US11276048B2 (en) Online payment processing method apparatus and system
CN109257321A (en) Safe login method and device
US9756042B2 (en) Systems and methods for authentication and verification
US11120493B2 (en) Payment method, apparatus and system
US8935802B1 (en) Verifiable tokenization
EP2748781B1 (en) Multi-factor identity fingerprinting with user behavior
US10567366B2 (en) Systems and methods of user authentication for data services
CN105262779B (en) Identity authentication method, device and system
CN106605246A (en) Systems and methods for authenticating a user based on a computing device
KR101202295B1 (en) Method of paying with unique key value and apparatus thereof
US20200213346A1 (en) Predicting online electronic attacks based on other attacks
CN110399561B (en) Information recommendation method, information recommendation device and electronic equipment
TWI751590B (en) Violation presumption system, violation presumption method and program products
KR20170101905A (en) Phishing page detection method and device
US9384330B2 (en) Providing user attributes to complete an online transaction
US20210166226A1 (en) Deep link authentication
US20190034547A1 (en) Internet portal system and method of use therefor
CN105337946B (en) The method and apparatus of webpage fake certification
US20230206246A1 (en) Systems for Securing Transactions Based on Merchant Trust Score
US11195169B1 (en) Systems and methods for digital wallet
US20230155999A1 (en) Method and System for Detecting Two-Factor Authentication
KR101827480B1 (en) Apparatus and system for recommending products using user's mobile access log and method thereof
CN108234415A (en) For verifying the method and apparatus of user
JP2008134935A (en) Settlement system, authentication settlement device, and portable terminal
KR20150102292A (en) System and method for providing location authentication service using message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant