Specific implementation mode
The technical solution further illustrated the present invention below in conjunction with Figure of description and specific embodiment.It should be appreciated that this
The described specific embodiment in place is only used to explain the present invention, is not intended to limit the present invention.
In following embodiments of Information Authentication method and device of the present invention, the intermediate account can be understood as unique mark
The account of one natural person user, and using the intermediate account as related information, it is associated with above-mentioned same natural person's user's registration
Access different access account used in same application;I.e. by the intermediate account, the access of same natural person's user's registration is same
One can share corresponding access attribute information and be taken when accessing the application program using used all access accounts
It is engaged in having secure access to strategy used by device.Wherein, the same application includes same application and same webpage, such as identical
Instant messaging application program, identical game application program and same webpage, subsequent embodiment will not be described in great detail.
As shown in Figure 1, terminal 100 and terminal 200 are based on internet carries out data interaction with server 300;For example, user
Methyl accesses server 300 in terminal 100, and an access account is had registered on the user interface that server 300 provides
Number A, and pass through 200 frequent access application X of terminal 100 or terminal using the access account A as main number;Server 300 is remembered
The historical operation that record accesses account A access applications X records and stores corresponding historical data, while server 300 is to visit
It asks that account A establishes corresponding intermediate account a, and stores the mapping relations accessed between account A and intermediate account a, then work as user
Methyl is when terminal 100 or 200 new registration of terminal one access account B, access account that server 300 is registered based on user's first
Number corresponding access attribute information of B identifies that the access account B belongs to the corresponding access account of same natural person with account A is accessed
Number, then server 300 establishes the mapping relations of the access account B and intermediate account a;When server 300 detect terminal 100 or
Person's terminal 200 be based on accessing account B for the first time access application X when, server 300 find access account B exist it is intermediate
Account a, and the intermediate account a is associated with account A is accessed, then server 300, which obtains, accesses the corresponding access attribute letters of account A
Breath, and to access the access attribute information that account B uses access account A, and using the secure access of authentication-access account A
Policy validation accesses the register of account B access applications X, and is no longer directed to and accesses account B and issue cumbersome additional test
Card program such as issues the legitimacy of the access operation of identifying code authentication-access account B access applications X, has saved server
300 data processing resources improve the convenience of Information Authentication while assuring data security, also improve man-machine
Interactivity;For user side, the user experience is improved.
An embodiment of the present invention provides a kind of Information Authentication method first embodiments, as shown in Fig. 2, Information Authentication of the present invention
Method includes:
Step S01, it receives user terminal and accesses a triggering command applied based on account is accessed, search and be based on the access
Account accesses the historical data corresponding to the application;
When server receives user terminal based on the triggering command for accessing the one of application of account access, server
The above-mentioned triggering command that user terminal is sent is responded, searches and the corresponding historical data of above application is accessed based on the access account,
For example corresponding IP address when based on the access account the last time accessing the application, the last to access the application lasting
Access that duration, (such as within one week or within one month) accesses the total degree of the application and every in the first preset duration
The historical datas such as secondary corresponding access duration and access IP address.
For example, server, which receives user terminal, is based on login account such as QQ number and QQ password logins QQ this instant messaging
When application program, the whois lookup user terminal is based on above-mentioned QQ number code and logs in corresponding history access record when QQ, obtains
Performed action event after operation duration, the login when QQ number code corresponding last login QQ after login time, login is stepped on
The historical datas such as corresponding IP address and MAC Address when record.
Step S02, according to the historical data of lookup, identify that the access account does not meet default access rule,
Then search whether the intermediate account for having with the access account mapping;
Server accesses the corresponding historical data of above application according to the access account found, identifies the access account
Whether default access rule is met;For example identify whether the access account is to access the application or the access account for the first time to be
It is no for very with area access the application or the access account whether in third preset duration (such as in 10 minutes) base
It repeatedly attempts to access above application etc. in different IP address.Identifying that above-mentioned access account do not meet default access rule
When, for example, above-mentioned access account be access the application for the first time or the access account be very accessing the application with area, or
Person's account was repeatedly attempted to access above application etc. based on different IP address in 10 minutes, then in whois lookup database
Whether the intermediate account that with the access account maps is stored.
In the present embodiment, the intermediate account can be understood as the access account and access account phase with other in same application
Associated related information;By the corresponding intermediate account of the access account, other mapped with the intermediate account can be found
Other associated with the access account access account.
In one preferred embodiment of the embodiment of the present invention, server identifies described according to the historical data of lookup
It accesses account and does not meet default access rule, including:
Server is obtained user terminal and is accessed corresponding to the triggering command of above application program based on the access account
IP address and/or MAC Address;In the access account of acquisition accesses the corresponding historical data of above application program, in lookup
It states IP address and/or MAC Address whether there is;If server can not find this in the historical data and access in account access
IP address and/or MAC Address used in application program are stated, then identifies that the access account does not meet default access rule.
If step S03, being searched associated with the intermediate account in the presence of the intermediate account with the access account mapping
Associated account number, and obtain the corresponding relating attribute information of the associated account number;
Whois lookup to the access account exist map with the access account intermediate account when, whois lookup and
Other access accounts that can equally access the application program of the intermediate account relating, the i.e. intermediate associated association of account
Account;When intermediate account has associated account number associated with account among this, server obtains above-mentioned each associated account number pair
The relating attribute information answered;Wherein, the corresponding relating attribute information of associated account number is it can be appreciated that above-mentioned associated account number corresponds to
Access attribute information.
Whois lookup to the access account exist mapped with the account intermediate account when, but do not find in this
Between account relating associated account number when, also just says, in server, with the access account map intermediate account only with this
A access account establishes mapping relations, then server directly acquires the corresponding access attribute information of the intermediate account.
Step S04, it is the corresponding access attribute information of the access account by the relating attribute information sharing, and by institute
It is to be visited safely used by the access account accesses the application to state the corresponding secure access Policies sharing of relating attribute information
Ask strategy;
Step S05, based on the conjunction for having secure access to access account described in policy validation described in the access attribute use of information
Method.
Server sets the relating attribute information of the corresponding associated account number of above-mentioned intermediate account of acquisition to the access account
Number corresponding access attribute information, meanwhile, it is to verify the visit by the corresponding secure access strategy setting of above-mentioned relating attribute information
Ask that account accesses secure access strategy used by above application, and based on shared above-mentioned access attribute information, utilization is above-mentioned
Shared secure access strategy, verifies the legitimacy that above-mentioned access account accesses above application, and add-on security is used to save
Authentication policy such as issues identifying code, control user terminal provides the additional safety verification strategy such as other additional verification informations
To verify the legitimacy that the access account accesses above application.
When the embodiment of the present invention receives user based on the triggering command for accessing one application of account access, the access account is searched
Number access the corresponding historical data of above application program;Based on above-mentioned historical data, it is pre- to identify that the access account is not met
If access rule, and find in the presence of the intermediate account with the access account mapping, and by related to the intermediate account
The associated account number of connection obtains the corresponding relating attribute information of above-mentioned associated account number;The relating attribute information is set as described
The corresponding access attribute information of account is accessed, and is verification institute by the corresponding secure access strategy setting of the relating attribute information
State secure access strategy used by accessing the account access application;Based on being visited safely described in the access attribute use of information
Ask the legitimacy that account is accessed described in policy validation;In compared to the prior art, though same natural person user using main number and
When small size common access same application, server still verifies above-mentioned access to above-mentioned trumpet using additional safety verification strategy
The legitimacy of this access of account, the embodiment of the present invention have the advantageous effect that master's information is intelligently read by intermediate account,
The attribute reached between the different access account that server can use same natural person user to be registered based on same application is believed
The purpose of breath;It is attached based on being executed required for the small size access same application bound with main number to same user to eliminate server
Add the cumbersome verification process of safety verification strategy.
The embodiment of the present invention also provides in a kind of Information Authentication method and identifies access account according to the historical data of lookup
One embodiment of default access rule is not met;The present embodiment be in embodiment described in Fig. 2 step " S02, according to the institute of lookup
State historical data, identify it is described access account do not meet default access rule " carry out further describe.
Based on the description of embodiment described in Fig. 2, as shown in figure 3, according to the history of lookup in Information Authentication method of the present invention
Data identify that accessing account does not meet default access rule, including:
Step S11, it according to the historical data, searches and is based on answering described in access account access in the first preset duration
Access times;
Step S12, identify whether the access times are less than first threshold;If so, thening follow the steps S13;If it is not, then holding
Row step S14;
Step S13, identify that the access account does not meet default access rule;
Server accesses the corresponding historical data of above application according to the access account found, searches pre- first
If (such as in one month or in one week) accesses the total access times of the application, identification based on above-mentioned access account in duration
Whether above-mentioned access times are less than first threshold;In the present embodiment, the first threshold can be above-mentioned according to accessing by server
The access frequency determination of the different access account of application, or by server according to the corresponding each access account of access above application
The corresponding history access record of legitimate verification either historical data determine or by server according to technical staff in user
The setting instruction of side triggering obtains above-mentioned first threshold;The present embodiment does not limit the acquisition modes and concrete numerical value of first threshold
It is fixed.
Server is identified in the first preset duration and is accessed based on the access account according to the historical data of acquisition
It is described that the corresponding access times is applied to be less than first threshold, then identify that above-mentioned access account does not meet default access and advises
Then.
Step S14, the corresponding each access duration of the access times is obtained, it is more than second that identification, which accesses duration,
Whether the quantity of preset duration is less than second threshold;
When the quantity that the access duration is more than the second preset duration is less than second threshold, executes step S13, identifies
The access account does not meet default access rule;
When the quantity that the access duration is more than the second preset duration is greater than or equal to the second threshold, step is executed
S15;
Step S15, identify that the access account meets default access rule.
In server according to the historical data of acquisition, identifies in the first preset duration and visited based on the access account
When asking that the corresponding access times of the application are greater than or equal to first threshold, it is right respectively that server obtains above-mentioned access times
That answers accesses the access duration of the application every time, obtains and accesses whether the quantity that duration is more than the second preset duration is less than the second threshold
Value;The validation testing of second preset duration and second threshold is similar to the mode of first threshold is confirmed, described second is default
Duration and second threshold can determine by server according to the access frequency for the different access account for accessing above application, Huo Zheyou
Server is according to the corresponding history access record of legitimate verification or history for accessing the corresponding each access account of above application
Data determine, or setting instruction trigger in user side according to technical staff by server obtain above-mentioned second preset duration with
Second threshold;The second preset duration of the present embodiment pair and the acquisition modes and concrete numerical value of second threshold do not limit.
For example, the corresponding each access durations of above-mentioned access times N that server obtains are respectively M1~Mn, then service
Device identifies that N number of access duration M1~Mn is more than whether the quantity Nx of the second preset duration M0 is less than second threshold N0, in the visit
When asking that duration M1~Mn is more than that the quantity Nx of the second preset duration M0 is less than second threshold N0, server identifies the access account
Number default access rule is not met;It is greater than or equal in the quantity Nx that the access duration M1~Mn is more than the second preset duration M0
When second threshold N0, server identifies that the access account meets default access rule.
The embodiment of the present invention identifies the access that the application is accessed based on the access account according to the historical data of acquisition
Frequency and the corresponding access duration of the application program is accessed every time to identify that the access account does not meet default access rule
Mode improves the convenience of server identification.
The embodiment of the present invention additionally provides a kind of Information Authentication method second embodiment;Described in the embodiment of the present invention and Fig. 2
The difference of embodiment is, when identifying that corresponding intermediate account is not present in the access account, is created in one for the access account
Between account.
Based on the description of embodiment described in Fig. 2 and Fig. 3, as shown in figure 4, Information Authentication method of the present invention is " step S02,
According to the historical data of lookup, identify that the access account does not meet default access rule, then search whether exist with
It is described access account mapping intermediate account, further include later:
If the intermediate account with the access account mapping step S20, is not present, create unique with the access account
The intermediate account of mapping, and the intermediate account shares the corresponding access attribute information of the access account.
Server identifies that the access account does not meet default access rule and searches and does not deposit according to the historical data of lookup
In the intermediate account mapped with the access account, server is according to the corresponding access attribute information creating of the access account one
The intermediate account uniquely mapped with the access account, and the intermediate account can share the corresponding access attribute letter of the access account
Breath, that is to say, that after the access account and the intermediate account are bound, by the intermediate account, server can get and
The corresponding access attribute information of all access accounts of the intermediate account binding and respectively access account are corresponding to access this using institute
The historical data of generation.
After server is that above-mentioned access account creates an intermediate account, if server subsequently identify in the presence of with it is above-mentioned
When related other of access account A access account B, according to the incidence relation for accessing account B and above-mentioned access account A, service
Device can also bind above-mentioned access account B with the corresponding intermediate accounts of account A are accessed, and server can be shared and have
In the corresponding access attribute information of each access account of identical intermediate account and the corresponding secure access strategy of each access account etc.
It states and accesses the corresponding relevant information of account.
The embodiment of the present invention is that there is no the access accounts of intermediate account to create corresponding intermediate account, and it is total to improve information
That enjoys is intelligent.
The embodiment of the present invention additionally provides Information Authentication method 3rd embodiment;The present embodiment and embodiment described in Fig. 4
Difference is that server is to access account to be pre-created corresponding intermediate account.
Based on the description of embodiment described in Fig. 2, Fig. 3 and Fig. 4, as shown in figure 5, Information Authentication method of the present invention is in " step
S01, the triggering command that user terminal accesses an application based on access account is received, searched based on described in access account access
Using corresponding historical data " further include before:
Step S10, it establishes described using corresponding each mapping relations for accessing account and intermediate account;
In the present embodiment, server establishes each visit according to the corresponding each incidence relation accessed between account of same application
Ask the mapping relations of account and intermediate account and storage;Wherein, the above-mentioned access account and corresponding intermediate account that server is established
When mapping relations between number, one accesses account uniquely corresponding one intermediate account, but intermediate account can correspond to one or
Multiple access accounts are associated as shown in fig. 6, respectively accessing account by intermediate account;And server accesses account in verification one
Number legitimacy when, can share intermediate account mapped identical with the access account respectively access account institute it is corresponding
Access attribute information, secure access strategy and corresponding historical data.
In a preferred embodiment, server is established described using corresponding each access account and intermediate account
Mapping relations may be used such as under type:
Server obtains the corresponding all access accounts of the application and the corresponding access attribute information of each access account, and
It obtains user and is based on the corresponding historical data of each access account access application;According to the access attribute information of acquisition and
Historical data calculates each relating value accessed between account;The access account for being more than default correlation threshold for the relating value is built
Found same intermediate account;Wherein, the corresponding visit of the access account is shared between the identical each access account of the intermediate account
Ask attribute information and the corresponding secure access strategy of the access attribute information.
For example, server obtains a certain corresponding all login accounts of network game software-network game A and each login account
Corresponding access attribute information, such as user's pet name, phone number or email address, age of user with the binding of network game account
Equal access attributes information;Based on above-mentioned login account, obtains user and be based on the corresponding history of the above-mentioned network game A of each login account login
Data, such as common entry address, common login IP address, login time section, log duration etc.;According to the above-mentioned access of acquisition
Attribute information and historical data, server calculate the relating value between each access account;For example, common entry address whether phase
With, it is common log in IP address it is whether identical, it is common log in whether MAC Address identical, whether login time section consistent etc., and more than
Information is stated as relevant parameter, and is that above-mentioned each relevant parameter assigns centainly respectively according to the significance level of each relevant parameter
Weighted value the corresponding association of above-mentioned login account is calculated according to above-mentioned relevant parameter and the corresponding weighted value of each relevant parameter
Value;The login account for being more than a default correlation threshold for the relating value establishes same intermediate account;And possess identical intermediate account
Number each access account between, the shared access attribute information to correspond to each other and corresponding secure access are tactful.
In an alternative embodiment of the invention, server, which is established, described reflects using corresponding each account that accesses with centre account
Relationship is penetrated, it can also be in the following way:
Server obtains the corresponding each access account of the application and the corresponding unique mark one of the access account certainly
The characteristic identity information of right people user;Same intermediate account is established for the identical access account of the characteristic identity information;
The corresponding access attribute information of access account and the visit are shared between the identical each access account of the intermediate account
Ask attribute information corresponding secure access strategy.For example, server obtains the corresponding each access account of above application and each visit
It asks the characteristic identity identity information of account one natural person user of corresponding unique mark, for example for Chinese user, obtains
The ID card No. bound when above-mentioned user's registration access account is taken, then server creates the identical access account of ID card No.
Build same intermediate account;Alternatively, server, which obtains one logged in for the first time, accesses the corresponding ID card No. first of account a, then service
Device lookup had logged in the corresponding ID card No. of the corresponding each access account of above application, recognized whether and above-mentioned identity
Demonstrate,prove the identical intermediate account of number first or identical access account b and the corresponding intermediate accounts of access account b;If in the presence of,
Then server directly binds above-mentioned access account a and corresponding intermediate account, establishes and accesses account a and above-mentioned intermediate account
Mapping relations.
Server of the embodiment of the present invention establishes the corresponding each mapping relations for accessing account and intermediate account of same application
Subsequent server shares the corresponding information of identical access account and provides important evidence, saves the processing time of server,
The performance loss for reducing server, improves man-machine interactivity;For user side, due to being not in cumbersome attached
Add safety verification program, therefore in verification processing program, improves user experience.
The embodiment of the present invention additionally provides Information Authentication device first embodiment;As shown in fig. 7, Information Authentication dress of the present invention
Set including:Data obtaining module 01, information sharing module 02 and information authentication module 03.
Data obtaining module 01, is used for:It receives user terminal and accesses a triggering command applied based on account is accessed, search
The historical data corresponding to the application is accessed based on the access account;According to the historical data of lookup, institute is identified
It states access account and does not meet default access rule, then search whether the intermediate account existed and the access account maps;If depositing
In the intermediate account with the access account mapping, then lookup associated account number associated with the intermediate account, and obtain institute
State the corresponding relating attribute information of associated account number;
When the data obtaining module 01 of server receives user terminal one of application is accessed based on account is accessed
When triggering command, data obtaining module 01 responds the above-mentioned triggering command that user terminal is sent, and searches and is visited based on the access account
Ask above application corresponding historical data, for example, based on the access account the last time access corresponding IP address when the application,
The last time access this application lasting access duration, in the first preset duration (such as within one week or one month it
It is interior) access the total degree and corresponding accesss duration and the access historical datas such as IP address every time of the application.
For example, data obtaining module 01 receive user terminal be based on login account such as QQ number and QQ password logins QQ this
When instant messaging application program, data obtaining module 01 searches the user terminal and is based on corresponding when above-mentioned QQ number code logs in QQ go through
History accesses record, is held after the operation duration, login when obtaining the QQ number code corresponding last login QQ after login time, login
Capable action event, the historical datas such as corresponding IP address and MAC Address when logging in.
Data obtaining module 01 accesses the corresponding historical data of above application according to the access account found, and identification should
Access whether account meets default access rule;For example identify whether the access account is to access the application or the visit for the first time
Ask whether account is very to access the application or the access account whether (such as 10 in third preset duration with area
In minute) it repeatedly attempts to access above application etc. based on different IP address.Identifying that it is default that above-mentioned access account is not met
When access rule, for example above-mentioned access account is to access the application for the first time or the access account is to be accessed with area very much
The application or the account were repeatedly attempted to access above application etc. based on different IP address in 10 minutes, then acquisition of information
Whether the intermediate account that with the access account maps is stored in 01 searching data library of module.
In the present embodiment, the intermediate account can be understood as the access account and access account phase with other in same application
Associated related information;By the corresponding intermediate account of the access account, other mapped with the intermediate account can be found
Other associated with the access account access account.
In one preferred embodiment of the embodiment of the present invention, data obtaining module 01 is known according to the historical data of lookup
Do not go out the access account and does not meet default access rule, including:
Data obtaining module 01 obtains the triggering command that user terminal accesses above application program based on the access account
Corresponding IP address and/or MAC Address;The corresponding historical data of above application program is accessed in the access account of acquisition
In, it searches above-mentioned IP address and/or MAC Address whether there is;If data obtaining module 01 can not find in the historical data
This accesses account and accesses IP address and/or MAC Address used in above application program, then identifies that the access account is not inconsistent
It closes and presets access rule.
When data obtaining module 01 finds the access account and there is the intermediate account mapped with the access account, information
Acquisition module 01 searches other access accounts that can equally access the application program with the intermediate account relating, i.e., among this
The associated associated account number of account;When there is associated account number associated with account among this in intermediate account, acquisition of information mould
Block 01 obtains the corresponding relating attribute information of above-mentioned each associated account number;Wherein, the corresponding relating attribute information of associated account number also may be used
Access attribute information is corresponded to be interpreted as above-mentioned associated account number.
When data obtaining module 01 finds the access account and there is the intermediate account mapped with the account, but do not search
When to associated account number with the intermediate account relating, also just says, in server, the intermediate account that is mapped with the access account
Mapping relations only are established with this access account, then data obtaining module 01 directly acquires the corresponding access of the intermediate account
Attribute information.
Information sharing module 02, is used for:The relating attribute information is set to the corresponding access of the access account to belong to
Property information, and be to verify to answer described in accesss account access by the corresponding secure access strategy setting of the relating attribute information
With used secure access strategy;
Information authentication module 03, is used for:Described in secure access policy validation described in the access attribute use of information
Access the legitimacy of account.
Information sharing module 02 sets the relating attribute information of the corresponding associated account number of above-mentioned intermediate account of acquisition to
The corresponding access attribute information of the access account, meanwhile, it is by the corresponding secure access strategy setting of above-mentioned relating attribute information
It verifies the access account and accesses secure access strategy used by above application;Information authentication module 03 is based on shared above-mentioned visit
It asks attribute information, using above-mentioned shared secure access strategy, verifies the legitimacy that above-mentioned access account accesses above application, from
And save using add-on security authentication policy such as issue identifying code, control user terminal other additional verification informations etc. are provided
Additional safety verification strategy come verify the access account access above application legitimacy.
When the embodiment of the present invention receives user based on the triggering command for accessing one application of account access, the access account is searched
Number access the corresponding historical data of above application program;Based on above-mentioned historical data, it is pre- to identify that the access account is not met
If access rule, and find in the presence of the intermediate account with the access account mapping, and by related to the intermediate account
The associated account number of connection obtains the corresponding relating attribute information of above-mentioned associated account number;It is described by the relating attribute information sharing
The corresponding access attribute information of account is accessed, and is verification institute by the corresponding secure access Policies sharing of the relating attribute information
State secure access strategy used by accessing the account access application;In compared to the prior art, even if same natural person uses
Family is using main number and small size common when accessing same application, server still to it is above-mentioned it is small size using additional safety verification strategy come
The legitimacy of this access of above-mentioned access account is verified, the embodiment of the present invention, which has, passes through intermediate account intelligent sharing master's information
Advantageous effect, reached server can share different access account that same natural person user is registered based on same application it
Between attribute information purpose;Server is eliminated to access needed for same application same user based on the trumpet with main number binding
The cumbersome verification process for the add-on security authentication policy to be executed.
Please continue to refer to Fig. 7, in Information Authentication device of the embodiment of the present invention, described information acquisition module 01 is according to lookup
Historical data identifies that accessing account does not meet default access rule, can also be accomplished by the following way:
Data obtaining module 01 accesses the corresponding historical data of above application according to the access account found, searches
(such as in one month or in one week) accesses the total access of the application based on above-mentioned access account in the first preset duration
Number, identifies whether above-mentioned access times are less than first threshold;In the present embodiment, the first threshold can by server according to
The access frequency determination of the different access account of above application is accessed, or corresponding each according to above application is accessed by server
Either historical data determines or by server according to technology people the corresponding history access record of legitimate verification of access account
Member obtains above-mentioned first threshold in the setting instruction of user side triggering;Acquisition modes and specific number of the present embodiment to first threshold
Value does not limit.
Data obtaining module 01 identifies according to the historical data of acquisition and is based on the access in the first preset duration
Account accesses the corresponding access times of the application and is less than first threshold, then it is pre- to identify that above-mentioned access account is not met
If access rule.
In data obtaining module 01 according to the historical data of acquisition, identifies and be based on the visit in the first preset duration
When asking that account accesses the corresponding access times of the application more than or equal to first threshold, in the acquisition of data obtaining module 01
The corresponding access duration for accessing the application every time of access times is stated, the number for accessing that duration is more than the second preset duration is obtained
Whether amount is less than second threshold;The validation testing of second preset duration and second threshold and the mode phase for confirming first threshold
Seemingly, second preset duration and second threshold can be by servers according to the access for the different access account for accessing above application
Frequency determines, or is visited according to the corresponding history of legitimate verification for accessing the corresponding each access account of above application by server
Ask record that either historical data is determined or obtained according to the setting instruction that technical staff triggers in user side by server above-mentioned
Second preset duration and second threshold;The second preset duration of the present embodiment pair and the acquisition modes and concrete numerical value of second threshold are not
It limits.
For example, data obtaining module 01 obtain the corresponding each access durations of above-mentioned access times N be respectively M1~
Mn, then data obtaining module 01 identify that N number of access duration M1~Mn is more than whether the quantity Nx of the second preset duration M0 is less than the
Two threshold value N0, when the quantity Nx that the access duration M1~Mn is more than the second preset duration M0 is less than second threshold N0, information
Acquisition module 01 identifies that the access account does not meet default access rule;It is more than second pre- in the access duration M1~Mn
If the quantity Nx of duration M0 is greater than or equal to second threshold N0, it is pre- that data obtaining module 01 identifies that the access account meets
If access rule.
The embodiment of the present invention identifies the access that the application is accessed based on the access account according to the historical data of acquisition
Frequency and the corresponding access duration of the application program is accessed every time to identify that the access account does not meet default access rule
Mode improves the convenience of server identification.
The embodiment of the present invention also provides a kind of Information Authentication device second embodiment;The embodiment of the present invention and reality described in Fig. 7
Applying the difference of example is, server is created when identifying that corresponding intermediate account is not present in the access account for the access account
One intermediate account.
Based on the description of embodiment described in Fig. 7, as shown in figure 8, Information Authentication device of the present invention further includes:
Information creation module 04, is used for:
If there is no the intermediate account with the access account mapping, create in uniquely being mapped with the access account
Between account, and the intermediate account shares the corresponding access attribute information of the access account.
Data obtaining module 01 according to the historical data of lookup, identify the access account do not meet default access rule and
It searches there is no when the intermediate account mapped with the access account, information creation module 04 is according to the corresponding access of access account
Attribute information creates an intermediate account uniquely mapped with the access account, and the intermediate account can share the access account
Corresponding access attribute information, that is to say, that after the access account and the intermediate account are bound, pass through the intermediate account, letter
The corresponding access attribute information of all access accounts and each visit that breath acquisition module 01 can be got with the intermediate account is bound
It asks that account is corresponding and accesses this using generated historical data.
After information creation module 04 is that above-mentioned access account creates an intermediate account, if data obtaining module 01 is follow-up
When identifying in the presence of account B is accessed with related other of above-mentioned access account A, according to access account B and above-mentioned access account A
Incidence relation, information creation module 04 can also tie up above-mentioned access account B with the corresponding intermediate accounts of account A are accessed
It is fixed, and information sharing module 02 can share the corresponding access attribute information of each access account with identical intermediate account and respectively
Access the corresponding relevant informations of above-mentioned access account such as the corresponding secure access strategy of account.
The embodiment of the present invention is that there is no the access accounts of intermediate account to create corresponding intermediate account, and it is total to improve information
That enjoys is intelligent.
The embodiment of the present invention additionally provides a kind of Information Authentication device 3rd embodiment;The present embodiment is implemented with described in Fig. 8
The difference of example is that server is to access account to be pre-created corresponding intermediate account.
Description based on above example, as shown in figure 9, Information Authentication device of the present invention further includes:
Module 05 is established in mapping, is used for:
It establishes described using corresponding each mapping relations for accessing account and intermediate account;Wherein, the access account is only
One corresponds to an intermediate account, and the intermediate account corresponds at least one access account.
In the present embodiment, mapping establish module 05 according to same application it is corresponding it is each access account between incidence relation,
Establish the mapping relations of each access account and intermediate account and storage;Wherein, the above-mentioned access account of the foundation of module 05 is established in mapping
When mapping relations number between corresponding intermediate account, one accesses account uniquely corresponding one intermediate account, but intermediate account
Number can correspond to it is one or more access accounts, be associated by intermediate account as shown in fig. 6, respectively accessing account;And it services
Device can share intermediate account mapped identical with the access account and respectively access when verifying the legitimacy that one accesses account
The corresponding access attribute information of account institute, secure access strategy and corresponding historical data.
In a preferred embodiment, mapping establishes module 05 and establishes the corresponding each access account of the application in
Between account mapping relations, may be used such as under type:
Mapping establishes module 05 and obtains the corresponding all access accounts of the application and the corresponding access category of each access account
Property information, and obtain user and be based on each accesss account and access described to apply corresponding historical data;According to the access of acquisition
Attribute information and historical data calculate each relating value accessed between account;It is more than default correlation threshold for the relating value
It accesses account and establishes same intermediate account;Wherein, the access account is shared between the identical each access account of the intermediate account
Number corresponding access attribute information and the corresponding secure access strategy of the access attribute information.
For example, module 05 is established in mapping obtains corresponding all login accounts of a certain network game software-network game A and each
The corresponding access attribute information of login account, such as the phone number or email address of user's pet name and the binding of network game account,
The access attributes information such as age of user;Based on above-mentioned login account, obtains user and be based on above-mentioned A pairs of the network game of each login account login
The historical data answered, such as common entry address, common login IP address, login time section, log duration etc.;According to acquisition
Above-mentioned access attribute information and historical data, mapping establish module 05 and calculate each relating value accessed between account;For example, common
Whether entry address is identical, whether common login IP address is identical, whether common login MAC Address is identical, login time section is
It is no consistent etc., and using above- mentioned information as relevant parameter, and be above-mentioned each association according to the significance level of each relevant parameter
Parameter assigns certain weighted value respectively, according to above-mentioned relevant parameter and the corresponding weighted value of each relevant parameter, calculates above-mentioned step on
Record the corresponding relating value of account;The login account for being more than a default correlation threshold for the relating value establishes same intermediate account;
And between possessing each access account of identical intermediate account, the shared access attribute information to correspond to each other and corresponding secure access
Strategy.
In an alternative embodiment of the invention, mapping establishes module 05 and establishes the corresponding each access account of the application and centre
The mapping relations of account, can also be in the following way:
Mapping establishes module 05 and obtains the corresponding each access account of the application and the corresponding unique mark of the access account
Show the characteristic identity information of a natural person user;For the identical access account of the characteristic identity information establish it is same in
Between account;Shared between the identical each access account of the intermediate account the corresponding access attribute information of the access account and
The corresponding secure access strategy of the access attribute information.For example, module 05 is established in mapping obtains the corresponding each visit of above application
Ask account and each characteristic identity identity information for accessing account one natural person user of corresponding unique mark, such as in
It for state user, obtains above-mentioned user's registration and accesses the ID card No. bound when account, then mapping establishes module 05 by identity
It demonstrate,proves the identical access account of number and creates same intermediate account;Alternatively, module 05 is established in mapping obtains the access logged in for the first time
The corresponding ID card No. first of account a, then mapping establish the lookup of module 05 and had logged in the corresponding each access account of above application
Corresponding ID card No. recognizes whether intermediate account identical with above-mentioned ID card No. first or identical access account
Number b and the corresponding intermediate accounts of access account b;If in the presence of, mapping establish module 05 directly by above-mentioned access account a with it is right
The intermediate account binding answered, establishes the mapping relations for accessing account a and above-mentioned intermediate account.
Server of the embodiment of the present invention establishes the corresponding each mapping relations for accessing account and intermediate account of same application
Subsequent server shares the corresponding information of identical access account and provides important evidence, saves the processing time of server,
The performance loss for reducing server, improves man-machine interactivity;For user side, due to being not in cumbersome attached
Add safety verification program, therefore in verification processing program, improves user experience.
The embodiment of the present invention also provides a kind of hardware configuration of Information Authentication device, as shown in Figure 10, Information Authentication dress
Set including:
Processor 101, memory 102, user interface 103, network interface 104 and communication bus 105.Communication bus
105 for the communication between each building block in local server, and user interface 103, should for receiving information input by user
User interface can be wireline interface and wireless interface, such as keyboard, mouse etc..Network interface 104 is used for Information Authentication device
It is communicated with outside, which can also include wireline interface and wireless interface.Memory 102 may include one
A or more than one computer readable storage medium, and it includes not only internal storage, further includes external memory.This is deposited
Operating system and information sharing application program etc. are stored in reservoir.Processor 101 is used to call the information in memory 102
Sharing application program, to execute following operation:
User terminal is received based on user interface 103 and accesses a triggering command applied based on account is accessed, and passes through communication
Bus 105 is searched accesses the corresponding historical data of the application based on the access account;
According to the historical data of lookup, identify that the access account does not meet default access rule, then searching is
The no intermediate account existed with the access account mapping;
If in the presence of the intermediate account with the access account mapping, lookup association account associated with the intermediate account
Number, and obtain the corresponding relating attribute information of the associated account number;
It sets the relating attribute information to the corresponding access attribute information of the access account, and the association is belonged to
Property the corresponding secure access strategy setting of information be to verify the accesss account to access secure access plan used by the application
Slightly;
Based on the legitimacy for having secure access to access account described in policy validation described in the access attribute use of information;It saves
Data processing resources, improve the convenience of Information Authentication while assuring data security, also improve it is man-machine can
Interactivity.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
The corresponding IP address of the triggering command and/or MAC Address are obtained by communication bus 105;
In the historical data, the IP address and/or MAC Address are searched;
If can not find the IP address and/or MAC Address in the historical data, the access account is identified not
Meet default access rule.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
According to the historical data, is searched in the first preset duration by communication bus 105 and visited based on the access account
The access times for asking the application, identify whether the access times are less than first threshold;
When the access times are less than first threshold, identify that the access account does not meet default access rule;
When the access times are greater than or equal to the first threshold, it is corresponding every time to obtain the access times
Access duration, whether it is more than the quantity of the second preset duration less than second threshold that identification accesses duration;
When the quantity that the access duration is more than the second preset duration is less than second threshold, the access account is identified
Default access rule is not met.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
If there is no the intermediate account with the access account mapping, create in uniquely being mapped with the access account
Between account, and the intermediate account shares the corresponding access attribute information of the access account.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
It establishes described using corresponding each mapping relations for accessing account and intermediate account;Wherein, the access account is only
One corresponds to an intermediate account, and the intermediate account corresponds at least one access account.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
The corresponding all access accounts of the application are obtained by communication bus 105 and the corresponding access of each access account belongs to
Property information, and obtain user and be based on each accesss account and access described to apply corresponding historical data;
According to the access attribute information and historical data, each relating value accessed between account is calculated;
The access account for being more than default correlation threshold for the relating value establishes same intermediate account;
Wherein, the corresponding access attribute letter of the access account is shared between the identical each access account of the intermediate account
Breath and the corresponding secure access strategy of the access attribute information.
Further, processor 101 is additionally operable to call the information sharing application program in memory 102, following to execute
Operation:
The corresponding each access account of the application and the corresponding unique mark of the access account are obtained by communication bus 105
Show the characteristic identity information of a natural person user;
Same intermediate account is established for the identical access account of the characteristic identity information;
Wherein, the corresponding access attribute letter of the access account is shared between the identical each access account of the intermediate account
Breath and the corresponding secure access strategy of the access attribute information.
Information Authentication of embodiment of the present invention device gathers around same application based on intermediate account using same natural person user
The method of some different access account corresponding informances has through intermediate account intelligently using the advantageous effect of master's information, reaches
Attribute information between the different access account that same natural person user is registered based on same application can be shared by having arrived server
Purpose;It is additional based on being executed required for the small size access same application bound with main number to same user to eliminate server
The cumbersome verification process of safety verification strategy, saves the processing time of server, reduces the performance loss of server, carries
High man-machine interactivity.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that process, method, article or device including a series of elements include not only those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this
There is also other identical elements in the process of element, method, article or device.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art
Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, computer, clothes
It is engaged in device or the network equipment etc.) execute method described in each embodiment of the present invention.
The foregoing is merely the preferred embodiment of the present invention, it is not intended to limit its scope of the claims, it is every to utilize the present invention
Equivalent structure or equivalent flow shift made by specification and accompanying drawing content is directly or indirectly used in other relevant technology necks
Domain is included within the scope of the present invention.