CN106713241A - Identity verification method, device and system - Google Patents
Identity verification method, device and system Download PDFInfo
- Publication number
- CN106713241A CN106713241A CN201510786095.9A CN201510786095A CN106713241A CN 106713241 A CN106713241 A CN 106713241A CN 201510786095 A CN201510786095 A CN 201510786095A CN 106713241 A CN106713241 A CN 106713241A
- Authority
- CN
- China
- Prior art keywords
- identifying code
- authentication
- safety verification
- server
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
Abstract
The invention discloses an identity verification method, device and system. According to the method, when a safety verification request sent by a terminal is received, the network environment information and user behavior data are acquired according to the safety verification request; secondly, whether present operation is machine attack is determined according to the network environment information and the user behavior data, if yes, a preset type verification code is acquired according to a preset strategy, the verification code is further distributed to the terminal to carry out identity verification, if not, safety verification passes. The method is advantaged in that not only can data safety be improved, user operation is simplified, and verification processing efficiency is improved.
Description
Technical field
The present invention relates to communication technical field, and in particular to a kind of auth method, device and system.
Background technology
Nowadays, various data are flooded with the life of people, such as shopping at network, transfer accounts and
Session etc., is related to the treatment of data invariably, and the safety of data, even more involve the life wealth of people
Produce safety.
In order to improve the security of data, after the technology that the identity information to user is authenticated, and
" identifying code " technology is proposed, the proposition of the technology is primarily to prevent certain hacker specific to some
Registered user, continuous login attempt (i.e. checking is attempted) is carried out using specific program Brute Force mode
Situation occurs, i.e. the presence of identifying code is that the input in order to distinguish authentication information is people or machine, to improve
The security of checking.
In the research and practice process to prior art, it was found by the inventors of the present invention that the presence of identifying code
Although the security of data can be improved to a certain extent, at the same time, the operation of user is also allowed to become
Obtain cumbersome, reduce the treatment effeciency of checking;It is all a character to be additionally, since traditional identifying code
Small figure adds an input frame, therefore, cracker easily can directly be pulled by technological means and be tested
The picture of code is demonstrate,proved, then is cracked by way of automatic machine, so, its security there is also certain leak.
The content of the invention
The embodiment of the present invention provides a kind of auth method, device and system, can improve data safety
Property while, simplify user operation, improve checking treatment effeciency.
The embodiment of the present invention provides a kind of auth method, including:
The security authentication request that receiving terminal sends;
Network environment information and user behavior data are obtained according to the security authentication request;
Determine whether current operation is that machine is attacked according to the network environment information and user behavior data;
If so, then obtaining the identifying code of preset type according to preset strategy, and identifying code is issued to the terminal,
To carry out authentication;
If not, it is determined that safety verification passes through.
Accordingly, the embodiment of the present invention also provides another auth method, including:
When safety verification interface is triggered, security authentication request is generated;
Security authentication request is sent to server, so as to the server according to the security authentication request to working as
Whether preceding operation is that machine attack is tested;
The reception server it is determined that current operation by machine is attacked when the identifying code that returns, the identifying code by
Server obtains the identifying code of preset type and obtains according to preset strategy;
Identifying code input interface is generated according to the identifying code;
The identifying code and identifying code input interface are shown according to preset strategy.
Accordingly, the embodiment of the present invention also provides a kind of authentication means, including:
Receiving unit, the security authentication request that receiving terminal sends;
Acquiring unit, for obtaining network environment information and user behavior data according to the security authentication request;
Authentication unit, for whether determining current operation according to the network environment information and user behavior data
For machine is attacked, if so, the identifying code of preset type is then obtained according to preset strategy, and under the terminal
Hair identifying code, to carry out authentication;If not, it is determined that safety verification passes through.
Accordingly, the embodiment of the present invention also provides a kind of authentication triggering device, including:
Trigger element, for when safety verification interface is triggered, generating security authentication request;
Transmitting element, for sending security authentication request to server, so that the server is according to the peace
Whether full checking request is that machine attack is tested to current operation;
Receiving unit, for the reception server it is determined that current operation by machine is attacked when the identifying code that returns,
The identifying code is obtained the identifying code of preset type by server and is obtained according to preset strategy;
Generation unit, for generating identifying code input interface according to the identifying code;
Display unit, for showing the identifying code and identifying code input interface according to preset strategy.
Additionally, the embodiment of the present invention also provides a kind of authentication system, including the embodiment of the present invention is provided
Any one authentication means and any one authentication triggering device.
The embodiment of the present invention is used when the security authentication request of terminal transmission is received, according to the safety verification
Acquisition request network environment information and user behavior data, then, according to the network environment information and user's row
For data determine whether current operation is that machine is attacked, if so, then obtaining preset type according to preset strategy
Identifying code, and identifying code is issued to terminal, to carry out authentication, if not, it is determined that safety verification passes through;
Because the program can carry out safety verification to current operation, and only it is determined that current operation is attacked for machine
When just issue identifying code, accordingly, with respect in the prior art no matter present case how to be required for being verified
For the scheme of code checking, user's operation can be greatly simplified, improve the treatment effeciency of checking;And, by
It is to issue temporarily in the identifying code, and type is also flexible variation, accordingly, it is difficult to pass through automatic machine
Mode is cracked, and for existing scheme, can greatly improve its security.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, institute in being described to embodiment below
The accompanying drawing for needing to use is briefly described, it should be apparent that, drawings in the following description are only the present invention
Some embodiments, for those skilled in the art, on the premise of not paying creative work, also
Other accompanying drawings can be obtained according to these accompanying drawings.
Fig. 1 a are the schematic diagram of a scenario of authentication system provided in an embodiment of the present invention;
Fig. 1 b are the flow charts of auth method provided in an embodiment of the present invention;
Fig. 2 is another flow chart of auth method provided in an embodiment of the present invention;
Fig. 3 a are the another flow charts of auth method provided in an embodiment of the present invention;
Fig. 3 b are the interface schematic diagrams before the safety verification in auth method provided in an embodiment of the present invention;
Fig. 3 c are the obstructed out-of-date interfaces of safety verification in auth method provided in an embodiment of the present invention
Schematic diagram;
Fig. 3 d are the change schematic diagrams of triggering key in auth method provided in an embodiment of the present invention;
Fig. 3 e are that the interface that the safety verification in auth method provided in an embodiment of the present invention passes through is illustrated
Figure;
Fig. 4 is the structural representation of authentication means provided in an embodiment of the present invention;
Fig. 5 is the structural representation of authentication triggering device provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those skilled in the art are not making creative labor
The every other embodiment obtained under the premise of dynamic, belongs to the scope of protection of the invention.
The embodiment of the present invention provides a kind of auth method, device and system.
The authentication system can include any one authentication means that be provided of the embodiment of the present invention and
Authentication triggering device, wherein, the authentication means specifically can with it is integrated in the server, the service
Device can include
The authentication system can include any one authentication means that be provided of the embodiment of the present invention and
Authentication triggering device, wherein, the authentication means can with it is integrated in the server, the server can
Think an independent entity, it is also possible to which, including multiple entities, as shown in Figure 1a, the server can include
Web page server (Web server) and identifying code server, additionally, optionally, rule can also be included
Master control server and material storage server etc.;In addition the authentication means can with it is integrated in the terminal,
For example, can be installed in the form of client in the terminal, such as mobile phone, panel computer or personal computer
In (PC, Personal Computer).
Wherein, when user needs to carry out safety verification, such as when clicking on the triggering button of safety verification, body
Terminal where part checking triggering device will generate security authentication request, and to server, such as webpage clothes
Business device send the security authentication request, by server according to the security authentication request obtain network environment information and
User behavior data, and determine whether current operation is machine according to the network environment information and user behavior data
Device is attacked, such as security authentication request can be transmitted into identifying code server by web page server, by verifying
Code server obtains network environment information and user behavior data, and according to the network environment information and user's row
For data determine whether current operation is that machine is attacked, if so, then obtaining preset type according to preset strategy
Identifying code, and issue identifying code to the terminal, such as, preset strategy can be obtained from regular master control server,
Such as certain rule, and corresponding material is obtained from material storage server, and according to the preset strategy and material
Generation identifying code, is then supplied to web page server by identifying code, and terminal is handed down to by web page server, by
Terminal generates identifying code input interface according to the identifying code, and shows the identifying code and checking according to preset strategy
Code input interface, to carry out authentication;Otherwise, if not machine is attacked, it is determined that safety verification passes through,
Need not carry out issuing identifying code, the response for representing that safety verification passes through can be now returned to terminal.
