CN104113514B - The treating method and apparatus of information security - Google Patents
The treating method and apparatus of information security Download PDFInfo
- Publication number
- CN104113514B CN104113514B CN201310137209.8A CN201310137209A CN104113514B CN 104113514 B CN104113514 B CN 104113514B CN 201310137209 A CN201310137209 A CN 201310137209A CN 104113514 B CN104113514 B CN 104113514B
- Authority
- CN
- China
- Prior art keywords
- identifying code
- code
- queue
- verification information
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind for the treatment of method and apparatus of information security, belong to field of information security technology.The described method includes: receiving the request for pulling identifying code that terminal applies are initiated, according to the IP of terminal described in the request, and the number of the identifying code in the corresponding errors validity code queue of the IP is obtained according to the IP of the terminal, wherein, the errors validity code queue for storing the identifying code of the corresponding malicious user authentication failed of the IP;When the number of the identifying code in the corresponding errors validity code queue of the IP reaches threshold value, choose any identifying code in the corresponding errors validity code queue of the IP, any identifying code is returned into the terminal applies, so that reducing the corresponding malicious user of the IP passes through the probability of the verifying code authentication.
Description
Technical field
The present invention relates to field of information security technology, in particular to a kind for the treatment of method and apparatus of information security.
Background technique
With the development of internet, the information security in internet is increasingly taken seriously.Identifying code is applied in internet
The test method of computer and the mankind is distinguished in a kind of widest automation, numerous Internet service systems all by identifying code come
Evade or reduce common security risk, for example, forum, mailbox, microblogging, ballot system etc., in order to prevent malicious registration,
Brute Force password delivers the malicious acts such as advertisement sticker automatically, has been all made of the mode of identifying code to ensure information security.
In the prior art, identifying code can be the picture generated by computer program, when user is ordinary user,
After seeing the identifying code, picture is recognized and inputs corresponding answer, it will be able to continue to access webpage, when user is malice
When program, the picture validation code can not be identified well, thus effectively prevent access of the rogue program to security information.
But occurring a kind of automatic machine at present, it is a kind of computer program for identifying code, by using each
Kind image recognition technology identifies corresponding character from picture automatically and exports as a result, to realize to the automatic broken of identifying code
Solution.Therefore the appearance of automatic machine causes serious harm to the information security of internet.
Summary of the invention
In order to solve automatic machine harm caused by internet information safety, the embodiment of the invention provides a kind of information peaces
The method and apparatus handled entirely.The technical solution is as follows:
On the one hand, a kind of processing method of information security is provided, which comprises
The request for pulling identifying code that terminal applies are initiated is received, the IP of carried terminal in the request;
According to the IP of terminal described in the request, and the corresponding mistake of the IP is obtained according to the IP of the terminal and is tested
Demonstrate,prove code queue in identifying code number, wherein the errors validity code queue for storing the corresponding malicious user of the IP
The identifying code of authentication failed;
When the number of the identifying code in the corresponding errors validity code queue of the IP reaches threshold value, it is corresponding to choose the IP
Any identifying code is returned to the terminal applies, to limit the IP by any identifying code in errors validity code queue
Corresponding malicious user passes through the verifying code authentication.
On the other hand, a kind of processing unit of information security is provided, described device includes:
Receiving module, for receiving the request for pulling identifying code of terminal applies initiation, carried terminal in the request
IP;
First obtains module, obtains for the IP of the terminal according to the request, and according to the IP of the terminal
The number of identifying code in the corresponding errors validity code queue of the IP, wherein the errors validity code queue for storing institute
State the identifying code of the corresponding malicious user authentication failed of IP;
Module is issued, for reaching threshold value when the number of the identifying code in the corresponding errors validity code queue of the IP, is selected
Any identifying code in the corresponding errors validity code queue of the IP is taken, any identifying code is returned into the terminal and is answered
With passing through the verifying code authentication to limit the corresponding malicious user of the IP.
Technical solution provided in an embodiment of the present invention have the benefit that receive terminal applies initiate pull verifying
The request of code obtains the corresponding mistake of the IP according to the IP of terminal described in the request, and according to the IP of the terminal
The number of identifying code in identifying code queue, wherein the errors validity code queue for storing the corresponding malice of the IP use
The identifying code of family authentication failed;When the number of the identifying code in the corresponding errors validity code queue of the IP reaches threshold value, choose
Any identifying code in the corresponding errors validity code queue of the IP, returns to the terminal applies for any identifying code,
Since the identifying code in errors validity queue is that the corresponding malicious user of IP has verified that the identifying code of failure, so by mistake
When identifying code in verifying queue returns to terminal applies, if the user in terminal is malicious user, the malicious user pair
The probability of the identifying code authentication error is very big, so that reducing the corresponding malicious user of the IP passes through the general of the verifying code authentication
Rate achievees the effect that compacting cracks with this, largely solves automatic machine harm caused by internet information safety.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of processing method flow chart of the information security provided in the embodiment of the present invention one;
Fig. 2 is a kind of processing method flow chart of the information security provided in the embodiment of the present invention two;
Fig. 3 is a kind of schematic diagram of the wrong picture queue provided in the embodiment of the present invention two;
Fig. 4 is a kind of processing device structure diagram of the information security provided in the embodiment of the present invention three;
Fig. 5 is the processing device structure diagram of another information security provided in the embodiment of the present invention three;
Fig. 6 is a kind of processing system schematic diagram of the information security provided in the embodiment of the present invention three.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
In the present embodiment, malicious user includes but is not limited to the rogue programs such as automatic machine, does not do and has to this present embodiment
Body limits.Terminal applies include but is not limited to: forum, mailbox, microblogging, ballot system etc., do not do specifically to this present embodiment
It limits.Terminal includes but is not limited to: the intelligent terminals such as personal computer, smart phone, tablet computer, in this present embodiment simultaneously
It is not specifically limited.
Embodiment one
Referring to Fig. 1, a kind of processing method of information security is provided in the present embodiment, comprising:
101, the request for pulling identifying code that terminal applies are initiated is received, the IP of carried terminal in the request;
102, the IP of the terminal according to the request, and the corresponding mistake of the IP is obtained according to the IP of the terminal
The accidentally number of the identifying code in identifying code queue, wherein the errors validity code queue for storing the corresponding malice of the IP
The identifying code of user's checking failure;
103, when the number of the identifying code in the corresponding errors validity code queue of the IP reaches threshold value, described IP pairs is chosen
Any identifying code in errors validity code queue answered, returns to the terminal applies for any identifying code, to limit
It states the corresponding malicious user of IP and passes through the verifying code authentication.
In another embodiment, the method also includes:
When the number of the identifying code in the corresponding errors validity code queue of the IP is not up to threshold value, new verifying is pulled
Code, and the new identifying code is returned into the terminal applies;
Obtain the verification information that inputs in the terminal applies, according to the new identifying code to the verification information into
Row verifying;
When the authentication failed to the verification information, judge whether the wrong degree of the verification information meets default mistake
It is corresponding to be inserted into the IP if it is, confirming that the corresponding user of the IP is malicious user by degree for the new identifying code
In the errors validity code queue.
In another embodiment, whether the wrong degree for judging the verification information meets default mistake degree, comprising:
The error character number in the verification information is read according to the new identifying code;
Judge whether the error character number reaches preset numerical value, if it is, confirming the mistake of the verification information
Degree meets default mistake degree, if it is not, then confirming that the wrong degree of the verification information is unsatisfactory for default mistake degree.
In another embodiment, the method also includes:
When being proved to be successful, deleting the verification information identifying code in the errors validity code queue.
In another embodiment, the identifying code includes but is not limited to below one or more: picture, character and language
Sound.
The beneficial effect of the present embodiment is: the request for pulling identifying code that terminal applies are initiated is received, according to the request
The IP of the terminal is obtained, and the identifying code in the corresponding errors validity code queue of the IP is obtained according to the IP of the terminal
Number, wherein the errors validity code queue for storing the identifying code of the corresponding malicious user authentication failed of the IP;Work as institute
The number for stating the identifying code in the corresponding errors validity code queue of IP reaches threshold value, chooses the IP corresponding errors validity code team
Any identifying code is returned to the terminal applies, due to the verifying in errors validity queue by any identifying code in column
Code is that the corresponding malicious user of IP has verified that the identifying code of failure, so returning to by the identifying code in errors validity queue
When terminal applies, if user in terminal is malicious user, the malicious user to the probability of the identifying code authentication error very
Greatly, to reduce the corresponding malicious user of the IP by the probability of the verifying code authentication, the effect that compacting cracks is reached with this
Fruit largely solves automatic machine harm caused by internet information safety.
Embodiment two
A kind of method of information security processing is provided in the embodiment of the present invention, when the identifying code number certification of some IP is super
When crossing preset times, then the strategy that identifying code issues is controlled, will have verified that the identifying code unsuccessfully crossed is handed down to terminal applies, by
In the malicious user before to the identifying code authentication failed, the probability for carrying out authentication failed again is very big, in this way, this IP pairs
The malicious user answered will authentification failure always, to prevent acquisition of the rogue program to Internet resources.Wherein, identifying code packet
It includes but is not limited to: one or more of picture, character and voice.
201, the request for pulling identifying code that terminal applies are initiated is received, and according to the IP of the request terminal.
In this step, user may be that ordinary user is also likely to be malicious user, wherein malicious user includes but is not limited to
The rogue programs such as automatic machine to this present embodiment and are not specifically limited.Terminal applies include but is not limited to: forum, mailbox, micro-
Rich, ballot system etc., to this present embodiment and is not specifically limited.Terminal includes but is not limited to: personal computer, intelligent hand
The intelligent terminals such as machine, tablet computer, in this present embodiment and being not specifically limited.
In user's browsing terminal in application, if the content of information security involved in the application of user's triggering terminal, terminal
Using carrying out the request that pulls of identifying code, at the same in the request carried terminal IP information etc..When received server-side is to eventually
When the request for pulling identifying code that end application is initiated, which is parsed, to obtain the IP of terminal.
202, the number that the identifying code in the corresponding errors validity code queue of the IP is obtained according to the IP of the terminal, sentences
Whether the number that dislocation misses the identifying code in identifying code queue reaches threshold value, if so, 203 are thened follow the steps, if it is not, then holding
Row step 204.
In the present embodiment, it is index with IP, an errors validity code queue is established, by the verifying of malicious user authentication failed
Code is stored in the errors validity code queue, in this way, malicious user one authentication failed identifying code of every submission, can all be recorded in
In the errors validity queue of the IP.As shown in figure 3, IP1, IP2 and IP3 are malicious user, N authentication faileds of corresponding storage
Picture.
When the identifying code for receiving IP triggering pulls request, whether query service device end stores the corresponding mistake of the IP
Accidentally identifying code queue then confirms that the IP user may be malicious user, and look into if there is the corresponding errors validity code queue of the IP
The number for having verified that the identifying code of failure in queue is ask, according to the identifying code number for having verified that failure, is determined to the IP's
Distributing policy.
It is worth noting that in the present embodiment, when the errors validity code queue for not inquiring the corresponding IP in server end
When, show that the IP user is not necessarily malicious user, new identifying code is issued to terminal applies, herein similarly to the prior art,
To being repeated no more in this present embodiment.
203, any identifying code in the corresponding errors validity code queue of the IP is chosen, any identifying code is returned
To the terminal applies, pass through the verifying code authentication to limit the corresponding malicious user of the IP.
In this step, when the number of the identifying code in errors validity code queue reaches threshold value, issuing for identifying code is controlled,
An identifying code is chosen in errors validity code queue and is handed down to the IP, wherein can be verified according in errors validity code queue
The storage order of code, issues identifying code in order, and an identifying code can also be randomly selected from errors validity code queue and is carried out
It issues, specifically issue in regular the present embodiment and is not specifically limited.
In specific implementation procedure, if the user of the currently used IP is malicious user, any identifying code is verified and is lost
The probability lost is very big, and the user is difficult to verify process by identifying code in this way, to make malicious user that can not obtain terminal
It is related to the content of information security in.
If IP current user is ordinary user, the certification of the identifying code may be passed through.For example, IP is multiple users
The IP being used in conjunction with, only one possible malicious user in multiple users, other are ordinary user, are issuing the IP
After the identifying code of authentication failed, malicious user will not be by verifying, but ordinary user may be by verifying, in this way, both pressing down
That has made malicious user cracks behavior, in turn ensures the normal use of ordinary user, improves the availability of the verifying process.
In the present embodiment, if IP current user is ordinary user, when passing through to verifying code authentication, step is executed
207, it is repeated no more in this this step.
204, new identifying code is pulled, and the new identifying code is returned into the terminal applies.
In this step, when the identifying code number of the authentication failed stored in errors validity code queue is not up to threshold value, draw
Take new identifying code, new identifying code returned into terminal applies, make the active user of the IP again to the new identifying code into
Row identification.Wherein, new identifying code is not to pull from errors validity queue, is the newly-generated identifying code of system.
205, the verification information inputted in the terminal applies is obtained, the verifying is believed according to the new identifying code
Breath is verified.
In this step, user in terminal applies according to new identifying code validation information after, server end obtain should
Verification information, and the verification information is authenticated, herein similarly to the prior art, to being repeated no more in this present embodiment.
206, when the authentication failed to the verification information, it is default to judge whether the wrong degree of the verification information meets
The new identifying code if it is, confirming that the user is malicious user, and is inserted into the corresponding mistake of the IP by mistake degree
Accidentally in identifying code queue.
In specific implementation procedure, if the more difficult identification of the picture of identifying code, such as when including " I " and " 1 " in identifying code
When, because the two characters are very alike, it is easy to user be caused to identify that mistake or user accidentally have input testing for mistake
Information is demonstrate,proved, the failure of verification information is also resulted in.It is other to the erroneous judgement of IP user in order to prevent, to the information of authentication failed again into
Row wrong identification judges verification information and the character of new identifying code differed of user's input, is sentenced according to the character of difference
Whether the active user of other IP is malicious user.
Optionally, judge whether the wrong degree of the verification information meets default mistake degree, comprising: test according to described new
Card code reads the error character number in the verification information;Judge whether the error character number reaches preset numerical value, if
It is then to confirm that the wrong degree of the verification information meets default mistake degree, if it is not, then confirming the wrong degree of the verification information
It is unsatisfactory for default mistake degree.
Wherein, presetting mistake degree is exactly the threshold value that is arranged for differentiation malicious user and ordinary user, for one four
The identifying code of character, general ordinary user is when identifying identifying code, usual wrong one to two characters of only meeting, and malicious user, such as
It is largely four characters all mistakes when automatic machine identification mistake.Therefore, it is four words that default mistake degree, which can be set,
Symbol, when error character number is more than or equal to 4, it is believed that errors validity is automatic machine error checking.
It, will when it is the errors validity code queue indexed that server end, which has been set up with the IP of the user, in this step
The new identifying code of authentication failed is inserted into errors validity code queue, when server end is not set up also with the IP of the user as index
Errors validity code queue when, creation with the User IP be index errors validity code queue, and by authentication failed newly test
Card code is inserted into errors validity code queue.Wherein it is possible to which the identifying code of malicious user authentication failed is inserted into mistake in order
In identifying code queue, it can not also do and have in specific storage rule the present embodiment with radom insertion into errors validity code queue
Body limits.
207, when being proved to be successful, deleting the verification information one in errors validity code queue verifying
Code.
In the present embodiment, after being proved to be successful to identifying code, the response being proved to be successful is returned to terminal applies, answers terminal
The information of browsing is thought with output user, herein similarly to the prior art, to repeating no more in this present embodiment.
It is worth noting that in the present embodiment, when being verified a verification information every time, then corresponding deletion error verifying
An identifying code in code queue, it is when being verified multiple verification informations, then multiple in corresponding deletion error verifying queue
Identifying code.
In the present embodiment, by taking identifying code is picture as an example, in the corresponding wrong picture queue of server end maintenance IP, when certain
When the queue length of one IP reaches specified threshold M, then new picture is no longer issued to the IP, and only from the wrong picture of the IP
Picture is issued in queue, when the IP user is often proved to be successful a picture, deletes one from the corresponding wrong picture queue of the IP
Picture.Since the speed that automatic machine is submitted is very fast, so it will soon fill up the wrong picture queue of its IP, when
After queue is filled up, i.e., verifying number reach certain threshold value after, issue the picture that its authentication failed previous is crossed to the IP, in this way it
The picture that it is encountered afterwards has verified that the picture of failure before being just entirely, very maximum probability inevitable in this way will continue to verifying and lose
It loses, achievees the effect that compacting cracks with this.
The beneficial effect of the present embodiment is: the request for pulling identifying code that terminal applies are initiated is received, according to the request
The IP of the terminal is obtained, and the identifying code in the corresponding errors validity code queue of the IP is obtained according to the IP of the terminal
Number, wherein the errors validity code queue for storing the identifying code of the corresponding malicious user authentication failed of the IP;Work as institute
The number for stating the identifying code in the corresponding errors validity code queue of IP reaches threshold value, chooses the IP corresponding errors validity code team
Any identifying code is returned to the terminal applies, due to the verifying in errors validity queue by any identifying code in column
Code is that the corresponding malicious user of IP has verified that the identifying code of failure, so returning to by the identifying code in errors validity queue
When terminal applies, if user in terminal is malicious user, the malicious user to the probability of the identifying code authentication error very
Greatly, to reduce the corresponding malicious user of the IP by the probability of the verifying code authentication, the effect that compacting cracks is reached with this
Fruit largely solves automatic machine harm caused by internet information safety.
Embodiment three
Referring to fig. 4, the embodiment of the invention provides a kind of processing unit of information security, which includes: receiving module
301, first obtains module 302 and issues module 303.
Receiving module 301, for receiving the request for pulling identifying code of terminal applies initiation, carried terminal in the request
IP;
First obtains module 302, obtains for the IP of the terminal according to the request, and according to the IP of the terminal
Take the number of the identifying code in the corresponding errors validity code queue of the IP, wherein the errors validity code queue for storing
The identifying code of the corresponding malicious user authentication failed of the IP;
Module 303 is issued, for reaching threshold value when the number of the identifying code in the corresponding errors validity code queue of the IP,
Any identifying code in the corresponding errors validity code queue of the IP is chosen, any identifying code is returned into the terminal and is answered
With passing through the verifying code authentication to limit the corresponding malicious user of the IP.
Referring to Fig. 5, in another embodiment, described device further include:
Module 304 is pulled, for being not up to threshold when the number of the identifying code in the corresponding errors validity code queue of the IP
Value, pulls new identifying code, and the new identifying code is returned to the terminal applies;
Second obtains module 305, for obtaining the verification information inputted in the terminal applies, is tested according to described new
Card code verifies the verification information;
Judgment module 306, for when the authentication failed to the verification information, judging the wrong degree of the verification information
Whether satisfaction presets mistake degree, if it is, confirming that the corresponding user of the IP is malicious user, the new identifying code is inserted
Enter into the corresponding errors validity code queue of the IP.
In another embodiment, the judgment module 306, comprising:
Reading unit, for reading the error character number in the verification information according to the new identifying code;
Judging unit, for judging whether the error character number reaches preset numerical value, if it is, being tested described in confirmation
The wrong degree for demonstrate,proving information meets default mistake degree, if it is not, then confirming that the wrong degree of the verification information is unsatisfactory for default mistake
Degree.
In another embodiment, described device further include:
Removing module 307, for when being proved to be successful, deleting the verification information in the errors validity code queue
An identifying code.
In another embodiment, the identifying code includes but is not limited to below one or more: picture, character and language
Sound.
It should be understood that the processing unit of information security provided by the above embodiment, only with above-mentioned each functional module
It divides and carries out for example, can according to need in practical application and be completed by different functional modules above-mentioned function distribution,
The internal structure of device is divided into different functional modules, to complete all or part of the functions described above, upper
The processing unit for stating the information security in embodiment can be located in a server, in another embodiment, the information security
The function of processing unit be also possible to be completed jointly by different servers.Such as the system architecture diagram that Fig. 6 is provided, user passes through
The application of terminal initiates identifying code to the Web server of terminal applies and pulls request, and identifying code pulls server and executes reception mould
The function of block, receives the request for pulling identifying code that terminal applies are initiated, and picture strategic server executes first and obtains module root
It is obtained in the corresponding errors validity code queue of the IP according to the IP of terminal described in the request, and according to the IP of the terminal
Identifying code number function, issuing the function of module, by picture strategic server and identifying code to pull server jointly complete
At when the number that the IP corresponds to the identifying code in errors validity code queue reaches threshold value, described in picture strategic server is chosen
Any identifying code is pulled server by identifying code and returned by any identifying code in the corresponding errors validity code queue of IP
To the terminal applies, so that reducing the corresponding malicious user of the IP passes through the probability of the verifying code authentication.Identifying code is tested
Card server is used to execute the function of the second acquisition module.No longer to the corresponding Fig. 5 of such as 6 system architecture diagrams in this present embodiment
The function of device be illustrated one by one.
The beneficial effect of the present embodiment is: the request for pulling identifying code that terminal applies are initiated is received, according to the request
The IP of the terminal is obtained, and the identifying code in the corresponding errors validity code queue of the IP is obtained according to the IP of the terminal
Number, wherein the errors validity code queue for storing the identifying code of the corresponding malicious user authentication failed of the IP;Work as institute
The number for stating the identifying code in the corresponding errors validity code queue of IP reaches threshold value, chooses the IP corresponding errors validity code team
Any identifying code is returned to the terminal applies, due to the verifying in errors validity queue by any identifying code in column
Code is that the corresponding malicious user of IP has verified that the identifying code of failure, so returning to by the identifying code in errors validity queue
When terminal applies, if user in terminal is malicious user, the malicious user to the probability of the identifying code authentication error very
Greatly, to reduce the corresponding malicious user of the IP by the probability of the verifying code authentication, the effect that compacting cracks is reached with this
Fruit largely solves automatic machine harm caused by internet information safety.
In addition, the processing unit of information security provided by the above embodiment and the processing method embodiment of information security belong to
Same design, specific implementation process are detailed in embodiment of the method, and which is not described herein again.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of processing method of information security, which is characterized in that the described method includes:
The request for pulling identifying code that terminal applies are initiated is received, the IP of carried terminal in the request;
The corresponding errors validity code of the IP is obtained according to the IP of terminal described in the request, and according to the IP of the terminal
The number of identifying code in queue, wherein the errors validity code queue for storing the IP corresponding malicious user verifying
The identifying code of failure;
When the number of the identifying code in the corresponding errors validity code queue of the IP reaches threshold value, the corresponding mistake of the IP is chosen
Any identifying code is returned to the terminal applies by any identifying code in identifying code queue, corresponding to limit the IP
Malicious user pass through the verifying code authentication.
2. the method according to claim 1, wherein the method also includes:
When the number of the identifying code in the corresponding errors validity code queue of the IP is not up to threshold value, new identifying code is pulled, and
The new identifying code is returned into the terminal applies;
The verification information inputted in the terminal applies is obtained, the verification information is tested according to the new identifying code
Card;
When the authentication failed to the verification information, judge whether the wrong degree of the verification information meets default mistake degree,
If it is, confirming that the corresponding user of the IP is malicious user, the new identifying code is inserted into the corresponding institute of the IP
It states in errors validity code queue.
3. according to the method described in claim 2, it is characterized in that, whether the wrong degree for judging the verification information meets
Default mistake degree, comprising:
The error character number in the verification information is read according to the new identifying code;
Judge whether the error character number reaches preset numerical value, if it is, confirming that the wrong degree of the verification information is full
The default mistake degree of foot, if it is not, then confirming that the wrong degree of the verification information is unsatisfactory for default mistake degree.
4. according to the method described in claim 2, it is characterized in that, the method also includes:
When being proved to be successful, deleting the verification information corresponding in the errors validity code queue described be proved to be successful
One identifying code.
5. the method according to claim 1, wherein the identifying code includes below one or more: picture,
Character and voice.
6. a kind of processing unit of information security, which is characterized in that described device includes:
Receiving module, for receiving the request for pulling identifying code of terminal applies initiation, the IP of carried terminal in the request;
First obtains module, for the IP of the terminal according to the request, and according to the IP of terminal acquisition
The number of identifying code in the corresponding errors validity code queue of IP, wherein the errors validity code queue for storing the IP
The identifying code of corresponding malicious user authentication failed;
Module is issued, for reaching threshold value when the number of the identifying code in the corresponding errors validity code queue of the IP, chooses institute
Any identifying code in the corresponding errors validity code queue of IP is stated, any identifying code is returned into the terminal applies, with
It limits the corresponding malicious user of the IP and passes through the verifying code authentication.
7. device according to claim 6, which is characterized in that described device further include:
Module is pulled, for being not up to threshold value when the number in the corresponding errors validity code queue of the IP, pulls new verifying
Code, and the new identifying code is returned into the terminal applies;
Second obtains module, for obtaining the verification information inputted in the terminal applies, according to the new identifying code pair
The verification information is verified;
Whether judgment module, the wrong degree for when the authentication failed to the verification information, judging the verification information are full
The new identifying code is inserted into institute if it is, confirming that the corresponding user of the IP is malicious user by the default mistake degree of foot
It states in the corresponding errors validity code queue of IP.
8. device according to claim 7, which is characterized in that the judgment module, comprising:
Reading unit, for reading the error character number in the verification information according to the new identifying code;
Judging unit, for judging whether the error character number reaches preset numerical value, if it is, the confirmation verifying letter
The wrong degree of breath meets default mistake degree, if it is not, then confirming that the wrong degree of the verification information is unsatisfactory for default mistake degree.
9. device according to claim 7, which is characterized in that described device further include:
Removing module, for when being proved to be successful, deleting the verification information one in the errors validity code queue
Identifying code.
10. device according to claim 6, which is characterized in that the identifying code includes below one or more: figure
Piece, character and voice.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310137209.8A CN104113514B (en) | 2013-04-19 | 2013-04-19 | The treating method and apparatus of information security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310137209.8A CN104113514B (en) | 2013-04-19 | 2013-04-19 | The treating method and apparatus of information security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104113514A CN104113514A (en) | 2014-10-22 |
CN104113514B true CN104113514B (en) | 2019-01-22 |
Family
ID=51710148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310137209.8A Active CN104113514B (en) | 2013-04-19 | 2013-04-19 | The treating method and apparatus of information security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104113514B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
CN109495489A (en) * | 2018-12-04 | 2019-03-19 | 合肥天骋电子商务有限公司 | A kind of information security processing system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102255880A (en) * | 2011-01-20 | 2011-11-23 | 北京开心人信息技术有限公司 | Secondary picture verification code realization method and system |
CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
CN102402773A (en) * | 2011-12-14 | 2012-04-04 | 王筱雨 | Financial transaction verification method and system |
CN102833247A (en) * | 2012-08-24 | 2012-12-19 | 上海心动企业发展有限公司 | Method for anti-sweeping ciphers in user login system and device thereof |
CN102904893A (en) * | 2012-10-22 | 2013-01-30 | 深圳中兴网信科技有限公司 | Verifying device and verifying method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3629516B2 (en) * | 2000-11-02 | 2005-03-16 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Proxy server, electronic signature system, electronic signature verification system, network system, electronic signature method, electronic signature verification method, and storage medium |
CN102609656A (en) * | 2012-02-09 | 2012-07-25 | 赵淦森 | USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification |
-
2013
- 2013-04-19 CN CN201310137209.8A patent/CN104113514B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102255880A (en) * | 2011-01-20 | 2011-11-23 | 北京开心人信息技术有限公司 | Secondary picture verification code realization method and system |
CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
CN102402773A (en) * | 2011-12-14 | 2012-04-04 | 王筱雨 | Financial transaction verification method and system |
CN102833247A (en) * | 2012-08-24 | 2012-12-19 | 上海心动企业发展有限公司 | Method for anti-sweeping ciphers in user login system and device thereof |
CN102904893A (en) * | 2012-10-22 | 2013-01-30 | 深圳中兴网信科技有限公司 | Verifying device and verifying method |
Also Published As
Publication number | Publication date |
---|---|
CN104113514A (en) | 2014-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8875255B1 (en) | Preventing user enumeration by an authentication server | |
CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
CN105391695B (en) | A kind of terminal registration method and method of calibration | |
CN108011863B (en) | Method and device for identifying brute force cracking | |
CN103249045B (en) | A kind of methods, devices and systems of identification | |
CN105516133B (en) | User identity verification method, server and client | |
CN104580117B (en) | Auth method, apparatus and system | |
CN104917716B (en) | Page security management method and device | |
US20160057157A1 (en) | Verification method, apparatus, server and system | |
CN103916244B (en) | Verification method and device | |
CN105827573B (en) | System, method and the relevant apparatus of internet of things equipment strong authentication | |
CN108462704A (en) | Login validation method, device, computer equipment and storage medium | |
CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
CN105574398B (en) | A kind of verification code verification method and device | |
CN108900561A (en) | The method, apparatus and system of single-sign-on | |
CN103139200A (en) | Single sign-on method of web service | |
CN104657653B (en) | The verification method and checking device of image authentication code | |
CN109471993A (en) | Online webpage evidence collecting method, device, storage medium and equipment in real time | |
US10362055B2 (en) | System and methods for active brute force attack protection | |
US9787678B2 (en) | Multifactor authentication for mail server access | |
CN107786573A (en) | A kind of data verification system | |
CN110175448B (en) | Trusted device login authentication method and application system with authentication function | |
CN104184709A (en) | Verification method, device, server, service data center and system | |
CN102231716A (en) | Instant communication service login method | |
WO2014058810A1 (en) | Semantic challenge for audio human interactive proof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190729 Address after: Shenzhen Futian District City, Guangdong province 518000 Zhenxing Road, SEG Science Park 2 East Room 403 Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: Shenzhen Futian District City, Guangdong province 518000 Zhenxing Road, SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |
|
TR01 | Transfer of patent right |