CN103312674B - A kind of Website logging method and device - Google Patents
A kind of Website logging method and device Download PDFInfo
- Publication number
- CN103312674B CN103312674B CN201210065446.3A CN201210065446A CN103312674B CN 103312674 B CN103312674 B CN 103312674B CN 201210065446 A CN201210065446 A CN 201210065446A CN 103312674 B CN103312674 B CN 103312674B
- Authority
- CN
- China
- Prior art keywords
- algorithm
- authentication
- authentication pattern
- user
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a kind of Website logging method and device, in order to solve the lower problem of the security of Website login in prior art. the authentication pattern algorithm of the method client based on carrying in login page, processes the authentication information of user's input, obtains the authentication pattern that this authentication information is corresponding and shows. pass through said method, user at every turn in the login page of legitimate site when correct input authentication information shown authentication pattern be changeless, and because fishing website is difficult to obtain the authentication pattern algorithm in the login page of legitimate site, even if therefore user has correctly inputted authentication information in the login page of fishing website, the authentication pattern of its demonstration and login when legitimate site shown authentication pattern compare also have obviously different, even can not show authentication pattern, therefore user can accurately identify fishing website according to authentication pattern intuitively, reduce the risk that authentication information is stolen by fishing website, improve the security of Website login.
Description
Technical field
The application relates to communication technical field, relates in particular to a kind of Website logging method and device.
Background technology
Along with the development of Internet technology, the service that network can provide is also more and more, as for carryingThe microblogging of supply Information Sharing, propagating and obtain, the shopping online of the shopping way that facilitates, silver facilitatesThe services such as the Net silver of row account management, recognize by input exactly and user obtains first step of these servicesCard information, logins corresponding website.
Fig. 1 is website log process of the prior art, specifically comprises the following steps:
S101: the login page that client Website server pushes.
Wherein, client can be the browser of webpage. This website can be microblogging website, shopping website,The website that Net silver website etc. needs user's input authentication information to login.
S102: the authentication information that user is inputted in this login page returns to Website server to be recognizedCard.
User, after the input authentication information of the relevant position of login page, can pass through to click " login " button,Instruction client returns to Website server by the authentication information of input and authenticates, and wherein, authentication information canThink username and password.
S103: client Website server certification by after the certification returned by information, andWebsite login.
Website server receives after authentication information, this authentication information authenticated, and in the time that certification is passed through,By information, allow client Website login to client return authentication.
But, exist much for stealing the Fishing net of user authentication information (as username and password) at presentStand, the page of fishing website is general identical with the page of legitimate site, and user is only difficult to divide from content of pagesWhether discern a website is fishing website. If the authentication information of oneself is input to fishing website by user's mistakeThe page in, and click " login " button, user's authentication information can be sent to the clothes of fishing websiteBusiness device on and go on record, cause leaking of authentication information.
In the prior art, prevent that the method that user's authentication information is stolen by fishing website from mainly containing following severalKind:
The first, whether user identifies a website by the URL of identification website is fishing website. ButThat the general also URL of counterfeit legitimate site of URL of fishing website, for example, by the URL of legitimate siteIn letter " I " replace by numeral " 1 ", or by digital " 0 " replacement for letter " O ", therefore onlyBy visually observing the URL of website, be also difficult to differentiate whether website is fishing website.
The second, whether user identifies a website by the certificate of legitimate site is fishing website. HaveThe URL of the legitimate site of certificate is generally taking https as beginning, and there is no the URL of the website of certificateTaking http as beginning. And client, in the time that demonstration has the page of legitimate site of certificate, can showThe certificate icon that can click, user clicks after this certificate icon, can check certificate information. But, due toThe content of pages of fishing website and URL, with content of pages and the URL of legitimate site be essentially identical,User is also difficult for discovering and does not have the fishing website of certificate and the difference of legitimate site, and therefore the method still veryDifficult legitimate site and the fishing website differentiated.
The third, by client or the built-in fishing website blacklist of other fail-safe softwares, carry out automatic shieldThe page of fishing website server push. The method rises for the Fishing net standing-meeting in being put on the blacklistTo good effect, but helpless for the fishing website in emerging not being put on the blacklist.
Therefore, in prior art, when user's Website login, can accurately not identify fishing website, leadThe risk that the authentication information at family of applying is stolen by fishing website is higher, has reduced the security of Website login.
Summary of the invention
The embodiment of the present application provides a kind of Website logging method and device, logins net in order to solve in prior artThe lower problem of security of standing.
A kind of Website logging method that the embodiment of the present application provides, comprising:
The login page that client Website server pushes, wherein, carries certification in described login pagePattern algorithm; And
Authentication pattern algorithm based on carrying in described login page, inputs in described login page userAuthentication information process, obtain the authentication pattern corresponding to described authentication information of user input; And
Show the described authentication pattern obtaining.
A kind of Website logging method that the embodiment of the present application provides, comprising:
Website server carries the login page of authentication pattern algorithm to client push; And
Receive the authentication information that user that described client returns inputs in described login page, wherein, instituteStating the described authentication information that client returns to described user input to described Website server is receivingState after login page, the authentication pattern algorithm based on carrying in described login page, to user in described loginThe authentication information of inputting in the page is processed, and obtains and show the described authentication information that user inputs correspondingAuthentication pattern, and return after described user confirms described authentication pattern; And
The described authentication information receiving is authenticated, carry out corresponding operating according to authentication result.
A kind of website log device that the embodiment of the present application provides, comprising:
Receiver module, the login page pushing for receiving Website server, wherein, in described login pageCarry authentication pattern algorithm;
Determination module, for the authentication pattern algorithm carrying based on described login page, to user describedThe authentication information of inputting in login page is processed, and obtains corresponding the recognizing of described authentication information of user's inputCard figure;
Display module, for showing the described authentication pattern obtaining.
A kind of Website server that the embodiment of the present application provides, comprising:
Pushing module, for carrying the login page of authentication pattern algorithm to client push;
Receiver module, the certification of inputting at described login page for receiving user that described client returnsInformation, wherein, described client is returned to the described authentication information of described user's input to described Website serverBe to receive after described login page, the authentication pattern algorithm based on carrying in described login page, to usingThe authentication information that family is inputted in described login page is processed, obtain and show that user inputs described in recognizeThe authentication pattern that card information is corresponding, and return after described user confirms described authentication pattern;
Authentication module, for the described authentication information receiving is authenticated, carries out phase according to authentication resultShould operate.
The embodiment of the present application provides a kind of Website logging method and device, and the method client is based on login pageIn the authentication pattern algorithm that carries, the authentication information that user is inputted in login page is processed, and obtainsThe authentication pattern that this authentication information is corresponding also shows. By said method, user is stepping in legitimate site at every turnIn the record page, when correct input authentication information, the shown authentication pattern of client is changeless, and byBe difficult to obtain the authentication pattern algorithm in the login page of legitimate site in fishing website, even if therefore user existsIn the login page of fishing website, correctly input authentication information, the authentication pattern of its demonstration and the legal net of loginWhile station, shown authentication pattern is compared and is also had obvious difference, even can not show authentication pattern, therefore usesFishing website can accurately be identified according to authentication pattern intuitively in family, has reduced authentication information and has been stolen by fishing websiteThe risk of getting, the security that has improved Website login.
Brief description of the drawings
Fig. 1 is website log process of the prior art;
The website log process that Fig. 2 A provides for the embodiment of the present application;
What Fig. 2 B provided for the embodiment of the present application take authentication information as example as username and password, login pageThe viewing area schematic diagram of middle authentication information and setting;
The client that Fig. 3 provides for the embodiment of the present application is determined the process of the shape of the authentication pattern that will show;
The client that Fig. 4 provides for the embodiment of the present application is determined the shape schematic diagram of authentication pattern;
The client that Fig. 5 provides for the embodiment of the present application is determined the process of the color of the authentication pattern that will show;
The website log apparatus structure schematic diagram that Fig. 6 provides for the embodiment of the present application;
The Website server structural representation that Fig. 7 provides for the embodiment of the present application.
Detailed description of the invention
The embodiment of the present application user is after input authentication information, and client can show the certification for user's inputThe authentication pattern that information is corresponding, because each user's authentication information is different, therefore defeated according to userThe authentication information entering determine and the authentication pattern that shows also different, and authentication pattern is to scheme intuitivelyShape, also can cause the concern that user is larger. And fishing website is difficult to obtain correct authentication pattern algorithm, noCan demonstrate correct authentication pattern, the authentication pattern of its demonstration and legal according to the authentication information of user's inputThe authentication pattern that website shows has obvious difference, even can not show authentication pattern, if therefore userLogined fishing website, after input authentication information, the authentication pattern that can find intuitively its demonstration compare withThe authentication pattern showing during toward login legitimate site has very big-difference, or does not show authentication pattern, therebyCan know accordingly that current site is fishing website, also just can not click " login " button, instruction clientAuthentication information is sent on the server of fishing website, reduced the risk that authentication information is stolen, improveThe security of Website login.
Below in conjunction with Figure of description, the embodiment of the present application is described in detail.
Fig. 2 A is the website log process that the embodiment of the present application provides, and specifically comprises the following steps:
S201: the login page that client Website server pushes, wherein, carries in this login pageAuthentication pattern algorithm.
In the embodiment of the present application, Website server carries certification figure in the login page of client pushShape algorithm, this authentication pattern algorithm is the authentication information of inputting taking user as input parameter, taking figure as defeatedThe algorithm going out. Can be by embed the mode of javascript, flash or safe control in login page,This authentication pattern algorithm is carried in login page. And, in order further to ensure this authentication pattern algorithmBe not stolen, can also adopt the encryption method of setting to be encrypted this authentication pattern algorithm, then takeBand is in login page.
S202: the authentication pattern algorithm based on carrying in login page, user is inputted in login pageAuthentication information is processed, and obtains the authentication pattern corresponding to this authentication information of user's input.
In the embodiment of the present application, first client obtains the authentication pattern algorithm carrying in login page, asThis authentication pattern algorithm of fruit is the authentication pattern algorithm after encryption, adopts corresponding decryption methodAuthentication pattern algorithm is decrypted, obtains this authentication pattern algorithm.
And client shows that after login page, user can be at the relevant position of this login page input authenticationInformation, this authentication information can be for example username and password. Therefore client can be inputted according to userAuthentication information, adopts the authentication pattern algorithm obtaining, and determines corresponding the recognizing of authentication information of the current input of userCard figure. Also, be that input parameter is input in authentication pattern algorithm by the authentication information of user's input,Be exactly the authentication pattern corresponding to authentication information of user's input to the figure of output.
S203: show the authentication pattern obtaining.
In the embodiment of the present application, client is determined after authentication pattern, in predefined viewing area, will determineAuthentication pattern show so that whether user can identify current login page for angling according to authentication patternThe login page at fishnet station, as shown in Figure 2 B.
What Fig. 2 B provided for the embodiment of the present application take authentication information as example as username and password, login pageThe viewing area schematic diagram of middle authentication information and setting, in Fig. 2 B, for showing establishing in advance of authentication patternFixed viewing area is positioned at the right side, viewing area of password.
Wherein, in step S202 and S203, client can according to user when the input authentication information byThe character of individual input, determines and shows the authentication pattern corresponding to character of current input. Taking authentication information as useName in an account book and password are example, suppose user's user ABC by name, and password is 123456, and user is in inputWhen user name, it is generally each character of inputting one by one username and password. Suppose that active user is defeatedAB in access customer name, not yet inputs C and password in user name, and now client can be according to thisThe character AB that user has inputted, and authentication pattern algorithm, determine the character that now user has inputtedCorresponding authentication pattern also shows. If active user has inputted user name ABC, and input closeIn code 12, not yet inputs 3456 in password, the character ABC that client has been inputted according to this userWith 12, and authentication pattern algorithm, determine that authentication pattern corresponding to character that now user has inputted also showsShow. When complete input of user after user name ABC and password 123456, can be according to userComplete authentication information and the authentication pattern algorithm of input, determine corresponding authentication pattern and show.
By said method, user at every turn in the login page of legitimate site when correct input authentication information,Because authentication information is constant, authentication pattern algorithm is also constant, the therefore shown certification of clientFigure is changeless, and because fishing website is difficult to obtain the certification figure in the login page of legitimate siteShape algorithm, even if therefore user has correctly inputted authentication information, its correspondence in the login page of fishing websiteAuthentication pattern and login when legitimate site shown authentication pattern compare and have obviously differently, even can notShow authentication pattern, thereby user can accurately identify fishing website according to authentication pattern intuitively.
When having inputted after authentication information, if the authentication pattern that client shows shows during with Website login in the pastAuthentication pattern identical, by click " login " button indicate client authentication information is sent to websiteServer carries out follow-up certification login. If the authentication pattern that client shows is compared Website login in the pastTime show authentication pattern there is variation, illustrate that current page may be the login page of fishing website,User just can not click " login " button yet, and authentication information is sent to fishing website service by instruction clientDevice, has therefore reduced the risk that authentication information is stolen by fishing website, the security that has improved Website login.
In the embodiment of the present application, authentication pattern algorithm comprises for determining the authentication pattern shape that will showShape algorithm, and for determining the color algorithm of the authentication pattern color that will show. Certainly, also can be onlyComprise one wherein. In the step S202 shown in Fig. 2 A, client can be based on this authentication patternAlgorithm, shape and the color of definite authentication pattern that will show, as shown in Figure 3 and Figure 5.
The client that Fig. 3 provides for the embodiment of the present application is determined the process of the shape of the authentication pattern that will show,Specifically comprise the following steps:
S301: the character string mapping algorithm of client based on comprising in authentication pattern algorithm, user is being loginedThe authentication information of inputting in the page is mapped to character string.
Wherein, this character string mapping algorithm comprises hash algorithm. Hash algorithm can reflect any authentication informationPenetrating is the character string of a regular length, for example, any authentication information can be mapped as to the word of 16 charactersSymbol string.
S302: the shape algorithm based on comprising in authentication pattern algorithm, each to being positioned in the character string being mapped toCharacter on the first desired location is processed, and obtains the shape of the authentication pattern that will show.
Continue along using example, suppose that the character string that the authentication information of user's input is mapped to 16 characters is:12345ABCDE6F7G8H, each the first desired location is front 10 characters in 16 character strings,Client is based on shape algorithm, to front 10 characters: 12345ABCDE processes, and determines and will showThe shape of authentication pattern.
Wherein, shape algorithm can for set arbitrary shape algorithm, below the embodiment of the present application with a toolThe shape algorithm of body is that example describes. Client is according to this shape algorithm comprising in authentication pattern algorithm,In the viewing area at the demonstration authentication pattern place of setting, set up coordinate system, and determine the character string being mapped toIn be arranged in character on each the first desired location coordinate at this coordinate system, set according to determine each firstThe coordinate of locational character in this coordinate system determined the shape of the figure that will show.
For example, can be that initial point is set up rectangular coordinate system in the Zhong Yi lower left corner, viewing area of setting, as Fig. 4Shown in. The client that Fig. 4 provides for the embodiment of the present application is determined the shape schematic diagram of authentication pattern, at Fig. 4In, client, according to shape algorithm, is set up rectangular coordinate system taking the lower left corner of viewing area as initial point, indulges and sitsThe sequence sequence number of the character on each the first desired location of target numeric representation, the numeric representation of abscissa is mapped toCharacter string in each character that may comprise, as numeral 0~9 and alphabetical A~Z etc., in Fig. 4 withThe numerical value of abscissa is from 1~10 corresponding numeral 0~9 respectively, numerical value from 11~36 respectively corresponding alphabetical A~Z beExample describes.
The character being positioned in above example on each the first desired location is that 12345ABCDE is example. First characterSymbol is numeral 1, and its corresponding ordinate is 1, and abscissa is also 1, the seat that it is corresponding in this coordinate systemMark is (1,1). Second character is numeral 2, and its corresponding ordinate is 2, and abscissa is also 2,Its coordinate corresponding in this coordinate system is (2,2), and by that analogy, the coordinate of the 3rd character 3 is (3,3),The coordinate of the 4th character 4 is (4,4), and the coordinate of the 5th character 5 is (5,5), the 6th character ACoordinate be (11,6), the coordinate of the 7th character B is (12,7), the coordinate of the 8th character C is (13,8),The coordinate of the 9th character D is (14,9), and the coordinate of the tenth character E is (15,10). In Fig. 4 instituteIn the coordinate system showing, determined after these ten coordinates, by order from left to right, be also abscissa from small to largeOrder, connect successively this ten coordinate points. Crossing the coordinate points of abscissa minimum, is also first character 1Coordinate (1,1) point do vertical line to axis of abscissas, cross the coordinate points of abscissa maximum, also i.e. the tenth characterThe coordinate (15,10) of E does vertical line to axis of abscissas. Now, the folding of axis of abscissas, ten coordinate points of connectionLine, and two vertical lines making have just surrounded a closed figure, the shape of this closed figure is reallyThe shape of the fixed authentication pattern that will show.
Certainly, also can adopt additive method to determine the shape of authentication pattern, for example in coordinate system according to positionThe coordinate of the character on each the first desired location is determined histogram, the shape using this histogram as authentication patternShape.
The client that Fig. 5 provides for the embodiment of the present application is determined the process of the color of the authentication pattern that will show,Specifically comprise the following steps:
S501: the character string mapping algorithm of client based on comprising in authentication pattern algorithm, user is being loginedThe authentication information of inputting in the page is mapped to character string.
Wherein, this character string mapping algorithm comprises hash algorithm. Same, in the color of determining authentication patternTime, also authentication information to be mapped as to the character string of a regular length, for example authentication information is mapped as to 16The character string of individual character.
S502: the color algorithm based on comprising in authentication pattern algorithm, each by being positioned in the character string being mapped toCharacter on the second desired location is processed, and obtains the color of the authentication pattern that will show.
Still taking the character string that the authentication information of user input is mapped to 16 characters as:12345ABCDE6F7G8H is that example describes, and supposes that each the second desired location is in 16 character stringsRear 6 characters, client is based on color algorithm, to rear 6 characters: 6F7G8H processes, reallyThe color of the authentication pattern that surely will show.
Wherein, color algorithm can for set random color algorithm, below the embodiment of the present application with a toolThe color algorithm of body is that example describes. The color algorithm of client based on comprising in authentication pattern algorithm, rootAccording to the character code that is positioned at the character on each the second desired location in the character string being mapped to, determine and will show respectivelyThe color pixel value of the authentication pattern showing on the each basic color of setting, and according to definite respectively colorPixel value, the color of definite authentication pattern that will show.
Because the color of image is generally by the three primary colors with different color pixel value: red, green, blue stackForm, therefore describe as red, green, blue as example taking the each basic color of setting below. Suppose to reflectThe character being positioned in the character string of penetrating on each the second desired location is 6F7G8H, can determine each positionThe character code of the character on the second desired location, this character code is specifically as follows ASC coding. PinTo redness, can be according to this color algorithm, by the first character 6 and being positioned on each the second desired locationThe ASC coding of two character F carries out computing, for example, get the mean value of the ASC coding of the two, and institute obtainsResult as red color pixel value. Accordingly, for green, by the 3rd character 7 and the 4thThe ASC coding of character G is averaged computing, and the result obtaining is as green color pixel value.For blueness, the ASC coding of the 5th character 8 and the 6th character H is averaged to computing, instituteThe result obtaining is as blue color pixel value. Finally, by determine have corresponding color pixel value red,Green, indigo plant superposes, and the color obtaining is the color of definite authentication pattern that will show.
Certainly, can also adopt other color algorithms to determine the color of authentication pattern.
The authentication information that in the embodiment of the present application, client is inputted according to user, and wrap in authentication pattern algorithmThe shape algorithm containing and color algorithm have been determined after the shape and color of the authentication pattern that will show, are settingViewing area in show the authentication pattern of respective shapes and color. Thereby can find out, due to fishing websiteBe difficult to get correct authentication pattern algorithm, therefore the shown authentication pattern of the login page of fishing websiteCompared with the authentication pattern of legitimate site, no matter be shape, or color, all can there is larger difference, veryTo showing authentication pattern, whether user can angle according to authentication pattern identification current page intuitivelyThe page at fishnet station.
In addition, in authentication pattern algorithm, also can only comprise shape algorithm, the certification figure that now client showsShape is respective shapes, and the color authentication pattern that is default color. When only comprising face in authentication pattern algorithmWhen look algorithm, the authentication pattern that client shows is respective color, and is shaped as the certification figure of default shapeShape.
Meanwhile, in the embodiment of the present application, in order further to improve the security of Website login, to userWhen the authentication information of inputting in login page is processed, can also be by the URL of this login page, andThe authentication information that user inputs in this login page combines, and redefines as this user is at login pageThe authentication information of middle input, and the authentication information that the user who redefines is inputted in this login page carries outProcess. For example, suppose the user ABC by name of user's input, password is 123456, the URL of login pageFor IOXX, can be by the URL of login page, and the authentication information of user's input is combined asIOXXABC123456, and the authentication information of the input using this IOXXABC123456 of combination as userCarry out subsequent treatment, be also mapped as the character string of regular length by this IOXXABC123456, and according toThe character string of mapping is determined shape and the color of authentication pattern.
By said method, even if the authentication pattern algorithm carrying in the login page of legitimate site is by Fishing netSteal at station, but the URL of the login page of fishing website and the URL of legitimate site can not be in full accord,Even if therefore user has inputted authentication information in the login page of fishing website, the log in page of this fishing websiteThe authentication pattern that face shows also can from login when legitimate site shown authentication pattern have obviously different. ContinueAlong using example, the URL that supposes the login page of fishing website is that I0XX is (by the login page of legitimate siteIn " O " use " 0 " replace), after user's input authentication information, the login page of this fishing website isThe authentication pattern showing is eventually the authentication pattern that I0XXABC123456 is corresponding, instead ofThe authentication pattern that IOXXABC123456 is corresponding, the two is compared and has notable difference.
Certainly, the above-mentioned authentication information by the URL of login page and user's input combines, again trueWhile determining the authentication information of user's input, the authentication information of the URL of login page and user's input can be enteredRow any combination, the combination of upper example is to say as an example of the URL+ user name+password of login page exampleBright, can be also the URL+ password of user name+login page, or user name+password+login pageOther combinations such as URL.
The embodiment of the present application also provides another kind of Website logging method, is specially: Website server is to clientEnd pushes the login page that carries authentication pattern algorithm; Receive user that this client returns at this login pageThe authentication information of middle input, wherein, the authentication information that client is returned to this user's input to Website server isReceiving after login page, the authentication pattern algorithm based on carrying in login page, to user in log in pageThe authentication information of inputting in face is processed, and obtains and show certification figure corresponding to authentication information that user inputsShape is returned after user confirms this authentication pattern; The described authentication information receiving is authenticated to rootCarry out corresponding operating according to authentication result. Also, if certification is passed through, allow client Website login, otherwiseDo not allow client Website login.
Fig. 6 is the website log apparatus structure schematic diagram that the embodiment of the present application provides, and specifically comprises:
Receiver module 601, the login page pushing for receiving Website server, wherein, described log in pageIn face, carry authentication pattern algorithm;
Determination module 602, for the authentication pattern algorithm carrying based on described login page, exists to userThe authentication information of inputting in described login page is processed, and obtains the described authentication information correspondence of user's inputAuthentication pattern;
Display module 603, for showing the described authentication pattern obtaining.
Described determination module 602 specifically comprises:
Character string determining unit 6021, calculates for the character string mapping comprising based on described authentication pattern algorithmMethod, the described authentication information that user is inputted in described login page is mapped to character string;
Shape determining unit 6022, for the shape algorithm comprising based on described authentication pattern algorithm, mappingThe character being positioned in the character string of penetrating on each the first desired location is processed, and obtains the certification figure that will showThe shape of shape.
Described shape determining unit 6022 specifically for, described in comprising in described authentication pattern algorithmShape algorithm is set up coordinate system in the viewing area at the demonstration authentication pattern place of setting, and determines mappingIn the described character string becoming, be arranged in character on each the first desired location coordinate at described coordinate system, according toThe coordinate of character on each the first desired location of determining in described coordinate system determined the certification figure that will showThe shape of shape.
Described determination module 602 specifically comprises:
Character string determining unit 6021, calculates for the character string mapping comprising based on described authentication pattern algorithmMethod, the described authentication information that user is inputted in described login page is mapped to character string;
Color determining unit 6023, for the color algorithm comprising based on described authentication pattern algorithm, will reflectThe character being positioned on each the second desired location in the described character string of penetrating is processed, and what obtain showing recognizesThe color of card figure.
Described color determining unit 6023 specifically for, described in comprising in described authentication pattern algorithmColor algorithm, compiles according to the character that is positioned at the character on each the second desired location in the described character string being mapped toCode, determines respectively the color pixel value of the authentication pattern that will show on the each basic color of setting, according toDefinite color pixel value respectively, the color of definite authentication pattern that will show.
Concrete above-mentioned website log device can be arranged in client.
Fig. 7 is the Website server structural representation that the embodiment of the present application provides, and specifically comprises:
Pushing module 701, for carrying the login page of authentication pattern algorithm to client push;
Receiver module 702, for receiving, user that described client returns inputs at described login pageAuthentication information, wherein, described client is returned to the described certification of described user's input to described Website serverInformation is to receive after described login page, the authentication pattern algorithm based on carrying in described login page,The authentication information that user is inputted in described login page is processed, and obtains and shows the institute that user inputsState the authentication pattern that authentication information is corresponding, and return after described user confirms described authentication pattern;
Authentication module 703, for the described authentication information receiving is authenticated, enters according to authentication resultRow corresponding operating.
The embodiment of the present application provides a kind of Website logging method and device, and the method client is based on login pageIn the authentication pattern algorithm that carries, the authentication information that user is inputted in login page is processed, and obtainsThe authentication pattern that this authentication information is corresponding also shows. By said method, user is stepping in legitimate site at every turnIn the record page, when correct input authentication information, the shown authentication pattern of client is changeless, and byBe difficult to obtain the authentication pattern algorithm in the login page of legitimate site in fishing website, even if therefore user existsIn the login page of fishing website, correctly input authentication information, the authentication pattern of its demonstration and the legal net of loginWhile station, shown authentication pattern is compared and is also had obvious difference, even can not show authentication pattern, therefore usesFishing website can accurately be identified according to authentication pattern intuitively in family, has reduced authentication information and has been stolen by fishing websiteThe risk of getting, the security that has improved Website login.
Obviously, those skilled in the art can carry out various changes and modification and not depart from this Shen the applicationSpirit and scope please. Like this, if the application these amendment and modification belong to the application's claim andWithin the scope of its equivalent technologies, the application be also intended to comprise these change and modification interior.
Claims (14)
1. a Website logging method, is characterized in that, comprising:
The login page that client Website server pushes, wherein, carries certification in described login pagePattern algorithm, described authentication pattern algorithm be authentication information taking user input as input parameter, taking figure asThe algorithm of output; And
Authentication pattern algorithm based on carrying in described login page, inputs in described login page userAuthentication information process, obtain the authentication pattern corresponding to described authentication information of user input; And
Show the described authentication pattern obtaining.
2. the method for claim 1, is characterized in that, based on what carry in described login pageAuthentication pattern algorithm, the authentication information that user is inputted in described login page is processed, and obtains userThe authentication pattern corresponding to described authentication information of input, specifically comprises:
Based on the character string mapping algorithm comprising in described authentication pattern algorithm, by user at described login pageThe described authentication information of middle input is mapped to character string;
Based on the shape algorithm comprising in described authentication pattern algorithm, to being positioned in the described character string being mapped toEach character on the first desired location is processed, and obtains the shape of the authentication pattern that will show.
3. method as claimed in claim 2, is characterized in that, based on wrapping in described authentication pattern algorithmThe shape algorithm containing, to being positioned at the character place on each the first desired location in the described character string being mapped toManage, obtain the shape of the authentication pattern that will show, specifically comprise:
According to the described shape algorithm comprising in described authentication pattern algorithm, the demonstration authentication pattern institute settingViewing area in set up coordinate system; And
Determine that the each character being positioned in the described character string that is mapped on the first desired location is at described coordinate systemIn coordinate, determine and want according to the coordinate of character in described coordinate system on each the first desired location of determiningThe shape of the authentication pattern showing.
4. the method for claim 1, is characterized in that, based on what carry in described login pageAuthentication pattern algorithm, the authentication information that user is inputted in described login page is processed, and obtains userThe authentication pattern corresponding to described authentication information of input, specifically comprises:
Based on the character string mapping algorithm comprising in described authentication pattern algorithm, by user at described login pageThe described authentication information of middle input is mapped to character string;
Based on the color algorithm comprising in described authentication pattern algorithm, to being positioned in the described character string being mapped toEach character on the second desired location is processed, and obtains the color of the authentication pattern that will show.
5. method as claimed in claim 4, is characterized in that, based on wrapping in described authentication pattern algorithmThe color algorithm containing, to being positioned at the character place on each the second desired location in the described character string being mapped toManage, obtain the color of the authentication pattern that will show, specifically comprise:
Based on the described color algorithm comprising in described authentication pattern algorithm, according to the described character string being mapped toIn be positioned at the character code of the each character on the second desired location, determine that respectively the authentication pattern that will show establishingColor pixel value on fixed each basic color;
According to definite respectively color pixel value, determine the color of the authentication pattern that will show.
6. the method as described in as arbitrary in claim 1~5, is characterized in that, to user in described log in pageThe authentication information of inputting in face is processed, and specifically comprises:
By the uniform resource position mark URL of described login page, and described user is in described login pageThe authentication information of input combines, and redefines the certification of inputting in described login page for described userInformation; And
The authentication information that the described user who redefines is inputted in described login page is processed.
7. a Website logging method, is characterized in that, comprising:
Website server carries the login page of authentication pattern algorithm to client push; And
Receive the authentication information that user that described client returns inputs in described login page, wherein, instituteStating the described authentication information that client returns to described user input to described Website server is receivingState after login page, the authentication pattern algorithm based on carrying in described login page, to user in described loginThe authentication information of inputting in the page is processed, and obtains and show the described authentication information that user inputs correspondingAuthentication pattern, and returning after described user confirms described authentication pattern, described authentication pattern algorithm be withThe authentication information of user's input is input parameter, the algorithm taking figure as output; And
The described authentication information receiving is authenticated, carry out corresponding operating according to authentication result.
8. a website log device, is characterized in that, comprising:
Receiver module, the login page pushing for receiving Website server, wherein, in described login pageCarry authentication pattern algorithm, described authentication pattern algorithm be authentication information taking user input as input parameter,Algorithm taking figure as output;
Determination module, for the authentication pattern algorithm carrying based on described login page, to user describedThe authentication information of inputting in login page is processed, and obtains corresponding the recognizing of described authentication information of user's inputCard figure;
Display module, for showing the described authentication pattern obtaining.
9. device as claimed in claim 8, is characterized in that, described determination module specifically comprises:
Character string determining unit, for the character string mapping algorithm comprising based on described authentication pattern algorithm,The described authentication information that user is inputted in described login page is mapped to character string;
Shape determining unit, for the shape algorithm comprising based on described authentication pattern algorithm, to being mapped toCharacter string in each character of being positioned on the first desired location process, obtain the authentication pattern that will showShape.
10. device as claimed in claim 9, is characterized in that, described shape determining unit specifically for,According to the described shape algorithm comprising in described authentication pattern algorithm, the demonstration authentication pattern place of settingIn viewing area, set up coordinate system, and be positioned on each the first desired location in definite described character string being mapped toThe coordinate of character in described coordinate system, according to the each character on the first desired location of determining at described seatCoordinate in mark system is determined the shape of the authentication pattern that will show.
11. devices as claimed in claim 8, is characterized in that, described determination module specifically comprises:
Character string determining unit, for the character string mapping algorithm comprising based on described authentication pattern algorithm,The described authentication information that user is inputted in described login page is mapped to character string;
Color determining unit, for the color algorithm comprising based on described authentication pattern algorithm, to being mapped toDescribed character string in each character of being positioned on the second desired location process, obtain the certification figure that will showThe color of shape.
12. devices as claimed in claim 11, is characterized in that, described color determining unit is specifically usedIn, based on the described color algorithm comprising in described authentication pattern algorithm, according to the described character string being mapped toIn be positioned at the character code of the each character on the second desired location, determine that respectively the authentication pattern that will show establishingColor pixel value on fixed each basic color, according to definite respectively color pixel value, determines and will showThe color of authentication pattern.
13. devices as described in as arbitrary in claim 8~12, is characterized in that, described determination module is concreteBe used for, by the uniform resource position mark URL of described login page, and described user is at described login pageThe authentication information of middle input combines, and redefines as recognizing that described user inputs in described login pageCard information, and the authentication information place that the described user who redefines is inputted in described login pageReason.
14. 1 kinds of Website servers, is characterized in that, comprising:
Pushing module, for carrying the login page of authentication pattern algorithm to client push;
Receiver module, the certification of inputting at described login page for receiving user that described client returnsInformation, wherein, described client is returned to the described authentication information of described user's input to described Website serverBe to receive after described login page, the authentication pattern algorithm based on carrying in described login page, to usingThe authentication information that family is inputted in described login page is processed, obtain and show that user inputs described in recognizeThe authentication pattern that card information is corresponding, and return after described user confirms described authentication pattern, described certificationPattern algorithm be authentication information taking user input as input parameter, the algorithm taking figure as output;
Authentication module, for the described authentication information receiving is authenticated, carries out phase according to authentication resultShould operate.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210065446.3A CN103312674B (en) | 2012-03-13 | 2012-03-13 | A kind of Website logging method and device |
| HK13113095.2A HK1186014A1 (en) | 2012-03-13 | 2013-11-25 | Method and device for logging onto a website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210065446.3A CN103312674B (en) | 2012-03-13 | 2012-03-13 | A kind of Website logging method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103312674A CN103312674A (en) | 2013-09-18 |
| CN103312674B true CN103312674B (en) | 2016-05-11 |
Family
ID=49137460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210065446.3A Active CN103312674B (en) | 2012-03-13 | 2012-03-13 | A kind of Website logging method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103312674B (en) |
| HK (1) | HK1186014A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101065170A (en) * | 2004-09-16 | 2007-10-31 | 百利国际游戏有限公司 | User interface system and method for a gaming machine |
| CN101246565A (en) * | 2007-07-31 | 2008-08-20 | 北京科翰软件有限公司 | Web page electric signature intermediate part system |
| CN102156831A (en) * | 2006-03-01 | 2011-08-17 | 诺曼·弗兰克·格岑 | Method and system for protecting interface access security by combining visual array path with hidden operational character |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7293034B2 (en) * | 2004-02-23 | 2007-11-06 | Microsoft Coporation | Dynamically customizing a user interface for the aggregation of content |
-
2012
- 2012-03-13 CN CN201210065446.3A patent/CN103312674B/en active Active
-
2013
- 2013-11-25 HK HK13113095.2A patent/HK1186014A1/en unknown
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101065170A (en) * | 2004-09-16 | 2007-10-31 | 百利国际游戏有限公司 | User interface system and method for a gaming machine |
| CN102156831A (en) * | 2006-03-01 | 2011-08-17 | 诺曼·弗兰克·格岑 | Method and system for protecting interface access security by combining visual array path with hidden operational character |
| CN101246565A (en) * | 2007-07-31 | 2008-08-20 | 北京科翰软件有限公司 | Web page electric signature intermediate part system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103312674A (en) | 2013-09-18 |
| HK1186014A1 (en) | 2014-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11206247B2 (en) | System and method for providing controlled application programming interface security | |
| US10515232B2 (en) | Techniques for facilitating secure, credential-free user access to resources | |
| CA2833969C (en) | System and method for web-based security authentication | |
| US9544380B2 (en) | Data analytics and security in social networks | |
| CA2751490C (en) | Using social information for authenticating a user session | |
| US9369468B2 (en) | Generation of a visually obfuscated representation of an alphanumeric message that indicates availability of a proposed identifier | |
| US10574647B2 (en) | User authentication method and system for implementing same | |
| US10917400B1 (en) | Online security center | |
| US20200053085A1 (en) | Context-based possession-less access of secure information | |
| CN101651541A (en) | System and method for authentication of network user | |
| CN104253812A (en) | Delegating authentication for a web service | |
| US10127388B1 (en) | Identifying visually similar text | |
| US10887345B1 (en) | Protecting users from phishing attempts | |
| US20180241745A1 (en) | Method and system for validating website login and online information processing | |
| KR20120087095A (en) | Apparatus and method for generating a realtime password and storage medium | |
| US9906553B1 (en) | Personalized privacy warnings | |
| US11757891B1 (en) | Using a host application to authorize a user of a client device to perform an action within a guest application | |
| CN106790159A (en) | Level of confidentiality method of calibration and device | |
| CN103312674B (en) | A kind of Website logging method and device | |
| US9323910B2 (en) | Method, client and server of password verification, and password terminal system | |
| US11356481B1 (en) | Preventing phishing attempts of one-time passwords | |
| CN106713214A (en) | Method and system for carrying out identity authentication among multiple authorization systems | |
| Carbone et al. | Design and Security Assessment of Usable Multi-factor Authentication and Single Sign-On Solutions for Mobile Applications: A Workshop Experience Report | |
| WO2016050891A1 (en) | User authentication information | |
| CN113849791A (en) | Third-party platform registration method, third-party platform registration device, third-party platform registration equipment, third-party platform registration medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1186014 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1186014 Country of ref document: HK |