To be described in detail respectively below.
Embodiment one,
The present embodiment will be described from the angle of authentication means, and the authentication means can specifically collect
Into in the network equipments such as server, the server can be an independent entity, it is also possible to including multiple
Entity.
A kind of auth method, including:The security authentication request that receiving terminal sends;Tested according to the safety
Card acquisition request network environment information and user behavior data;According to the network environment information and user behavior number
Whether it is that machine is attacked according to determination current operation;If so, then obtaining the checking of preset type according to preset strategy
Code, and identifying code is issued to the terminal, to carry out authentication;If not, it is determined that safety verification passes through.
As shown in Figure 1 b, the flow chart of the auth method specifically can be as follows:
101st, the security authentication request that receiving terminal sends.
102nd, network environment information and user behavior data are obtained according to the security authentication request.
For example, specifically network rings can be obtained by being monitored to web environment and user behavior
Environment information and user behavior data.
Wherein, the network environment information can be including network behavior model parameter and web environment model parameter etc.
Data, and user behavior data can including personal behavior model parameter etc. data.
103rd, determine whether current operation is that machine is attacked according to the network environment information and user behavior data,
If so, then performing step 104, otherwise, if not machine is attacked, then step 105 is performed.
For example, can specifically extract network behavior model parameter and web environment mould from the network environment information
Shape parameter, and personal behavior model parameter is extracted from the user behavior data, then, according to the network
Behavior model parameter, web environment model parameter and personal behavior model parameter, according to preset analysis model
It is analyzed, and determines whether current operation is that machine is attacked according to analysis result, if machine is attacked, then
Step 104 is performed, otherwise, if not machine is attacked, then step 105 is performed.
It should be noted that, " be defined as machine attack " described in the embodiment of the present invention refers to that " behavior is
The possibility that machine is attacked is higher than certain threshold value ", i.e., " determine whether current operation is machine according to analysis result
Device is attacked " it is specially:
Estimate that current operation belongs to the probability of machine attack according to the analysis result, if the probability is higher than preset threshold
Value, it is determined that for machine is attacked, otherwise, if the probability is not higher than preset threshold value, it is determined that for non-machine is attacked
Hit.
Optionally, current state is known for the ease of user, when server is verified, can also be to
Terminal returns to corresponding prompt message, to represent that currently that is, step is " according to the network environment just in the verification
Information and user behavior data determine whether current operation is that machine is attacked " when, the auth method may be used also
To include:
Sent to terminal and represent the prompt message verified, so as to terminal according to the prompt message by current page
The dispaly state in face switches to first state, wherein, first state indicates currently to carry out safety verification.
Such as, now terminal can show and " test on the predeterminated position of the page or the triggering key of the safety verification
In card ", etc..
104th, the identifying code of preset type is obtained according to preset strategy, and identifying code is issued to the terminal, with
Carry out authentication.
Wherein, the preset strategy can be configured according to the demand of practical application, such as, and can be using such as
Descend any one mode to obtain the identifying code of preset type, i.e., step is " according to the preset class of preset strategy acquisition
The identifying code of type " specifically can be as follows:
(1) first way;
It is that the possibility that machine is attacked is estimated to current operation, respective type is obtained according to assessment result
Identifying code.
For example, the height (the malice degree of such as current environment) of the probability that can be attacked according to machine is set
Several grades, the probability that the operation is confirmed as machine attack is higher, then grade higher, can be using safety
Property identifying code higher, such as braille identifying code etc. in picture mosaic identifying code or figure;Conversely, being confirmed as machine
The probability of attack is lower, then lower grade, can be tested using safer property is lower and relatively simple
Card code, such as traditional character identifying code, etc..
(2) second way;
A type of identifying code is randomly selected from different types of identifying code, i.e., no matter the operation is determined
Be machine attack probability by how high, randomly select a type of identifying code, it may be possible to picture mosaic verify
Code, it is also possible to traditional character identifying code, etc..
(3) the third mode;
The service identification corresponding to current operation is obtained, the identifying code of respective type is obtained according to the service identification.
For example, can be the different identifying code generation strategy of different business settings according to the demand of practical application,
Such as, if security requirement business higher, such as pay, then need provide security it is higher, compared with
It is complicated identifying code, such as picture mosaic identifying code etc.;If conversely, common business, such as web page browsing
Deng then can only providing the identifying code relatively low compared with security, such as traditional character identifying code, etc..
It is, of course, also possible to using other preset strategies, no longer enumerate herein.
It should be noted that, the preset strategy can be stored in the authentication means, it is also possible to which storage is at it
In his storage device, when the authentication means need, then obtained to the storage device, additionally, also
It should be noted that, the material of identifying code is generated in addition to it can store in this authentication means, also may be used
The authentication means are supplied to by other equipment, be will not be repeated here.
Optionally, after identifying code is issued to the terminal, the authentication that can be sent with receiving terminal please
Ask, for convenience, in embodiments of the present invention, referred to as the first authentication request, wherein, this
One authentication request can carry the information such as the authentication information of identifying code input information and user, then, root
Carry out authentication according to first authentication request, i.e., after step " issuing identifying code to the terminal ",
The auth method can also include:
The first authentication request that receiving terminal sends, first authentication request carries identifying code input
Information and the authentication information of user, if the authentication information is correct, and identifying code input information and the identifying code
Unanimously, it is determined that authentication passes through.
Otherwise, if the authentication information is incorrect, or identifying code input information is inconsistent with the identifying code, then
Determine that authentication does not pass through.
105th, determine that safety verification passes through.
Optionally, the response for representing that safety verification passes through can be returned to terminal, so that the terminal is according to institute
State response and the dispaly state of current page is switched into the second state, wherein, second state instruction is tested safely
Card passes through.
After the safety verification passes through, the authentication that the authentication means can be sent with receiving terminal
Request, for convenience, in embodiments of the present invention, referred to as the second authentication request, second body
Part checking request carries the authentication information (without carrying identifying code) of user, then, according to second identity
Checking request carries out authentication;I.e. after step " determining that safety verification passes through ", the authentication side
Method can also include:
The second authentication request that receiving terminal sends, second authentication request carries the authentication of user
Information, if the authentication information is correct, it is determined that authentication passes through.
Otherwise, if the authentication information is incorrect, it is determined that authentication does not pass through.
From the foregoing, it will be observed that the present embodiment is using when the security authentication request of terminal transmission is received, according to the peace
Full checking request obtains network environment information and user behavior data, then, according to the network environment information and
User behavior data determines whether current operation is that machine is attacked, if so, then obtaining preset according to preset strategy
The identifying code of type, and identifying code is issued to terminal, to carry out authentication, if not, it is determined that safety is tested
Card passes through;Because the program can carry out safety verification to current operation, and only it is determined that current operation is
Machine just issues identifying code when attacking, accordingly, with respect to how being required for regardless of present case in the prior art
Carry out for the scheme of identifying code checking, user's operation can be greatly simplified, improve the treatment effeciency of checking;
It is to issue temporarily to be additionally, since the identifying code, and type is also flexible variation, accordingly, it is difficult to pass through
The mode of automatic machine is cracked, and for existing scheme, can greatly improve its security.
Further, since the security validation operation can voluntarily be chosen whether to be triggered by user, therefore, phase
For the scheme for directly being detected by system background in the prior art, realization is more flexible, not only side
Just user's operation, and Consumer's Experience can be greatly improved, be conducive to improving service quality (QoS, Quality
of Service)。
Embodiment two,
The present embodiment will be described from the angle of authentication triggering device, authentication triggering device tool
Body can be integrated in the network equipments such as terminal.The terminal is specifically as follows mobile phone, panel computer or PC etc.
Equipment.
A kind of auth method, including:Security authentication request is sent to server, so as to the server root
According to the security authentication request to current operation whether be machine attack test;The reception server is it is determined that work as
Preceding operation is by the identifying code returned when machine is attacked;Identifying code input interface is generated according to the identifying code;Press
The identifying code and identifying code input interface are shown according to preset strategy.
As shown in Fig. 2 the idiographic flow of the auth method can be as follows:
201st, security authentication request is sent to server, so that the server is according to the security authentication request pair
Whether current operation is that machine attack is tested, and the specific method of inspection can be found in embodiment one, herein not
Repeat again.
For example, security authentication request can be generated, then, to the clothes when safety verification interface is triggered
Business device sends the security authentication request.
Wherein, the representation of the safety verification interface can have various, such as, can be the defeated of an instruction
Enter frame, choice box or safety verification triggering key, wherein, the safety verification triggering key can be button, also may be used
To be sliding block etc., will not be repeated here.For convenience, in embodiments of the present invention, will be with the peace
Full checking interface is illustrated as a example by being specially safety verification triggering key.
If the safety verification interface is safety verification triggering key, step " when safety verification interface is triggered,
Generation security authentication request " can include:
Receive user and verify that the safety verification that triggering key is triggered is instructed by safe operation, tested according to the safety
Card instruction generation security authentication request.
Wherein, the mode of user's safe operation checking triggering key can have various, such as, can be clicked on,
Slide or touch, etc..
Optionally, after security authentication request is sent to server, current shape is known for the ease of user
State, the auth method can also include:
The prompt message verified of expression that the reception server sends, according to the prompt message by current page
Dispaly state switch to first state, wherein, first state indicate currently carry out safety verification.
Such as, now terminal can show on the predeterminated position of current page or the triggering key of the safety verification
Show " in checking " printed words, etc..
202nd, the reception server it is determined that current operation by machine is attacked when the identifying code that returns.
Wherein, the form of the identifying code is not construed as limiting, and can be various types of identifying codes, such as, and can be with
It is picture mosaic identifying code, picture validation code or character identifying code etc..
It should be noted that, " be defined as machine attack " described in the embodiment of the present invention refers to that " operation is
The possibility that machine is attacked is higher than certain threshold value ", i.e. the operation is defined as the probability of machine attack higher than certain
Threshold value.
203rd, identifying code input interface is generated according to the identifying code.
204th, the identifying code and identifying code input interface are shown according to preset strategy.
Wherein, the preset strategy can be configured according to the demand of practical application, for example, can be as follows:
One combobox/side framing is generated according to the safety verification triggering key, is shown in the combobox/side framing
The identifying code and identifying code input interface, such as, and can be as follows:
Dynamic launches the combobox/side framing, the identifying code is shown in the combobox/side framing for launching and is tested
Card code input interface.
Wherein, the display format of the identifying code and identifying code input interface can be based on practical application demand and
Fixed, such as, the identifying code input interface could be arranged to input frame, etc..Optionally, in order to improve
Security, when identifying code is shown, can also set corresponding interference information for identifying code, such as, and can be with
For identifying code sets certain background picture, or certain deformation, etc. is carried out to identifying code, herein no longer
Repeat.
Optionally, after this shows the identifying code and identifying code input interface according to preset strategy, user is also
Corresponding identifying code input information can be input into the identifying code input interface according to the identifying code of the display, than
Such as, if identifying code is " 12ab ", user can be input into " 12ab ", etc. in the identifying code input interface,
Then, from the authentication triggering device to the server send the first authentication request, and this first
Authentication request carries the identifying code input information and authentication information, so that the server is according to the identifying code
Input information and authentication information carry out authentication;I.e. step " according to preset strategy show the identifying code and
Can also include after identifying code input interface ":
The authentication information of user is obtained, and identifying code is obtained by the identifying code input interface and be input into information,
The first authentication request is sent to the server, first authentication request carries identifying code input letter
Breath and authentication information, authentication is carried out so that the server is input into information and authentication information according to the identifying code.
Hereafter, the response on authentication result that can be returned with the reception server, such as authentication
By or authentication do not pass through, etc., then show the authentication result, it is obstructed out-of-date in authentication,
User can also be pointed out corresponding failure cause, such as be authentication information mistake, or identifying code mistake etc..
Wherein, authentication information refer in addition to identifying code other be used for authentication information, such as,
The authentication information can include user account and password, can also include other information, such as user's name
Deng.
Additionally, it should be noted that, the authentication triggering device can be with the reception server it is determined that current behaviour
The response that the expression safety verification returned when being attacked as non-machine passes through, according to the response by current page
Dispaly state switch to the second state, wherein, the second state instruction safety verification is by, for example, can be with
Prompt message is passed through according to the response generation safety verification that the expression safety verification passes through, and shows that the safety is tested
Card such as shows " safety verification passes through " printed words etc. by prompt message.
If safety verification passes through, can now only require that user provides authentication information, and without input validation
Code, i.e., after step " dispaly state of current page is switched into the second state according to the response ", should
Auth method can also include:
The authentication information of user is obtained, the second authentication request is sent to the server, second identity is tested
Card request carries the authentication information, so that the server carries out authentication according to the authentication information.
From the foregoing, it will be observed that the terminal of the present embodiment can generate safety verification when safety verification interface is triggered
Request, then, sends security authentication request so that server please according to the safety verification by server
Ask to whether current operation is that machine attack is tested, and only when it is determined that current operation is attacked for machine,
Identifying code is just issued to terminal, identifying code input interface is generated according to the identifying code by terminal, and according to default
Strategy the display identifying code and identifying code input interface;Tested because the program can carry out safety to current operation
Card, and only it is determined that current operation for machine is attacked when just issue identifying code, accordingly, with respect to existing skill
No matter for how present case is required for carrying out the scheme of identifying code checking, user can be greatly simplified in art
Operation, improves the treatment effeciency of checking;It is to issue temporarily to be additionally, since the identifying code, and type is also
Flexibly change, and only in the obstructed out-of-date just display of safety verification, accordingly, it is difficult to pass through automatic machine
Mode is cracked, and for existing scheme, can greatly improve its security.
Further, since the security validation operation can voluntarily be chosen whether to be triggered by user, therefore, phase
For the scheme for directly being detected by system background in the prior art, realization is more flexible, not only side
Just user's operation, and Consumer's Experience can be greatly improved, be conducive to improving QoS.
Embodiment three,
, be described in further detail for citing below by the method according to described by embodiment one and two.
In the present embodiment, will with the authentication means it is specific it is integrated in the server, and the authentication
Triggering device it is specific it is integrated in the terminal as a example by illustrate.
Wherein, the server include can include web page server, identifying code server, further, it is also possible to
Including regular master control server and material storage server etc., and the authentication triggering device can be with client
Or other softwares form install in the terminal, such as, and can with application programming interface (API,
Application Programming Interface) form be packaged, so, the page side of access is only
This API is added by corresponding code need to be increased.Hereinafter will be described in more detail.
As shown in Figure 3 a, a kind of auth method, idiographic flow can be as follows:
301st, terminal sends security authentication request to web page server.
For example, user can be received by the safety that operates the safety verification triggering key in respective page to be triggered
Checking instruction, then, according to safety verification instruction generation security authentication request, and to the web page server
Send the security authentication request.Such as, referring to Fig. 3 b, user can click on interface " click is pacified
The triggering key of full checking " generates the security authentication request to trigger.
It should be noted that, the pattern and content at the interface can be configured according to the demand of practical application,
This is repeated no more.
302nd, after web page server receives the security authentication request, the security authentication request is transmitted to and is tested
Card code server.
303rd, identifying code server obtains network environment information and user behavior number according to the security authentication request
According to.
For example, specifically network rings can be obtained by being monitored to web environment and user behavior
Environment information and user behavior data.
Wherein, the network environment information can be including network behavior model parameter and web environment model parameter etc.
Data, and user behavior data can including personal behavior model parameter etc. data.
304th, identifying code server determines that current operation is according to the network environment information and user behavior data
No is machine attack, if so, then performing step 305, otherwise, if not machine is attacked, then performs step
310。
For example, identifying code server can extract network behavior model parameter and net from the network environment information
Page environmental model parameter, and personal behavior model parameter, then, root are extracted from the user behavior data
According to the network behavior model parameter, web environment model parameter and personal behavior model parameter, according to preset
Analysis model is analyzed, and estimates that current operation belongs to the probability of machine attack according to analysis result, if should
Probability is higher than preset threshold value, it is determined that for machine is attacked, step 305 is then performed, otherwise, if the probability
Not higher than preset threshold value, it is determined that be that non-machine is attacked, then perform step 310.
305th, identifying code server is obtained when it is determined that current operation is attacked for machine to regular master control server
The rule of generation identifying code is taken, and generation identifying code is obtained to material storage server according to the rule for getting
Material, that is, obtain generation identifying code needed for various data, such as, picture mosaic identifying code may require that picture mosaic
The data such as picture, position coordinates.
Wherein, the different identifying code of regular master control server can be used for business identifying code scene setting is difficult
Degree classification, when scene malice amount is very big, strategy can add sternly, that is, issue the larger checking of difficulty
Code type and interference, if only corresponding to the less operations of security risk such as registration, can issue and be easier
Identifying code, or the checking code type for wanting to use, all dynamic state of parameters are directly specified by business user
It is flexibly configurable, can also strengthen the interference treatment of each type approval code.Or, if do not specified, rule
Then master control server can also at random issue different types of identifying code.
And material storage server then preserves picture materials and positional information of each type approval code etc., such as spell
The data such as figure identifying code generation desired position, direction or angle, there is provided used to identifying code server.
306th, identifying code server according to the material for getting according to rule generation identifying code, and by identifying code
Web page server is supplied to, the relative client in terminal is supplied to by web page server, such as, in the visitor
The identifying code, etc. is shown on the webpage that family end shows.
Optionally, in order to improve security, when identifying code is shown, can also set corresponding for identifying code
Interference information, such as, can be that identifying code sets certain background picture, or identifying code is carried out certain
Deformation, etc., will not be repeated here.
307th, terminal (client i.e. in terminal) generates identifying code input interface according to the identifying code, and
The identifying code and identifying code input interface are shown according to preset strategy.
Wherein, the preset strategy can be configured according to the demand of practical application, for example, can be as follows:
One combobox/side framing is generated according to the safety verification triggering key, and dynamically launches the combobox/layback
Frame, the identifying code and identifying code input interface are shown in the combobox/side framing for launching, such as, referring to
Fig. 3 c.
308th, terminal (client i.e. in terminal) obtains the authentication information of user, and by the checking
Code input interface obtains identifying code input information, and the first authentication request is sent to the web page server, should
First authentication request carries the identifying code input information and authentication information, then performs step 309.
309th, web page server is input into according to the identifying code and believes after first authentication request is received
Breath and authentication information carry out authentication, if the authentication information is correct, and identifying code input information is tested with this
Card code is consistent, it is determined that authentication passes through, and flow terminates.
Otherwise, if the authentication information is incorrect, or identifying code input information is inconsistent with the identifying code, then
Determine that authentication does not pass through.
Corresponding authentication result can be returned to terminal, be will not be repeated here.
310th, identifying code server determines that safety verification passes through when it is determined that current operation is attacked for machine,
And would indicate that the response that safety verification passes through is sent to web page server, terminal is sent to by web page server.
311st, terminal receive the expression safety verification by response after, the authentication of user can be obtained
Information, the second authentication request is sent to the web page server, and second authentication request carries the mirror
Power information.
Wherein, during safety verification, the pattern of " triggering key " of the safety verification can have accordingly
Dynamic change, such as, in verification process, the text prompt in " triggering key " can be transformed to " just
Checking ", and terminal receive the expression safety verification by response after, can be by " triggering key "
On text prompt be transformed to " being verified " etc., referring to Fig. 3 d.When safety verification passes through, interface can
It is transformed to interface as shown in Figure 3 e.
Optionally, when the state at the interface changes, can also set corresponding dynamic in the process of change
Draw, to increase its intuitive, aesthetic property and interest, such as, and text prompt in " triggering key " by
During " verifying " is transformed to " being verified ", a small animation can be played, such as, that is, passed through
After crossing a small animation, the text prompt in " triggering key " is transformed to " being verified " by " verifying ",
And when working as the text prompt in " triggering key " for " verifying ", it is also possible in the upper of " verifying "
Side or the progress of lower section display checking, or display one can represent ongoing small animation of checking, etc.,
Will not be repeated here.
It should be noted that, depending on the pattern and content at the interface can be according to the demands of practical application, herein not
Repeat again.
312nd, web page server is carried out after second authentication request is received according to the authentication information
Authentication, the authentication information is correct, it is determined that authentication passes through, otherwise, if the authentication information is not just
Really, it is determined that authentication does not pass through, flow terminates.
From the foregoing, it will be observed that the present embodiment is using when the security authentication request of terminal transmission is received, according to the peace
Full checking request obtains network environment information and user behavior data, then, according to the network environment information and
User behavior data determines whether current operation is that machine is attacked, if so, then obtaining preset according to preset strategy
The identifying code of type, and identifying code is issued to terminal, generating identifying code input according to the identifying code by terminal connects
Mouthful, and the identifying code and identifying code input interface are shown according to preset strategy, to carry out authentication, if it is not,
Then determine that safety verification passes through;Because the program can carry out safety verification to current operation, and only true
Current operation is determined just to issue identifying code when machine is attacked, accordingly, with respect in the prior art no matter work as cause
How condition is required for carrying out for the scheme of identifying code checking, can greatly simplify user's operation, improves checking
Treatment effeciency;It is to issue temporarily to be additionally, since the identifying code, and type is also flexible variation, and
And only in the obstructed out-of-date just display of safety verification, accordingly, it is difficult to cracked by way of automatic machine,
For existing scheme, its security can be greatly improved.
Further, since the security validation operation can voluntarily be chosen whether to be triggered by user, therefore, phase
For the scheme for directly being detected by system background in the prior art, realization is more flexible, not only side
Just user's operation, and Consumer's Experience can be greatly improved, be conducive to improving QoS.
Example IV,
In order to preferably implement above method, the embodiment of the present invention also provides a kind of authentication means, such as schemes
Shown in 4, the authentication means include receiving unit 401, acquiring unit 402 and authentication unit 403, as follows:
(1) receiving unit 401;
Receiving unit 401, the security authentication request that receiving terminal sends.
(2) acquiring unit 402;
Acquiring unit 402, for obtaining network environment information and user behavior number according to the security authentication request
According to.
For example, acquiring unit 402, can specifically be monitored by web environment and user behavior,
To obtain network environment information and user behavior data.
Wherein, the network environment information can be including network behavior model parameter and web environment model parameter etc.
Data, and user behavior data can including personal behavior model parameter etc. data.
(3) authentication unit 403;
Authentication unit 403, for determining that current operation is according to the network environment information and user behavior data
No is machine attack, if so, the identifying code of preset type is then obtained according to preset strategy, and under the terminal
Hair identifying code, to carry out authentication;If not, it is determined that safety verification passes through.
For example, the authentication unit 403, specifically can be used for extracting network behavior from the network environment information
Model parameter and web environment model parameter, and personal behavior model ginseng is extracted from the user behavior data
Number, then, according to the network behavior model parameter, web environment model parameter and personal behavior model parameter,
It is analyzed according to preset analysis model, and determines whether current operation is that machine is attacked according to analysis result,
If machine is attacked, then the identifying code of preset type is obtained according to preset strategy, and checking is issued to the terminal
Code, to carry out authentication, otherwise, if not machine is attacked, it is determined that safety verification passes through.
Wherein, the strategy of generation identifying code can be configured according to the demand of practical application, such as, and can be with
It is as follows:
The authentication unit 403, specifically can be used for determining to work as in the network environment information and user behavior data
It is preceding operation for machine attacks when, to current operation be machine attack possibility be estimated, according to assessment knot
Fruit obtains the identifying code of respective type.
Or, the authentication unit 403 specifically can be used in the network environment information and user behavior data
Determine current operation for machine attack when, a type of checking is randomly selected from different types of identifying code
Code.
For example, the height (the malice degree of such as current environment) of the probability that can be attacked according to machine is set
Several grades, the probability that the operation is confirmed as machine attack is higher, then grade higher, can be using safety
Property identifying code higher, such as picture mosaic identifying code etc.;Conversely, the probability for being confirmed as machine attack is lower,
Then lower grade, can be such as traditional using the lower and relatively simple identifying code of safer property
Character identifying code, etc..
Or, the authentication unit 403 specifically can be used in the network environment information and user behavior data
Determine current operation for machine attack when, obtain current operation corresponding to service identification, according to the business mark
Know the identifying code for obtaining respective type.
For example, can be the different identifying code generation strategy of different business settings according to the demand of practical application,
Such as, if security requirement business higher, such as pay, then need provide security it is higher, compared with
It is complicated identifying code, such as picture mosaic identifying code etc.;If conversely, common business, such as web page browsing
Deng then can only providing the identifying code relatively low compared with security, such as traditional character identifying code, etc..
It is, of course, also possible to using other preset strategies, no longer enumerate herein.
Optionally, after it is determined that safety verification passes through, can also be returned to terminal and represent that safety verification passes through
Response, i.e.,:
Authentication unit 403, can be also used for after it is determined that safety verification passes through, and is returned to terminal and represents peace
The full response being verified, so that the terminal switches to the dispaly state of current page according to the response
Second state, wherein, the second state instruction safety verification passes through.
Optionally, current state is known for the ease of user, when server is verified, can also be to
Terminal returns to corresponding prompt message, to represent currently just in the verification, i.e.,:
Authentication unit 403, can be also used for determining to work as according to the network environment information and user behavior data
When whether preceding operation is that machine is attacked, the prompt message for representing and verifying is sent to terminal, so as to terminal root
First state, the first state is switched to indicate current the dispaly state of current page according to the prompt message
Carry out safety verification.
Optionally, after identifying code is issued to the terminal, the first identity that can be sent with receiving terminal is tested
Card request, wherein, first authentication request can carry the authentication letter of identifying code input information and user
The information such as breath, then, carry out authentication, i.e., according to first authentication request:
Receiving unit 401, can be also used for the first authentication request of receiving terminal transmission, first body
Part checking request carries the authentication information of identifying code input information and user.
Authentication unit 403, the authentication information that can be also used for being input into information and user according to the identifying code is carried out
Authentication, if the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that
Authentication passes through;Otherwise, if the authentication information is incorrect, or identifying code input information and the identifying code
It is inconsistent, it is determined that authentication does not pass through.
Similarly, after safety verification passes through, it is also possible to the second authentication request that receiving terminal sends,
Second authentication request carries the authentication information (without carrying identifying code) of user, then, according to this
Second authentication request carries out authentication;I.e.:
Receiving unit 401, can be also used for the second authentication request of receiving terminal transmission, second body
Part checking request carries the authentication information of user.
Authentication unit 403, can be also used for carrying out authentication according to the authentication information, if the authentication information
Correctly, it is determined that authentication passes through;Otherwise, if the authentication information is incorrect, it is determined that authentication is not
Pass through.
During specific implementation, above unit can be realized as independent entity, it is also possible to be carried out any
Combination, realizes as same or several entities, and the specific implementation of above unit can be found in above
Embodiment of the method, will not be repeated here.
The authentication means can be specifically integrated in the network equipments such as server, and the server can be one
Individual independent entity, it is also possible to including multiple entities.
From the foregoing, it will be observed that the authentication means of the present embodiment are asked using in the safety verification for receiving terminal transmission
When asking, network environment information and user behavior data are obtained according to the security authentication request by acquiring unit 402,
Then, whether current operation is determined according to the network environment information and user behavior data by authentication unit 403
It is that machine is attacked, if so, then obtain the identifying code of preset type according to preset strategy, and is issued to terminal and tested
Card code, to carry out authentication, if not, it is determined that safety verification passes through;Because the program can be to current
Operation carries out safety verification, and only it is determined that current operation for machine is attacked when just issue identifying code, therefore,
Relative in the prior art for no matter how present case to be required for the scheme for carrying out identifying code checking, can be with
User's operation is greatly simplified, the treatment effeciency of checking is improved;It is to issue temporarily to be additionally, since the identifying code,
And type is also flexible variation, accordingly, it is difficult to cracked by way of automatic machine, relative to existing
For scheme, its security can be greatly improved.
Further, since the security validation operation can voluntarily be chosen whether to be triggered by user, therefore, phase
For the scheme for directly being detected by system background in the prior art, realization is more flexible, not only side
Just user's operation, and Consumer's Experience can be greatly improved, be conducive to improving QoS.
Embodiment five,
Accordingly, the embodiment of the present invention also provides a kind of authentication triggering device, as shown in figure 5, the body
Part checking triggering device can include that trigger element 501, transmitting element 502, receiving unit 503, generation are single
Unit 504 and display unit 505, it is as follows:
(1) trigger element 501;
Trigger element 501, for when safety verification interface is triggered, generating security authentication request.
Wherein, the representation of the safety verification interface can have various, such as, can be the defeated of an instruction
Enter frame, choice box or safety verification triggering key, wherein, the safety verification triggering key can be button, also may be used
To be sliding block etc., will not be repeated here.
If the safety verification interface is safety verification triggering key,:
Trigger element 501, specifically can be used for receiving what user was triggered by safe operation checking triggering key
Safety verification is instructed, according to safety verification instruction generation security authentication request.
Wherein, the mode of user's safe operation checking triggering key can have various, such as, can be clicked on,
Slide or touch, etc..
(2) transmitting element 502;
Transmitting element 502, for sending security authentication request to server, so that the server is according to the peace
Whether full checking request is that machine attack is tested to current operation.
(3) receiving unit 503;
Receiving unit 503, for the reception server it is determined that current operation by machine is attacked when return test
Card code.
Wherein, the form of the identifying code is not construed as limiting, and can be various types of identifying codes, such as, and can be with
It is picture mosaic identifying code, picture validation code or character identifying code etc..
(4) generation unit 504;
Generation unit 504, for generating identifying code input interface according to the identifying code.
(5) display unit 505;
Display unit 505, for showing the identifying code and identifying code input interface according to preset strategy.
Wherein, the preset strategy can be configured according to the demand of practical application, for example, can be as follows:
The display unit 505, specifically can be used for generating one combobox/layback according to the safety verification triggering key
Frame, shows the identifying code and identifying code input interface in the combobox/side framing.
Wherein, the display format of the identifying code and identifying code input interface can be based on practical application demand and
Fixed, such as, the identifying code input interface could be arranged to input frame, etc..
Optionally, after this shows the identifying code and identifying code input interface according to preset strategy, user is also
Corresponding identifying code input information can be input into the identifying code input interface according to the identifying code of the display, than
Such as, if identifying code is " 12ab ", user can be input into " 12ab ", etc. in the identifying code input interface,
Then, from the authentication triggering device to the server send the first authentication request, and this first
Authentication request carries the identifying code input information and authentication information, so that the server is according to the identifying code
Input information and authentication information carry out authentication;I.e. the authentication triggering device can also include obtaining single
Unit, it is as follows:
Acquiring unit, the authentication information for obtaining user, and tested by identifying code input interface acquisition
Card code input information.
Then now, transmitting element 502, can be also used for sending the first authentication request to the server,
First authentication request carries the identifying code input information and authentication information, so that the server is according to this
Identifying code is input into information and authentication information and carries out authentication.
Hereafter, the response on authentication result that receiving unit 503 can be returned with the reception server,
Such as authentication passes through or authentication does not pass through, etc. then showing that the identity is tested by display unit 505
Card result, it is obstructed out-of-date in authentication, user can also be pointed out corresponding failure cause, such as it is authentication
Information errors, or identifying code mistake etc..
Wherein, authentication information refer in addition to identifying code other be used for authentication information, such as,
The authentication information can include user account and password, can also include other information, such as user's name
Deng.
Additionally, it should be noted that, the authentication triggering device can be with the reception server it is determined that current behaviour
The response that the expression safety verification returned when being attacked as non-machine passes through, it is logical according to the expression safety verification
The response generation safety verification crossed shows that the safety verification passes through prompt message by prompt message, such as
Display " safety verification passes through " printed words etc., i.e.,:
The receiving unit 503, can be also used for the reception server it is determined that current operation be non-machine attack when
The response that the expression safety verification for being returned passes through.
Then now, display unit 505, can be also used for being cut the dispaly state of current page according to the response
The second state is changed to, wherein, the second state instruction safety verification passes through.
Such as, the display unit 505, specifically can be used for the response life passed through according to the expression safety verification
Into safety verification by prompt message, show that the safety verification passes through prompt message.Such as, at this point it is possible to
On the predeterminated position of current page or the triggering key of the safety verification, " being verified " printed words are shown, etc.
Deng.
Optionally, after security authentication request is sent to server, current shape is known for the ease of user
State, can represent the prompt message verified, and carry according to the prompt message with what the reception server sent
Show that user is current just in the verification, i.e.,:
Receiving unit 503, can be also used for the prompt message that the expression of the reception server transmission is being verified;
Then now, display unit 505, can be also used for the display shape by current page according to the prompt message
State switches to first state, wherein, the first state indicates currently to carry out safety verification.
Such as, now, display unit 505 can be in the default of the triggering key of current page or the safety verification
On position, printed words, etc. " in checking " are shown.
During specific implementation, above unit can be realized as independent entity, it is also possible to be carried out any
Combination, realizes as same or several entities, and the specific implementation of above unit can be found in above
Embodiment of the method, will not be repeated here.
The authentication triggering device can be specifically integrated in the network equipments such as terminal, such as, with client
Or the form such as software is installed in the terminal, the terminal is specifically as follows mobile phone, panel computer or PC etc. and sets
It is standby.
From the foregoing, it will be observed that the authentication triggering device of the present embodiment can when safety verification interface is triggered,
Security authentication request is generated by trigger element 501, then, security authentication request is sent by server,
So that whether server is that machine attack is tested to current operation according to the security authentication request, and only
When it is determined that current operation is attacked for machine, identifying code is just issued to terminal, by the generation unit 504 of terminal
Identifying code input interface is generated according to the identifying code, and shows that this is tested according to preset strategy by display unit 505
Card code and identifying code input interface;Because the program can carry out safety verification to current operation, and only exist
Current operation is determined just to issue identifying code when machine is attacked, accordingly, with respect in the prior art regardless of current
What state is required for carrying out for the scheme of identifying code checking, can greatly simplify user's operation, and raising is tested
The treatment effeciency of card;It is to issue temporarily to be additionally, since the identifying code, and type is also flexible variation,
And only in the obstructed out-of-date just display of safety verification, accordingly, it is difficult to cracked by way of automatic machine,
For existing scheme, its security can be greatly improved.
Further, since the security validation operation can voluntarily be chosen whether to be triggered by user, therefore, phase
For the scheme for directly being detected by system background in the prior art, realization is more flexible, not only side
Just user's operation, and Consumer's Experience can be greatly improved, be conducive to improving QoS.
Embodiment six,
Additionally, the embodiment of the present invention also provides a kind of authentication system, embodiment of the present invention institute can be included
Any one authentication means and any one authentication triggering device for providing, for details, reference can be made to example IV
With five, for example, can be as follows:
Authentication triggering device, for server send security authentication request, so as to the server according to
Whether the security authentication request is that machine attack is tested to current operation;The reception server is it is determined that current
Operate the identifying code by being returned when machine is attacked;Identifying code input interface is generated according to the identifying code;According to
Preset strategy shows the identifying code and identifying code input interface.
Authentication means, for the security authentication request that receiving terminal sends;According to the security authentication request
Obtain network environment information and user behavior data;Determined according to the network environment information and user behavior data
Whether current operation is that machine is attacked;If so, the identifying code of preset type is then obtained according to preset strategy, and
Identifying code is issued to the terminal, to carry out authentication;If not, it is determined that safety verification passes through.
Wherein, the authentication triggering device can be integrated in terminal remittance in the form of client or other softwares
Always, and authentication means can be then integrated in the network equipments such as server, will not be repeated here.
The specific implementation of each equipment above can be found in embodiment above, will not be repeated here.
Additionally, the authentication system can also include equipment therein, such as, gateway or others are serviced
Device, such as user behavior data storage server and web environment data storage server etc., no longer go to live in the household of one's in-laws on getting married herein
State.
By the authentication system can include any one authentication dress that the embodiment of the present invention is provided
Put with authentication triggering device, it is thereby achieved that any one identity that the embodiment of the present invention is provided is tested
Beneficial effect achieved by card device and authentication triggering device, refers to embodiment above, herein not
Repeat again.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment
Rapid to can be by program to instruct the hardware of correlation to complete, the program can be stored in a computer-readable
In storage medium, storage medium can include:Read-only storage (ROM, Read Only Memory),
Random access memory (RAM, Random Access Memory), disk or CD etc..
A kind of auth method, device and the system for being provided the embodiment of the present invention above have been carried out in detail
Introduce, specific case used herein is set forth to principle of the invention and implementation method, above reality
The explanation for applying example is only intended to help and understands the method for the present invention and its core concept;Simultaneously for this area
Technical staff, according to thought of the invention, change is had in specific embodiments and applications
Place, in sum, this specification content should not be construed as limiting the invention.
Claims (32)
1. a kind of auth method, it is characterised in that including:
The security authentication request that receiving terminal sends;
Network environment information and user behavior data are obtained according to the security authentication request;
Determine whether current operation is that machine is attacked according to the network environment information and user behavior data;
If so, then obtaining the identifying code of preset type according to preset strategy, and identifying code is issued to the terminal,
To carry out authentication;
If not, it is determined that safety verification passes through.
2. method according to claim 1, it is characterised in that described to obtain preset according to preset strategy
The identifying code of type includes:
It is that the possibility that machine is attacked is estimated to current operation;
The identifying code of respective type is obtained according to assessment result.
3. method according to claim 1, it is characterised in that described to obtain preset according to preset strategy
The identifying code of type includes:
A type of identifying code is randomly selected from different types of identifying code.
4. method according to claim 1, it is characterised in that described to obtain preset according to preset strategy
The identifying code of type includes:
Obtain the service identification corresponding to current operation;
The identifying code of respective type is obtained according to the service identification.
5. the method according to any one of Claims 1-4, it is characterised in that described according to the net
Network environmental information and user behavior data determine whether current operation is that machine is attacked, including:
Network behavior model parameter and web environment model parameter are extracted from the network environment information;
Personal behavior model parameter is extracted from the user behavior data;
According to the network behavior model parameter, web environment model parameter and personal behavior model parameter, press
It is analyzed according to preset analysis model;
Determine whether current operation is that machine is attacked according to analysis result.
6. the method according to any one of Claims 1-4, it is characterised in that described to the terminal
Issue after identifying code, also include:
The first authentication request that receiving terminal sends, it is defeated that first authentication request carries identifying code
Enter the authentication information of information and user;
If the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that
Authentication passes through.
7. the method according to any one of Claims 1-4, it is characterised in that the safety verification leads to
After crossing, also include:
The second authentication request that receiving terminal sends, second authentication request carries the mirror of user
Power information;
If the authentication information is correct, it is determined that authentication passes through.
8. the method according to any one of Claims 1-4, it is characterised in that described according to the net
Network environmental information and user behavior data determine current operation whether be machine attack when, also include:
The prompt message for representing and verifying is sent to terminal, so that terminal will be current according to the prompt message
The dispaly state of the page switches to first state, the first state to indicate currently to carry out safety verification.
9. the method according to any one of Claims 1-4, it is characterised in that the determination is tested safely
After card passes through, also include:
The response for representing that safety verification passes through is returned to terminal, so that the terminal will be current according to the response
The dispaly state of the page switches to the second state, and the second state instruction safety verification passes through.
10. a kind of auth method, it is characterised in that including:
When safety verification interface is triggered, security authentication request is generated;
Security authentication request is sent to server, so as to the server according to the security authentication request to working as
Whether preceding operation is that machine attack is tested;
The reception server it is determined that current operation by machine is attacked when the identifying code that returns, the identifying code by
Server obtains the identifying code of preset type and obtains according to preset strategy;
Identifying code input interface is generated according to the identifying code;
The identifying code and identifying code input interface are shown according to preset strategy.
11. methods according to claim 10, it is characterised in that the safety verification interface is safety
Checking triggering key, then it is described when safety verification interface is triggered, security authentication request is generated, including:
Receive user and verify that the safety verification that triggering key is triggered is instructed by safe operation;
According to safety verification instruction generation security authentication request.
12. methods according to claim 11, it is characterised in that described to show institute according to preset strategy
Identifying code and identifying code input interface are stated, including:
One combobox/side framing is generated according to the safety verification triggering key;
The identifying code and identifying code input interface are shown in the combobox/side framing.
13. methods according to claim 12, it is characterised in that described in the combobox/layback
The identifying code and identifying code input interface are shown in frame, including:
Dynamic launches the combobox/side framing;
The identifying code and identifying code input interface are shown in the combobox/side framing for launching.
14. method according to any one of claim 10 to 13, it is characterised in that described to server
Send after security authentication request, also include:
The prompt message that the expression that the reception server sends is being verified;
The dispaly state of current page is switched to by first state, the first state according to the prompt message
Instruction currently carries out safety verification.
15. method according to any one of claim 10 to 13, it is characterised in that also include:
The reception server it is determined that current operation by non-machine is attacked when the expression safety verification that returns pass through
Response;
The dispaly state of current page is switched to by the second state, second state instruction according to the response
Safety verification passes through.
16. methods according to claim 15, it is characterised in that described to incite somebody to action current according to the response
The dispaly state of the page switches to the second state, and the second state instruction safety verification passes through, including:
Prompt message is passed through according to the response generation safety verification that the expression safety verification passes through;
Show that the safety verification passes through prompt message.
17. methods according to claim 15, it is characterised in that described to incite somebody to action current according to the response
The dispaly state of the page is switched to after the second state, is also included:
Obtain the authentication information of user;
The second authentication request is sent to the server, second authentication request carries the mirror
Power information, so that the server carries out authentication according to the authentication information.
18. method according to any one of claim 10 to 13, it is characterised in that described according to default
After the strategy display identifying code and identifying code input interface, also include:
The authentication information of user is obtained, and identifying code is obtained by the identifying code input interface and be input into information;
To the server the first authentication request of transmission, tested described in the first authentication request carrying
Card code input information and authentication information, believe so that the server is input into information and authenticates according to the identifying code
Breath carries out authentication.
A kind of 19. authentication means, it is characterised in that including:
Receiving unit, the security authentication request that receiving terminal sends;
Acquiring unit, for obtaining network environment information and user behavior data according to the security authentication request;
Authentication unit, for whether determining current operation according to the network environment information and user behavior data
For machine is attacked, if so, the identifying code of preset type is then obtained according to preset strategy, and under the terminal
Hair identifying code, to carry out authentication;If not, it is determined that safety verification passes through.
20. devices according to claim 19, it is characterised in that
The authentication unit, specifically for determining current behaviour in the network environment information and user behavior data
It is that the possibility that machine is attacked is estimated to current operation when being attacked as machine, is obtained according to assessment result
Take the identifying code of respective type.
21. devices according to claim 19, it is characterised in that
The authentication unit, specifically for determining current behaviour in the network environment information and user behavior data
When being attacked as machine, a type of identifying code is randomly selected from different types of identifying code.
22. devices according to claim 19, it is characterised in that
The authentication unit, specifically for determining current behaviour in the network environment information and user behavior data
When being attacked as machine, the service identification corresponding to current operation is obtained, phase is obtained according to the service identification
Answer the identifying code of type.
23. device according to any one of claim 19 to 22, it is characterised in that
The authentication unit, specifically for from the network environment information extract network behavior model parameter and
Web environment model parameter;Personal behavior model parameter is extracted from the user behavior data;According to described
Network behavior model parameter, web environment model parameter and personal behavior model parameter, according to preset analysis
Model is analyzed;Determine whether current operation is that machine is attacked according to analysis result.
24. device according to any one of claim 19 to 22, it is characterised in that
The authentication unit, is additionally operable to determine currently according to the network environment information and user behavior data
When whether operation is that machine is attacked, is sent to terminal and represent the prompt message verified, so as to terminal according to
The dispaly state of current page is switched to first state, the first state to indicate current by the prompt message
Carry out safety verification.
25. device according to any one of claim 19 to 22, it is characterised in that
The authentication unit, is additionally operable to after it is determined that safety verification passes through, and is returned to terminal and represents that safety is tested
The response that card passes through, so that the dispaly state of current page is switched to second by the terminal according to the response
State, the second state instruction safety verification passes through.
A kind of 26. authentication triggering devices, it is characterised in that including:
Trigger element, for when safety verification interface is triggered, generating security authentication request;
Transmitting element, for sending security authentication request to server, so that the server is according to the peace
Whether full checking request is that machine attack is tested to current operation;
Receiving unit, for the reception server it is determined that current operation by machine is attacked when the identifying code that returns,
The identifying code is obtained the identifying code of preset type by server and is obtained according to preset strategy;
Generation unit, for generating identifying code input interface according to the identifying code;
Display unit, for showing the identifying code and identifying code input interface according to preset strategy.
27. devices according to claim 26, it is characterised in that
The trigger element, the safety that triggering key is triggered is verified specifically for receiving user by safe operation
Checking instruction, according to safety verification instruction generation security authentication request.
28. devices according to claim 27, it is characterised in that
The display unit, specifically for generating one combobox/side framing according to the safety verification triggering key,
The identifying code and identifying code input interface are shown in the combobox/side framing.
29. device according to any one of claim 26 to 28, it is characterised in that
The receiving unit, is additionally operable to the prompt message that the expression of the reception server transmission is being verified;
The display unit, is additionally operable to that the dispaly state of current page is switched into according to the prompt message
One state, the first state indicates currently to carry out safety verification.
30. device according to any one of claim 26 to 28, it is characterised in that
The receiving unit, be additionally operable to the reception server it is determined that current operation by non-machine is attacked when return
The response that passes through of expression safety verification;
The display unit, is additionally operable to that the dispaly state of current page is switched into the second shape according to the response
State, the second state instruction safety verification passes through.
31. devices according to claim 30, it is characterised in that
The display unit, the response specifically for being passed through according to the expression safety verification generates safety verification
By prompt message, show that the safety verification passes through prompt message.
32. a kind of authentication systems, it is characterised in that including described in any one of claim 19 to 25
Authentication triggering device described in authentication means and any one of claim 26 to 31.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510786095.9A CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
| PCT/CN2016/086678 WO2017084337A1 (en) | 2015-11-16 | 2016-06-22 | Identity verification method, apparatus and system |
| US15/690,469 US10547624B2 (en) | 2015-11-16 | 2017-08-30 | Identity authentication method, apparatus, and system |
| US16/709,416 US11258810B2 (en) | 2015-11-16 | 2019-12-10 | Identity authentication method, apparatus, and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510786095.9A CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713241A true CN106713241A (en) | 2017-05-24 |
| CN106713241B CN106713241B (en) | 2019-09-27 |
Family
ID=58930534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510786095.9A Active CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713241B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294981A (en) * | 2017-06-29 | 2017-10-24 | 苏州锦佰安信息技术有限公司 | A kind of method and apparatus of certification |
| CN107612904A (en) * | 2017-09-13 | 2018-01-19 | 浙江电力建设监理有限公司 | Identity identifying method and system for intelligent monitoring management |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| CN108989263A (en) * | 2017-05-31 | 2018-12-11 | 中国移动通信集团公司 | Short message verification code attack guarding method, server and computer readable storage medium |
| CN109271152A (en) * | 2018-08-17 | 2019-01-25 | 五八有限公司 | A kind of method of calibration, device, storage medium and the terminal of input frame content |
| CN109547426A (en) * | 2018-11-14 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Service response method and server |
| CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
| CN109862562A (en) * | 2019-01-02 | 2019-06-07 | 武汉极意网络科技有限公司 | A kind of dynamic verification code choosing method and system |
| CN110427745A (en) * | 2019-07-02 | 2019-11-08 | 五八有限公司 | Identifying code acquisition methods, device, electronic equipment and computer-readable medium |
| CN110769013A (en) * | 2018-07-26 | 2020-02-07 | 国信优易数据有限公司 | User dynamic recording method, user identity authentication method and device |
| CN112131551A (en) * | 2020-09-25 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Verification code verification method and device, computer equipment and readable storage medium |
| CN112508568A (en) * | 2018-08-15 | 2021-03-16 | 创新先进技术有限公司 | Core product pushing and core method and system |
| CN113656789A (en) * | 2021-10-18 | 2021-11-16 | 北京新氧科技有限公司 | Debugging tool starting control method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184359A (en) * | 2011-04-29 | 2011-09-14 | 德讯科技股份有限公司 | Method for realizing identity discrimination of operation user through keyboard and mouse input habit recognition |
| CN102594811A (en) * | 2012-01-15 | 2012-07-18 | 青岛印象派信息技术有限公司 | Video identifying code cloud technology |
| CN102737019A (en) * | 2011-03-31 | 2012-10-17 | 阿里巴巴集团控股有限公司 | Machine behavior determining method, webpage browser and webpage server |
| CN102790674A (en) * | 2011-05-20 | 2012-11-21 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| US20130007875A1 (en) * | 2011-06-30 | 2013-01-03 | Ebay, Inc. | Interactive CAPTCHA |
| US20130191641A1 (en) * | 2012-01-19 | 2013-07-25 | F2Ware Inc. | Captcha (completely automated public test to tell computers and humans apart) data generation methods and related data management systems and computer program products thereof |
| CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
| CN104580117A (en) * | 2013-10-28 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
| CN104902008A (en) * | 2015-04-26 | 2015-09-09 | 成都创行信息科技有限公司 | Crawler data processing method |
-
2015
- 2015-11-16 CN CN201510786095.9A patent/CN106713241B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737019A (en) * | 2011-03-31 | 2012-10-17 | 阿里巴巴集团控股有限公司 | Machine behavior determining method, webpage browser and webpage server |
| CN102184359A (en) * | 2011-04-29 | 2011-09-14 | 德讯科技股份有限公司 | Method for realizing identity discrimination of operation user through keyboard and mouse input habit recognition |
| CN102790674A (en) * | 2011-05-20 | 2012-11-21 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| US20130007875A1 (en) * | 2011-06-30 | 2013-01-03 | Ebay, Inc. | Interactive CAPTCHA |
| CN102594811A (en) * | 2012-01-15 | 2012-07-18 | 青岛印象派信息技术有限公司 | Video identifying code cloud technology |
| US20130191641A1 (en) * | 2012-01-19 | 2013-07-25 | F2Ware Inc. | Captcha (completely automated public test to tell computers and humans apart) data generation methods and related data management systems and computer program products thereof |
| CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
| CN104580117A (en) * | 2013-10-28 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
| CN104902008A (en) * | 2015-04-26 | 2015-09-09 | 成都创行信息科技有限公司 | Crawler data processing method |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108989263A (en) * | 2017-05-31 | 2018-12-11 | 中国移动通信集团公司 | Short message verification code attack guarding method, server and computer readable storage medium |
| CN108989263B (en) * | 2017-05-31 | 2020-12-01 | 中移动信息技术有限公司 | Short message verification code attack protection method, server and computer readable storage medium |
| CN107294981A (en) * | 2017-06-29 | 2017-10-24 | 苏州锦佰安信息技术有限公司 | A kind of method and apparatus of certification |
| CN107294981B (en) * | 2017-06-29 | 2020-04-17 | 苏州锦佰安信息技术有限公司 | Authentication method and equipment |
| CN107612904A (en) * | 2017-09-13 | 2018-01-19 | 浙江电力建设监理有限公司 | Identity identifying method and system for intelligent monitoring management |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| CN110769013A (en) * | 2018-07-26 | 2020-02-07 | 国信优易数据有限公司 | User dynamic recording method, user identity authentication method and device |
| CN112508568A (en) * | 2018-08-15 | 2021-03-16 | 创新先进技术有限公司 | Core product pushing and core method and system |
| CN109271152A (en) * | 2018-08-17 | 2019-01-25 | 五八有限公司 | A kind of method of calibration, device, storage medium and the terminal of input frame content |
| CN109547426A (en) * | 2018-11-14 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Service response method and server |
| CN109547426B (en) * | 2018-11-14 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Service response method and server |
| CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
| CN109862562A (en) * | 2019-01-02 | 2019-06-07 | 武汉极意网络科技有限公司 | A kind of dynamic verification code choosing method and system |
| CN110427745A (en) * | 2019-07-02 | 2019-11-08 | 五八有限公司 | Identifying code acquisition methods, device, electronic equipment and computer-readable medium |
| CN110427745B (en) * | 2019-07-02 | 2022-03-08 | 五八有限公司 | Verification code obtaining method and device, electronic equipment and computer readable medium |
| CN112131551A (en) * | 2020-09-25 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Verification code verification method and device, computer equipment and readable storage medium |
| CN113656789A (en) * | 2021-10-18 | 2021-11-16 | 北京新氧科技有限公司 | Debugging tool starting control method and device, electronic equipment and storage medium |
| CN113656789B (en) * | 2021-10-18 | 2022-04-22 | 北京新氧科技有限公司 | Debugging tool starting control method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713241B (en) | 2019-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713241A (en) | Identity verification method, device and system | |
| CN103856472B (en) | A kind of method and device of Account Logon | |
| CN104144419B (en) | Identity authentication method, device and system | |
| CN104065621B (en) | A kind of auth method of third party's service, client and system | |
| CN108959933A (en) | Risk analysis device and method for the certification based on risk | |
| CN104468531B (en) | The authorization method of sensitive data, device and system | |
| CN108650226B (en) | A kind of login validation method, device, terminal device and storage medium | |
| CN108989278A (en) | Identification service system and method | |
| CN103106736B (en) | A kind of identity identifying method, terminal and server | |
| EP2395446A1 (en) | Method for pairing a first device with a second device | |
| CN106790129A (en) | A kind of identity authentication method and device | |
| CN105827406A (en) | Identity verification method, identity verification device, and identity verification system | |
| CN109600336A (en) | Store equipment, identifying code application method and device | |
| CN104394531A (en) | Wireless network connecting method of a terminal device | |
| CN103973711B (en) | A kind of verification method and device | |
| CN104657653B (en) | The verification method and checking device of image authentication code | |
| CN103873455B (en) | A kind of method and device of information checking | |
| CN102073822A (en) | Method and system for preventing user information from leaking | |
| CN105100123A (en) | Application registration method and system | |
| CN105205379A (en) | Control method and device for terminal application and terminal | |
| CN104935548B (en) | Auth method, apparatus and system based on intelligent equipment of tatooing | |
| CN104102925A (en) | Computer operating system login verification method based on fingerprint identification technology | |
| CN104468486B (en) | Information processing method, system and electronic equipment | |
| CN105159475B (en) | A kind of characters input method and device | |
| CN110120928A (en) | A kind of identity authentication method, device, server and computer-readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |