WO2019165675A1 - Login verification method and apparatus, computer device, and storage medium - Google Patents

Login verification method and apparatus, computer device, and storage medium Download PDF

Info

Publication number
WO2019165675A1
WO2019165675A1 PCT/CN2018/081548 CN2018081548W WO2019165675A1 WO 2019165675 A1 WO2019165675 A1 WO 2019165675A1 CN 2018081548 W CN2018081548 W CN 2018081548W WO 2019165675 A1 WO2019165675 A1 WO 2019165675A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
verification
historical
logins
client
Prior art date
Application number
PCT/CN2018/081548
Other languages
French (fr)
Chinese (zh)
Inventor
李波
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019165675A1 publication Critical patent/WO2019165675A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Definitions

  • the present application relates to the field of identity verification, and in particular, to a login verification method, apparatus, computer device, and storage medium.
  • the server needs to set up measures to prevent malicious attacks on the client when the user logs in to the server.
  • these measures require the user to input multiple information to log in for security verification, which makes the user experience poor, especially for information input.
  • Mobile terminal
  • the embodiment of the present application provides a login verification method, device, computer device, and storage medium, so as to solve the problem that the current user logs in to avoid information leakage caused by malicious attacks.
  • the embodiment of the present application provides a login verification method, including:
  • the identity verification request includes identity feature information and terminal identification information
  • the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
  • the second verification mode is pushed to the client
  • the embodiment of the present application provides a login verification apparatus, including:
  • Obtaining an authentication request module configured to obtain an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
  • Obtaining a historical login number module configured to obtain a historical login number corresponding to the identity feature information and the terminal identification information if the identity feature information does not pass the identity verification;
  • Pushing the second verification mode module if the historical login times reach the authentication number threshold, pushing the second verification mode to the client;
  • the login verification module is configured to obtain a secondary verification request input by the client according to the second verification mode, and perform login verification based on the secondary verification request.
  • a third aspect of the present application provides a computer device comprising a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor executing the computer readable instructions Implement the following steps:
  • the identity verification request includes identity feature information and terminal identification information
  • the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
  • the second verification mode is pushed to the client
  • a fourth aspect of the present application provides one or more non-transitory readable storage mediums storing computer readable instructions, the computer readable instructions being executed by one or more processors such that the one or more processes Perform the following steps:
  • the identity verification request includes identity feature information and terminal identification information
  • the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
  • the second verification mode is pushed to the client
  • the login verification method, device, computer device and storage medium provided by the embodiments of the present application can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information at the same time;
  • the feature information and the terminal identification information history registration times reach the authentication number threshold, and the second verification mode is pushed to the client to authenticate the user by another identity verification manner, so as to prevent the client from brute force attacking and cracking the server, thereby achieving the protection login.
  • the purpose of security can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information at the same time;
  • the feature information and the terminal identification information history registration times reach the authentication number threshold, and the second verification mode is pushed to the client to authenticate the user by another identity verification manner, so as to prevent the client from brute force attacking and cracking the server, thereby achieving the protection login.
  • FIG. 1 is a flowchart of a login verification method in Embodiment 1 of the present application.
  • FIG. 5 is a schematic block diagram of a login verification apparatus in Embodiment 2 of the present application.
  • FIG. 6 is a schematic diagram of a computer device in Embodiment 4 of the present application.
  • FIG. 1 shows a flow chart of a login verification method in this embodiment.
  • This embodiment is applied between a client and a server that exchange information through the Internet, wherein the client includes but is not limited to a browser and a software login port.
  • the client in this embodiment is preferably a mobile terminal such as a smart phone.
  • the server is a management terminal that receives a request from a client and allocates an application service based on the request.
  • the following login verification method takes the server as the execution subject. As shown in FIG. 1, the login verification method includes the following steps:
  • the authentication request is a request that is initiated to the server when the client needs to connect to the server, and is used for authentication.
  • the authentication request includes identity feature information and terminal identification information to enable the server to verify the identity based on the identity feature information and the terminal identification information therein to determine whether the client can establish a secure connection with the server.
  • the identity information is information that is provided to the server to identify the identity of the user.
  • the terminal identification information is environment information provided to the server for identifying the client.
  • the server After receiving the identity verification request sent by the client, the server performs identity verification based on the identity feature information. If the identity feature information passes the identity verification, step S50 is performed; if the identity feature information does not pass the identity verification, Step S20 is performed.
  • authentication There are many methods for authentication, including but not limited to: shared key based authentication, biological feature based authentication, and public key encryption based authentication. This step first authenticates the identity of the user through the authentication request, and initially ensures the security of the connection between the server and the client.
  • the number of historical logins is the number of times the number of times the specific feature item is logged into the server among the feature items indicating the identity feature information and the terminal identification information.
  • the feature items of the identity information include, but are not limited to, the registration ID
  • the feature items of the terminal identification information include, but are not limited to, the device ID and the login IP, and among the registration ID, the device ID, and the login IP, the number of times the login server is the highest It is the number of historical logins.
  • the registration ID is information that can be uniquely identified when the user logs in to the server, such as a user name, a mobile phone number, and an ID number.
  • the device ID is the global unique production device number of the hardware used for client login.
  • the device ID of the mobile phone is the production serial number of the mobile phone
  • the device ID of the desktop computer may be the MAC address of the network card.
  • the login IP address is the address or private IP address assigned by the public network when the client accesses the Internet.
  • the number of historical logins of the user login server is examined by using the identity information and the terminal identification information, so that the user login to the server can be more comprehensively and truly investigated. For example, if the same registration ID is used and the server is repeatedly logged in through different smartphones, the registered registration ID has the highest number of logins, so it is determined as the number of historical logins. Or, if the same smart phone repeatedly logs in to the server with different registration IDs, the identified device ID has the highest number of logins, so it is determined as the number of historical logins. Or, if different smartphones repeatedly log in to the server with different registration IDs under the network corresponding to different login IPs, the number of logins of the identified login IPs is the largest, and thus the number of historical logins is determined. Therefore, determining the number of historical logins by using the identity information and the terminal identification information is beneficial to prevent malicious clients from attacking the server to a certain extent, to avoid information leakage, thereby ensuring information security.
  • the number of historical logins mentioned in this embodiment may be the number of logins corresponding to the registration ID, the device ID, and the login IP recorded in the server within a preset time period, and the number of logins with the highest number of times is determined as the number of historical logins.
  • the authentication number threshold is the maximum number of logins that can be logged into the server for the number of historical logins of the identity information and the terminal identification information. For example, the number of authentication times is 5, that is, when the number of historical logins is 5, the server no longer accepts the same type of authentication request, and instead adopts the second authentication mode.
  • the second verification method includes, but is not limited to, a slider, a puzzle, a letter, a number, and the like, and a verification method with a subjective feeling.
  • the method of forcibly switching to the second authentication mode with human subjective feeling can effectively determine the authenticity of the client and prevent the client from invading the server through malicious means of brute force.
  • the secondary verification request is a verification request that the client responds to the second verification mode.
  • the server verifies the secondary verification request sent by the client. For example, if the client sends back a secondary verification request with text for the text in the graphic verification code, the server determines the correctness of the text to complete the login verification. In this embodiment, the server performs login verification on the second verification request sent by the client based on the second authentication mode feedback, so as to prevent the client from launching a malicious attack on the server through the brute force attacking machine, so that the server is cracked and the information is leaked. .
  • the login verification method further includes the following steps:
  • the server can confirm the security of the identity information of the client through the information stored in the database, thereby establishing a secure connection with the client. After this step, the client and the server have established a secure connection, so that the client can further obtain the specific service information provided by the server.
  • the method for verifying the login further includes the following steps:
  • the number of authentication times threshold is the maximum number of logins that can be logged into the server for the number of historical logins of the identity feature information and the terminal identification information.
  • the threshold of the number of authentication times is 5, that is, when the number of historical logins is 5, the server no longer accepts the same type of authentication request, and instead adopts other authentication methods.
  • the login verification method can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information; when the historical login times reach the threshold of the authentication times, Pushing the second verification mode to the client to authenticate the user through another authentication method, so as to prevent the client from brute force attacking and cracking the server, thereby achieving the purpose of securing login security, and obtaining a good user experience, especially For mobile terminal users who are inconvenient to input information.
  • the identity feature information includes a registration ID
  • the terminal identification information includes a device ID and a login IP.
  • a historical login corresponding to the identity feature information and the terminal identification information is acquired. The number of times includes the following steps:
  • the historical login data in the preset time period is calculated, and the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP are respectively obtained.
  • the historical login data is related data of the registration ID, the device ID, and the login IP login server in a preset time period, including the respective login times, login time, and the like.
  • the server stores all historical login data in advance.
  • Each historical login data corresponds to a registration ID, a device ID, and a login IP, and is also stored in association with the login time.
  • the first login number refers to the number of times the registration ID logs in to the server within a preset time period
  • the second login number refers to the number of times the device ID logs in to the server within a preset time period
  • the third login number is the login IP address.
  • the preset time period in this embodiment may be a period of time from the time when the identity verification request is obtained or the current time of the system is reversed, and may be set to 1 day or 1 week.
  • the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP are 3, 5, and 8, respectively
  • the historical login number is the third login number corresponding to the historical login number, that is, 8 times.
  • the first login number corresponding to the registration ID is only 3 times, and the login IP used by the login IP has been used 8 times.
  • the third login number corresponding to the login IP is determined as history. The number of logins in order to better achieve security defense against the server.
  • the login verification method further includes:
  • the server receives the authentication request sent by the client, that is, the registration ID, the device ID, and the login IP of the client are registered again, and the first login number, the second login number, and the corresponding number should be given.
  • the number of three logins is increased by 1, and the corresponding number of historical logins is updated.
  • the authentication threshold is 5
  • the following is a record table of the number of historical logins after the server receives three authentication requests:
  • the number of historical logins is 3, and the number of authentication times threshold 5 is not reached. Therefore, when the server receives four authentication requests, the record of the number of historical logins is changed to:
  • the present embodiment starts from the registration ID of the registration ID, the device ID, and the login IP, and comprehensively examines the situation of the client login server, so that the server can be more comprehensively and effectively protected. Moreover, the historical login number is updated in time according to the identity verification request of the client login server, and the true validity of the server data is maintained.
  • the login verification method before the step S21, that is, before the step of counting the historical login data in the preset time period, the login verification method further includes the following steps:
  • the historical login data stored in the RED-DATA database in the form of KEY-VALUE, the registration ID, the device ID, and the login IP are used as the KEY, and the first login number, the second login number, and the third login number are respectively used as the corresponding VALUE.
  • REDIS is a high-performance KEY-VALUE database that complements relational databases.
  • the type of REDIS median is not limited to strings. It also supports the following abstract data types: string lists, unordered string collections, ordered non-repeating string collection keys, and hash tables with values as strings. The type of value determines the operations supported by the value itself.
  • REDIS supports advanced unordered, ordered lists, unordered, ordered sets of intersections, unions, and other advanced server-side atomic operations.
  • the historical login data stored in the KEY-VALUE format in the EDIS database has the registration ID, the device ID, and the login IP as the KEY, and the first login number, the second login number, and the third login number are respectively corresponding.
  • VALUE as shown in the following table.
  • the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request are stored in the KEY-VALUE format, which is concise and clear, and facilitates the server to obtain the corresponding login information in time.
  • the preset time period is a time period in which the server specifies the refresh data and clears the relevant data.
  • the server specifies a preset time period to clear the data stored in the database.
  • the data corresponding to the KEY can be set to a preset time end, for example, 24 hours, and the data in the KEY is cleared every 24 hours.
  • the server can directly obtain the corresponding value of the corresponding stored VALUE: first login number, second login number, and third login number, which is simple and quick.
  • the REDA database is used to store the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request in a KEY-VALUE format, which is concise and clear, and facilitates the server to obtain corresponding login information in time; and according to the preset time.
  • the segment clears the data in the database to effectively guarantee the timeliness of the authentication request.
  • the identity information includes a registration ID and a client verification code.
  • the method includes the following steps:
  • the registration ID is information that can be uniquely identified when the user logs in to the server, such as a user name, a mobile phone number, and an ID number.
  • the server verification code includes, but is not limited to, a registration password or a verification code corresponding to the registration ID held in the server.
  • the server can be used to compare the client verification code sent by the client to determine the authenticity of the corresponding identity of the client, thereby ensuring the security of the connection between the server and the client.
  • the authenticity of the client is verified by the registration ID and the server verification code, which is simple, fast, and highly reliable.
  • the login verification method provided by the embodiment of the present invention can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information; only when the historical login times reach the authentication number threshold Only the second verification method is pushed to the client, and a good user experience can be obtained, especially for a mobile terminal user who is inconvenient to input information.
  • this embodiment also comprehensively examines the situation of the client login server from multiple perspectives, and can more fully and effectively protect the server. Moreover, the historical login number is updated in time according to the identity verification request of the client login server, and the true validity of the server data is maintained.
  • the REDA database is used to store the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request in a KEY-VALUE format, which is concise and clear, and facilitates the server to obtain corresponding login information in time; and, according to the preset The time period clears the data in the database to effectively guarantee the timeliness of the identity verification request.
  • Fig. 5 is a block diagram showing the principle of the registration verification apparatus corresponding to the registration verification method in the first embodiment.
  • the login verification device includes an acquisition identity verification request module 10, a history registration number acquisition module 20, a second verification mode module 30, and a login verification module 40.
  • the method of obtaining the authentication requesting module 10, obtaining the historical login number module 20, and pushing the second verification mode module 30 and performing the login verification module 40 correspond to the steps corresponding to the login verification method in the embodiment, in order to avoid redundancy, This embodiment will not be described in detail.
  • the authentication request module 10 is configured to obtain an identity verification request sent by the client, where the identity verification request includes identity feature information and terminal identification information.
  • the historical login number module 20 is configured to acquire the historical login times corresponding to the identity feature information and the terminal identification information if the identity feature information does not pass the identity verification.
  • the second verification mode module 30 is configured to push the second verification mode to the client if the number of historical logins reaches the authentication threshold.
  • the login verification module 40 is configured to obtain a secondary verification request input by the client according to the second verification mode, and perform login verification based on the secondary verification request.
  • the login verification device further includes establishing a secure connection module 50.
  • the security connection module 50 is configured to establish a secure connection with the client through the identity verification request if the identity feature information is authenticated.
  • the login verification device further includes a resend identity verification request module 60.
  • the re-send authentication request module 60 is configured to prompt the client to resend the identity verification request if the historical login number does not reach the authentication number threshold.
  • the identity feature information includes a registration ID
  • the terminal identification information includes a device ID and a login IP.
  • the acquisition history login number module 20 further includes a statistical history login data unit 21 and a selection history login number unit 22.
  • the statistics history registration data unit 21 is configured to collect historical login data in a preset time period, and obtain a first login number, a second login number, and a third login number corresponding to the registration ID, the device ID, or the login IP, respectively.
  • the historical login number unit 22 is selected to select the maximum value from the first login number, the second login number, and the third login number as the historical login times.
  • the acquisition history login count module 20 further includes an update history login count unit 23.
  • the update history registration count unit 23 is configured to increase the number of times corresponding to the first login count, the second login count, and the third login count by 1 if the historical login count does not reach the authentication count threshold, and update the historical login count.
  • the login verification device further includes a statistical history login data module 70 and an acquisition history login data module 80.
  • the statistical history login data module 70 is configured to collect historical login data stored in the RED-DATA database in the form of KEY-VALUE, and use the registration ID, the device ID, and the login IP as the KEY, and the first login number, the second login number, and the third login. The number of times is taken as the corresponding VALUE.
  • the historical login data module 80 is configured to obtain historical login data between the current time and the preset time period of the system, and obtain a first login number corresponding to the registration ID, the device ID, or the login IP by using a KEY-VALUE query manner. The second login count and the third login count.
  • the identity feature information includes a registration ID and a client verification code.
  • the acquisition history login number module 20 further includes an acquisition server verification code unit 24 and a failure verification unit 25.
  • the server verification code unit 24 is configured to acquire a corresponding server verification code based on the registration ID.
  • the identity feature information fails to pass the verification.
  • This embodiment provides one or more non-volatile readable storage media having computer readable instructions stored thereon.
  • the one or more non-volatile readable storage mediums storing computer readable instructions, when executed by one or more processors, causing one or more processors to perform the login verification method of Embodiment 1 To avoid repetition, we will not repeat them here.
  • the computer readable instructions when executed by the processor, the functions of the modules/units in the login verification apparatus in Embodiment 2 are implemented. To avoid repetition, details are not described herein again.
  • non-volatile readable storage media storing computer readable instructions may comprise: any entity or device capable of carrying the computer readable instruction code, a recording medium, a USB flash drive, a mobile hard drive, Disk, optical disk, computer memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier signals, and telecommunications signals.
  • FIG. 6 is a schematic diagram of a computer device according to an embodiment of the present application.
  • computer device 90 of this embodiment includes a processor 91, a memory 92, and computer readable instructions 93 stored in memory 92 and executable on processor 91.
  • the processor 91 executes the steps of the login verification method in the first embodiment, such as steps S10 to S40 shown in FIG. 1, when the computer readable instructions 93 are executed.
  • the processor 91 executes the computer readable instructions 93, the functions of the modules/units in the foregoing device embodiments are implemented.
  • the identity authentication request module 10 is obtained as shown in FIG. 5, the historical login number module 20 is acquired, and the second verification mode is pushed.
  • the module 30 and the function of the login verification module 40 are performed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present application are a login verification method and apparatus, a computer device, and a storage medium, the login verification method comprising: acquiring an identity verification request sent by a client terminal, the identity verification request comprising identity feature information and terminal identification information; if the identity feature information does not pass identity verification, then acquiring the number of historical login times corresponding to the identity feature information and the terminal identification information; and, if the number of historical login times reaches a verification times threshold, then pushing a second verification method to the client terminal. In the present method, when the number of historical login times corresponding to the identity feature information and the terminal identification information reaches a verification times threshold, a second verification method is pushed to the client terminal, enabling a good user experience by verifying the user by means of another identity verification method, and achieving the objectives of preventing the client terminal from violently attacking and breaching the server and ensuring login security.

Description

登录验证方法、装置、计算机设备及存储介质Login verification method, device, computer device and storage medium
本申请以2018年02月27日提交的申请号为201810163982.4,名称为“登录验证方法、装置、计算机设备及存储介质”的中国发明申请为基础,并要求其优先权。The present application is based on the Chinese Patent Application No. 20110116398, filed on Feb. 27, 2018, entitled "Login Verification Method, Apparatus, Computer Equipment, and Storage Medium", and claims priority.
技术领域Technical field
本申请涉及身份验证领域,尤其涉及一种登录验证方法、装置、计算机设备及存储介质。The present application relates to the field of identity verification, and in particular, to a login verification method, apparatus, computer device, and storage medium.
背景技术Background technique
目前,客户端与服务器之间建立安全连接一般是通过客户端输入登录密码实现的,这样的认证方式存在安全隐患。如果恶意客户端对服务器采取暴力破解登录密码,则有可能入侵服务器,从而造成信息泄露。Currently, the establishment of a secure connection between the client and the server is generally implemented by the client entering the login password. Such an authentication method has security risks. If a malicious client brutes the login password to the server, it may invade the server, causing information leakage.
为了防止客户端的恶意攻击,服务器需要在用户登录服务器时,设置防止客户端恶意攻击的措施,但这些措施需用户输入多种信息登录进行安全验证,使得用户体验较差,尤其对于信息输入较为不便的移动终端。To prevent malicious attacks on the client, the server needs to set up measures to prevent malicious attacks on the client when the user logs in to the server. However, these measures require the user to input multiple information to log in for security verification, which makes the user experience poor, especially for information input. Mobile terminal.
发明内容Summary of the invention
本申请实施例提供一种登录验证方法、装置、计算机设备及存储介质,以解决当前用户登录时避免恶意攻击导致信息泄露的问题。The embodiment of the present application provides a login verification method, device, computer device, and storage medium, so as to solve the problem that the current user logs in to avoid information leakage caused by malicious attacks.
第一方面,本申请实施例提供一种登录验证方法,包括:In a first aspect, the embodiment of the present application provides a login verification method, including:
获取客户端发送的身份验证请求,身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数;If the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the authentication threshold, the second verification mode is pushed to the client;
获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。Obtain a secondary verification request input by the client based on the second verification mode, and perform login verification based on the secondary verification request.
第二方面,本申请实施例提供一种登录验证装置,包括:In a second aspect, the embodiment of the present application provides a login verification apparatus, including:
获取身份验证请求模块,用于获取客户端发送的身份验证请求,身份验证请求包括身 份特征信息和终端识别信息;Obtaining an authentication request module, configured to obtain an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
获取历史登录次数模块,用于若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数;Obtaining a historical login number module, configured to obtain a historical login number corresponding to the identity feature information and the terminal identification information if the identity feature information does not pass the identity verification;
推送第二验证方式模块,用于若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;Pushing the second verification mode module, if the historical login times reach the authentication number threshold, pushing the second verification mode to the client;
进行登录验证模块,用于获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。The login verification module is configured to obtain a secondary verification request input by the client according to the second verification mode, and perform login verification based on the secondary verification request.
本申请第三方面提供一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:A third aspect of the present application provides a computer device comprising a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor executing the computer readable instructions Implement the following steps:
获取客户端发送的身份验证请求,身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数;If the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the authentication threshold, the second verification mode is pushed to the client;
获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。Obtain a secondary verification request input by the client based on the second verification mode, and perform login verification based on the secondary verification request.
本申请第四方面提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:A fourth aspect of the present application provides one or more non-transitory readable storage mediums storing computer readable instructions, the computer readable instructions being executed by one or more processors such that the one or more processes Perform the following steps:
获取客户端发送的身份验证请求,身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数;If the identity feature information is not authenticated, obtaining a historical login number corresponding to the identity feature information and the terminal identification information;
若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the authentication threshold, the second verification mode is pushed to the client;
获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。Obtain a secondary verification request input by the client based on the second verification mode, and perform login verification based on the secondary verification request.
本申请实施例提供的登录验证方法、装置、计算机设备及存储介质,通过同时获取与身份特征信息和终端识别信息相对应的历史登录次数,可以更真实全面地判定来自客户端的恶意攻击;当身份特征信息和终端识别信息历史登录次数达到认证次数阈值,推送第二验证方式给客户端,以通过另外一种身份验证方式对用户进行验证,以达到防止客户端暴力攻击破解服务器,从而达到保障登录安全的目的。The login verification method, device, computer device and storage medium provided by the embodiments of the present application can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information at the same time; The feature information and the terminal identification information history registration times reach the authentication number threshold, and the second verification mode is pushed to the client to authenticate the user by another identity verification manner, so as to prevent the client from brute force attacking and cracking the server, thereby achieving the protection login. The purpose of security.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. Other drawings may also be obtained from those of ordinary skill in the art based on these drawings without the inventive labor.
图1是本申请实施例1中登录验证方法的一流程图;1 is a flowchart of a login verification method in Embodiment 1 of the present application;
图2是本申请实施例1中登录验证方法的另一具体流程图;2 is another specific flowchart of the login verification method in Embodiment 1 of the present application;
图3是本申请实施例1中登录验证方法的另一具体流程图;3 is another specific flowchart of the login verification method in Embodiment 1 of the present application;
图4是本申请实施例1中登录验证方法的另一具体流程图;4 is another specific flowchart of the login verification method in Embodiment 1 of the present application;
图5是本申请实施例2中登录验证装置的一原理框图;5 is a schematic block diagram of a login verification apparatus in Embodiment 2 of the present application;
图6是本申请实施例4中计算机设备的一示意图。FIG. 6 is a schematic diagram of a computer device in Embodiment 4 of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
实施例1Example 1
图1示出本实施例中登录验证方法的流程图。本实施例应用在通过互联网进行信息交互的客户端和服务器之间,其中,客户端包括但不限于浏览器和软件登录端口。本实施例中的客户端优选为智能手机这一移动终端。服务器是接收客户端的请求、并基于该请求分配应用服务的管理端。以下登录验证方法以服务器为执行主体。如图1所示,该登录验证方法包括如下步骤:FIG. 1 shows a flow chart of a login verification method in this embodiment. This embodiment is applied between a client and a server that exchange information through the Internet, wherein the client includes but is not limited to a browser and a software login port. The client in this embodiment is preferably a mobile terminal such as a smart phone. The server is a management terminal that receives a request from a client and allocates an application service based on the request. The following login verification method takes the server as the execution subject. As shown in FIG. 1, the login verification method includes the following steps:
S10.获取客户端发送的身份验证请求,身份验证请求包括身份特征信息和终端识别信息。S10. Acquire an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information.
具体地,身份验证请求是客户端需要连接服务器时向服务器发起的,用于进行身份验证的请求。身份验证请求包括身份特征信息和终端识别信息,以使服务器基于其中的身份特征信息和终端识别信息来验证身份,以确定该客户端能否和服务器建立安全连接。Specifically, the authentication request is a request that is initiated to the server when the client needs to connect to the server, and is used for authentication. The authentication request includes identity feature information and terminal identification information to enable the server to verify the identity based on the identity feature information and the terminal identification information therein to determine whether the client can establish a secure connection with the server.
身份特征信息是提供给服务器用以识别用户身份的信息。终端识别信息是提供给服务 器的用于识别客户端的环境信息。The identity information is information that is provided to the server to identify the identity of the user. The terminal identification information is environment information provided to the server for identifying the client.
具体地,服务器在接收到客户端发送的身份验证请求之后,会先基于该身份特征信息进行身份验证,若身份特征信息通过身份验证,即执行步骤S50;若身份特征信息未通过身份验证,则执行步骤S20。身份验证的方法有很多,本实施例中包括但不限于:基于共享密钥的身份验证、基于生物学特征的身份验证和基于公开密钥加密算法的身份验证等。本步骤先通过身份验证请求对用户的身份进行第一次验证,初步保障服务器和客户端建立连接的安全性。Specifically, after receiving the identity verification request sent by the client, the server performs identity verification based on the identity feature information. If the identity feature information passes the identity verification, step S50 is performed; if the identity feature information does not pass the identity verification, Step S20 is performed. There are many methods for authentication, including but not limited to: shared key based authentication, biological feature based authentication, and public key encryption based authentication. This step first authenticates the identity of the user through the authentication request, and initially ensures the security of the connection between the server and the client.
S20.若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数。S20. If the identity feature information does not pass the identity verification, obtain the number of historical logins corresponding to the identity feature information and the terminal identification information.
具体地,历史登录次数是表示身份特征信息和终端识别信息的特征项中,特定特征项登录服务器的次数中最多的次数。比如,身份特征信息的特征项包括但不限于注册ID,终端识别信息的特征项包括但不限于设备ID和登录IP,而注册ID、设备ID和登录IP三者中,登录服务器次数最高的次数就是历史登录次数。其中,注册ID是用户登录服务器时登记过的可唯一标识用户身份的信息,比如用户名、手机号和身份证号等。设备ID是用于客户端登录的硬件的全球唯一生产设备号,例如手机的设备ID是手机的生产序列号,台式电脑的设备ID可以是网卡的MAC地址等。登录IP是客户端上网时所使用的公网分配的地址或者私有IP地址。Specifically, the number of historical logins is the number of times the number of times the specific feature item is logged into the server among the feature items indicating the identity feature information and the terminal identification information. For example, the feature items of the identity information include, but are not limited to, the registration ID, and the feature items of the terminal identification information include, but are not limited to, the device ID and the login IP, and among the registration ID, the device ID, and the login IP, the number of times the login server is the highest It is the number of historical logins. The registration ID is information that can be uniquely identified when the user logs in to the server, such as a user name, a mobile phone number, and an ID number. The device ID is the global unique production device number of the hardware used for client login. For example, the device ID of the mobile phone is the production serial number of the mobile phone, and the device ID of the desktop computer may be the MAC address of the network card. The login IP address is the address or private IP address assigned by the public network when the client accesses the Internet.
进一步地,通过身份特征信息和终端识别信息两个方面考察用户登录服务器的历史登录次数,可以更加全面和真实地考察用户登录服务器的情况。比如,若使用同一个注册ID,通过不同的智能手机重复登录服务器时,识别到的注册ID的登录次数最多,因此确定为历史登录次数。或者,若在同一智能手机采用不同注册ID重复登录服务器时,识别到的设备ID的登录次数最多,因此确定为历史登录次数。又或者,若不同智能手机在不同登录IP对应的网络下采用不同注册ID重复登录服务器时,识别到的登录IP的登录次数最大,因此确定为历史登录次数。因此,通过身份特征信息和终端识别信息的不同情况确定其对应的历史登录次数,在一定程度上有利于防止恶意客户端攻击服务器的情况出现,以避免信息泄露,从而保证信息安全。Further, the number of historical logins of the user login server is examined by using the identity information and the terminal identification information, so that the user login to the server can be more comprehensively and truly investigated. For example, if the same registration ID is used and the server is repeatedly logged in through different smartphones, the registered registration ID has the highest number of logins, so it is determined as the number of historical logins. Or, if the same smart phone repeatedly logs in to the server with different registration IDs, the identified device ID has the highest number of logins, so it is determined as the number of historical logins. Or, if different smartphones repeatedly log in to the server with different registration IDs under the network corresponding to different login IPs, the number of logins of the identified login IPs is the largest, and thus the number of historical logins is determined. Therefore, determining the number of historical logins by using the identity information and the terminal identification information is beneficial to prevent malicious clients from attacking the server to a certain extent, to avoid information leakage, thereby ensuring information security.
本实施例中提及的历史登录次数,可以是服务器中记录到的在预设时间段内该注册ID、设备ID和登录IP对应的登录次数,将次数最多的登录次数确定为历史登录次数。The number of historical logins mentioned in this embodiment may be the number of logins corresponding to the registration ID, the device ID, and the login IP recorded in the server within a preset time period, and the number of logins with the highest number of times is determined as the number of historical logins.
S30.若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端。S30. If the number of historical logins reaches the threshold of the number of authentications, the second verification mode is pushed to the client.
其中,认证次数阈值是身份特征信息和终端识别信息的历史登录次数可以登录服务器 的最大登录次数。比如,认证次数阈值是5,也即当历史登录次数累计到5时,服务器不再接受同一种类型的身份验证请求,转而采取第二认证方式。The authentication number threshold is the maximum number of logins that can be logged into the server for the number of historical logins of the identity information and the terminal identification information. For example, the number of authentication times is 5, that is, when the number of historical logins is 5, the server no longer accepts the same type of authentication request, and instead adopts the second authentication mode.
具体地,第二验证方式包括但不限于:滑块、拼图、字母和数字等,带有人为主观感受的验证方式。Specifically, the second verification method includes, but is not limited to, a slider, a puzzle, a letter, a number, and the like, and a verification method with a subjective feeling.
将身份验证的方式强制切换为带有人为主观感受的第二认证方式,可以有效判定客户端的真实性,防止客户端通过暴力破解的恶意方式入侵服务器。The method of forcibly switching to the second authentication mode with human subjective feeling can effectively determine the authenticity of the client and prevent the client from invading the server through malicious means of brute force.
S40.获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。S40. Acquire a secondary verification request input by the client based on the second verification mode, and perform login verification based on the secondary verification request.
具体地,二次验证请求是客户端针对第二验证方式做出回应的验证请求。Specifically, the secondary verification request is a verification request that the client responds to the second verification mode.
服务器对客户端发送的二次验证请求进行验证,例如,若客户端针对图形验证码中的文字发回带有文字的二次验证请求,服务器判定该文字的正确性,以完成登录验证。本实施例中,服务器通过对客户端发送的基于第二认证方式反馈的第二验证请求进行登录验证,可以避免通过暴力破解机器使得客户端对服务器发起恶意攻击,使得服务器被破解进而导致信息泄露。The server verifies the secondary verification request sent by the client. For example, if the client sends back a secondary verification request with text for the text in the graphic verification code, the server determines the correctness of the text to complete the login verification. In this embodiment, the server performs login verification on the second verification request sent by the client based on the second authentication mode feedback, so as to prevent the client from launching a malicious attack on the server through the brute force attacking machine, so that the server is cracked and the information is leaked. .
优选地,在步骤S10之后,即在获取客户端发送的身份验证请求的步骤之后,该登录验证方法还包括如下步骤:Preferably, after the step S10, that is, after the step of acquiring the identity verification request sent by the client, the login verification method further includes the following steps:
S50.若身份特征信息通过身份验证,则通过身份验证请求,与客户端建立安全连接。S50. If the identity feature information is authenticated, a secure connection is established with the client through the authentication request.
可以理解地,当服务器验证通过客户端发送的身份验证请求,说明服务器可以通过数据库已存储的信息确认客户端的身份特征信息的安全性,进而可以与客户端建立安全连接。经过本步骤,客户端与服务器已建立安全连接,便于客户端进一步获取服务器提供的具体业务信息。It can be understood that when the server verifies the authentication request sent by the client, the server can confirm the security of the identity information of the client through the information stored in the database, thereby establishing a secure connection with the client. After this step, the client and the server have established a secure connection, so that the client can further obtain the specific service information provided by the server.
优选地,在步骤S20之后,即在获取与身份特征信息和终端识别信息相对应的历史登录次数的步骤之后,该登录验证的方法还包括如下步骤:Preferably, after the step S20, that is, after the step of acquiring the number of historical logins corresponding to the identity feature information and the terminal identification information, the method for verifying the login further includes the following steps:
S60.若历史登录次数未达到认证次数阈值,则提示客户端重新发送身份验证请求。S60. If the number of historical logins does not reach the authentication threshold, the client is prompted to resend the authentication request.
具体地,认证次数阈值是身份特征信息和终端识别信息的历史登录次数可以登录服务器的最大登录次数。比如,认证次数阈值是5,也即当历史登录次数累计到5时,服务器不再接受同一种类型身份验证请求,转而采取其它认证方式。Specifically, the number of authentication times threshold is the maximum number of logins that can be logged into the server for the number of historical logins of the identity feature information and the terminal identification information. For example, the threshold of the number of authentication times is 5, that is, when the number of historical logins is 5, the server no longer accepts the same type of authentication request, and instead adopts other authentication methods.
进一步地,历史登录次数没有达到服务器制定的认知次数阈值,说明服务器还可以再次接受客户端发送的同一种类型的身份验证请求,增强服务器对客户端认证的灵活性。本申请实施例提供的登录验证方法,通过同时获取与身份特征信息和终端识别信息相对应的 历史登录次数,可以更真实全面地判定来自客户端的恶意攻击;当历史登录次数达到认证次数阈值时,推送第二验证方式给客户端,以通过另外一种身份验证方式对用户进行验证,以达到防止客户端暴力攻击破解服务器,从而达到保障登录安全的目的,并可以获得良好的用户体验,尤其是对于信息输入较为不便的移动终端用户。Further, the number of historical logins does not reach the threshold of the number of cognitions established by the server, indicating that the server can again accept the same type of authentication request sent by the client, and enhance the flexibility of the server to authenticate the client. The login verification method provided by the embodiment of the present invention can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information; when the historical login times reach the threshold of the authentication times, Pushing the second verification mode to the client to authenticate the user through another authentication method, so as to prevent the client from brute force attacking and cracking the server, thereby achieving the purpose of securing login security, and obtaining a good user experience, especially For mobile terminal users who are inconvenient to input information.
在一具体实施方式中,身份特征信息包括注册ID,终端识别信息包括设备ID和登录IP,如图2所示,在步骤S20中,即获取与身份特征信息和终端识别信息相对应的历史登录次数,具体包括如下步骤:In a specific implementation, the identity feature information includes a registration ID, and the terminal identification information includes a device ID and a login IP. As shown in FIG. 2, in step S20, a historical login corresponding to the identity feature information and the terminal identification information is acquired. The number of times includes the following steps:
S21.统计预设时间段内的历史登录数据,分别获取与注册ID、设备ID或登录IP相对应的第一登录次数、第二登录次数和第三登录次数。S21. The historical login data in the preset time period is calculated, and the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP are respectively obtained.
其中,历史登录数据是在预设时间段内注册ID、设备ID和登录IP登录服务器的相关数据,包括各自的登录次数,登录时间等。服务器预先存储所有历史登录数据,每一历史登录数据对应有注册ID、设备ID和登录IP,还与其登录时间关联存储。可以理解地,第一登录次数是指注册ID在预设时间段内登录服务器的次数,第二登录次数是指设备ID在预设时间段内登录服务器的次数,第三登录次数是登录IP在预设时间段内登录服务器的次数。本实施例中的预设时间段可以是从获取到该身份验证请求的时间或者系统当前时间开始倒退的一段时间,可以设置为1天或1周。The historical login data is related data of the registration ID, the device ID, and the login IP login server in a preset time period, including the respective login times, login time, and the like. The server stores all historical login data in advance. Each historical login data corresponds to a registration ID, a device ID, and a login IP, and is also stored in association with the login time. It can be understood that the first login number refers to the number of times the registration ID logs in to the server within a preset time period, and the second login number refers to the number of times the device ID logs in to the server within a preset time period, and the third login number is the login IP address. The number of times the server was logged in during the preset time period. The preset time period in this embodiment may be a period of time from the time when the identity verification request is obtained or the current time of the system is reversed, and may be set to 1 day or 1 week.
S22.从第一登录次数、第二登录次数和第三登录次数中选取最大值作为历史登录次数。S22. Select a maximum value from the first login count, the second login count, and the third login count as the historical login count.
比如,注册ID、设备ID或登录IP对应的第一登录次数、第二登录次数和第三登录次数分别为3,5和8,则历史登录次数为历史登录次数对应的第三登录次数,即8次。For example, the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP are 3, 5, and 8, respectively, and the historical login number is the third login number corresponding to the historical login number, that is, 8 times.
为了对登录服务器的客户端做到全面防御,需要从三个角度考察客户端登录服务器的情况。如本例所示,该注册ID对应的第一登录次数只有3次,而该登录IP使用的登录IP已经被使用8次,出于安全考虑将该登录IP对应的第三登录次数确定为历史登录次数,以便于更好地实现对服务器的安全防御。通过多角度考察客户端登录服务器的情形,可以更加全面和有效地保护服务器中的信息安全。In order to fully defend the client of the login server, it is necessary to examine the situation of the client login server from three perspectives. As shown in this example, the first login number corresponding to the registration ID is only 3 times, and the login IP used by the login IP has been used 8 times. For security reasons, the third login number corresponding to the login IP is determined as history. The number of logins in order to better achieve security defense against the server. By examining the situation of the client login server from multiple perspectives, the information security in the server can be more comprehensively and effectively protected.
优选地,在步骤S22之后,即在从第一登录次数、第二登录次数和第三登录次数中选取最大值作为历史登录次数的步骤之后,该登录验证方法还包括:Preferably, after the step S22, that is, after the step of selecting the maximum value as the number of historical logins from the first number of logins, the second number of logins, and the third number of logins, the login verification method further includes:
S23.若历史登录次数未达到认证次数阈值,使第一登录次数、第二登录次数和第三登录次数对应的次数加1,并更新历史登录次数。S23. If the number of historical logins does not reach the authentication number threshold, the number of times corresponding to the first login number, the second login number, and the third login number is incremented by one, and the number of historical logins is updated.
可以理解地,服务器接到本次客户端发送的身份验证请求,也即客户端对应的注册ID、 设备ID和登录IP又登录一次,应给相应的第一登录次数、第二登录次数和第三登录次数加1,同时更新对应的历史登录次数。It can be understood that the server receives the authentication request sent by the client, that is, the registration ID, the device ID, and the login IP of the client are registered again, and the first login number, the second login number, and the corresponding number should be given. The number of three logins is increased by 1, and the corresponding number of historical logins is updated.
举例说明,若认证次数阈值为5,以下为服务器接收到三次身份验证请求后的历史登录次数的记录表格:For example, if the authentication threshold is 5, the following is a record table of the number of historical logins after the server receives three authentication requests:
  注册IDRegistration ID 设备IDDevice ID 登录IPLogin IP
身份验证请求1Authentication request 1 00 11 11
身份验证请求2Authentication request 2 11 11 00
身份验证请求3Authentication request 3 00 11 11
注册IDRegistration ID 设备IDDevice ID 登录IPLogin IP 历史登录次数Historical logins
11 33 22 33
此时,历史登录次数为3,未达到认证次数阈值5。因此,当服务器接收到四次身份验证请求后的历史登录次数的记录表格变更为:At this time, the number of historical logins is 3, and the number of authentication times threshold 5 is not reached. Therefore, when the server receives four authentication requests, the record of the number of historical logins is changed to:
Figure PCTCN2018081548-appb-000001
Figure PCTCN2018081548-appb-000001
注册IDRegistration ID 设备IDDevice ID 登录IPLogin IP 历史登录次数Historical logins
22 44 33 44
为了全面防御登录服务器的客户端,本实施例从注册ID、设备ID和登录IP的历史登录数据出发,综合考察客户端登录服务器的情况,可以更加全面和有效地保护服务器。并且,根据客户端登录服务器的身份验证请求及时更新历史登录次数,保持服务器数据的真实有效性。In order to fully protect the client of the login server, the present embodiment starts from the registration ID of the registration ID, the device ID, and the login IP, and comprehensively examines the situation of the client login server, so that the server can be more comprehensively and effectively protected. Moreover, the historical login number is updated in time according to the identity verification request of the client login server, and the true validity of the server data is maintained.
在一具体实施方式中,如图3所示,步骤S21之前,即在统计预设时间段内的历史登录数据的步骤之前,登录验证方法还包括如下步骤:In a specific embodiment, as shown in FIG. 3, before the step S21, that is, before the step of counting the historical login data in the preset time period, the login verification method further includes the following steps:
S70.统计REDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将第一登录次数、第二登录次数和第三登录次数分别作为对应的VALUE。S70. The historical login data stored in the RED-DATA database in the form of KEY-VALUE, the registration ID, the device ID, and the login IP are used as the KEY, and the first login number, the second login number, and the third login number are respectively used as the corresponding VALUE.
具体地,本实施例采用REDIS数据库存储历史登录数据。REDIS是一个高性能的KEY-VALUE数据库,对关系数据库起到很好的补充作用。REDIS中值的类型不仅限于字符串,还支持如下抽象数据类型:字符串列表、无序不重复的字符串集合、有序不重复的字符串集合键、值都为字符串的哈希表。值的类型决定了值本身支持的操作。REDIS支持不同无序、有序的列表,无序、有序的集合间的交集、并集等高级服务器端原子操作。Specifically, the embodiment uses the REDIS database to store historical login data. REDIS is a high-performance KEY-VALUE database that complements relational databases. The type of REDIS median is not limited to strings. It also supports the following abstract data types: string lists, unordered string collections, ordered non-repeating string collection keys, and hash tables with values as strings. The type of value determines the operations supported by the value itself. REDIS supports advanced unordered, ordered lists, unordered, ordered sets of intersections, unions, and other advanced server-side atomic operations.
于本实施例,EDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将第一登录次数、第二登录次数和第三登录次数分别作为对应的VALUE,如下表所示。In this embodiment, the historical login data stored in the KEY-VALUE format in the EDIS database has the registration ID, the device ID, and the login IP as the KEY, and the first login number, the second login number, and the third login number are respectively corresponding. VALUE, as shown in the following table.
注册IDRegistration ID 第一登录次数First logins
X1X1 55
设备IDDevice ID 第二登录次数Second login
00-01-6C-06-A6-2900-01-6C-06-A6-29 66
登录IPLogin IP 第三登录次数Third login count
183.53.240.209183.53.240.209 99
本实施中,通过KEY-VALUE形式存储身份验证请求中涉及到的注册ID、设备ID和登录IP的历史登录数据,简洁明了,利于服务器及时获取相应的登录信息。In this implementation, the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request are stored in the KEY-VALUE format, which is concise and clear, and facilitates the server to obtain the corresponding login information in time.
S80.获取系统当前时间与预设时间段之间的历史登录数据,采用KEY-VALUE查询方式分别获取与注册ID、设备ID或登录IP相对应的第一登录次数、第二登录次数和第三登录次数。S80. Obtain historical login data between the current time and the preset time period of the system, and use the KEY-VALUE query method to obtain the first login number, the second login number, and the third corresponding to the registration ID, the device ID, or the login IP respectively. The number of logins.
具体地,预设时间段是服务器指定的刷新数据,将有关数据清零的时间段。为了保持身份验证请求的时效性,服务器指定预设时间段对数据库存储的数据进行清零处理。于本实施例中,可以将KEY对应的数据设置预设时间端,比如24小时,则每24小时将KEY中的数据进行清零处理。Specifically, the preset time period is a time period in which the server specifies the refresh data and clears the relevant data. In order to maintain the timeliness of the authentication request, the server specifies a preset time period to clear the data stored in the database. In this embodiment, the data corresponding to the KEY can be set to a preset time end, for example, 24 hours, and the data in the KEY is cleared every 24 hours.
可以理解地,服务器根据KEY键存储的注册ID、设备ID或登录IP,可直接获取相对应存储的VALUE:第一登录次数、第二登录次数和第三登录次数对应的具体数值,简单快捷。It can be understood that, according to the registration ID, the device ID, or the login IP stored by the KEY key, the server can directly obtain the corresponding value of the corresponding stored VALUE: first login number, second login number, and third login number, which is simple and quick.
本实施例通过REDIS数据库,以KEY-VALUE形式存储身份验证请求中涉及到的注册ID、设备ID和登录IP的历史登录数据,简洁明了,利于服务器及时获取相应的登录信息;并且按预设时间段对数据库中的数据进行清零处理,有效保障身份验证请求的时效性。In this embodiment, the REDA database is used to store the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request in a KEY-VALUE format, which is concise and clear, and facilitates the server to obtain corresponding login information in time; and according to the preset time. The segment clears the data in the database to effectively guarantee the timeliness of the authentication request.
在一具体实施方式中,身份特征信息包括注册ID和客户验证码,如图4所示,步骤S20中,即若身份特征信息未通过身份验证,具体包括如下步骤:In an embodiment, the identity information includes a registration ID and a client verification code. As shown in FIG. 4, in step S20, if the identity feature information does not pass the identity verification, the method includes the following steps:
S24.基于注册ID,获取对应的服务器验证码。S24. Acquire a corresponding server verification code based on the registration ID.
具体地,注册ID是用户登录服务器时登记过的可唯一标识用户身份的信息,比如用户名、手机号和身份证号等。Specifically, the registration ID is information that can be uniquely identified when the user logs in to the server, such as a user name, a mobile phone number, and an ID number.
服务器验证码包括但不限于:在服务器中保存的与注册ID相对应的注册密码或者验证码等。The server verification code includes, but is not limited to, a registration password or a verification code corresponding to the registration ID held in the server.
服务器通过存储注册ID相应的服务器验证码,可用于对客户端发送的客户验证码进行对比,以判定客户端的对应的身份的真实性,从而确保服务器和客户端建立连接的安全性。By storing the server verification code corresponding to the registration ID, the server can be used to compare the client verification code sent by the client to determine the authenticity of the corresponding identity of the client, thereby ensuring the security of the connection between the server and the client.
S25.若验证服务器验证码和客户验证码匹配不一致,则身份特征信息未通过验证。S25. If the verification server verification code and the client verification code match inconsistency, the identity feature information fails to pass the verification.
可以理解地,若验证服务器验证码和客户验证码匹配不一致,服务器不能判定客户端的真实性,需要客户端做进一步或者重新进行身份验证,也即本次身份特征信息未通过验证。It can be understood that if the verification server verification code and the client verification code match inconsistency, the server cannot determine the authenticity of the client, and the client needs to perform further or re-authentication, that is, the identity feature information fails to pass the verification.
本实施例中通过注册ID和服务器验证码验证客户端的真实性,简单快捷,可靠性高。In this embodiment, the authenticity of the client is verified by the registration ID and the server verification code, which is simple, fast, and highly reliable.
本申请实施例提供的登录验证方法,通过同时获取与身份特征信息和终端识别信息相对应的历史登录次数,可以更真实全面地判定出来自客户端的恶意攻击;只有当历史登录次数达到认证次数阈值,才推送第二验证方式给客户端,可以获得良好的用户体验,尤其是对于信息输入较为不便的移动终端用户。The login verification method provided by the embodiment of the present invention can obtain a malicious attack from the client more completely and comprehensively by acquiring the historical login times corresponding to the identity feature information and the terminal identification information; only when the historical login times reach the authentication number threshold Only the second verification method is pushed to the client, and a good user experience can be obtained, especially for a mobile terminal user who is inconvenient to input information.
为了全面防御登录服务器的客户端,本实施例还从多角度综合考察客户端登录服务器的情况,可以更加全面和有效地保护服务器。并且,根据客户端登录服务器的身份验证请求及时更新历史登录次数,保持服务器数据的真实有效性。In order to comprehensively protect the client of the login server, this embodiment also comprehensively examines the situation of the client login server from multiple perspectives, and can more fully and effectively protect the server. Moreover, the historical login number is updated in time according to the identity verification request of the client login server, and the true validity of the server data is maintained.
本实施例通过REDIS数据库,以KEY-VALUE形式存储身份验证请求中涉及到的注册ID、设备ID和登录IP的历史登录数据,简洁明了,利于服务器及时获取相应的登录信息;并且,按预设时间段对数据库中的数据进行清零处理,有效保障身份验证请求的时效性。In this embodiment, the REDA database is used to store the registration ID, the device ID, and the historical login data of the login IP involved in the authentication request in a KEY-VALUE format, which is concise and clear, and facilitates the server to obtain corresponding login information in time; and, according to the preset The time period clears the data in the database to effectively guarantee the timeliness of the identity verification request.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence of the steps in the above embodiments does not mean that the order of execution is performed. The order of execution of each process should be determined by its function and internal logic, and should not be construed as limiting the implementation process of the embodiments of the present application.
实施例2Example 2
图5示出与实施例1中登录验证方法一一对应的登录验证装置的原理框图。如图5所示,该登录验证装置包括获取身份验证请求模块10,获取历史登录次数模块20,推送第二验证方式模块30和进行登录验证模块40。其中,获取身份验证请求模块10,获取历史登录次数模块20,推送第二验证方式模块30和进行登录验证模块40的实现功能与实施例中登录验证方法对应的步骤一一对应,为避免赘述,本实施例不一一详述。Fig. 5 is a block diagram showing the principle of the registration verification apparatus corresponding to the registration verification method in the first embodiment. As shown in FIG. 5, the login verification device includes an acquisition identity verification request module 10, a history registration number acquisition module 20, a second verification mode module 30, and a login verification module 40. The method of obtaining the authentication requesting module 10, obtaining the historical login number module 20, and pushing the second verification mode module 30 and performing the login verification module 40 correspond to the steps corresponding to the login verification method in the embodiment, in order to avoid redundancy, This embodiment will not be described in detail.
获取身份验证请求模块10,用于获取客户端发送的身份验证请求,身份验证请求包括身份特征信息和终端识别信息。The authentication request module 10 is configured to obtain an identity verification request sent by the client, where the identity verification request includes identity feature information and terminal identification information.
获取历史登录次数模块20,用于若身份特征信息未通过身份验证,则获取与身份特征信息和终端识别信息相对应的历史登录次数。The historical login number module 20 is configured to acquire the historical login times corresponding to the identity feature information and the terminal identification information if the identity feature information does not pass the identity verification.
推送第二验证方式模块30,用于若历史登录次数达到认证次数阈值,则推送第二验证方式给客户端。The second verification mode module 30 is configured to push the second verification mode to the client if the number of historical logins reaches the authentication threshold.
进行登录验证模块40,用于获取客户端基于第二验证方式输入的二次验证请求,并基于二次验证请求进行登录验证。The login verification module 40 is configured to obtain a secondary verification request input by the client according to the second verification mode, and perform login verification based on the secondary verification request.
优选地,登录验证装置还包括建立安全连接模块50。Preferably, the login verification device further includes establishing a secure connection module 50.
建立安全连接模块50,用于若身份特征信息通过身份验证,则通过身份验证请求,与客户端建立安全连接。The security connection module 50 is configured to establish a secure connection with the client through the identity verification request if the identity feature information is authenticated.
优选地,登录验证装置还包括重新发送身份验证请求模块60。Preferably, the login verification device further includes a resend identity verification request module 60.
重新发送身份验证请求模块60,用于若历史登录次数未达到认证次数阈值,则提示客户端重新发送身份验证请求。The re-send authentication request module 60 is configured to prompt the client to resend the identity verification request if the historical login number does not reach the authentication number threshold.
优选地,身份特征信息包括注册ID,终端识别信息包括设备ID和登录IP。Preferably, the identity feature information includes a registration ID, and the terminal identification information includes a device ID and a login IP.
获取历史登录次数模块20还包括统计历史登录数据单元21和选取历史登录次数单元22。The acquisition history login number module 20 further includes a statistical history login data unit 21 and a selection history login number unit 22.
统计历史登录数据单元21,用于统计预设时间段内的历史登录数据,分别获取与注册ID、设备ID或登录IP相对应的第一登录次数、第二登录次数和第三登录次数。The statistics history registration data unit 21 is configured to collect historical login data in a preset time period, and obtain a first login number, a second login number, and a third login number corresponding to the registration ID, the device ID, or the login IP, respectively.
选取历史登录次数单元22,用于从第一登录次数、第二登录次数和第三登录次数中选取最大值作为历史登录次数。The historical login number unit 22 is selected to select the maximum value from the first login number, the second login number, and the third login number as the historical login times.
优选地,获取历史登录次数模块20还包括更新历史登录次数单元23。Preferably, the acquisition history login count module 20 further includes an update history login count unit 23.
更新历史登录次数单元23,用于若历史登录次数未达到认证次数阈值,使第一登录次数、第二登录次数和第三登录次数对应的次数加1,并更新历史登录次数。The update history registration count unit 23 is configured to increase the number of times corresponding to the first login count, the second login count, and the third login count by 1 if the historical login count does not reach the authentication count threshold, and update the historical login count.
优选地,登录验证装置还包括统计历史登录数据模块70和获取历史登录数据模块80。Preferably, the login verification device further includes a statistical history login data module 70 and an acquisition history login data module 80.
统计历史登录数据模块70,用于统计REDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将第一登录次数、第二登录次数和第三登录次数分别作为对应的VALUE。The statistical history login data module 70 is configured to collect historical login data stored in the RED-DATA database in the form of KEY-VALUE, and use the registration ID, the device ID, and the login IP as the KEY, and the first login number, the second login number, and the third login. The number of times is taken as the corresponding VALUE.
获取历史登录数据模块80,用于获取系统当前时间与预设时间段之间的历史登录数据,采用KEY-VALUE查询方式分别获取与注册ID、设备ID或登录IP相对应的第一登录次数、第二登录次数和第三登录次数。The historical login data module 80 is configured to obtain historical login data between the current time and the preset time period of the system, and obtain a first login number corresponding to the registration ID, the device ID, or the login IP by using a KEY-VALUE query manner. The second login count and the third login count.
优选地,身份特征信息包括注册ID和客户验证码。Preferably, the identity feature information includes a registration ID and a client verification code.
获取历史登录次数模块20还包括获取服务器验证码单元24和未通过验证单元25。The acquisition history login number module 20 further includes an acquisition server verification code unit 24 and a failure verification unit 25.
获取服务器验证码单元24,用于基于注册ID,获取对应的服务器验证码。The server verification code unit 24 is configured to acquire a corresponding server verification code based on the registration ID.
未通过验证单元25,用于若验证服务器验证码和客户验证码匹配不一致,则身份特征信息未通过验证。If the verification server verification code and the client verification code match are inconsistent, the identity feature information fails to pass the verification.
实施例3Example 3
本实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质。该一个或多个存储有计算机可读指令的非易失性可读存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行实施例1中登录验证方法,为避免重复,这里不再赘述。或者,该计算机可读指令被处理器执行时实现实施例2中登录验证装置中各模块/单元的功能,为避免重复,这里不再赘述。This embodiment provides one or more non-volatile readable storage media having computer readable instructions stored thereon. The one or more non-volatile readable storage mediums storing computer readable instructions, when executed by one or more processors, causing one or more processors to perform the login verification method of Embodiment 1 To avoid repetition, we will not repeat them here. Alternatively, when the computer readable instructions are executed by the processor, the functions of the modules/units in the login verification apparatus in Embodiment 2 are implemented. To avoid repetition, details are not described herein again.
可以理解地,一个或多个存储有计算机可读指令的非易失性可读存储介质可以包括:能够携带所述计算机可读指令代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号和电信信号等。It will be understood that one or more non-volatile readable storage media storing computer readable instructions may comprise: any entity or device capable of carrying the computer readable instruction code, a recording medium, a USB flash drive, a mobile hard drive, Disk, optical disk, computer memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier signals, and telecommunications signals.
实施例4Example 4
图6是本申请一实施例提供的计算机设备的示意图。如图6所示,该实施例的计算机设备90包括:处理器91、存储器92以及存储在存储器92中并可在处理器91上运行的计算机可读指令93。处理器91执行计算机可读指令93时实现上述实施例1中登录验证方法的步骤,例如图1所示的步骤S10至S40。或者,处理器91执行计算机可读指令93时实现上述各装置实施例中各模块/单元的功能,例如图5所示获取身份验证请求模块10,获取历史登录次数模块20,推送第二验证方式模块30和进行登录验证模块40的功能。FIG. 6 is a schematic diagram of a computer device according to an embodiment of the present application. As shown in FIG. 6, computer device 90 of this embodiment includes a processor 91, a memory 92, and computer readable instructions 93 stored in memory 92 and executable on processor 91. The processor 91 executes the steps of the login verification method in the first embodiment, such as steps S10 to S40 shown in FIG. 1, when the computer readable instructions 93 are executed. Alternatively, when the processor 91 executes the computer readable instructions 93, the functions of the modules/units in the foregoing device embodiments are implemented. For example, the identity authentication request module 10 is obtained as shown in FIG. 5, the historical login number module 20 is acquired, and the second verification mode is pushed. The module 30 and the function of the login verification module 40 are performed.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单 元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。It will be apparent to those skilled in the art that, for convenience and brevity of description, only the division of each functional unit and module described above is exemplified. In practical applications, the above functions may be assigned to different functional units as needed. The module is completed by dividing the internal structure of the device into different functional units or modules to perform all or part of the functions described above.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制。尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The embodiments described above are only used to explain the technical solutions of the present application, and are not limited thereto. Although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that the technical solutions described in the foregoing embodiments may be modified or equivalently substituted for some of the technical features. Modifications or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and should be included in the scope of the present application.

Claims (20)

  1. 一种登录验证方法,其特征在于,包括:A login verification method, comprising:
    获取客户端发送的身份验证请求,所述身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
    若身份特征信息未通过身份验证,则获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数;Obtaining, according to the identity feature information, the number of historical logins corresponding to the identity feature information and the terminal identification information;
    若所述历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the number of authentication times, the second verification mode is pushed to the client;
    获取客户端基于所述第二验证方式输入的二次验证请求,并基于所述二次验证请求进行登录验证。Obtaining a secondary verification request input by the client based on the second verification manner, and performing login verification based on the secondary verification request.
  2. 如权利要求1所述的登录验证方法,其特征在于,在所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数的步骤之后,所述登录验证方法还包括:The login verification method according to claim 1, wherein after the step of acquiring the number of historical logins corresponding to the identity feature information and the terminal identification information, the login verification method further comprises:
    若所述历史登录次数未达到所述认证次数阈值,则提示客户端重新发送身份验证请求。If the number of historical logins does not reach the threshold of the number of authentication times, the client is prompted to resend the identity verification request.
  3. 如权利要求1所述的登录验证方法,其特征在于,所述身份特征信息包括注册ID,所述终端识别信息包括设备ID和登录IP;The login verification method according to claim 1, wherein the identity feature information comprises a registration ID, and the terminal identification information comprises a device ID and a login IP;
    所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数,包括:And obtaining the number of historical logins corresponding to the identity feature information and the terminal identification information, including:
    统计预设时间段内的历史登录数据,分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数;Counting the historical login data in the preset time period, respectively acquiring the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP;
    从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数。The maximum value is selected from the first login count, the second login count, and the third login count as the historical login count.
  4. 如权利要求3所述的登录验证方法,其特征在于,在所述从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数的步骤之后,该登录验证方法还包括:The login verification method according to claim 3, wherein the maximum value is selected from the first login count, the second login count, and the third login count as the historical login number After the step, the login verification method further includes:
    若所述历史登录次数未达到所述认证次数阈值,使所述第一登录次数、所述第二登录次数和所述第三登录次数对应的次数加1,并更新所述历史登录次数。If the number of historical logins does not reach the threshold for the number of authentication times, the number of times corresponding to the first number of logins, the second number of logins, and the third number of logins is increased by one, and the number of historical logins is updated.
  5. 如权利要求3所述的登录验证方法,其特征在于,在所述统计预设时间段内的历史登录数据的步骤之前,所述登录验证方法还包括:The login verification method according to claim 3, wherein before the step of the historical login data in the statistical preset time period, the login verification method further comprises:
    统计REDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将所述第一登录次数、所述第二登录次数和所述第三登录次数分别作为 对应的VALUE;The historical login data stored in the RED-VALUE database in the form of a KEY-VALUE is used, and the registration ID, the device ID, and the login IP are used as KEYs, and the first login number, the second login number, and the third login number are respectively taken as Corresponding VALUE;
    获取系统当前时间与预设时间段之间的历史登录数据,采用KEY-VALUE查询方式分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数。Acquiring the historical login data between the current time of the system and the preset time period, and acquiring the first login number and the second login corresponding to the registration ID, the device ID, or the login IP by using a KEY-VALUE query manner. The number of times and the third number of logins.
  6. 如权利要求1所述的登录验证方法,其特征在于,在所述获取客户端发送的身份验证请求的步骤之后,所述登录验证方法还包括:The login verification method according to claim 1, wherein after the step of acquiring the identity verification request sent by the client, the login verification method further comprises:
    若身份特征信息通过身份验证,则通过所述身份验证请求,与客户端建立安全连接。If the identity feature information is authenticated, a secure connection is established with the client through the identity verification request.
  7. 如权利要求1所述的登录验证方法,其特征在于,所述身份特征信息包括注册ID和客户验证码;The login verification method according to claim 1, wherein the identity feature information comprises a registration ID and a client verification code;
    所述若身份特征信息未通过身份验证,包括:If the identity feature information is not authenticated, the method includes:
    基于所述注册ID,获取对应的服务器验证码;Obtaining a corresponding server verification code based on the registration ID;
    若验证所述服务器验证码和所述客户验证码匹配不一致,则所述身份特征信息未通过验证。If it is verified that the server verification code and the client verification code match inconsistency, the identity feature information fails to pass the verification.
  8. 一种登录验证装置,其特征在于,包括:A login verification device, comprising:
    获取身份验证请求模块,用于获取客户端发送的身份验证请求,所述身份验证请求包括身份特征信息和终端识别信息;Obtaining an identity verification request module, configured to obtain an identity verification request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
    获取历史登录次数模块,用于若身份特征信息未通过身份验证,则获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数;Obtaining a historical login number module, configured to acquire a historical login number corresponding to the identity feature information and the terminal identification information if the identity feature information does not pass the identity verification;
    推送第二验证方式模块,用于若所述历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;Pushing the second verification mode module, if the number of historical logins reaches the authentication number threshold, pushing the second verification mode to the client;
    进行登录验证模块,用于获取客户端基于所述第二验证方式输入的二次验证请求,并基于所述二次验证请求进行登录验证。And performing a login verification module, configured to acquire a secondary verification request input by the client according to the second verification manner, and perform login verification based on the secondary verification request.
  9. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A computer device comprising a memory, a processor, and computer readable instructions stored in the memory and operative on the processor, wherein the processor executes the computer readable instructions as follows step:
    获取客户端发送的身份验证请求,所述身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
    若身份特征信息未通过身份验证,则获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数;Obtaining, according to the identity feature information, the number of historical logins corresponding to the identity feature information and the terminal identification information;
    若所述历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the number of authentication times, the second verification mode is pushed to the client;
    获取客户端基于所述第二验证方式输入的二次验证请求,并基于所述二次验证请求进行登录验证。Obtaining a secondary verification request input by the client based on the second verification manner, and performing login verification based on the secondary verification request.
  10. 如权利要求9所述的终端设备,其特征在于,在所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数的步骤之后,所述处理器执行所述计算机可读指令时还实现如下步骤:The terminal device according to claim 9, wherein said processor executes said computer readable after said step of acquiring a history registration number corresponding to said identity feature information and said terminal identification information The instructions also implement the following steps:
    若所述历史登录次数未达到所述认证次数阈值,则提示客户端重新发送身份验证请求。If the number of historical logins does not reach the threshold of the number of authentication times, the client is prompted to resend the identity verification request.
  11. 如权利要求9所述的终端设备,其特征在于,所述身份特征信息包括注册ID,所述终端识别信息包括设备ID和登录IP;The terminal device according to claim 9, wherein the identity feature information comprises a registration ID, and the terminal identification information comprises a device ID and a login IP;
    所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数,包括:And obtaining the number of historical logins corresponding to the identity feature information and the terminal identification information, including:
    统计预设时间段内的历史登录数据,分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数;Counting the historical login data in the preset time period, respectively acquiring the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP;
    从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数。The maximum value is selected from the first login count, the second login count, and the third login count as the historical login count.
  12. 如权利要求11所述的终端设备,其特征在于,在所述从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数的步骤之后,所述处理器执行所述计算机可读指令时还实现如下步骤:The terminal device according to claim 11, wherein the step of selecting the maximum value from the first number of logins, the second number of logins, and the third number of logins as the number of historical logins Thereafter, the processor further implements the following steps when the computer readable instructions are executed:
    若所述历史登录次数未达到所述认证次数阈值,使所述第一登录次数、所述第二登录次数和所述第三登录次数对应的次数加1,并更新所述历史登录次数。If the number of historical logins does not reach the threshold for the number of authentication times, the number of times corresponding to the first number of logins, the second number of logins, and the third number of logins is increased by one, and the number of historical logins is updated.
  13. 如权利要求11所述的终端设备,其特征在于,在所述统计预设时间段内的历史登录数据的步骤之前,所述处理器执行所述计算机可读指令时还实现如下步骤:The terminal device according to claim 11, wherein the processor further implements the following steps when the processor executes the computer readable instructions before the step of registering historical login data within the statistical preset time period:
    统计REDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将所述第一登录次数、所述第二登录次数和所述第三登录次数分别作为对应的VALUE;The historical login data stored in the RED-VALUE database in the form of a KEY-VALUE is used, and the registration ID, the device ID, and the login IP are used as KEYs, and the first login number, the second login number, and the third login number are respectively taken as Corresponding VALUE;
    获取系统当前时间与预设时间段之间的历史登录数据,采用KEY-VALUE查询方式分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数。Acquiring the historical login data between the current time of the system and the preset time period, and acquiring the first login number and the second login corresponding to the registration ID, the device ID, or the login IP by using a KEY-VALUE query manner. The number of times and the third number of logins.
  14. 如权利要求11所述的终端设备,其特征在于,在所述获取客户端发送的身份验证请求的步骤之后,所述处理器执行所述计算机可读指令时还实现如下步骤:The terminal device according to claim 11, wherein after the step of acquiring the identity verification request sent by the client, the processor further implements the following steps when the computer readable instruction is executed:
    若身份特征信息通过身份验证,则通过所述身份验证请求,与客户端建立安全连接。If the identity feature information is authenticated, a secure connection is established with the client through the identity verification request.
  15. 一个或多个存储有计算机可读指令的非易失性可读存储介质,其特征在于,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:One or more non-transitory readable storage mediums storing computer readable instructions, wherein when the computer readable instructions are executed by one or more processors, cause the one or more processors to execute The following steps:
    获取客户端发送的身份验证请求,所述身份验证请求包括身份特征信息和终端识别信息;Obtaining an authentication request sent by the client, where the identity verification request includes identity feature information and terminal identification information;
    若身份特征信息未通过身份验证,则获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数;Obtaining, according to the identity feature information, the number of historical logins corresponding to the identity feature information and the terminal identification information;
    若所述历史登录次数达到认证次数阈值,则推送第二验证方式给客户端;If the number of historical logins reaches the number of authentication times, the second verification mode is pushed to the client;
    获取客户端基于所述第二验证方式输入的二次验证请求,并基于所述二次验证请求进行登录验证。Obtaining a secondary verification request input by the client based on the second verification manner, and performing login verification based on the secondary verification request.
  16. 如权利要求15所述的非易失性可读存储介质,其特征在于,在所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数的步骤之后,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器还执行如下步骤:The non-volatile readable storage medium according to claim 15, wherein said computer is operable after said step of acquiring a history registration number corresponding to said identity feature information and said terminal identification information When the read instruction is executed by one or more processors, the one or more processors further perform the following steps:
    若所述历史登录次数未达到所述认证次数阈值,则提示客户端重新发送身份验证请求。If the number of historical logins does not reach the threshold of the number of authentication times, the client is prompted to resend the identity verification request.
  17. 如权利要求15所述的非易失性可读存储介质,其特征在于,所述身份特征信息包括注册ID,所述终端识别信息包括设备ID和登录IP;The non-volatile readable storage medium according to claim 15, wherein the identity feature information comprises a registration ID, and the terminal identification information comprises a device ID and a login IP;
    所述获取与所述身份特征信息和所述终端识别信息相对应的历史登录次数,包括:And obtaining the number of historical logins corresponding to the identity feature information and the terminal identification information, including:
    统计预设时间段内的历史登录数据,分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数;Counting the historical login data in the preset time period, respectively acquiring the first login number, the second login number, and the third login number corresponding to the registration ID, the device ID, or the login IP;
    从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数。The maximum value is selected from the first login count, the second login count, and the third login count as the historical login count.
  18. 如权利要求17所述的非易失性可读存储介质,其特征在于,在所述从所述第一登录次数、所述第二登录次数和所述第三登录次数中选取最大值作为所述历史登录次数的步骤之后,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器还执行如下步骤:The non-volatile readable storage medium according to claim 17, wherein said maximum value is selected as said from said first number of logins, said second number of logins, and said third number of logins After the step of recording the number of historical logins, the computer readable instructions are executed by one or more processors such that the one or more processors further perform the following steps:
    若所述历史登录次数未达到所述认证次数阈值,使所述第一登录次数、所述第二登录次数和所述第三登录次数对应的次数加1,并更新所述历史登录次数。If the number of historical logins does not reach the threshold for the number of authentication times, the number of times corresponding to the first number of logins, the second number of logins, and the third number of logins is increased by one, and the number of historical logins is updated.
  19. 如权利要求17所述的非易失性可读存储介质,其特征在于,在所述统计预设时间段内的历史登录数据的步骤之前,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器还执行如下步骤:A non-volatile readable storage medium as recited in claim 17, wherein said computer readable instructions are by one or more processors prior to said step of historically registering data within said statistical preset time period When executed, the one or more processors are further configured to perform the following steps:
    统计REDIS数据库中以KEY-VALUE形式存储的历史登录数据,将注册ID、设备ID和登录IP作为KEY,将所述第一登录次数、所述第二登录次数和所述第三登录次数分别作为对应的VALUE;The historical login data stored in the RED-VALUE database in the form of a KEY-VALUE is used, and the registration ID, the device ID, and the login IP are used as KEYs, and the first login number, the second login number, and the third login number are respectively taken as Corresponding VALUE;
    获取系统当前时间与预设时间段之间的历史登录数据,采用KEY-VALUE查询方式分别获取与所述注册ID、所述设备ID或所述登录IP相对应的第一登录次数、第二登录次数和第三登录次数。Acquiring the historical login data between the current time of the system and the preset time period, and acquiring the first login number and the second login corresponding to the registration ID, the device ID, or the login IP by using a KEY-VALUE query manner. The number of times and the third number of logins.
  20. 如权利要求15所述的非易失性可读存储介质,其特征在于,在所述获取客户端发送的身份验证请求的步骤之后,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器还执行如下步骤:A non-volatile readable storage medium as recited in claim 15, wherein said computer readable instructions are executed by one or more processors after said step of obtaining an authentication request sent by a client Having the one or more processors further perform the following steps:
    若身份特征信息通过身份验证,则通过所述身份验证请求,与客户端建立安全连接。If the identity feature information is authenticated, a secure connection is established with the client through the identity verification request.
PCT/CN2018/081548 2018-02-27 2018-04-02 Login verification method and apparatus, computer device, and storage medium WO2019165675A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810163982.4A CN108462704B (en) 2018-02-27 2018-02-27 Login validation method, device, computer equipment and storage medium
CN201810163982.4 2018-02-27

Publications (1)

Publication Number Publication Date
WO2019165675A1 true WO2019165675A1 (en) 2019-09-06

Family

ID=63216595

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/081548 WO2019165675A1 (en) 2018-02-27 2018-04-02 Login verification method and apparatus, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN108462704B (en)
WO (1) WO2019165675A1 (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900557B (en) * 2018-09-12 2023-09-22 国际商业机器(中国)投资有限公司 Login method and system
CN109617901A (en) * 2018-12-29 2019-04-12 上海点融信息科技有限责任公司 Determine the method and device thereof of white list
CN109815669A (en) * 2019-01-14 2019-05-28 平安科技(深圳)有限公司 Authentication method and server based on recognition of face
CN110322250A (en) * 2019-05-22 2019-10-11 深圳壹账通智能科技有限公司 The recognition methods of inactive users courses of action, device, equipment and storage medium
CN110276183B (en) * 2019-06-19 2020-11-03 同盾控股有限公司 Reverse Turing verification method and device, storage medium and electronic equipment
CN110753036B (en) * 2019-09-27 2022-04-22 苏州浪潮智能科技有限公司 Method and system for client quick authentication under CS framework
CN111010675B (en) * 2019-10-16 2022-06-24 平安科技(深圳)有限公司 Information verification method and device, computer equipment and storage medium
CN110781466A (en) * 2019-10-22 2020-02-11 京信通信系统(中国)有限公司 Equipment safety management method and device, computer equipment and storage medium
CN114207612A (en) * 2019-11-02 2022-03-18 游戏橘子数位科技股份有限公司 Method for forcibly changing password
CN111062010B (en) * 2019-11-08 2022-04-22 支付宝(杭州)信息技术有限公司 Identity verification method, device and equipment
CN111181927B (en) * 2019-12-13 2021-12-28 福建天泉教育科技有限公司 Login method and server
CN111241139B (en) * 2020-01-15 2022-09-30 深圳平安医疗健康科技服务有限公司 Data statistical method, device, computer equipment and storage medium
CN113806712A (en) * 2020-06-11 2021-12-17 马上消费金融股份有限公司 Authentication processing method, processing device and computer readable storage medium
CN112613020B (en) * 2020-12-31 2024-05-28 中国农业银行股份有限公司 Identity verification method and device
CN113099453A (en) * 2021-03-30 2021-07-09 厦门理工学院 Authentication method, device and equipment for access server and readable storage medium
CN113965345A (en) * 2021-09-08 2022-01-21 福建库克智能科技有限公司 Identity recognition method and device, electronic equipment and storage medium
CN114745360B (en) * 2022-03-28 2023-10-17 慧之安信息技术股份有限公司 Online registration method based on open source protocol stack eXosip
CN114978749B (en) * 2022-06-14 2023-10-10 中国电信股份有限公司 Login authentication method and system, storage medium and electronic equipment
CN117353951A (en) * 2022-06-27 2024-01-05 中国电信股份有限公司 Authentication method, system, equipment and storage medium based on local number login
CN115766164A (en) * 2022-11-08 2023-03-07 云南电网有限责任公司信息中心 Unified authentication management's automation instrument sharing platform
CN116029811B (en) * 2022-12-23 2023-09-15 杭州快付连接科技有限公司 Bank marketing business digital management system, intelligent equipment and storage medium
CN116028909B (en) * 2023-02-24 2023-12-19 深圳市赛柏特通信技术有限公司 Security office control method, system and medium
CN116318914A (en) * 2023-03-01 2023-06-23 华能信息技术有限公司 Security policy matching authentication method and system
CN116094848B (en) * 2023-04-11 2023-06-27 中国工商银行股份有限公司 Access control method, device, computer equipment and storage medium
CN116800544B (en) * 2023-08-21 2023-11-24 成都数智创新精益科技有限公司 User authentication method, system and device and medium
CN117118749A (en) * 2023-10-20 2023-11-24 天津奥特拉网络科技有限公司 Personal communication network-based identity verification system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system
US20150089621A1 (en) * 2013-09-24 2015-03-26 Cellco Partnership (D/B/A Verizon Wireless) Secure login for subscriber devices
CN104539604A (en) * 2014-12-23 2015-04-22 北京奇虎科技有限公司 Website protection method and device
CN105654303A (en) * 2015-12-31 2016-06-08 拉扎斯网络科技(上海)有限公司 High-risk user recognition method and device
US9514294B1 (en) * 2015-11-12 2016-12-06 International Business Machines Corporation Accessing a computing resource
CN107438049A (en) * 2016-05-25 2017-12-05 百度在线网络技术(北京)有限公司 A kind of malice logs in recognition methods and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089621A1 (en) * 2013-09-24 2015-03-26 Cellco Partnership (D/B/A Verizon Wireless) Secure login for subscriber devices
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system
CN104539604A (en) * 2014-12-23 2015-04-22 北京奇虎科技有限公司 Website protection method and device
US9514294B1 (en) * 2015-11-12 2016-12-06 International Business Machines Corporation Accessing a computing resource
CN105654303A (en) * 2015-12-31 2016-06-08 拉扎斯网络科技(上海)有限公司 High-risk user recognition method and device
CN107438049A (en) * 2016-05-25 2017-12-05 百度在线网络技术(北京)有限公司 A kind of malice logs in recognition methods and device

Also Published As

Publication number Publication date
CN108462704B (en) 2019-08-06
CN108462704A (en) 2018-08-28

Similar Documents

Publication Publication Date Title
WO2019165675A1 (en) Login verification method and apparatus, computer device, and storage medium
US11790077B2 (en) Methods, mediums, and systems for establishing and using security questions
ES2818199T3 (en) Security verification method based on a biometric characteristic, a client terminal and a server
CN106656907B (en) Method, device, terminal equipment and system for authentication
CN105409186B (en) system and method for user authentication
US10574648B2 (en) Methods and systems for user authentication
US20170257363A1 (en) Secure mobile device two-factor authentication
US10541991B2 (en) Method for OAuth service through blockchain network, and terminal and server using the same
US20190305955A1 (en) Push notification authentication
US9246686B1 (en) Salt value service
US11563724B1 (en) System and method for allowing access to an application or features thereof on each of one or more user devices
US9871805B2 (en) User authentication
US20090217366A1 (en) Method For Implementing Unified Authentication
US20180173891A1 (en) Provision of risk information associated with compromised accounts
US10904233B2 (en) Protection from data security threats
CN107222477B (en) A kind of equipment access identification Verification System and method
US9065655B2 (en) Secure password management systems, methods and apparatuses
US20130133053A1 (en) Methods for enhancing password authentication and devices thereof
US10389693B2 (en) Keys for encrypted disk partitions
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
EP3782062B1 (en) Password reset for multi-domain environment
WO2018024176A1 (en) Device and method preventing repeated logins of same user
WO2019165667A1 (en) Account migration method, apparatus, terminal device, and storage medium
US9258118B1 (en) Decentralized verification in a distributed system
CN111918287A (en) Information processing method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18908088

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07.12.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18908088

Country of ref document: EP

Kind code of ref document: A1