CN104917716A - Page security management method and device - Google Patents
Page security management method and device Download PDFInfo
- Publication number
- CN104917716A CN104917716A CN201410085745.2A CN201410085745A CN104917716A CN 104917716 A CN104917716 A CN 104917716A CN 201410085745 A CN201410085745 A CN 201410085745A CN 104917716 A CN104917716 A CN 104917716A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- terminal
- described user
- request
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a page security management method, which comprises the steps of: acquiring a page access request submitted by a user terminal; acquiring an access account of the user terminal and terminal identification information; judging whether the user terminal is a commonly-used terminal of the access account according to pre-recorded login information of the access account, wherein the login information comprises terminal identification information of login terminals of the access account and login times corresponding to each login terminal within a preset time range; and returning a requested page to the user terminal according to the page access request if the user terminal is the commonly-used terminal of the access account. The embodiment of the invention further discloses a page security management device. By adopting the page security management method and the page security management device, unauthorized users can be effectively prevented from invading the secure page through brute-force cracking or refreshing the page.
Description
Technical field
The present invention relates to internet security field, particularly relate to a kind of Pages Security management method and device.
Background technology
Along with the develop rapidly of Internet technology, people are while increasing use Internet technology offers convenience to life, internet security risk also becomes the problem that user worries day by day, such as often there is disabled user to be invaded secure page table by the mode of Brute Force/brush page, cause the internet informations such as the account information of user, private information, Financial Information to be revealed.And the existing scheme of Brute Force/brush page that prevents is for issuing access identifying code, but allow the checking that all conducts interviews of all access request greatly can reduce user's internet use efficiency and experience; Also the IP(Internet Protocol used when obtaining user to access pages is had in prior art, Internet protocol) address, if user uses the frequency of the identical IP request access page too high, issue identifying code, but disabled user still can by the IP address using IP agency constantly to change the request access page, therefore the existing scheme still Shortcomings preventing Brute Force/brush page, uses the security mechanism of identical IP restrict access still to there is serious potential safety hazard.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of Pages Security management method and device, disabled user effectively can be prevented by Brute Force/brush page invasion secure page table and take into account user's service efficiency and experience.
In order to solve the problems of the technologies described above, embodiments provide a kind of Pages Security management method, described method comprises:
Obtain the accessing page request that user terminal is submitted to;
Obtain access account and the terminal identification information of described user terminal;
Judge that whether described user terminal is the conventional terminal of described access account according to the log-on message of pre-recorded described access account, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal;
If described user terminal is the conventional terminal of described access account, then return the requested page according to described accessing page request to described user terminal.
Correspondingly, the embodiment of the present invention additionally provides a kind of Pages Security management devices, and described Pages Security management devices comprises:
Access request acquisition module, for obtaining the accessing page request that user terminal is submitted to;
End message acquisition module, for obtaining access account and the terminal identification information of described user terminal;
Conventional terminal judges module, for judging that according to the log-on message of pre-recorded described access account whether described user terminal is the conventional terminal of described access account, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal;
The page returns module, for when described conventional terminal judges module judges that described user terminal is the conventional terminal of described access account, returns the requested page according to described accessing page request to described user terminal.
By submitting to the access account of accessing page request and the terminal identification information of user terminal to judge, whether this user terminal is the conventional terminal of described access account to background server in the present embodiment, if conventional terminal then can directly return the requested page, otherwise access checking request can be issued, thus achieve and effectively prevent disabled user by Brute Force/brush page invasion secure page table, and user's service efficiency and experience are taken into account.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of Pages Security management method in the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the Pages Security management method in another embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the Pages Security management method in another embodiment of the present invention;
Fig. 4 is the structural representation of a kind of Pages Security management devices in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 1 is the schematic flow sheet of a kind of Pages Security management method in the embodiment of the present invention, Pages Security management method in the present invention can be performed by the Pages Security management devices in the background servers such as Website server, web page server, internet program background server, and the Pages Security management method as shown in Figure 1 in the present embodiment at least can comprise:
S101, obtains the accessing page request that user terminal is submitted to.
In specific implementation, described user terminal can comprise the internet devices such as PC, panel computer, smart mobile phone, electronic reader and car-mounted terminal, described accessing page request can be submitted to background server by the client of browser or operation, described accessing page request at least can comprise the identification information of requested web page, such as web page address, connection etc., request background server returns requested web page to it.Described requested web page can for the targeted security page preset, such as comprise the webpage of user's private information, user is set as covert webpage, or relate to the secure page table of the important informations such as user account information, private information, Financial Information, as account login page, password give the page, the Modify password page etc. for change.
S102, obtains access account and the terminal identification information of described user terminal.
Concrete, the access account of described user terminal can be client logs account, website log account etc. can represent the identification information of user identity, such as instant messaging account or SNS(Social Networking Services, social network services) account etc., described terminal identification information can be the MAC(Media Access Control of described user terminal, network medium controls) address, IMEI(International Mobile Equipment Identity, International Mobile Equipment Identity code), ICCID(Integrate circuit card identity, integrated circuit card identification code) etc. the identifying information of unique identification terminal.It may be noted that in an alternative embodiment, described accessing page request can carry access account and the terminal identification information of described user terminal, Pages Security management devices thus access account and the terminal identification information of user terminal can be obtained from described accessing page request, Pages Security management devices also can read access account or the terminal identification information of described user terminal by client that user terminal runs or webpage, the access account mode of user's input information can also being pointed out to obtain the user terminal that user is submitted to by webpage by webpage or terminal identification information, therefore the present invention step S102 and S101 in other embodiment can perform simultaneously, also first S102 can be performed, perform S101 more afterwards.
According to the log-on message of pre-recorded described access account, S103, judges that whether described user terminal is the conventional terminal of described access account.
Concrete, background server can use described access account to log in recording the log-on message of described access account during described background server user, and described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal.Three user terminals that such as user uses the account A of its registered in advance to be logged in nearly one month by immediate communication tool are respectively its PC, mobile phone and panel computer, the log-on message of this access account that background server record obtains can comprise the MAC Address of these three user terminals, and the login times that user logs in respectively by these three user terminals, as PC 15 times, mobile phone 30 times, panel computer 3 times, and then Pages Security management devices get according to S102 this use described access account to submit the terminal identification information of the user terminal of accessing page request to, can inquire about from log-on message and obtain the login times of this user terminal in nearly one month, thus judge that whether this user terminal is the conventional terminal of described access account.Concrete, in an alternative embodiment, can judge whether the login times of described user terminal in preset time range reaches predetermined threshold value according to the log-on message of the terminal identification information of described user terminal and described access account, if, then judge that described user terminal is the conventional terminal of described access account, for above, such as this uses described access account to submit to the user terminal of accessing page request to be PC, from log-on message, inquiry obtains user account A by this PC login times is 15 times, be greater than predetermined threshold value 10 times, then judge that this PC is the conventional terminal of user account A, if this uses described access account to submit to the user terminal of accessing page request to be panel computer, from log-on message, inquiry obtains user account A by this panel computer login times is 5 times, be less than predetermined threshold value 10 times, then judge that this PC is not the conventional terminal of user account A.
S104, if described user terminal is the conventional terminal of described access account, then returns the requested page according to described accessing page request to described user terminal.
In specific implementation, background server can after judging that through S103 described user terminal is the conventional terminal of described access account, namely the requested page is returned according to described accessing page request to described user terminal, if otherwise judge that described user terminal is not the conventional terminal of described access account, namely directly refuse described accessing page request, return denied access message to described user terminal.In an alternative embodiment, Pages Security management devices can according to the safe class of the requested page to described user terminal backward reference checking request or the accessing page request refusing described user terminal, if such as judge, described user terminal is not the conventional terminal of described access account, Pages Security management devices judges the safe class of the accessed page further, if the safe class of this accessed page is high, then can directly refuse described accessing page request, otherwise can to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information, and then obtain described user terminal according to described access checking request submit to authorization information and the checking that conducts interviews, if be verified, return the requested page to described user terminal.The safe class of the described accessed page can be preset by background server, also can carry out setting or adjusting according to user's setting in advance.Described access checking request can point out user to input default authorization information, such as input a string character string submitted in advance, such as phone number, birthday, favorite star's name etc., also the picture that includes described authorization information can be carried, be committed to background server in the input frame that authorization information content in picture is inserted in the page by prompting user, Pages Security management devices to conduct interviews checking after receiving the authorization information that user terminal submits to, namely whether the authorization information of verified users submission is consistent with the authorization information pre-set, or it is consistent with the authorization information in picture, if consistent, access is verified, the requested page is returned to described user terminal, if otherwise access authentication failed, refuse this accessing page request.
And then in an alternative embodiment, Pages Security management devices can also judge that described user terminal submits to the frequency of accessing page request whether to reach predeterminated frequency threshold value further, if described user terminal submits to the frequency of accessing page request not reach predetermined threshold value, returns the requested page according to described accessing page request to described user terminal; If otherwise described user terminal submits to the frequency of accessing page request to reach predetermined threshold value, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information, Pages Security management devices obtains described user terminal and verifies the authorization information that request is submitted to and the checking that conducts interviews according to described access, if be verified, returns the requested page to described user terminal.The frequency limitation of accessing page request is submitted to can effectively to prevent illegal user from carrying out Brute Force/brush page intrusion target page by same user terminal to user terminal.
By submitting to the access account of accessing page request and the terminal identification information of user terminal to judge, whether this user terminal is the conventional terminal of described access account to background server in the present embodiment, if conventional terminal then can directly return the requested page, otherwise access checking request can be issued, thus achieve and effectively prevent disabled user by Brute Force/brush page invasion secure page table, and user's service efficiency and experience are taken into account.
Fig. 2 is the schematic flow sheet of the Pages Security management method in another embodiment of the present invention, and the Pages Security management method as shown in the figure in the present embodiment can comprise:
S201, obtains access account and the terminal identification information of described user terminal.
Concrete, in the present embodiment, background server can read access account or the terminal identification information of described user terminal by client that user terminal runs or webpage, user's input information can also be pointed out by webpage, and then obtain access account or the terminal identification information of the user terminal that user is submitted to by webpage
S202, obtains the accessing page request that user terminal is submitted to.
Because S201 has got access account and the terminal identification information of user terminal in advance in the present embodiment, described accessing page request only need carry the information of the accessed page, the reference address, web page interlinkage etc. of such as target pages.Described requested web page can for the targeted security page preset, such as comprise the webpage of user's private information, user is set as covert webpage, or relate to the secure page table of the important informations such as user account information, private information, Financial Information, as account login page, password give the page, the Modify password page etc. for change.
According to the terminal identification information of described user terminal and the log-on message of described access account, S203, judges whether the login times of described user terminal in preset time range reaches predetermined threshold value, if so, then performs S204, otherwise perform S205.
Concrete, background server can use the login of described access account to the log-on message recording described access account during described background server user in advance, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal, after the accessing page request receiving user terminal submission through S202, Pages Security management devices can be inquired about and obtain the login times of this user terminal in preset time range from log-on message, and then judge whether the login times of described user terminal in preset time range reaches predetermined threshold value.For above, such as this uses described access account to submit to the user terminal of accessing page request to be PC, from log-on message, inquiry obtains user account A by login times in this PC this month is 15 times, is greater than predetermined threshold value 10 times, then performs S204.
S204, judges that described user terminal is the conventional terminal of described access account, and then performs S207.
S205, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information.
Described access checking request can point out user to input default authorization information, such as input a string character string submitted in advance, such as phone number, birthday, favorite star's name etc., also can carry the picture that includes described authorization information, be committed to background server in the input frame that the authorization information content in picture is inserted in the page by prompting user.
S206, obtains described user terminal and verifies the authorization information that request is submitted to and the checking that conducts interviews according to described access, if be verified, perform S207, if otherwise access authentication failed, refuse this accessing page request.
Namely whether the authorization information of verified users submission is consistent with the authorization information pre-set, or it is consistent with the authorization information in picture, if if consistent, access is verified, and returns the requested page to described user terminal, otherwise access authentication failed, refuses this accessing page request.
S207, returns the requested page to described user terminal.
By submitting to the access account of accessing page request and the terminal identification information of user terminal to judge, whether this user terminal is the conventional terminal of described access account to background server in the present embodiment, if conventional terminal then can directly return the requested page, otherwise access checking request can be issued, thus achieve and effectively prevent disabled user by Brute Force/brush page invasion secure page table, and user's service efficiency and experience are taken into account.
Fig. 3 is the schematic flow sheet of the Pages Security management method in another embodiment of the present invention, and the Pages Security management method as shown in the figure in the present embodiment can comprise:
S301, obtains the accessing page request that user terminal is submitted to.
In specific implementation, described user terminal can comprise the internet devices such as PC, panel computer, smart mobile phone, electronic reader and car-mounted terminal, can submit described accessing page request by the client of browser or operation to background server, request background server returns requested web page to it.Described requested web page can for the targeted security page preset, such as comprise the webpage of user's private information, user is set as covert webpage, or relate to the secure page table of the important informations such as user account information, private information, Financial Information, as account login page, password give the page, the Modify password page etc. for change.
S, 302, obtain access account and the terminal identification information of described user terminal.
Concrete, the access account of described user terminal can be the identification information that client logs account, website log account etc. can represent user identity, such as instant messaging account or SNS account etc., described terminal identification information can be the identifying information of the unique identification terminal such as MAC Address, IMEI, ICCID of described user terminal.Select in embodiment at this, described accessing page request can carry access account and the terminal identification information of described user terminal, Pages Security management devices thus can obtain access account and the terminal identification information of user terminal from described accessing page request.
According to the terminal identification information of described user terminal and the log-on message of described access account, S303, judges whether the login times of described user terminal in preset time range reaches predetermined threshold value, if so, then performs S304, otherwise perform S306.
Concrete, background server can use the login of described access account to the log-on message recording described access account during described background server user in advance, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal, after the accessing page request receiving user terminal submission through S202, Pages Security management devices can be inquired about and obtain the login times of this user terminal in preset time range from log-on message, and then judge whether the login times of described user terminal in preset time range reaches predetermined threshold value.For above, such as this uses described access account to submit to the user terminal of accessing page request to be PC, Pages Security management devices is inquired about and obtained user account A by login times in this PC this month from log-on message is 15 times, be greater than predetermined threshold value 10 times, then perform S304, otherwise perform S306.
S304, judges that described user terminal is the conventional terminal of described access account, and then performs S305.
S305, judges that described user terminal submits to the frequency of accessing page request whether to reach predeterminated frequency threshold value, if then perform S308, otherwise performs S306.
Namely submit to the frequency of accessing page request to be limited to user terminal, if reach predeterminated frequency threshold value, checking be accessed, thus can effectively prevent illegal user from carrying out Brute Force/brush page intrusion target page by same user terminal.
S306, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information.
Described access checking request can point out user to input default authorization information, such as input a string character string submitted in advance, such as phone number, birthday, favorite star's name etc., also can carry the picture that includes described authorization information, be committed to background server in the input frame that the authorization information content in picture is inserted in the page by prompting user.
S307, obtains described user terminal and verifies the authorization information that request is submitted to and the checking that conducts interviews according to described access, if be verified, perform S208, if otherwise access authentication failed, refuse this accessing page request.
Namely whether the authorization information of verified users submission is consistent with the authorization information pre-set, or it is consistent with the authorization information in picture, if if consistent, access is verified, and returns the requested page to described user terminal, otherwise access authentication failed, refuses this accessing page request.
S308, returns the requested page to described user terminal.
By submitting to the access account of accessing page request and the terminal identification information of user terminal to judge, whether this user terminal is the conventional terminal of described access account to background server in the present embodiment, if conventional terminal then can directly return the requested page, if not conventional terminal or conventional terminal access frequency too high time can issue access checking request, thus achieve and effectively prevent disabled user by Brute Force/brush page invasion secure page table, and user's service efficiency and experience are taken into account.
Fig. 4 is the structural representation of a kind of Pages Security management devices in the embodiment of the present invention, Pages Security management devices of the present invention can be implemented in the background servers such as Website server, web page server, internet program background server, and the Pages Security management devices as shown in Figure 4 in the embodiment of the present invention at least can comprise:
Access request acquisition module 410, for obtaining the accessing page request that user terminal is submitted to.
In specific implementation, described user terminal can comprise the internet devices such as PC, panel computer, smart mobile phone, electronic reader and car-mounted terminal, described accessing page request can be submitted to background server by the client of browser or operation, described accessing page request at least can comprise the identification information of requested web page, such as web page address, connection etc., request background server returns requested web page to it, access request acquisition module 410 thus obtain described accessing page request.Described requested web page can for the targeted security page preset, such as comprise the webpage of user's private information, user is set as covert webpage, or relate to the secure page table of the important informations such as user account information, private information, Financial Information, as account login page, password give the page, the Modify password page etc. for change.
End message acquisition module 420, for obtaining access account and the terminal identification information of described user terminal.
In specific implementation, the access account of described user terminal can be client logs account, website log account etc. can represent the identification information of user identity, such as instant messaging account or SNS(Social Networking Services, social network services) account etc., described terminal identification information can be the MAC(Media Access Control of described user terminal, network medium controls) address, IMEI(International Mobile Equipment Identity, International Mobile Equipment Identity code), ICCID(Integrate circuit card identity, integrated circuit card identification code) etc. the identifying information of unique identification terminal.It may be noted that in an alternative embodiment, described accessing page request can carry access account and the terminal identification information of described user terminal, end message acquisition module 420 thus access account and the terminal identification information of user terminal can be obtained from described accessing page request, end message acquisition module 420 also can read access account or the terminal identification information of described user terminal by client that user terminal runs or webpage, the access account mode of user's input information can also being pointed out to obtain the user terminal that user is submitted to by webpage by webpage or terminal identification information.
Conventional terminal judges module 430, for judging that according to the log-on message of pre-recorded described access account whether described user terminal is the conventional terminal of described access account, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal.
In specific implementation, background server can use described access account to log in recording the log-on message of described access account during described background server user, and described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal.Three user terminals that such as user uses the account A of its registered in advance to be logged in nearly one month by immediate communication tool are respectively its PC, mobile phone and panel computer, the log-on message of this access account that background server record obtains can comprise the MAC Address of these three user terminals, and the login times that user logs in respectively by these three user terminals, as PC 15 times, mobile phone 30 times, panel computer 3 times, conventional terminal judges module 430 thus get according to end message acquisition module 420 this use described access account to submit the terminal identification information of the user terminal of accessing page request to, can inquire about from log-on message and obtain the login times of this user terminal in nearly one month, thus judge that whether this user terminal is the conventional terminal of described access account.Concrete, in an alternative embodiment, according to the log-on message of the terminal identification information of described user terminal and described access account, conventional terminal judges module 430 can judge whether the login times of described user terminal in preset time range reaches predetermined threshold value, if, then judge that described user terminal is the conventional terminal of described access account, for above, such as this uses described access account to submit to the user terminal of accessing page request to be PC, from log-on message, inquiry obtains user account A by this PC login times is 15 times, be greater than predetermined threshold value 10 times, then conventional terminal judges module 430 judges that this PC is the conventional terminal of user account A, if this uses described access account to submit to the user terminal of accessing page request to be panel computer, from log-on message, inquiry obtains user account A by this panel computer login times is 5 times, be less than predetermined threshold value 10 times, then conventional terminal judges module 430 judges that this PC is not the conventional terminal of user account A.
The page returns module 440, for when described conventional terminal judges module 430 judges that described user terminal is the conventional terminal of described access account, returns the requested page according to described accessing page request to described user terminal.
In specific implementation, through conventional terminal judges module 430, the page returns module 440 can after judging that described user terminal is the conventional terminal of described access account, namely the requested page is returned according to described accessing page request to described user terminal, if otherwise judge that described user terminal is not the conventional terminal of described access account, namely directly refuse described accessing page request, return denied access message to described user terminal.
And then in an alternative embodiment, Pages Security management devices can also comprise:
Pages Security module 480, for when described conventional terminal judges module 430 judges that described user terminal is not the conventional terminal of described access account, refuse the accessing page request of described user terminal according to the safe class of the requested page or trigger described checking request and return module 440 to described user terminal backward reference checking request.
In an alternative embodiment, Pages Security module 480 can according to the safe class of the requested page to described user terminal backward reference checking request or the accessing page request refusing described user terminal, if such as judge, described user terminal is not the conventional terminal of described access account, Pages Security module 480 judges the safe class of the accessed page further, if the safe class of this accessed page is high, then can directly refuse described accessing page request, otherwise described checking request can be triggered and return module 440 to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information, and then obtain described user terminal according to described access checking request submit to authorization information and the checking that conducts interviews, if be verified, return the requested page to described user terminal.The safe class of the described accessed page can be preset by background server, also can carry out setting or adjusting according to user's setting in advance.
And then in an alternative embodiment, Pages Security management devices can also comprise:
Checking request returns module 450, for when described conventional terminal judges module judges that described user terminal is not the conventional terminal of described access account, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information.
In specific implementation, described access checking request can point out user to input default authorization information, such as input a string character string submitted in advance, such as phone number, birthday, favorite star's name etc., also the picture that includes described authorization information can be carried, be committed to background server in the input frame that authorization information content in picture is inserted in the page by prompting user
Access authentication module 460, for obtaining the authorization information the checking that conducts interviews that described user terminal submits to according to described access checking request, if be verified, trigger the described page and returning module 440 and return the requested page to described user terminal.
In specific implementation, conduct interviews after access authentication module 460 receives the authorization information of user terminal submission checking, namely whether the authorization information of verified users submission is consistent with the authorization information pre-set, or it is consistent with the authorization information in picture, if consistent, access is verified, and triggering page returns module 440 returns the requested page to described user terminal, otherwise if access authentication failed, refuse this accessing page request, as returned denied access message to user terminal.
And then in an alternative embodiment, Pages Security management devices can also comprise:
Access frequency control module 490, for judging that described user terminal submits to the frequency of accessing page request whether to reach predeterminated frequency threshold value, if described user terminal submits to the frequency of accessing page request not reach predetermined threshold value, trigger the described page and return module 440 and return the requested page according to described accessing page request to described user terminal, if described user terminal submits to the frequency of accessing page request to reach predetermined threshold value, trigger described checking request and return module 450 to described user terminal backward reference checking request.
By submitting to the access account of accessing page request and the terminal identification information of user terminal to judge, whether this user terminal is the conventional terminal of described access account to Pages Security management devices in the present embodiment, if conventional terminal then can directly return the requested page, otherwise access checking request can be issued, and then accessing page request can also be submitted to carry out frequency limitation further to user terminal, thus achieve and effectively prevent disabled user by Brute Force/brush page invasion secure page table, and user's service efficiency and experience are taken into account.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.
Claims (10)
1. a Pages Security management method, is characterized in that, described method comprises:
Obtain the accessing page request that user terminal is submitted to;
Obtain access account and the terminal identification information of described user terminal;
Judge that whether described user terminal is the conventional terminal of described access account according to the log-on message of pre-recorded described access account, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal;
If described user terminal is the conventional terminal of described access account, then return the requested page according to described accessing page request to described user terminal.
2. Pages Security management method as claimed in claim 1, it is characterized in that, described method also comprises:
If described user terminal is not the conventional terminal of described access account, then to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information;
Obtain described user terminal and verify the authorization information that request is submitted to and the checking that conducts interviews according to described access, if be verified, return the requested page to described user terminal.
3. Pages Security management method as claimed in claim 2, is characterized in that, if described user terminal is not the conventional terminal of described access account, then comprises to described user terminal backward reference checking request:
Safe class according to the requested page is asked to described user terminal backward reference checking or refuses the accessing page request of described user terminal.
4. Pages Security management method as claimed in claim 1, is characterized in that, the described log-on message according to pre-recorded described access account judges that whether described user terminal is that the conventional terminal of described access account comprises:
Judge whether the login times of described user terminal in preset time range reaches predetermined threshold value according to the terminal identification information of described user terminal and the log-on message of described access account, if so, then judge that described user terminal is the conventional terminal of described access account.
5. Pages Security management method as claimed in claim 1, is characterized in that, if described user terminal is the conventional terminal of described access account, then returns the requested page according to described accessing page request to described user terminal and comprise:
Judge that described user terminal submits to the frequency of accessing page request whether to reach predeterminated frequency threshold value;
If described user terminal submits to the frequency of accessing page request not reach predetermined threshold value, return the requested page according to described accessing page request to described user terminal;
If described user terminal submits to the frequency of accessing page request to reach predetermined threshold value, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information;
Obtain described user terminal and verify the authorization information that request is submitted to and the checking that conducts interviews according to described access, if be verified, return the requested page to described user terminal.
6. a Pages Security management devices, is characterized in that, described Pages Security management devices comprises:
Access request acquisition module, for obtaining the accessing page request that user terminal is submitted to;
End message acquisition module, for obtaining access account and the terminal identification information of described user terminal;
Conventional terminal judges module, for judging that according to the log-on message of pre-recorded described access account whether described user terminal is the conventional terminal of described access account, described log-on message is included in the terminal identification information of the registration terminal of described access account in preset time range and login times corresponding to each registration terminal;
The page returns module, for when described conventional terminal judges module judges that described user terminal is the conventional terminal of described access account, returns the requested page according to described accessing page request to described user terminal.
7. Pages Security management devices as claimed in claim 6, is characterized in that, also comprise:
Checking request returns module, for when described conventional terminal judges module judges that described user terminal is not the conventional terminal of described access account, to described user terminal backward reference checking request, described access checking request is for pointing out user's input validation information;
Access authentication module, for obtaining the authorization information the checking that conducts interviews that described user terminal submits to according to described access checking request, if be verified, trigger the described page and returning module and return the requested page to described user terminal.
8. Pages Security management devices as claimed in claim 7, is characterized in that, also comprise:
Pages Security module, for when described conventional terminal judges module judges that described user terminal is not the conventional terminal of described access account, refuse the accessing page request of described user terminal according to the safe class of the requested page or trigger described checking request and return module to described user terminal backward reference checking request.
9. Pages Security management devices as claimed in claim 6, it is characterized in that, described conventional terminal judges module is used for:
Judge whether the login times of described user terminal in preset time range reaches predetermined threshold value according to the terminal identification information of described user terminal and the log-on message of described access account, if so, then judge that described user terminal is the conventional terminal of described access account.
10. Pages Security management devices as claimed in claim 6, is characterized in that, also comprise:
Access frequency control module, for judging that described user terminal submits to the frequency of accessing page request whether to reach predeterminated frequency threshold value, if described user terminal submits to the frequency of accessing page request not reach predetermined threshold value, trigger the described page and return module and return the requested page according to described accessing page request to described user terminal, if described user terminal submits to the frequency of accessing page request to reach predetermined threshold value, trigger described checking request and return module to described user terminal backward reference checking request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410085745.2A CN104917716B (en) | 2014-03-10 | 2014-03-10 | Page security management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410085745.2A CN104917716B (en) | 2014-03-10 | 2014-03-10 | Page security management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104917716A true CN104917716A (en) | 2015-09-16 |
| CN104917716B CN104917716B (en) | 2020-06-16 |
Family
ID=54086429
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410085745.2A Active CN104917716B (en) | 2014-03-10 | 2014-03-10 | Page security management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104917716B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354505A (en) * | 2015-09-28 | 2016-02-24 | 武汉钢铁(集团)公司 | Image adaption method and electronic device |
| CN105812380A (en) * | 2016-04-26 | 2016-07-27 | 北京小米移动软件有限公司 | Verification method and device |
| CN105897667A (en) * | 2015-10-22 | 2016-08-24 | 乐视致新电子科技(天津)有限公司 | Device access history tracking method, apparatus, server and system |
| CN106230710A (en) * | 2016-09-14 | 2016-12-14 | 广东欧珀移动通信有限公司 | A kind of information synchronization method and device |
| CN106487928A (en) * | 2016-12-09 | 2017-03-08 | 北京小米移动软件有限公司 | Information push method and device |
| CN107872428A (en) * | 2016-09-26 | 2018-04-03 | 平安科技(深圳)有限公司 | The login method and device of application program |
| CN108134770A (en) * | 2017-10-19 | 2018-06-08 | 黄策 | Verify the application layer theft preventing method of short message |
| CN108173823A (en) * | 2017-12-21 | 2018-06-15 | 五八有限公司 | The anti-grasping means of the page and device |
| CN109255230A (en) * | 2018-09-29 | 2019-01-22 | 武汉极意网络科技有限公司 | Recognition methods, system, user equipment and the storage medium of abnormal verifying behavior |
| CN109302394A (en) * | 2018-09-29 | 2019-02-01 | 武汉极意网络科技有限公司 | A kind of anti-simulation login method of terminal, device, server and storage medium |
| CN109801092A (en) * | 2017-11-16 | 2019-05-24 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN109876451A (en) * | 2019-03-18 | 2019-06-14 | 北京智明星通科技股份有限公司 | The login method and equipment of game APP |
| CN109962922A (en) * | 2019-04-04 | 2019-07-02 | 北京网聘咨询有限公司 | The processing method and system of anti-ATS behavior about resume |
| CN110875921A (en) * | 2018-12-27 | 2020-03-10 | 哈尔滨安天科技集团股份有限公司 | Printer network access security detection method and device and electronic equipment |
| CN111385313A (en) * | 2020-05-28 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Method and system for verifying object request validity |
| CN112115462A (en) * | 2020-09-23 | 2020-12-22 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for limiting access terminal based on web page |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101374050A (en) * | 2008-10-23 | 2009-02-25 | 普天信息技术研究院有限公司 | Apparatus, system and method for implementing identification authentication |
| WO2010121137A2 (en) * | 2009-04-17 | 2010-10-21 | Visa International Service Association | Enrollment server |
| CN102325062A (en) * | 2011-09-20 | 2012-01-18 | 北京神州绿盟信息安全科技股份有限公司 | Abnormal login detecting method and device |
| CN102957682A (en) * | 2011-08-30 | 2013-03-06 | 北京百度网讯科技有限公司 | Method and equipment for providing picture verification code based on verification security level |
| CN102970296A (en) * | 2012-11-22 | 2013-03-13 | 网宿科技股份有限公司 | Intelligent website content capture-preventing method and system based on content delivery network |
| CN103095658A (en) * | 2011-11-03 | 2013-05-08 | 北京神州泰岳软件股份有限公司 | Account login method and system |
| CN103488922A (en) * | 2013-08-27 | 2014-01-01 | 百度在线网络技术(北京)有限公司 | Method and equipment for providing verification code |
-
2014
- 2014-03-10 CN CN201410085745.2A patent/CN104917716B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101374050A (en) * | 2008-10-23 | 2009-02-25 | 普天信息技术研究院有限公司 | Apparatus, system and method for implementing identification authentication |
| WO2010121137A2 (en) * | 2009-04-17 | 2010-10-21 | Visa International Service Association | Enrollment server |
| CN102957682A (en) * | 2011-08-30 | 2013-03-06 | 北京百度网讯科技有限公司 | Method and equipment for providing picture verification code based on verification security level |
| CN102325062A (en) * | 2011-09-20 | 2012-01-18 | 北京神州绿盟信息安全科技股份有限公司 | Abnormal login detecting method and device |
| CN103095658A (en) * | 2011-11-03 | 2013-05-08 | 北京神州泰岳软件股份有限公司 | Account login method and system |
| CN102970296A (en) * | 2012-11-22 | 2013-03-13 | 网宿科技股份有限公司 | Intelligent website content capture-preventing method and system based on content delivery network |
| CN103488922A (en) * | 2013-08-27 | 2014-01-01 | 百度在线网络技术(北京)有限公司 | Method and equipment for providing verification code |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354505A (en) * | 2015-09-28 | 2016-02-24 | 武汉钢铁(集团)公司 | Image adaption method and electronic device |
| CN105354505B (en) * | 2015-09-28 | 2019-04-16 | 武汉钢铁(集团)公司 | A kind of image adaptation method and electronic equipment |
| CN105897667A (en) * | 2015-10-22 | 2016-08-24 | 乐视致新电子科技(天津)有限公司 | Device access history tracking method, apparatus, server and system |
| CN105812380A (en) * | 2016-04-26 | 2016-07-27 | 北京小米移动软件有限公司 | Verification method and device |
| CN106230710A (en) * | 2016-09-14 | 2016-12-14 | 广东欧珀移动通信有限公司 | A kind of information synchronization method and device |
| CN107872428A (en) * | 2016-09-26 | 2018-04-03 | 平安科技(深圳)有限公司 | The login method and device of application program |
| CN106487928B (en) * | 2016-12-09 | 2019-12-13 | 北京小米移动软件有限公司 | Message pushing method and device |
| CN106487928A (en) * | 2016-12-09 | 2017-03-08 | 北京小米移动软件有限公司 | Information push method and device |
| US10819813B2 (en) | 2016-12-09 | 2020-10-27 | Beijing Xiaomi Mobile Software Co., Ltd. | Message pushing method and apparatus thereof |
| CN108134770A (en) * | 2017-10-19 | 2018-06-08 | 黄策 | Verify the application layer theft preventing method of short message |
| CN109801092A (en) * | 2017-11-16 | 2019-05-24 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN109801092B (en) * | 2017-11-16 | 2023-09-08 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN108173823A (en) * | 2017-12-21 | 2018-06-15 | 五八有限公司 | The anti-grasping means of the page and device |
| CN109255230A (en) * | 2018-09-29 | 2019-01-22 | 武汉极意网络科技有限公司 | Recognition methods, system, user equipment and the storage medium of abnormal verifying behavior |
| CN109302394A (en) * | 2018-09-29 | 2019-02-01 | 武汉极意网络科技有限公司 | A kind of anti-simulation login method of terminal, device, server and storage medium |
| CN110875921A (en) * | 2018-12-27 | 2020-03-10 | 哈尔滨安天科技集团股份有限公司 | Printer network access security detection method and device and electronic equipment |
| CN110875921B (en) * | 2018-12-27 | 2022-10-18 | 安天科技集团股份有限公司 | Printer network access security detection method and device and electronic equipment |
| CN109876451A (en) * | 2019-03-18 | 2019-06-14 | 北京智明星通科技股份有限公司 | The login method and equipment of game APP |
| CN109962922A (en) * | 2019-04-04 | 2019-07-02 | 北京网聘咨询有限公司 | The processing method and system of anti-ATS behavior about resume |
| CN109962922B (en) * | 2019-04-04 | 2021-08-06 | 北京网聘咨询有限公司 | Processing method and system for anti-ATS behavior of resume |
| CN111385313A (en) * | 2020-05-28 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Method and system for verifying object request validity |
| CN112115462A (en) * | 2020-09-23 | 2020-12-22 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for limiting access terminal based on web page |
| CN112115462B (en) * | 2020-09-23 | 2022-07-08 | 国网江苏省电力有限公司泰州供电分公司 | Method and system for limiting access terminal based on web page |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104917716B (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104917716A (en) | Page security management method and device | |
| EP3691215B1 (en) | Access token management method, terminal and server | |
| US11539687B2 (en) | Message right management method, device and storage medium | |
| US10237261B2 (en) | Systems and methods for location-based authentication | |
| CN107172054B (en) | Authority authentication method, device and system based on CAS | |
| US9450939B2 (en) | Method and apparatus for service login based on third party's information | |
| US9860233B2 (en) | Comprehensive authentication and identity system and method | |
| US9119076B1 (en) | System and method for authentication using a mobile communication device | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| US8863265B2 (en) | Remote sign-out of web based service sessions | |
| CN104144419A (en) | Identity authentication method, device and system | |
| CN111355713B (en) | Proxy access method, device, proxy gateway and readable storage medium | |
| CN106161348B (en) | Single sign-on method, system and terminal | |
| CN104065621A (en) | Identify verification method for third-party service, client and system | |
| CN103795731A (en) | User account login method | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
| CN103905399A (en) | Account registration management method and apparatus | |
| CN105577619B (en) | Client login method, client and system | |
| WO2012004640A1 (en) | Transaction authentication | |
| CN108076077A (en) | A kind of conversation controlling method and device | |
| CN105592009A (en) | Method and device for retrieving or modifying login password | |
| WO2016138726A1 (en) | Method and device for secure authentication, and storage medium | |
| CN102882686A (en) | Authentication method and authentication device | |
| US20140237567A1 (en) | Authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |