CN104426844A

CN104426844A - Safety authentication method, server and safety authentication system

Info

Publication number: CN104426844A
Application number: CN201310367429.XA
Authority: CN
Inventors: 张�杰; 许灿冲
Original assignee: Shenzhen Tencent Computer Systems Co Ltd
Current assignee: Shenzhen Tencent Computer Systems Co Ltd
Priority date: 2013-08-21
Filing date: 2013-08-21
Publication date: 2015-03-18
Anticipated expiration: 2033-08-21
Also published as: WO2015024506A1; CN104426844B

Abstract

The embodiments of the invention disclose a safety authentication method, a server and a safety authentication system, for the purpose of avoiding the influence exerted by freezing processing on normal use of an account by a user. The method provided by one embodiment of the invention comprises the following steps: receiving a registration request of the user, the registration request comprising identification information of the account requesting registration; if it is determined that the account is at a frozen state according to the identification information, obtaining position information of the user according to the registration request; and determining whether the position information satisfies a preset registration condition, and if so, allowing the user to register the account. The embodiments of the invention also provide a server and a safety authentication system. According to the embodiments of the invention, the influence exerted by the freezing processing on the normal use of the account by the user can be avoided.

Description

A kind of safety certifying method, server and security certification system

Technical field

The present invention relates to the communications field, particularly relate to a kind of safety certifying method, server and security certification system.

Background technology

Along with the development of Internet technology, the degree of opening of the Internet is more and more higher, and accordingly, trojan horse etc. also start to walk crosswise, and in internet environment, the account number safety of user is difficult to be guaranteed.Account cannot be stopped from root by the phenomenon that other people steal, and stolen account is generally used for color development feelings, fallacious message such as swindle advertisement etc.

Account guard method of the prior art is generally: when detecting that the account of certain user constantly sends the fallacious message such as pornographic, swindle advertisement, then freeze process to this account, this account cannot be logged within a period of time, even forever.

But, if this account is stolen use by other people, so directly freeze to process on this account, the use of normal users to this account can be affected.

Summary of the invention

Embodiments provide a kind of safety certifying method, server and security certification system, can avoid freezing to process impact normal users being used to account.

The safety certifying method that the embodiment of the present invention provides, comprising:

Receive the Account Logon request of user, in described logging request, comprise the identification information of the account that request logs in;

If determine that described account is in frozen state according to described identification information, then obtain the positional information of described user according to described logging request;

Judge whether described positional information meets preset registration conditions, if meet, then allow described user to log in described account.

Alternatively, entry address information is also comprised in described logging request;

The described positional information obtaining described user according to described logging request comprises:

From described entry address information, parse the network address of described user, the described network address is internet protocol address, or is location Based service LBS address;

According to the corresponding relation between the network address and positional information, inquire about the positional information of described user corresponding to the network address of described user.

Alternatively, the described positional information obtaining described user according to described logging request comprises:

Forward from the message forwarding described logging request the network address that network element obtains described user, the described network address is internet protocol address, or is location Based service LBS address;

Alternatively, described method also comprises:

The conventional logging zone of described user is determined according to historical log behavior;

Describedly judge whether described positional information meets preset registration conditions and be specially:

Judge whether described positional information belongs to described conventional logging zone, if belong to, then determine to meet described preset registration conditions, if do not belong to, then determine not meet described preset registration conditions.

Alternatively, describedly determine that the conventional logging zone of described user comprises according to historical log behavior:

Each logging zone of described user is determined according to historical log behavior;

Inquiry login times reaches the target logging zone of default value, and using the conventional logging zone of described target logging zone as described user.

Inquire about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of described target logging zone as described user.

According to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

Comprehensive reference value is reached the conventional logging zone of logging zone as described user of default value.

Log in the login behavior that statistical server receives reporting of user;

Described login statistical server determines the conventional logging zone of user according to historical log behavior, and conventional logging zone information is sent to login validate service device;

The logging request of described account policy server receives user, comprises the identification information of the account that request logs in described logging request;

If according to described mark, described account policy server determines that described account is in frozen state, then described account policy server obtains the positional information of described user according to described logging request;

The positional information of described user is sent to described login validate service device by described account policy server;

Described login validate service device judges whether described positional information belongs to the conventional logging zone of described user, and sends judged result to described account policy server;

If described judged result is yes, then described account policy server allows described user to log in described account.

The positional information that described account policy server obtains described user according to described logging request comprises:

Described account policy server parses the network address of described user from described entry address information, and the described network address is internet protocol address, or is location Based service LBS address;

Described account policy server, according to the corresponding relation between the network address and positional information, inquires about the positional information of described user corresponding to the network address of described user.

Alternatively, the positional information that described account policy server obtains described user according to described logging request comprises:

Described account policy server forwards from the message forwarding described logging request the network address that network element obtains described user, and the described network address is internet protocol address, or is location Based service LBS address;

Alternatively, according to historical log behavior, described login statistical server determines that the conventional logging zone of user comprises:

Described login statistical server determines each logging zone of described user according to historical log behavior;

Described login statistical server inquiry login times reaches the target logging zone of default value, and using the conventional logging zone of described target logging zone as described user;

Or,

Described login statistical server inquires about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of described target logging zone as described user;

Or,

Described login statistical server is according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

Comprehensive reference value is reached the conventional logging zone of logging zone as described user of default value by described login statistical server.

The server that the embodiment of the present invention provides, comprising:

Receiving element, for receiving the logging request of user, comprises the identification information of the account that request logs in described logging request;

Acquiring unit, for when determining that described account is in frozen state according to described identification information, obtains the positional information of described user according to described logging request;

Authentication ' unit, for judging whether described positional information meets preset registration conditions, if meet, then allows described user to log in described account.

Described acquiring unit comprises:

First acquisition module, for parsing the network address of described user from described entry address information, the described network address is internet protocol address, or is location Based service LBS address;

First enquiry module, for according to the corresponding relation between the network address and positional information, inquires about the positional information of described user corresponding to the network address of described user.

Alternatively, described acquiring unit comprises:

Second acquisition module, for forwarding from the message forwarding described logging request the network address that network element obtains described user, the described network address is internet protocol address, or is location Based service LBS address;

Second enquiry module, for according to the corresponding relation between the network address and positional information, inquires about the positional information of described user corresponding to the network address of described user.

Alternatively, described server also comprises:

Determining unit, for determining the conventional logging zone of described user according to historical log behavior;

Described authentication ' unit, specifically for judging whether described positional information belongs to described conventional logging zone, if belong to, is then determined to meet described preset registration conditions, if do not belong to, then determines not meet described preset registration conditions.

Alternatively, described determining unit comprises:

First determination module, for determining each logging zone of described user according to historical log behavior;

3rd enquiry module, reaches the target logging zone of default value for inquiring about login times, and using the conventional logging zone of described target logging zone as described user.

Alternatively, described determining unit comprises:

Second determination module, for determining each logging zone of described user according to historical log behavior;

4th enquiry module, inquires about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of described target logging zone as described user.

Alternatively, described determining unit comprises:

3rd determination module, determines each logging zone of described user according to historical log behavior;

Computing module, for according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

4th determination module, for reaching the conventional logging zone of logging zone as described user of default value using comprehensive reference value.

The security certification system that the embodiment of the present invention provides, comprising:

Log in statistical server, account policy server and log in validate service device;

Described login statistical server, for receiving the login behavior of reporting of user, determines the conventional logging zone of user according to historical log behavior, and conventional logging zone information is sent to login validate service device;

Described account policy server is for receiving the logging request of user, the identification information of the account that request logs in is comprised in described logging request, if determine that described account is in frozen state according to described identification information, then obtain the positional information of described user according to described logging request, the positional information of described user is sent to described login validate service device;

Described login validate service device for judging whether described positional information belongs to the conventional logging zone of described user, and sends judged result to described account policy server;

If described judged result is yes, then described account policy server is also for allowing described user to log in described account.

As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:

In the embodiment of the present invention, server can receive the logging request of user, the identification information of the account that request logs in is comprised in this logging request, when according to this identification information, server determines that the account is in frozen state, the positional information of user can be obtained according to logging request, and judge whether positional information meets preset registration conditions, if meet, then allow user's logon account, so when certain account is in frozen state, server can't refuse the login of all users to the account, but positional information when logging according to user carrys out differentiating and processing, when positional information when users log on meets preset registration conditions, this user is then allowed to log in the account, all can log in relatively more fixing region because account everyone (i.e. normal users) is general, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is safety certifying method embodiment schematic diagram in the embodiment of the present invention;

Fig. 2 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;

Fig. 3 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;

Fig. 4 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;

Fig. 5 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;

Fig. 6 is server embodiment schematic diagram in the embodiment of the present invention;

Fig. 7 is another embodiment schematic diagram of server in the embodiment of the present invention;

Fig. 8 is another embodiment schematic diagram of server in the embodiment of the present invention;

Fig. 9 is another embodiment schematic diagram of server in the embodiment of the present invention;

Figure 10 is another embodiment schematic diagram of server in the embodiment of the present invention;

Figure 11 is security certification system embodiment schematic diagram in the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Embodiment one:

Refer to Fig. 1, in the embodiment of the present invention, safety certifying method embodiment comprises:

101, the logging request of server receives user;

In the present embodiment, when user wishes to log in a certain account, can send logging request to server, then server can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

Be understandable that, except comprising the identification information (such as coding of accounts, name on account etc.) of the account that request logs in, the information such as user name, password can also be comprised further in this logging request, specifically not limit herein.

If 102 server determination accounts are in frozen state, then server obtains the positional information of user according to logging request;

After server receives the logging request of user's transmission, the current state of the account logged in can be asked according to the identification information-enquiry user of the account in this logging request, if the result display account of inquiry is in frozen state at present, then illustrate that the account belongs to abnormal account at present, need to monitor the login situation of the account, then server can obtain the positional information of user according to logging request.

In the present embodiment, this positional information particular geographic location that can be user residing when logging in, or network site, specifically do not limit herein.

103, server judges whether positional information meets preset registration conditions, if meet, then performs step 104, if do not meet, then performs step 105;

Server can judge whether this positional information meets preset registration conditions, if so, then perform step 104 after obtaining the positional information of user according to logging request, if do not meet, then performs step 105.

104, user's logon account is allowed;

If this positional information meets preset registration conditions, then illustrate that current user logs in the account in certain specific position, this behavior meets the historical log custom of user, so can assert that this user is for normal users, then allow this user's logon account.

105, user's logon account is refused.

If this positional information does not meet preset registration conditions, then illustrate that the login behavior of current user does not meet the historical log custom of user, so can assert that this user is disabled user, then allow this user's logon account.

In the present embodiment, server can receive the logging request of user, the identification information of the account that request logs in is comprised in this logging request, when according to this identification information, server determines that the account is in frozen state, the positional information of user can be obtained according to logging request, and judge whether positional information meets preset registration conditions, if meet, then allow user's logon account, so when certain account is in frozen state, server can't refuse the login of all users to the account, but positional information when logging according to user carrys out differentiating and processing, when positional information when users log on meets preset registration conditions, this user is then allowed to log in the account, all can log in relatively more fixing region because account everyone (i.e. normal users) is general, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

In the above-described embodiments, after server obtains the positional information of user according to logging request, can judge whether this positional information meets preset registration conditions, concrete, server can determine the conventional logging zone of user in advance according to historical log behavior, and then judge whether the positional information got belongs to this conventional logging zone, if belong to, then determine to meet preset registration conditions, if do not belong to, then determine not meet preset registration conditions, in the application of reality, server can determine the conventional logging zone of user in several ways according to historical log behavior, be described in detail respectively below:

Embodiment two:

In the present embodiment, the number of times that server can log in altogether according to user determines the conventional logging zone of user, refers to Fig. 2, and in the embodiment of the present invention, another embodiment of safety certifying method comprises:

201, the login behavioural information that reports of server receives user;

After each logon account of user, that understands not timing reports login behavioural information to server, includes the information such as account, the time of login, the IP address of login that user logs in this login behavioural information.

Such as, the login behavioural information of reporting of user is as shown in the table:

Table 1

Logon account	Login time	Log in IP address
			Tencent111	2013-7-1	58.60.0.4

202, server determines each logging zone of user according to historical log behavior;

In the present embodiment, server can collect the login behavioural information that user reports after each time logs in, so can determine each logging zone of user from these historical log behaviors.

It should be noted that, log in IP address owing to including in the login behavioural information of reporting of user, so geographical position when server can determine that user logs according to this IP address, residing for reality, i.e. logging zone.

Concrete, the historical log behavior that collects arrives can be as shown in the table:

Table 2

Logon account	Login time	Log in IP address	Geographic area
				Tencent111	2013-7-1	58.60.0.8	Shenzhen
Tencent111	2013-7-2	58.60.0.8	Shenzhen
				Tencent111	2013-7-5	58.60.105.13	Shenzhen
Tencent111	2013-7-8	61.141.193.106	Shenzhen
				Tencent111	2013-7-10	218.17.1.136	Shenzhen
Tencent111	2013-7-14	218.18.64.193	Shenzhen
				Tencent111	2013-7-16	58.60.0.8	Shenzhen
Tencent111	2013-7-18	58.60.0.8	Shenzhen
				Tencent111	2013-7-19	219.136.49.69	Guangzhou
Tencent111	2013-7-22	58.62.48.3	Guangzhou
				Tencent111	2013-7-24	59.41.37.181	Guangzhou
Tencent111	2013-7-25	59.41.37.181	Guangzhou
				Tencent111	2013-7-27	218.30.119.114	Beijing
Tencent111	2013-7-28	59.41.37.181	Guangzhou

Tencent111	2013-7-28	59.41.37.181	Guangzhou
				Tencent111	2013-7-29	58.33.248.6	Shanghai
Tencent111	2013-7-30	219.136.49.45	Guangzhou
				Tencent111	2013-7-31	59.41.37.189	Guangzhou
Tencent111	2013-7-31	59.41.37.192	Guangzhou

By above-mentioned table 2, server can determine that the user of logon account " Tencent111 " logs in 19 times altogether, logging zone is respectively " Shenzhen ", " Guangzhou ", " Beijing ", " Shanghai ".

203, server lookup login times reaches the target logging zone of default value, and using the conventional logging zone of target logging zone as user;

After server to determine each logging zone of user according to historical log behavior, the target logging zone that login times reaches default value can be inquired about, and using the conventional logging zone of target logging zone as user.

It should be noted that, this default value can be absolute figure (such as reach 10 times or 20 inferior), also can be relative value (such as in total login times of each logging zone, account for more than 30%, or 40% etc.), be described for absolute figure in the present embodiment:

As can be seen from above-mentioned table 2, in 19 logins altogether of user, the number of times logged in Shenzhen has 8 times, and the number of times logged in Guangzhou has 9 times, and the number of times logged in Beijing and Shanghai respectively has 1 time.

If default value is 8 times, then can determine that target logging zone is for " Shenzhen " and " Guangzhou ", if default value is 9 times, then can determine that target logging zone is for " Guangzhou ", in the present embodiment, hypothetical target logging zone is " Shenzhen " and " Guangzhou ", then can determine that the conventional logging zone of user is for " Shenzhen " and " Guangzhou ".

Be understandable that, except the mode arranging default value, other modes can also be adopted to determine conventional logging zone, and the logging zone etc. such as selecting login times maximum in each logging zone, does not specifically limit herein.

204, the logging request of server receives user;

When user wishes to log in a certain account, can send logging request to server, then server can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

Be understandable that, the information such as user name, password can also be comprised further in this logging request, specifically not limit herein.

In the present embodiment, the logging request that user sends can be as shown in the table:

Table 3

Logon account	Login password	Login time	Log in IP address
				Tencent111	1234567	2013-8-2	59.41.178.123

If 205 server determination accounts are in frozen state, then server obtains the positional information of user according to logging request;

In the present embodiment, if account Tencent111 is frozen due to transmission fallacious message, then server is after the logging request receiving user's transmission, directly can not refuse the logging request of user, but the logging request that can send according to user obtains the positional information of user.

In the present embodiment, server can obtain the positional information of user in several ways:

One, directly obtain from logging request:

If carry entry address information in the logging request that user sends, then server can parse the network address (" logging in IP address " namely as shown in table 3) of user from this entry address information, and uses this login IP address as the positional information of user.

Be understandable that, in actual applications, this positional information is except can being IP address, can also be the service (LBS based on address, Location Based Service) address, or other types in order to represent the content of positional information, specifically can not limit herein.

Two, forward network element from the message forwarding this logging request to obtain:

If do not carry entry address information in the logging request that user sends, then server can determine that user employs message forwarding network element (such as proxy server) and logs in, in order to obtain this user positional information accurately, server can forward from the message forwarding this logging request the network address that network element obtains this user, this network address can be IP address, or LBS address, or other types in order to represent the content of positional information, specifically can not limit herein.

After getting the network address of user, according to the corresponding relation between the network address and positional information, the positional information of user can be inquired.

As shown in Table 3 above, if the IP address that user logs in is 59.41.178.123, then server can inquire the positional information of user for " Guangzhou ".

206, server judges whether positional information belongs to conventional logging zone, if belong to, then performs step 207, if do not belong to, then performs step 208;

Server can judge whether this positional information belongs to conventional logging zone after obtaining the positional information of user according to logging request, if belong to, then performs step 207, if do not belong to, then performs step 208.

207, user's logon account is allowed;

If this positional information belongs to conventional logging zone, then illustrate that current user logs in the account at conventional logging zone, this behavior meets the historical log custom of user, so can assert that this user is for normal users, then allow this user's logon account.

In the present embodiment, the conventional logging zone of user is " Shenzhen " and " Guangzhou ", login IP address in the logging request that user sends is 59.41.178.123, the positional information of its correspondence is " Guangzhou ", then can determine that this positional information belongs to the conventional logging zone of user, then illustrate that this user is for normal users, then server allows this user's logon account Tencent111.

208, user's logon account is refused.

If this positional information does not belong to conventional logging zone, then illustrate that current user does not log in the account at conventional logging zone, this behavior does not meet the historical log custom of user, so can assert that this user is disabled user, then can refuse this user's logon account.

In the present embodiment, the conventional logging zone of user is " Shenzhen " and " Guangzhou ", if the login IP address in the logging request that user sends is 58.35.248.33, the positional information of its correspondence is " Shanghai ", then can determine that this positional information does not belong to the conventional logging zone of user, then illustrate that this user is disabled user, then server can refuse this user's logon account Tencent111.

In the present embodiment, server can determine the conventional logging zone of user according to the historical log behavior of user, when server receives the logging request of user, the positional information of user can be obtained according to this logging request, if this positional information belongs to conventional logging zone, then can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Above described embodiment describes server determines the conventional logging zone of user scheme according to the number of times that user logs in altogether, introduce another scheme below:

Embodiment three:

In the present embodiment, server can determine the conventional logging zone of user according to the situation that user logs at no distant date, refer to Fig. 3, in the embodiment of the present invention, another embodiment of safety certifying method comprises:

301, the login behavioural information that reports of server receives user;

In the present embodiment, the login behavioural information of reporting of user can as shown in Table 1 above, repeat no more herein.

302, server determines each logging zone of user according to historical log behavior;

Concrete, the historical log behavior that collects arrives can as shown in Table 2 above, repeat no more herein.

303, in the nearest preset time period of server lookup, login times reaches the target logging zone of default value, and using the conventional logging zone of this target logging zone as this user;

After server to determine each logging zone of user according to historical log behavior, the target logging zone that login times in nearest preset time period reaches default value can be inquired about, and using the conventional logging zone of this target logging zone as this user.

Nearest preset time period in the present embodiment can be determined according to actual conditions, can be such as one week, two weeks, one month, the first quarter, half a year etc., be described for two weeks in the present embodiment.

It should be noted that, default value in the present embodiment can be absolute figure (such as reach 10 times or 20 inferior), also (such as more than 30% can be accounted in total login times of each logging zone of nearest preset time period for relative value, or 40% etc.), be described for absolute figure in the present embodiment:

As can be seen from above-mentioned table 2, end July 31, in nearest two weeks, the user of logon account " Tencent111 " logs in 12 times altogether, shown in table specific as follows:

Table 4

Logon account

Login time

Log in IP address

Geographic area

Tencent111	2013-7-18	58.60.0.8	Shenzhen
				Tencent111	2013-7-19	219.136.49.69	Guangzhou
Tencent111	2013-7-22	58.62.48.3	Guangzhou
				Tencent111	2013-7-24	59.41.37.181	Guangzhou
Tencent111	2013-7-25	59.41.37.181	Guangzhou
				Tencent111	2013-7-27	218.30.119.114	Beijing
Tencent111	2013-7-28	59.41.37.181	Guangzhou
				Tencent111	2013-7-28	59.41.37.181	Guangzhou
Tencent111	2013-7-29	58.33.248.6	Shanghai
				Tencent111	2013-7-30	219.136.49.45	Guangzhou
Tencent111	2013-7-31	59.41.37.189	Guangzhou
				Tencent111	2013-7-31	59.41.37.192	Guangzhou

As can be seen from above-mentioned table 4, in nearest two weeks in altogether the logging in for 12 times of user, the number of times logged in Shenzhen has 1 time, and the number of times logged in Guangzhou has 9 times, and the number of times logged in Beijing and Shanghai respectively has 1 time.

If default value is 8 times, then can determine that target logging zone is for " Guangzhou ", in the present embodiment, hypothetical target logging zone is " Guangzhou ", then can determine that the conventional logging zone of user is for " Guangzhou ".

304, the logging request of server receives user;

In the present embodiment, the logging request that user sends can as shown in Table 3 above, repeat no more herein.

If 305 server determination accounts are in frozen state, then server obtains the positional information of user according to logging request;

In the present embodiment, server can obtain the positional information of user in several ways, concrete mode with embodiment illustrated in fig. 2 in step 205 described by content consistent, repeat no more herein.

306, server judges whether positional information belongs to conventional logging zone, if belong to, then performs step 307, if do not belong to, then performs step 308;

Server can judge whether this positional information belongs to conventional logging zone after obtaining the positional information of user according to logging request, if belong to, then performs step 307, if do not belong to, then performs step 308.

307, user's logon account is allowed;

In the present embodiment, the conventional logging zone of user is " Guangzhou ", login IP address in the logging request that user sends is 59.41.178.123, the positional information of its correspondence is " Guangzhou ", then can determine that this positional information belongs to the conventional logging zone of user, then illustrate that this user is for normal users, then server allows this user's logon account Tencent111.

308, user's logon account is refused.

In the present embodiment, the conventional logging zone of user is " Guangzhou ", if the login IP address in the logging request that user sends is 58.35.248.33, the positional information of its correspondence is " Shanghai ", then can determine that this positional information does not belong to the conventional logging zone of user, then illustrate that this user is disabled user, then server can refuse this user's logon account Tencent111.

Above described embodiment describes server determines the conventional logging zone of user scheme according to the number of times of the nearest preset login of user, introduce another scheme below:

Embodiment four:

In the present embodiment, server comprehensively can determine the conventional logging zone of user according to login time and login times, refer to Fig. 4, in the embodiment of the present invention, another embodiment of safety certifying method comprises:

401, the login behavioural information that reports of server receives user;

402, server determines each logging zone of user according to historical log behavior;

Table 5

Logon account	Login time	Log in IP address	Geographic area
				Tencent111	2013-7-1	58.60.0.8	Shenzhen
Tencent111	2013-7-2	58.60.0.8	Shenzhen
				Tencent111	2013-7-5	58.60.105.13	Shenzhen
Tencent111	2013-7-8	61.141.193.106	Shenzhen
				Tencent111	2013-7-10	218.17.1.136	Shenzhen
Tencent111	2013-7-14	218.18.64.193	Shenzhen
				Tencent111	2013-7-16	58.60.0.8	Shenzhen
Tencent111	2013-7-18	58.60.0.8	Shenzhen
				Tencent111	2013-7-25	219.136.49.69	Guangzhou

Tencent111	2013-7-25	58.62.48.3	Guangzhou
				Tencent111	2013-7-27	59.41.37.181	Guangzhou
Tencent111	2013-7-28	59.41.37.181	Guangzhou
				Tencent111	2013-7-29	218.30.119.114	Beijing
Tencent111	2013-7-29	59.41.37.181	Guangzhou
				Tencent111	2013-7-30	59.41.37.181	Guangzhou
Tencent111	2013-7-31	58.33.248.6	Shanghai
				Tencent111	2013-7-31	59.41.37.181	Guangzhou

By above-mentioned table 5, server can determine that the user of logon account " Tencent111 " logs in 17 times altogether, logging zone is respectively " Shenzhen (8 times) ", " Guangzhou (7 times) ", " Beijing (1 time) ", " Shanghai (1 time) ".

402, server is according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

In the present embodiment, server can consider login times and the login time of each logging zone, and draws comprehensive reference value according to different weight computing.

The account form of the first reference value can be: for certain logging zone, and log in each time and can count 10 reference values, the first weights are 0.9, then the first reference value is: the total login times * 10 of 0.9*().

The account form of the second reference value can be: for certain logging zone, second weights are 0.3, numerical value after the login time logged in each time in this logging zone deducts the reference time is added and is multiplied by the second weights that the second weights are this logging zone again, for ease of understanding, be described with an instantiation below, the hypothetical reference time is on July 1st, 2013, then the comprehensive reference value in each region is as shown in the table:

Table 6

As can be seen from above-mentioned table 6, through calculating, the comprehensive reference value in " Shenzhen " is 78.6, and the comprehensive reference value in " Beijing " is 11.8, and the comprehensive reference value in " Shanghai " is 12, and the comprehensive reference value in " Guangzhou " is 81.8.

It should be noted that, just enumerate a concrete example calculation above, more kinds of account forms can also be had in actual applications, as long as make " comprehensive reference value is directly proportional to login times; and more in recent login; comprehensive reference value is higher ", specific implementation does not limit herein.

403, comprehensive reference value is reached the conventional logging zone of logging zone as user of default value by server;

After server calculates the comprehensive reference value of each logging zone, comprehensive reference value can be reached the conventional logging zone of logging zone as this user of default value.

In the present embodiment, can using the conventional logging zone of logging zone the highest for comprehensive reference value as user, then the conventional logging zone of user is " Guangzhou ".

404, the logging request of server receives user;

If 405 server determination accounts are in frozen state, then server obtains the positional information of user according to logging request;

406, server judges whether positional information belongs to conventional logging zone, if belong to, then performs step 407, if do not belong to, then performs step 408;

Server can judge whether this positional information belongs to conventional logging zone after obtaining the positional information of user according to logging request, if belong to, then performs step 407, if do not belong to, then performs step 408.

407, user's logon account is allowed;

408, user's logon account is refused.

In the application of reality, " server " that describe in above-described embodiment can be a concrete server, also can be the server cluster of several servers composition.

For ease of understanding, be described with the scheme of a specific embodiment to the server cluster that several servers form below:

Embodiment five:

Refer to Fig. 5, in the embodiment of the present invention, another embodiment of safety certifying method comprises:

501, the login behavior that statistical server receives reporting of user is logged in;

In the present embodiment, after each logon account of user, that understands not timing reports login behavioural information to login statistical server, includes the information such as account, the time of login, the IP address of login that user logs in this login behavioural information.

502, log in statistical server determines user conventional logging zone according to historical log behavior, and conventional logging zone information is sent to login validate service device;

In the present embodiment, login statistical server can collect the login behavioural information that user reports after each time logs in, so can determine each logging zone of user from these historical log behaviors.

Concrete determination mode can adopt following several mode:

One, determine according to total login times:

Concrete, log in statistical server determines user each logging zone according to historical log behavior, log in the target logging zone that statistical server inquiry login times reaches default value, and using the conventional logging zone of target logging zone as user.

Two, determine according to recent login times:

Concrete, log in statistical server determines user each logging zone according to historical log behavior, log in statistical server and inquire about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of target logging zone as user.

Three, comprehensively determine according to login times and time:

Concrete, log in statistical server determines user each logging zone according to historical log behavior, log in statistical server according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone, log in the conventional logging zone of logging zone as user that comprehensive reference value is reached default value by statistical server.

It should be noted that, determine in the embodiment of the detailed process of mode shown in Fig. 2 to Fig. 4 described in detail, repeat no more herein for above-mentioned three kinds.

503, the logging request of account policy server receives user;

When user wishes to log in a certain account, can send logging request to account policy server, then account policy server can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

If 504 account policy server determination accounts are in frozen state, then account policy server obtains the positional information of user according to logging request;

In the present embodiment, if account is frozen due to transmission fallacious message, then account policy server is after the logging request receiving user's transmission, directly can not refuse the logging request of user, but the logging request that can send according to user obtains the positional information of user.

In the present embodiment, account policy server can obtain the positional information of user in several ways, specifically can have the following mode:

One, obtain from logging request:

Concrete, when also comprising entry address information in logging request, account policy server can parse the network address of user from entry address information, and this network address is IP address, or is LBS address;

Account policy server, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

Concrete, account policy server forwards from the message forwarding logging request the network address that network element obtains this user, and this network address is IP address, or is LBS address;

It should be noted that, the concrete mode obtaining the positional information of user with embodiment illustrated in fig. 2 in step 205 described by content consistent, repeat no more herein.

505, the positional information of user is sent to and logs in validate service device by account policy server;

506, log in validate service device and judge whether positional information belongs to the conventional logging zone of this user, and send judged result to account policy server;

Log in validate service device according to after the positional information of logging request acquisition user, can judge whether this positional information belongs to conventional logging zone, and judged result is sent to account policy server.

507, if the determination result is YES, then account policy server allows user's logon account.

If this positional information belongs to conventional logging zone, then illustrate that current user logs in the account at conventional logging zone, this behavior meets the historical log custom of user, so can assert that this user is for normal users, then account policy server allows this user's logon account.

In the present embodiment, log in statistical server can determine user conventional logging zone according to the historical log behavior of user, when account policy server receives the logging request of user, the positional information of user can be obtained according to this logging request, if this positional information belongs to conventional logging zone, then can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Above the safety certifying method in the embodiment of the present invention is described, below the server in the embodiment of the present invention is described:

Embodiment six:

Refer to Fig. 6, in the embodiment of the present invention, server embodiment comprises:

Receiving element 601, for receiving the logging request of user, comprises the identification information of the account that request logs in this logging request;

Acquiring unit 602, for when determining that the account is in frozen state according to this identification information, obtains the positional information of this user according to this logging request;

Authentication ' unit 603, for judging whether this positional information meets preset registration conditions, if meet, then allows this user to log in the account.

In the present embodiment, receiving element 601 can receive the logging request of user, the identification information of the account that request logs in is comprised in this logging request, when according to this identification information, acquiring unit 602 determines that the account is in frozen state, the positional information of user can be obtained according to logging request, and judge whether positional information meets preset registration conditions by authentication ' unit 603, if meet, then allow user's logon account, so when certain account is in frozen state, server can't refuse the login of all users to the account, but positional information when logging according to user carrys out differentiating and processing, when positional information when users log on meets preset registration conditions, this user is then allowed to log in the account, all can log in relatively more fixing region because account everyone (i.e. normal users) is general, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

In the above-described embodiments, after acquiring unit 602 obtains the positional information of user according to logging request, authentication ' unit 603 can judge whether this positional information meets preset registration conditions, concrete, server can determine the conventional logging zone of user in advance according to historical log behavior, and then judge whether the positional information got belongs to this conventional logging zone, if belong to, then determine to meet preset registration conditions, if do not belong to, then determine not meet preset registration conditions, in the application of reality, server can determine the conventional logging zone of user in several ways according to historical log behavior, be described in detail respectively below:

Embodiment seven:

In the present embodiment, the number of times that server can log in altogether according to user determines the conventional logging zone of user, refers to Fig. 7, and in the embodiment of the present invention, another embodiment of server comprises:

Receiving element 701, for receiving the logging request of user, comprises the identification information of the account that request logs in this logging request;

Acquiring unit 702, for when determining that the account is in frozen state according to this identification information, obtains the positional information of this user according to this logging request;

Authentication ' unit 703, for judging whether this positional information meets preset registration conditions, if meet, then allows this user to log in the account.

Server in the present embodiment can further include:

Determining unit 704, for determining the conventional logging zone of this user according to historical log behavior;

This authentication ' unit 703, specifically for judging whether this positional information belongs to this conventional logging zone, if belong to, is then determined to meet this preset registration conditions, if do not belong to, then determines not meet this preset registration conditions.

Determining unit 704 in the present embodiment may further include:

First determination module 7041, for determining each logging zone of this user according to historical log behavior;

3rd enquiry module 7042, reaches the target logging zone of default value for inquiring about login times, and using the conventional logging zone of this target logging zone as this user.

When also comprise in the logging request in the present embodiment log in address information time, the acquiring unit 702 in the present embodiment can comprise:

First acquisition module 7021, for parsing the network address of this user from this entry address information, this network address is internet protocol address, or is location Based service LBS address;

First enquiry module 7022, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

Or the acquiring unit 702 in the present embodiment can comprise:

Second acquisition module 7023, for forwarding from the message forwarding this logging request the network address that network element obtains this user, this network address is internet protocol address, or is location Based service LBS address;

Second enquiry module 7024, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

For ease of understand, below with an embody rule scene to being described alternately between each unit in the present embodiment server:

In the present embodiment, server can collect the login behavioural information that user reports after each time logs in, so the first determination module 7041 in determining unit 704 can determine each logging zone of user from these historical log behaviors.

After the first determination module 7041 in determining unit 704 to determine each logging zone of user according to historical log behavior, the 3rd enquiry module 7042 in determining unit 704 can inquire about the target logging zone that login times reaches default value, and using the conventional logging zone of target logging zone as user.

When user wishes to log in a certain account, can send logging request to server, then receiving element 701 can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

In the present embodiment, acquiring unit 702 can obtain the positional information of user in several ways:

One, directly obtain from logging request:

If carry entry address information in the logging request that user sends, the first acquisition module 7021 then in acquiring unit 702 parses the network address of user from this entry address information, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The first enquiry module 7022 in acquiring unit 702, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

If do not carry entry address information in the logging request that user sends, then server can determine that user employs message forwarding network element (such as proxy server) and logs in, in order to obtain this user positional information accurately, the second acquisition module 7023 in acquiring unit 702 can forward from the message forwarding this logging request the network address that network element obtains this user, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The second enquiry module 7024 in acquiring unit 702, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

After acquiring unit 702 obtains the positional information of user according to logging request, authentication ' unit 703 can judge whether this positional information belongs to conventional logging zone.

It should be noted that the content that the detailed reciprocal process in the present embodiment in server between each unit describes in embodiment as shown in Figure 2 specifically repeats no more herein.

In the present embodiment, determining unit 704 can determine the conventional logging zone of user according to the historical log behavior of user, when receiving element 701 receives the logging request of user, acquiring unit 702 can obtain the positional information of user according to this logging request, if this positional information belongs to conventional logging zone, then authentication ' unit 703 can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Embodiment eight:

In the present embodiment, the number of times that server can log in altogether according to user determines the conventional logging zone of user, refers to Fig. 8, and in the embodiment of the present invention, another embodiment of server comprises:

Receiving element 801, for receiving the logging request of user, comprises the identification information of the account that request logs in this logging request;

Acquiring unit 802, for when determining that the account is in frozen state according to this identification information, obtains the positional information of this user according to this logging request;

Authentication ' unit 803, for judging whether this positional information meets preset registration conditions, if meet, then allows this user to log in the account.

Server in the present embodiment can further include:

Determining unit 804, for determining the conventional logging zone of this user according to historical log behavior;

This authentication ' unit 803, specifically for judging whether this positional information belongs to this conventional logging zone, if belong to, is then determined to meet this preset registration conditions, if do not belong to, then determines not meet this preset registration conditions.

Determining unit 804 in the present embodiment may further include:

Second determination module 8041, for determining each logging zone of this user according to historical log behavior;

4th enquiry module 8042, inquires about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of this target logging zone as this user.

When also comprising entry address information in logging request, the acquiring unit 802 in the present embodiment can comprise:

First acquisition module 8021, for parsing the network address of this user from this entry address information, this network address is internet protocol address, or is location Based service LBS address;

First enquiry module 8022, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

Or the acquiring unit 802 in the present embodiment can comprise:

Second acquisition module 8023, for forwarding from the message forwarding this logging request the network address that network element obtains this user, this network address is internet protocol address, or is location Based service LBS address;

Second enquiry module 8024, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

In the present embodiment, server can collect the login behavioural information that user reports after each time logs in, so the second determination module 8041 in determining unit 804 can determine each logging zone of user from these historical log behaviors.

After the second determination module 8041 in determining unit 804 to determine each logging zone of user according to historical log behavior, the 4th enquiry module 8042 in determining unit 804 can inquire about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of this target logging zone as this user.

Nearest preset time period in the present embodiment can be determined according to actual conditions, can be such as one week, two weeks, one month, the first quarter, half a year etc., specifically do not limit herein.

It should be noted that, default value in the present embodiment can be absolute figure (such as reach 10 times or 20 inferior), also can be relative value (such as in total login times of each logging zone of nearest preset time period, account for more than 30%, or 40% etc.), specifically not limit herein.

When user wishes to log in a certain account, can send logging request to server, then receiving element 801 can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

In the present embodiment, acquiring unit 802 can obtain the positional information of user in several ways:

One, directly obtain from logging request:

If carry entry address information in the logging request that user sends, the first acquisition module 8021 then in acquiring unit 802 parses the network address of user from this entry address information, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The first enquiry module 8022 in acquiring unit 802, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

If do not carry entry address information in the logging request that user sends, then server can determine that user employs message forwarding network element (such as proxy server) and logs in, in order to obtain this user positional information accurately, the second acquisition module 8023 in acquiring unit 802 can forward from the message forwarding this logging request the network address that network element obtains this user, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The second enquiry module 8024 in acquiring unit 802, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

After acquiring unit 802 obtains the positional information of user according to logging request, authentication ' unit 803 can judge whether this positional information belongs to conventional logging zone.

It should be noted that the content that the detailed reciprocal process in the present embodiment in server between each unit describes in embodiment as shown in Figure 3 specifically repeats no more herein.

In the present embodiment, determining unit 804 can determine the conventional logging zone of user according to the historical log behavior of user, when receiving element 801 receives the logging request of user, acquiring unit 802 can obtain the positional information of user according to this logging request, if this positional information belongs to conventional logging zone, then authentication ' unit 803 can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Embodiment nine:

In the present embodiment, the number of times that server can log in altogether according to user and login time comprehensively determine the conventional logging zone of user, refer to Fig. 9, and in the embodiment of the present invention, another embodiment of server comprises:

Receiving element 901, for receiving the logging request of user, comprises the identification information of the account that request logs in this logging request;

Acquiring unit 902, for when determining that the account is in frozen state according to this identification information, obtains the positional information of this user according to this logging request;

Authentication ' unit 903, for judging whether this positional information meets preset registration conditions, if meet, then allows this user to log in the account.

Server in the present embodiment can further include:

Determining unit 904, for determining the conventional logging zone of this user according to historical log behavior;

This authentication ' unit 903, specifically for judging whether this positional information belongs to this conventional logging zone, if belong to, is then determined to meet this preset registration conditions, if do not belong to, then determines not meet this preset registration conditions.

Determining unit 904 in the present embodiment may further include:

3rd determination module 9041, determines each logging zone of this user according to historical log behavior;

Computing module 9042, for according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

4th determination module 9043, for reaching the conventional logging zone of logging zone as this user of default value using comprehensive reference value.

When also comprising entry address information in logging request, the acquiring unit 902 in the present embodiment can comprise:

First acquisition module 9021, for parsing the network address of this user from this entry address information, this network address is internet protocol address, or is location Based service LBS address;

First enquiry module 9022, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

Or the acquiring unit 902 in the present embodiment can comprise:

Second acquisition module 9023, for forwarding from the message forwarding this logging request the network address that network element obtains this user, this network address is internet protocol address, or is location Based service LBS address;

Second enquiry module 9024, for according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

In the present embodiment, server can collect the login behavioural information that user reports after each time logs in, so the 3rd determination module 9041 in determining unit 904 can determine each logging zone of user from these historical log behaviors.

Computing module 9042 in determining unit 904 can according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone;

In the present embodiment, determining unit 904 can consider login times and the login time of each logging zone, and draws comprehensive reference value according to different weight computing.

The account form of the second reference value can be: for certain logging zone, second weights are 0.3, numerical value after the login time logged in each time in this logging zone deducts the reference time is added and is multiplied by the second weights that the second weights are this logging zone again, the comprehensive reference value in each region can as shown in Table 6 above, specifically repeat no more herein.

After computing module 9042 in determining unit 904 calculates the comprehensive reference value of each logging zone, comprehensive reference value can be reached the conventional logging zone of logging zone as this user of default value by the 4th determination module 9043 in determining unit 904.

When user wishes to log in a certain account, can send logging request to server, then receiving element 901 can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

In the present embodiment, acquiring unit 902 can obtain the positional information of user in several ways:

One, directly obtain from logging request:

If carry entry address information in the logging request that user sends, the first acquisition module 9021 then in acquiring unit 902 parses the network address of user from this entry address information, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The first enquiry module 9022 in acquiring unit 902, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

If do not carry entry address information in the logging request that user sends, then server can determine that user employs message forwarding network element (such as proxy server) and logs in, in order to obtain this user positional information accurately, the second acquisition module 9023 in acquiring unit 902 can forward from the message forwarding this logging request the network address that network element obtains this user, this network address is IP address, or be LBS address, or other types in order to represent the content of positional information, specifically can not limit herein;

The second enquiry module 9024 in acquiring unit 902, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

After acquiring unit 902 obtains the positional information of user according to logging request, authentication ' unit 903 can judge whether this positional information belongs to conventional logging zone.

It should be noted that the content that the detailed reciprocal process in the present embodiment in server between each unit describes in embodiment as shown in Figure 4 specifically repeats no more herein.

In the present embodiment, determining unit 904 can determine the conventional logging zone of user according to the historical log behavior of user, when receiving element 901 receives the logging request of user, acquiring unit 902 can obtain the positional information of user according to this logging request, if this positional information belongs to conventional logging zone, then authentication ' unit 903 can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

From the angle of each functional structure of server, the server the embodiment of the present invention is described above, from the angle of server hardware structure, the server the embodiment of the present invention is described below:

Embodiment ten:

The embodiment of the present invention also provides a kind of server, wherein can be integrated with the functional module that in the embodiment of the present invention, server realizes, and as shown in Figure 10, it illustrates the structural representation of the server involved by the embodiment of the present invention, specifically:

This server can comprise processor 1001, the memory 1002 of one or more computer-readable recording mediums, the radio frequency (RF that more than or processes core, Radio Frequency) circuit 1003, wireless communication module, as parts such as bluetooth module and/or Wireless Fidelity (WIFI, Wireless Fidelity) module 1004 grade (for WIFI module 1004 in Figure 10), power supply 1005, transducer 1006, input unit 1007 and display units 1008.It will be understood by those skilled in the art that the server architecture shown in Figure 10 does not form the restriction to server, the parts more more or less than diagram can be comprised, or combine some parts, or different parts are arranged.Wherein:

Processor 1001 is control centres of this server, utilize the various piece of various interface and the whole server of connection, software program in memory 1002 and/or module is stored in by running or performing, and call the data be stored in memory 1002, perform various function and the deal with data of server, thus integral monitoring is carried out to server.Optionally, processor 1001 can comprise one or more process core; Preferably, processor 1001 accessible site application processor and modem processor, wherein, application processor mainly processes operating system, user interface and application program etc., and modem processor mainly processes radio communication.Be understandable that, above-mentioned modem processor also can not be integrated in processor 1001.

Memory 1002 can be used for storing software program and module, and processor 1001 is stored in software program and the module of memory 1002 by running, thus performs the application of various function and data processing.Memory 1002 mainly can comprise storage program district and store data field, and wherein, storage program district can storage operation system, application program (such as sound-playing function, image player function etc.) etc. needed at least one function; Store data field and can store the data etc. created according to the use of server.In addition, memory 1002 can comprise high-speed random access memory, can also comprise nonvolatile memory, such as at least one disk memory, flush memory device or other volatile solid-state parts.Correspondingly, memory 1002 can also comprise Memory Controller, to provide the access of processor 1001 pairs of memories 1002.

RF circuit 1003 can be used in the process of receiving and sending messages, the reception of signal and transmission, especially, after being received by the downlink information of base station, transfers to more than one or one processor 1001 to process; In addition, base station is sent to by relating to up data.Usually, RF circuit 1003 includes but not limited to antenna, at least one amplifier, tuner, one or more oscillator, subscriber identity module (SIM) card, transceiver, coupler, low noise amplifier (LNA, Low Noise Amplifier), duplexer etc.In addition, RF circuit 1003 can also by radio communication and network and other devices communicatings.This radio communication can use arbitrary communication standard or agreement, include but not limited to global system for mobile communications (GSM, GlobalSystem of Mobile communication), general packet radio service (GPRS, General PacketRadio Service), code division multiple access (CDMA, Code Division Multiple Access), Wideband Code Division Multiple Access (WCDMA) (WCDMA, Wideband Code Division Multiple Access), Long Term Evolution (LTE, Long Term Evolution), Email, Short Message Service (SMS, Short Messaging Service) etc.

WIFI belongs to short range wireless transmission technology, and server is sent and received e-mail by WIFI module 1004 and accessed streaming video etc., and it can provide wireless broadband internet access.Although Figure 10 shows WIFI module 1004, be understandable that, it does not belong to must forming of server, can omit in the scope of essence not changing invention as required completely.

Server also comprises the power supply 1005(such as battery of powering to all parts), preferably, power supply can be connected with processor 1001 logic by power-supply management system, thus realizes the functions such as management charging, electric discharge and power managed by power-supply management system.Power supply 1005 can also comprise one or more direct current or AC power, recharging system, power failure detection circuit, power supply changeover device or the random component such as inverter, power supply status indicator.

This server also can comprise at least one transducer 1006, such as optical sensor, motion sensor and other transducers.This server is other transducers such as configurable gyroscope, barometer, hygrometer, thermometer, infrared ray sensor also, do not repeat them here.

This server also can comprise input unit 1007, and this input unit 1007 can be used for the numeral or the character information that receive input, and produces and to arrange with user and function controls relevant keyboard, mouse, action bars, optics or trace ball signal and inputs.Particularly, in a specific embodiment, input unit 1007 can comprise Touch sensitive surface and other input equipments.Touch sensitive surface, also referred to as touch display screen or Trackpad, user can be collected or neighbouring touch operation (such as user uses any applicable object or the operations of annex on Touch sensitive surface or near Touch sensitive surface such as finger, stylus) thereon, and drive corresponding jockey according to the formula preset.Optionally, Touch sensitive surface can comprise touch detecting apparatus and touch controller two parts.Wherein, touch detecting apparatus detects the touch orientation of user, and detects the signal that touch operation brings, and sends signal to touch controller; Touch controller receives touch information from touch detecting apparatus, and converts it to contact coordinate, then gives processor 1001, and the order that energy receiving processor 1001 is sent also is performed.In addition, the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave can be adopted to realize Touch sensitive surface.Except Touch sensitive surface, input unit 1007 can also comprise other input equipments.Particularly, other input equipments can include but not limited to one or more in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc.

This server also can comprise display unit 1008, this display unit 1008 can be used for the various graphical user interface showing information or the information being supplied to user and the server inputted by user, and these graphical user interface can be made up of figure, text, icon, video and its combination in any.Display unit 1008 can comprise display floater, optionally, the form such as liquid crystal display (LCD, Liquid CrystalDisplay), Organic Light Emitting Diode (OLED, Organic Light-Emitting Diode) can be adopted to configure display floater.Further, Touch sensitive surface can cover display floater, when Touch sensitive surface detects thereon or after neighbouring touch operation, sends processor 1001 to determine the type of touch event, provide corresponding vision to export with preprocessor 1001 on a display panel according to the type of touch event.Although in Fig. 10, Touch sensitive surface and display floater be as two independently parts realize inputting and input function, in certain embodiments, can by Touch sensitive surface and display floater integrated and realize input and output function.

Although not shown, server can also comprise camera, bluetooth module etc., does not repeat them here.Specifically in the present embodiment, processor 1001 in server can according to following instruction, executable file corresponding for the process of one or more application program is loaded in memory 1002, and the application program be stored in memory 1002 is run by processor 1001, thus realize various function, as follows:

Receive the logging request of user, in this logging request, comprise the identification information of the account that request logs in;

If determine, the account is in frozen state, then obtain the positional information of this user according to this logging request;

Judge whether this positional information meets preset registration conditions, if meet, then allow this user to log in the account.

Embodiment 11:

The embodiment of the present invention also provides a kind of security certification system, refers to Figure 11, and the security certification system in the embodiment of the present invention comprises:

Log in statistical server 1101, account policy server 1102 and log in validate service device 1103;

This login statistical server 1101, for receiving the login behavior of reporting of user, determines the conventional logging zone of user according to historical log behavior, and conventional logging zone information is sent to login validate service device 1103;

This account policy server 1102 is for receiving the logging request of user, the identification information of the account that request logs in is comprised in this logging request, if determine that the account is in frozen state according to this identification information, then obtain the positional information of this user according to this logging request, the positional information of this user is sent to this login validate service device 1103;

This login validate service device 1103 for judging whether this positional information belongs to the conventional logging zone of this user, and sends judged result to this account policy server 1102;

If this judged result is yes, then this account policy server 1102 is also for allowing this user to log in the account.

For ease of understand, below with an embody rule scene to being described alternately between each equipment in the present embodiment security certification system:

In the present embodiment, after each logon account of user, that understands not timing reports login behavioural information to login statistical server 1101, includes the information such as account, the time of login, the IP address of login that user logs in this login behavioural information.

In the present embodiment, login statistical server 1101 can collect the login behavioural information that user reports after each time logs in, so can determine each logging zone of user from these historical log behaviors.

Concrete determination mode can adopt following several mode:

One, determine according to total login times:

Concrete, log in statistical server 1101 determines user each logging zone according to historical log behavior, log in statistical server 1101 and inquire about the target logging zone that login times reaches default value, and using the conventional logging zone of target logging zone as user.

Two, determine according to recent login times:

Concrete, log in statistical server 1101 determines user each logging zone according to historical log behavior, log in statistical server 1101 and inquire about the target logging zone that login times in nearest preset time period reaches default value, and using the conventional logging zone of target logging zone as user.

Three, comprehensively determine according to login times and time:

Concrete, log in statistical server 1101 determines user each logging zone according to historical log behavior, log in statistical server 1101 according to the first weights and the first reference value determining each logging zone at the login times of each logging zone, according to the second weights and the second reference value determining each logging zone at the login time of each logging zone, and using the first reference value and the second reference value sum comprehensive reference value as this logging zone, log in the conventional logging zone of logging zone as user that comprehensive reference value is reached default value by statistical server 1101.

When user wishes to log in a certain account, can send logging request to account policy server 1102, then account policy server 1102 can receive the logging request that user sends, and can comprise the identification information of the account that request logs in this logging request.

In the present embodiment, if account is frozen due to transmission fallacious message, then account policy server 1102 is after the logging request receiving user's transmission, directly can not refuse the logging request of user, but the logging request that can send according to user obtains the positional information of user.

In the present embodiment, account policy server 1102 can obtain the positional information of user in several ways, specifically can have the following mode:

One, obtain from logging request:

Concrete, when also comprising entry address information in logging request, account policy server 1102 parses the network address of user from this entry address information, and this network address is IP address, or is LBS address;

Account policy server 1102, according to the corresponding relation between the network address and positional information, inquires about the positional information of this user corresponding to the network address of this user.

Concrete, account policy server 1102 forwards from the message forwarding logging request the network address that network element obtains this user, and this network address is IP address, or is LBS address;

The positional information of user is sent to and logs in validate service device 1103 by account policy server 1102;

Log in validate service device 1103 and judge whether positional information belongs to the conventional logging zone of this user, and send judged result to account policy server 1102;

Log in validate service device 1103 according to after the positional information of logging request acquisition user, can judge whether this positional information belongs to conventional logging zone, and judged result is sent to account policy server 1102.

If this positional information belongs to conventional logging zone, then illustrate that current user logs in the account at conventional logging zone, this behavior meets the historical log custom of user, so can assert that this user is for normal users, then account policy server 1102 allows this user's logon account.

In the present embodiment, log in statistical server 1101 can determine user conventional logging zone according to the historical log behavior of user, when account policy server 1102 receives the logging request of user, the positional information of user can be obtained according to this logging request, if this positional information belongs to conventional logging zone, then can assert that this user is for normal users, then allow this user's logon account, can effectively avoid freezing to process impact normal users being used to account so positional information when logging according to user carries out differentiating and processing to the logging request of user.

Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in said method embodiment, can not repeat them here.

In several embodiments that the application provides, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.

The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.

If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And above-mentioned storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.

The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to above-described embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in the various embodiments described above, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. a safety certifying method, is characterized in that, comprising:

2. method according to claim 1, is characterized in that, also comprises entry address information in described logging request;

3. method according to claim 1, is characterized in that, the described positional information obtaining described user according to described logging request comprises:

4. according to the method in any one of claims 1 to 3, it is characterized in that, described method also comprises:

5. method according to claim 4, is characterized in that, describedly determines that the conventional logging zone of described user comprises according to historical log behavior:

6. method according to claim 4, is characterized in that, describedly determines that the conventional logging zone of described user comprises according to historical log behavior:

7. method according to claim 4, is characterized in that, describedly determines that the conventional logging zone of described user comprises according to historical log behavior:

8. a safety certifying method, is characterized in that, comprising:

Log in the login behavior that statistical server receives reporting of user;

9. method according to claim 8, is characterized in that, also comprises entry address information in described logging request;

10. method according to claim 8, is characterized in that, the positional information that described account policy server obtains described user according to described logging request comprises:

Method according to any one of 11. according to Claim 8 to 10, is characterized in that, according to historical log behavior, described login statistical server determines that the conventional logging zone of user comprises:

Or,

12. 1 kinds of servers, is characterized in that, comprising:

13. servers according to claim 12, is characterized in that, also comprise entry address information in described logging request;

Described acquiring unit comprises:

14. servers according to claim 12, is characterized in that, described acquiring unit comprises:

15., according to claim 11 to the server according to any one of 14, is characterized in that, described server also comprises:

16. servers according to claim 15, is characterized in that, described determining unit comprises:

17. servers according to claim 15, is characterized in that, described determining unit comprises:

18. servers according to claim 15, is characterized in that, described determining unit comprises:

19. 1 kinds of security certification systems, is characterized in that, comprising: