CN106713241B - A kind of auth method, device and system - Google Patents
A kind of auth method, device and system Download PDFInfo
- Publication number
- CN106713241B CN106713241B CN201510786095.9A CN201510786095A CN106713241B CN 106713241 B CN106713241 B CN 106713241B CN 201510786095 A CN201510786095 A CN 201510786095A CN 106713241 B CN106713241 B CN 106713241B
- Authority
- CN
- China
- Prior art keywords
- identifying code
- safety verification
- authentication
- information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a kind of auth methods, device and system;From the above, it can be seen that, the present embodiment is used when receiving the security authentication request of terminal transmission, network environment information and user behavior data are obtained according to the security authentication request, then, determines whether current operation is machine attack according to the network environment information and user behavior data, if, the identifying code of preset type then is obtained according to preset strategy, and issues identifying code to terminal, to carry out authentication, if not, it is determined that safety verification passes through;The program can simplify user's operation, improve the treatment effeciency of verifying while improving Information Security.
Description
Technical field
The present invention relates to fields of communication technology, and in particular to a kind of auth method, device and system.
Background technique
Nowadays, various data are flooded with people's lives, for example shopping at network, transfer accounts and session etc.,
It is related to the processing of data invariably, and the safety of data, even more involve the security of the lives and property of people.
In order to improve the safety of data, after the technology authenticated after the identity information to user, have also been proposed
" identifying code " technology, primarily to preventing some hacker to some particular registered user, use is specific for the proposition of the technology
Program Brute Force mode carries out the case where continuous login attempt (i.e. verifying attempt) and occurs, i.e. the presence of identifying code be in order to
The input for distinguishing authentication information is people or machine, to improve the safety of verifying.
In the research and practice process to the prior art, although it was found by the inventors of the present invention that the presence of identifying code exists
The safety of data can be improved to a certain extent, but at the same time, it also allows the operation of user to become cumbersome, reduces
The treatment effeciency of verifying;Moreover, because traditional identifying code is all that the small figure of character adds an input frame therefore illegally to invade
The person of entering easily directly can pull the picture of identifying code by technological means, then be cracked by way of automatic machine,
So there is also certain loopholes for safety.
Summary of the invention
The embodiment of the present invention provides a kind of auth method, device and system, can improve the same of Information Security
When, simplify user's operation, improves the treatment effeciency of verifying.
The embodiment of the present invention provides a kind of auth method, comprising:
Receive the security authentication request that terminal is sent;
Network environment information and user behavior data are obtained according to the security authentication request;
Determine whether current operation is machine attack according to the network environment information and user behavior data;
If so, obtaining the identifying code of preset type according to preset strategy, and identifying code is issued to the terminal, to carry out
Authentication;
If not, it is determined that safety verification passes through.
Correspondingly, the embodiment of the present invention also provides another auth method, comprising:
When safety verification interface is triggered, security authentication request is generated;
To server send security authentication request, so as to the server according to the security authentication request to current operation
It whether is that machine attack is tested;
The identifying code that server is returned when determining that current operation is attacked by machine is received, the identifying code is by server
The identifying code of preset type is obtained according to preset strategy and is obtained;
Identifying code input interface is generated according to the identifying code;
The identifying code and identifying code input interface are shown according to preset strategy.
Correspondingly, the embodiment of the present invention also provides a kind of authentication means, comprising:
Receiving unit receives the security authentication request that terminal is sent;
Acquiring unit, for obtaining network environment information and user behavior data according to the security authentication request;
Authentication unit, for determining whether current operation is machine according to the network environment information and user behavior data
Attack if so, obtaining the identifying code of preset type according to preset strategy, and issues identifying code to the terminal, to carry out body
Part verifying;If not, it is determined that safety verification passes through.
Correspondingly, the embodiment of the present invention also provides a kind of authentication trigger device, comprising:
Trigger unit, for generating security authentication request when safety verification interface is triggered;
Transmission unit, for sending security authentication request to server, so that the server is according to the safety verification
Whether request is that machine attack is tested to current operation;
Receiving unit, the identifying code returned for receiving server when determining that current operation is attacked by machine are described
Identifying code is obtained the identifying code of preset type according to preset strategy by server and is obtained;
Generation unit, for generating identifying code input interface according to the identifying code;
Display unit, for showing the identifying code and identifying code input interface according to preset strategy.
In addition, the embodiment of the present invention also provides a kind of authentication system, including provided by the embodiment of the present invention it is any
Kind authentication means and any authentication trigger device.
The embodiment of the present invention is used when receiving the security authentication request of terminal transmission, is obtained according to the security authentication request
Network environment information and user behavior data are taken, then, current behaviour is determined according to the network environment information and user behavior data
Whether it is machine attack, if so, obtaining the identifying code of preset type according to preset strategy, and issues identifying code to terminal,
To carry out authentication, if not, it is determined that safety verification passes through;Since the program can carry out safety verification to current operation,
And identifying code is just only issued when determining that current operation is machine attack, accordingly, with respect in the prior art regardless of working as cause
For how condition requires the scheme of progress identifying code verifying, user's operation can be greatly simplified, the treatment effeciency of verifying is improved;
Moreover, because the identifying code temporarily issues, and type is also flexibly to change, accordingly, it is difficult to by way of automatic machine
It is cracked, for existing scheme, its safety can be greatly improved.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those skilled in the art, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 a is the schematic diagram of a scenario of authentication system provided in an embodiment of the present invention;
Fig. 1 b is the flow chart of auth method provided in an embodiment of the present invention;
Fig. 2 is another flow chart of auth method provided in an embodiment of the present invention;
Fig. 3 a is the another flow chart of auth method provided in an embodiment of the present invention;
Fig. 3 b is the interface schematic diagram before the safety verification in auth method provided in an embodiment of the present invention;
Fig. 3 c is the obstructed out-of-date interface schematic diagram of the safety verification in auth method provided in an embodiment of the present invention;
Fig. 3 d is the variation schematic diagram of triggering key in auth method provided in an embodiment of the present invention;
Fig. 3 e is the interface schematic diagram that the safety verification in auth method provided in an embodiment of the present invention passes through;
Fig. 4 is the structural schematic diagram of authentication means provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of authentication trigger device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of auth method, device and system.
The authentication system may include that any authentication means and identity provided by the embodiment of the present invention are tested
Demonstrate,prove trigger device, wherein the authentication means specifically can integrate in the server, which may include
The authentication system may include that any authentication means and identity provided by the embodiment of the present invention are tested
Demonstrate,prove trigger device, wherein the authentication means can integrate in the server, which can be an independent reality
Body also may include multiple entities, and as shown in Figure 1a, which may include web page server (Web server) and verifying
Code server, in addition, can also include regular master control server and material storage server etc. optionally;Furthermore the identity
Verifying device can integrate in the terminal, for example, can be installed in the terminal in the form of client, such as mobile phone, plate electricity
In brain or personal computer (PC, Personal Computer).
Wherein, when user needs to carry out safety verification, for example, click safety verification triggering key when, authentication touching
Terminal where transmitting apparatus will generate security authentication request, and send the safety verification to server, such as web page server
Request obtains network environment information and user behavior data according to the security authentication request by server, and according to the network rings
Border information and user behavior data determine whether current operation is machine attack, such as can be by web page server by safety verification
Request is transmitted to identifying code server, obtains network environment information and user behavior data by identifying code server, and according to this
Network environment information and user behavior data determine whether current operation is machine attack, if so, obtaining according to preset strategy
The identifying code of preset type, and identifying code is issued to the terminal, for example, preset strategy can be obtained from regular master control server,
Such as certain rule, and corresponding material is obtained from material storage server, and identifying code is generated according to the preset strategy and material,
Then identifying code is supplied to web page server, terminal is handed down to by web page server, tested by terminal according to identifying code generation
Code input interface is demonstrate,proved, and shows the identifying code and identifying code input interface according to preset strategy, to carry out authentication;Otherwise,
If not machine is attacked, it is determined that safety verification passes through, and issues identifying code without carrying out, and can return to terminal indicates peace at this time
The response being verified entirely.
It will be described in detail respectively below.
Embodiment one,
The present embodiment will be described from the angle of authentication means, which, which specifically can integrate, is taking
It is engaged in the network equipments such as device, it also may include multiple entities which, which can be an independent entity,.
A kind of auth method, comprising: receive the security authentication request that terminal is sent;It is obtained according to the security authentication request
Take network environment information and user behavior data;Whether current operation is determined according to the network environment information and user behavior data
For machine attack;If so, obtaining the identifying code of preset type according to preset strategy, and issue identifying code to the terminal, with into
Row authentication;If not, it is determined that safety verification passes through.
As shown in Figure 1 b, the flow chart of the auth method specifically can be such that
101, the security authentication request that terminal is sent is received.
102, network environment information and user behavior data are obtained according to the security authentication request.
For example, specifically can by being monitored to web environment and user behavior, come obtain network environment information and
User behavior data.
Wherein, which may include the data such as network behavior model parameter and web environment model parameter,
And user behavior data may include the data such as personal behavior model parameter.
103, determine whether current operation is machine attack according to the network environment information and user behavior data, if so,
104 are thened follow the steps, otherwise, if not machine is attacked, thens follow the steps 105.
For example, can specifically extract network behavior model parameter and web environment model ginseng from the network environment information
Number, and personal behavior model parameter is extracted from the user behavior data, then, according to the network behavior model parameter, net
Page environmental model parameter and personal behavior model parameter, are analyzed according to preset analysis model, and based on the analysis results really
Determine whether current operation is machine attack, is attacked if machine, then follow the steps 104, otherwise, if not machine is attacked, then held
Row step 105.
Refer to that " behavior is machine attack it should be noted that " being determined as machine attack " described in the embodiment of the present invention
A possibility that be higher than certain threshold value ", i.e., " based on the analysis results determine current operation whether be machine attack " specifically:
Estimate that current operation belongs to the probability of machine attack according to the analysis result, if the probability is higher than preset threshold value,
It is determined as machine attack, otherwise, if the probability is not higher than preset threshold value, it is determined that attack for non-machine.
Optionally, current state is known for the ease of user, when server is verified, can also be returned to terminal
Corresponding prompt information, to indicate that currently that is, step is " true according to the network environment information and user behavior data just in the verification
Determine whether current operation is machine attack " when, which can also include:
Sending to terminal indicates the prompt information verified, so as to terminal according to the prompt information by the aobvious of current page
Show that state is switched to first state, wherein first state instruction is currently carrying out safety verification.
For example, terminal can be shown " in verifying " on the predeterminated position of the triggering key of the page or the safety verification at this time,
Etc..
104, the identifying code of preset type is obtained according to preset strategy, and issues identifying code to the terminal, to carry out identity
Verifying.
Wherein, which can be configured according to the demand of practical application, for example, can be using following any one
Kind of mode obtains the identifying code of preset type, i.e., step " identifying code of preset type is obtained according to preset strategy " specifically can be with
It is as follows:
(1) first way;
It is that a possibility that machine is attacked is assessed to current operation, the verifying of respective type is obtained according to assessment result
Code.
For example, can be arranged according to the height (such as degree of malice of current environment) for the probability that machine is attacked several etc.
Grade, the probability which is confirmed as machine attack is higher, then higher grade, the identifying code that safety can be used higher, than
Braille identifying code in such as picture mosaic identifying code or figure;Conversely, the probability for being confirmed as machine attack is lower, then lower grade, can
With the identifying code, such as traditional character identifying code, etc. lower and relatively simple using safer property.
(2) second way;
A type of identifying code is randomly selected from different types of identifying code, i.e., regardless of the operation is confirmed as machine
The probability of attack randomly selects a type of identifying code by how high, it may be possible to picture mosaic identifying code, it is also possible to traditional
Character identifying code, etc..
(3) the third mode;
Service identification corresponding to current operation is obtained, the identifying code of respective type is obtained according to the service identification.
For example, different identifying code generation strategies can be arranged for different business according to the demand of practical application, for example,
If it is the higher business of security requirement, such as payment, then need to provide that safety is higher, more complicated identifying code, than
Such as picture mosaic identifying code;Conversely, if common business, such as web page browsing etc., then it can only provide lower compared with safety
Identifying code, such as traditional character identifying code, etc..
It is, of course, also possible to using other preset strategies, no longer enumerated here.
It should be noted that the preset strategy can store in the authentication means, it also can store and deposited in others
It stores up in equipment, is obtained when the authentication means need, then to the storage equipment, in addition, it should be noted that, generate verifying
The material of code can also be supplied to the authentication by other equipment other than it can store in this authentication means
Device, details are not described herein.
Optionally, after issuing identifying code to the terminal, the authentication request of terminal transmission can also be received, in order to
Description is convenient, in embodiments of the present invention, referred to as the first authentication request, wherein first authentication request can be taken
The information such as information and the authentication information of user are inputted with identifying code, then, identity is carried out according to first authentication request and is tested
Card, i.e., after step " issuing identifying code to the terminal ", which can also include:
Receive terminal send the first authentication request, first authentication request carry identifying code input information and
The authentication information of user, if the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that identity is tested
Card passes through.
Otherwise, if the authentication information is incorrect or the identifying code inputs information and the identifying code is inconsistent, it is determined that identity
Verifying does not pass through.
105, determine that safety verification passes through.
Optionally, the response for indicating that safety verification passes through can be returned to terminal, so that the terminal is according to the response
The display state of current page is switched to the second state, wherein the second state instruction safety verification passes through.
After the safety verification passes through, which can also receive the authentication request of terminal transmission,
For convenience, in embodiments of the present invention, referred to as the second authentication request, second authentication request carry user
Authentication information (without carrying identifying code), then, according to second authentication request carry out authentication;I.e. in step
After " determining that safety verification passes through ", which can also include:
The second authentication request that terminal is sent is received, which carries the authentication information of user,
If the authentication information is correct, it is determined that authentication passes through.
Otherwise, if the authentication information is incorrect, it is determined that authentication does not pass through.
From the foregoing, it will be observed that the present embodiment is used when receiving the security authentication request of terminal transmission, according to the safety verification
Then request network environment information and user behavior data are determined according to the network environment information and user behavior data
Whether current operation is machine attack, if so, obtaining the identifying code of preset type according to preset strategy, and issues and tests to terminal
Code is demonstrate,proved, to carry out authentication, if not, it is determined that safety verification passes through;Since the program can carry out safety to current operation
Verifying, and identifying code is just only issued when determining that current operation is machine attack, no matter accordingly, with respect to working as in the prior art
For preceding what state requires the scheme of progress identifying code verifying, user's operation can be greatly simplified, the processing of verifying is improved
Efficiency;Moreover, because the identifying code temporarily issues, and type is also flexibly to change, accordingly, it is difficult to pass through automatic machine
Mode is cracked, and for existing scheme, can greatly improve its safety.
Further, since the security validation operation can voluntarily be chosen whether to trigger by user, accordingly, with respect to existing
For the scheme directly detected in technology by system background, realize it is more flexible, it is not only user-friendly, but also can be with
User experience is greatly improved, is conducive to improve service quality (QoS, Quality of Service).
Embodiment two,
The present embodiment will be described from the angle of authentication trigger device, which specifically can be with
It is integrated in the network equipments such as terminal.The terminal is specifically as follows the equipment such as mobile phone, tablet computer or PC.
A kind of auth method, comprising: security authentication request is sent to server, so that the server is according to the safety
Whether checking request is that machine attack is tested to current operation;Server is received when determining current operation is machine attack
The identifying code returned;Identifying code input interface is generated according to the identifying code;The identifying code and verifying are shown according to preset strategy
Code input interface.
As shown in Fig. 2, the detailed process of the auth method can be such that
201, to server send security authentication request, so as to the server according to the security authentication request to current operation
It whether is that machine attack is tested, the specific method of inspection can be found in embodiment one, and details are not described herein.
For example, security authentication request can be generated when safety verification interface is triggered, then, sent to the server
The security authentication request.
Wherein, the representation of the safety verification interface can there are many, for example, can be the input frame of an instruction, choosing
Select frame or safety verification triggering key, wherein the safety verification triggering key can be key, be also possible to sliding block etc., herein no longer
It repeats.It for convenience, in embodiments of the present invention, will be specially that safety verification triggering key is with the safety verification interface
Example is illustrated.
If the safety verification interface is safety verification triggering key, step " when safety verification interface is triggered, generates peace
Full checking request " may include:
It receives user and the safety verification instruction that triggering key is triggered is verified by safe operation, instructed according to the safety verification
Generate security authentication request.
Wherein, the mode of user's operation safety verification triggering key can there are many, for example, can be clicked, slide or
Touch, etc..
Optionally, after sending security authentication request to server, current state is known for the ease of user, the body
Part verification method can also include:
The prompt information verified of expression that server is sent is received, according to the prompt information by the display of current page
State is switched to first state, wherein first state instruction is currently carrying out safety verification.
For example, terminal can show " verifying on the predeterminated position of the triggering key of current page or the safety verification at this time
In " printed words, etc..
202, the identifying code that server is returned when determining that current operation is attacked by machine is received.
Wherein, the form of the identifying code is not construed as limiting, and can be various types of identifying codes, is tested for example, can be picture mosaic
Demonstrate,prove code, picture validation code or character identifying code etc..
Refer to that " operation is machine attack it should be noted that " being determined as machine attack " described in the embodiment of the present invention
A possibility that be higher than certain threshold value ", i.e., the operation be determined as machine attack probability be higher than certain threshold value.
203, identifying code input interface is generated according to the identifying code.
204, the identifying code and identifying code input interface are shown according to preset strategy.
Wherein, which can be configured according to the demand of practical application, for example, can be such that
One combobox/side framing is generated according to the safety verification triggering key, shows the verifying in the combobox/side framing
Code and identifying code input interface, for example, can be such that
Combobox/the side framing is unfolded in dynamic, shows that the identifying code and identifying code are defeated in combobox/side framing of expansion
Incoming interface.
Wherein, the display format of the identifying code and identifying code input interface can depending on the demand based on practical application, than
Such as, which can be set to input frame, etc..Optionally, in order to improve safety, in display identifying code
When, corresponding interference information can also be set for identifying code, for example, certain background picture or right can be arranged for identifying code
Identifying code carries out certain deformation, etc., and details are not described herein.
Optionally, after showing the identifying code and identifying code input interface according to preset strategy at this, user can be with root
Corresponding identifying code is inputted in the identifying code input interface according to the identifying code of the display and inputs information, for example, if identifying code is
" 12ab ", then user can input " 12ab ", etc. in the identifying code input interface, then, by the authentication trigger device
The first authentication request is sent to the server, and carries identifying code input information and mirror in first authentication request
Information is weighed, so that the server inputs information and authentication information progress authentication according to the identifying code;I.e. in step " according to pre-
If strategy shows the identifying code and identifying code input interface " can also include: later
The authentication information of user is obtained, and identifying code is obtained by the identifying code input interface and inputs information, to the clothes
Business device sends the first authentication request, which carries identifying code input information and authentication information, with
Just the server inputs information according to the identifying code and authentication information carries out authentication.
Hereafter, can also receive server return the response about authentication result, such as authentication pass through or
Authentication does not pass through, etc. then showing the authentication as a result, obstructed out-of-date in authentication, can also prompt user's phase
The failure cause answered, for example be authentication information mistake or identifying code mistake etc..
Wherein, authentication information refer in addition to identifying code other be used for authentication information, for example, the authentication believe
Breath may include user account and password, can also include other information, such as user's name etc..
In addition, it should be noted that, which can also receive server and determine that current operation is non-
The display state of current page, is switched to by the response that the expression safety verification that machine is returned when attacking passes through according to the response
Second state, wherein the second state instruction safety verification is by, for example, the response that can be passed through according to the expression safety verification
Safety verification is generated by prompt information, and shows that the safety verification passes through prompt information, such as display " safety verification passes through "
Printed words etc..
If safety verification passes through, it can only require that user provides authentication information at this time, without inputting identifying code, that is, exist
After step " the display state of current page is switched to the second state according to the response ", which can also be wrapped
It includes:
The authentication information for obtaining user sends the second authentication request, second authentication request to the server
The authentication information is carried, so that the server carries out authentication according to the authentication information.
From the foregoing, it will be observed that the terminal of the present embodiment can generate security authentication request, so when safety verification interface is triggered
Afterwards, by server send security authentication request so that server according to the security authentication request to current operation whether be
Machine attack is tested, and only just issues identifying code to terminal, by terminal root when determining current operation is machine attack
Identifying code input interface is generated according to the identifying code, and shows the identifying code and identifying code input interface according to preset strategy;Due to
The program can carry out safety verification to current operation, and only just issue verifying when determining that current operation is machine attack
Code, for the scheme for requiring progress identifying code verifying regardless of present case in the prior art, Ke Yi great
It is big to simplify user's operation, improve the treatment effeciency of verifying;Moreover, because the identifying code temporarily issues, and type is also spirit
Variation living, and only in the obstructed out-of-date just display of safety verification, accordingly, it is difficult to cracked by way of automatic machine,
For existing scheme, its safety can be greatly improved.
Further, since the security validation operation can voluntarily be chosen whether to trigger by user, accordingly, with respect to existing
For the scheme directly detected in technology by system background, realize it is more flexible, it is not only user-friendly, but also can be with
User experience is greatly improved, is conducive to improve QoS.
Embodiment three,
According to method described in embodiment one and two, citing is described in further detail below.
In the present embodiment, it will specifically be integrated in the server with the authentication means, and authentication triggering dress
It sets and is illustrated for specifically integrating in the terminal.
Wherein, the server is including may include web page server, identifying code server, in addition, it can include regular
Master control server and material storage server etc., and the authentication trigger device can be pacified in the form of client or other softwares
It fills in the terminal, for example, can be with application programming interface (API, Application Programming Interface)
Form is packaged, in this way, the page side of access need to only increase corresponding code and can add this API.It will carry out below detailed
Explanation.
As shown in Figure 3a, a kind of auth method, detailed process can be such that
301, terminal sends security authentication request to web page server.
Referred to for example, can receive user by the safety verification that the safety verification triggering key in operation respective page is triggered
It enables, then, is instructed according to the safety verification and generate security authentication request, and sent the safety verification to the web page server and ask
It asks.For example, user can click the triggering key of " click and carry out safety verification " on interface referring to Fig. 3 b, it is somebody's turn to do to trigger to generate
Security authentication request.
It should be noted that the pattern and content at the interface can be configured according to the demand of practical application, herein no longer
It repeats.
302, after web page server receives the security authentication request, which is transmitted to identifying code service
Device.
303, identifying code server obtains network environment information and user behavior data according to the security authentication request.
For example, specifically can by being monitored to web environment and user behavior, come obtain network environment information and
User behavior data.
Wherein, which may include the data such as network behavior model parameter and web environment model parameter,
And user behavior data may include the data such as personal behavior model parameter.
304, identifying code server determines whether current operation is machine according to the network environment information and user behavior data
Otherwise device attack, if not machine is attacked, thens follow the steps 310 if so, thening follow the steps 305.
For example, identifying code server can extract network behavior model parameter and web environment from the network environment information
Model parameter, and personal behavior model parameter is extracted from the user behavior data, then, joined according to the network behavior model
Number, web environment model parameter and personal behavior model parameter, are analyzed according to preset analysis model, and are tied according to analysis
Fruit estimation current operation belongs to the probability of machine attack, if the probability is higher than preset threshold value, it is determined that attack for machine, then hold
Row step 305, otherwise, if the probability is not higher than preset threshold value, it is determined that attacked for non-machine, then execute step 310.
305, identifying code server is obtained to generate to regular master control server and be tested when determining current operation is machine attack
The rule of code is demonstrate,proved, and obtains the material for generating identifying code to material storage server according to the rule got, that is, obtains and generates
Various data needed for identifying code, for example, picture mosaic identifying code may require that the data such as the picture of picture mosaic, position coordinates.
Wherein, the different identifying code difficulty point of the identifying code scene setting that regular master control server can be used for business
Grade, when scene malice amount is very big, strategy can add sternly, that is, issue the biggish verifying code type of difficulty and interference, if
The only lesser operation of security risks such as corresponding registration, then can issue and be relatively easy to identifying code, or directly be made by business
Think that verifying code type to be used, all dynamic state of parameters flexibly can configure with side is specified, each type approval code can also be reinforced
Interference processing.Alternatively, regular master control server can also issue different types of identifying code at random if do not specified.
And material storage server then saves picture materials and location information of each type approval code etc., as picture mosaic is verified
Code generates the data such as desired position, direction or angle, is supplied to the use of identifying code server.
306, identifying code server generates identifying code according to rule according to the material got, and identifying code is supplied to net
Page server, is supplied to the relative client in terminal by web page server, for example, showing on the webpage that the client is shown
The identifying code, etc..
It optionally, can also be the corresponding interference letter of identifying code setting when showing identifying code in order to improve safety
Breath for example, certain background picture can be arranged for identifying code, or carries out certain deformation, etc. to identifying code, herein no longer
It repeats.
307, terminal (client i.e. in terminal) generates identifying code input interface according to the identifying code, and according to default plan
It shows slightly and shows the identifying code and identifying code input interface.
Wherein, which can be configured according to the demand of practical application, for example, can be such that
One combobox/side framing is generated according to the safety verification triggering key, and the combobox/side framing is unfolded in dynamic,
The identifying code and identifying code input interface are shown in combobox/side framing of expansion, for example, referring to Fig. 3 c.
308, terminal (client i.e. in terminal) obtains the authentication information of user, and passes through the identifying code input interface
It obtains identifying code and inputs information, send the first authentication request to the web page server, which carries
The identifying code inputs information and authentication information, then executes step 309.
309, web page server inputs information and authentication according to the identifying code after receiving first authentication request
Information carries out authentication, if the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that identity
It is verified, process terminates.
Otherwise, if the authentication information is incorrect or the identifying code inputs information and the identifying code is inconsistent, it is determined that identity
Verifying does not pass through.
Corresponding authentication result can be returned to terminal, details are not described herein.
310, identifying code server determines that safety verification passes through when determining current operation is machine attack, and will indicate
The response that safety verification passes through is sent to web page server, is sent to terminal by web page server.
311, terminal is after receiving the response that the expression safety verification passes through, the authentication information of available user, to
The web page server sends the second authentication request, which carries the authentication information.
Wherein, during safety verification, the pattern of " triggering key " of the safety verification can have corresponding dynamic to become
Change, for example, the text prompt in " triggering key " can be transformed to " verifying " in verification process, and terminal is receiving
After the response passed through to the expression safety verification, the text prompt in " triggering key " can be transformed to " being verified " etc., be joined
See Fig. 3 d.When safety verification passes through, interface can transform to interface as shown in Figure 3 e.
Optionally, when the state at the interface changes, corresponding animation can also be set in the process of variation, to increase
Add its intuitive, aesthetics and interest, for example, the text prompt in " triggering key " is transformed to " verifying by " verifying "
Pass through " during, a small animation can be played, for example, i.e. after a small animation, text prompt in " triggering key " by
" verifying " is transformed to " being verified ", and work as the text prompt in " triggering key " be " verifying " when, can also be " just
Verifying " above or below show that the progress of verifying, or display one can indicate to verify ongoing small animation, etc.,
Details are not described herein.
It should be noted that the pattern and content at the interface can be depending on the demands of practical application, details are not described herein.
312, web page server carries out identity according to the authentication information and tests after receiving second authentication request
Card, the authentication information are correct, it is determined that authentication passes through, otherwise, if the authentication information is incorrect, it is determined that authentication is not
Pass through, process terminates.
From the foregoing, it will be observed that the present embodiment is used when receiving the security authentication request of terminal transmission, according to the safety verification
Then request network environment information and user behavior data are determined according to the network environment information and user behavior data
Whether current operation is machine attack, if so, obtaining the identifying code of preset type according to preset strategy, and issues and tests to terminal
Code is demonstrate,proved, identifying code input interface is generated according to the identifying code by terminal, and show the identifying code and identifying code according to preset strategy
Input interface, to carry out authentication, if not, it is determined that safety verification passes through;Since the program can carry out current operation
Safety verification, and identifying code is just only issued when determining that current operation is machine attack, accordingly, with respect in the prior art not
For how pipe present case requires the scheme of progress identifying code verifying, user's operation can be greatly simplified, verifying is improved
Treatment effeciency;Moreover, because the identifying code temporarily issues, and type is also flexibly to change, and only test in safety
Obstructed out-of-date just display is demonstrate,proved, accordingly, it is difficult to cracked by way of automatic machine, for existing scheme, Ke Yi great
Its safety is improved greatly.
Further, since the security validation operation can voluntarily be chosen whether to trigger by user, accordingly, with respect to existing
For the scheme directly detected in technology by system background, realize it is more flexible, it is not only user-friendly, but also can be with
User experience is greatly improved, is conducive to improve QoS.
Example IV,
In order to better implement above method, the embodiment of the present invention also provides a kind of authentication means, as shown in figure 4,
The authentication means include receiving unit 401, acquiring unit 402 and authentication unit 403, as follows:
(1) receiving unit 401;
Receiving unit 401 receives the security authentication request that terminal is sent.
(2) acquiring unit 402;
Acquiring unit 402, for obtaining network environment information and user behavior data according to the security authentication request.
For example, acquiring unit 402, it specifically can be by being monitored to web environment and user behavior, to obtain net
Network environmental information and user behavior data.
Wherein, which may include the data such as network behavior model parameter and web environment model parameter,
And user behavior data may include the data such as personal behavior model parameter.
(3) authentication unit 403;
Authentication unit 403, for determining whether current operation is machine according to the network environment information and user behavior data
Device attack if so, obtaining the identifying code of preset type according to preset strategy, and issues identifying code to the terminal, to carry out body
Part verifying;If not, it is determined that safety verification passes through.
For example, the authentication unit 403, specifically can be used for extracting network behavior model parameter from the network environment information
With web environment model parameter, and from the user behavior data extract personal behavior model parameter, then, according to the network
Behavior model parameter, web environment model parameter and personal behavior model parameter, are analyzed according to preset analysis model, and
Determine whether current operation is machine attack, is attacked if machine, then obtains preset class according to preset strategy based on the analysis results
The identifying code of type, and identifying code is issued to the terminal, to carry out authentication, otherwise, if not machine is attacked, it is determined that safety
It is verified.
Wherein, the strategy for generating identifying code can be configured according to the demand of practical application, for example, can be such that
The authentication unit 403 specifically can be used for determining current operation in the network environment information and user behavior data
When being attacked for machine, it is that a possibility that machine is attacked is assessed to current operation, respective type is obtained according to assessment result
Identifying code.
Alternatively, the authentication unit 403, specifically can be used for determining in the network environment information and user behavior data current
When operation is machine attack, a type of identifying code is randomly selected from different types of identifying code.
For example, can be arranged according to the height (such as degree of malice of current environment) for the probability that machine is attacked several etc.
Grade, the probability which is confirmed as machine attack is higher, then higher grade, the identifying code that safety can be used higher, than
Such as picture mosaic identifying code;Conversely, the probability for being confirmed as machine attack is lower, then lower grade, can use safer property
Lower and relatively simple identifying code, such as traditional character identifying code, etc..
Alternatively, the authentication unit 403, specifically can be used for determining in the network environment information and user behavior data current
When operation is machine attack, service identification corresponding to current operation is obtained, testing for respective type is obtained according to the service identification
Demonstrate,prove code.
For example, different identifying code generation strategies can be arranged for different business according to the demand of practical application, for example,
If it is the higher business of security requirement, such as payment, then need to provide that safety is higher, more complicated identifying code, than
Such as picture mosaic identifying code;Conversely, if common business, such as web page browsing etc., then it can only provide lower compared with safety
Identifying code, such as traditional character identifying code, etc..
It is, of course, also possible to using other preset strategies, no longer enumerated here.
Optionally, after determining that safety verification passes through, the response for indicating that safety verification passes through can also be returned to terminal,
That is:
Authentication unit 403 can be also used for after determining that safety verification passes through, and returning to terminal indicates that safety verification is logical
The response crossed, so that the display state of current page is switched to the second state according to the response by the terminal, wherein second
State instruction safety verification passes through.
Optionally, current state is known for the ease of user, when server is verified, can also be returned to terminal
Corresponding prompt information, to indicate currently just in the verification, it may be assumed that
Authentication unit 403 can be also used for determining current operation according to the network environment information and user behavior data
When whether being machine attack, the prompt information for indicating to verify is sent, to terminal so that terminal will be worked as according to the prompt information
The display state of the preceding page is switched to first state, and the first state instruction is currently carrying out safety verification.
Optionally, after issuing identifying code to the terminal, the first authentication request of terminal transmission can also be received,
Wherein, which can carry the information such as identifying code input information and the authentication information of user, then, according to
First authentication request carries out authentication, it may be assumed that
Receiving unit 401 can be also used for receiving the first authentication request that terminal is sent, which asks
Seek the authentication information for carrying identifying code input information and user.
Authentication unit 403 can be also used for inputting information according to the identifying code and the authentication information progress identity of user tested
Card, if the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that authentication passes through;Otherwise,
If the authentication information is incorrect or the identifying code inputs information and the identifying code is inconsistent, it is determined that authentication does not pass through.
Similarly, after safety verification passes through, the second authentication request of terminal transmission, second body also be can receive
Part checking request carries the authentication information (without carrying identifying code) of user, then, is carried out according to second authentication request
Authentication;That is:
Receiving unit 401 can be also used for receiving the second authentication request that terminal is sent, which asks
Seek the authentication information for carrying user.
Authentication unit 403 can be also used for carrying out authentication according to the authentication information, if the authentication information is correct,
Determine that authentication passes through;Otherwise, if the authentication information is incorrect, it is determined that authentication does not pass through.
When it is implemented, above each unit can be used as independent entity to realize, any combination can also be carried out, is made
It is realized for same or several entities, the specific implementation of above each unit can be found in the embodiment of the method for front, herein not
It repeats again.
The authentication means specifically can integrate in the network equipments such as server, which can be an independence
Entity, also may include multiple entities.
From the foregoing, it will be observed that the authentication means of the present embodiment are used when receiving the security authentication request of terminal transmission,
Network environment information and user behavior data are obtained according to the security authentication request by acquiring unit 402, then, by authentication unit
403 determine whether current operation is machine attack according to the network environment information and user behavior data, if so, according to preset
Strategy obtains the identifying code of preset type, and issues identifying code to terminal, to carry out authentication, if not, it is determined that safety is tested
Card passes through;Since the program can carry out safety verification to current operation, and only when determining current operation is machine attack
Identifying code is just issued, accordingly, with respect in the prior art regardless of present case requires the scheme of progress identifying code verifying
For, user's operation can be greatly simplified, the treatment effeciency of verifying is improved;Moreover, because the identifying code temporarily issues, and
Type is also flexibly to change,, can be with for existing scheme accordingly, it is difficult to cracked by way of automatic machine
Greatly improve its safety.
Further, since the security validation operation can voluntarily be chosen whether to trigger by user, accordingly, with respect to existing
For the scheme directly detected in technology by system background, realize it is more flexible, it is not only user-friendly, but also can be with
User experience is greatly improved, is conducive to improve QoS.
Embodiment five,
Correspondingly, the embodiment of the present invention also provides a kind of authentication trigger device, as shown in figure 5, the authentication is touched
Transmitting apparatus may include trigger unit 501, transmission unit 502, receiving unit 503, generation unit 504 and display unit 505, such as
Under:
(1) trigger unit 501;
Trigger unit 501, for generating security authentication request when safety verification interface is triggered.
Wherein, the representation of the safety verification interface can there are many, for example, can be the input frame of an instruction, choosing
Select frame or safety verification triggering key, wherein the safety verification triggering key can be key, be also possible to sliding block etc., herein no longer
It repeats.
If the safety verification interface is safety verification triggering key:
Trigger unit 501 specifically can be used for receiving user and be tested by the safety that safe operation verifying triggering key is triggered
Card instruction, instructs according to the safety verification and generates security authentication request.
Wherein, the mode of user's operation safety verification triggering key can there are many, for example, can be clicked, slide or
Touch, etc..
(2) transmission unit 502;
Transmission unit 502, for sending security authentication request to server, so that the server is asked according to the safety verification
It asks to whether current operation is that machine attack is tested.
(3) receiving unit 503;
Receiving unit 503, the identifying code returned for receiving server when determining that current operation is attacked by machine.
Wherein, the form of the identifying code is not construed as limiting, and can be various types of identifying codes, is tested for example, can be picture mosaic
Demonstrate,prove code, picture validation code or character identifying code etc..
(4) generation unit 504;
Generation unit 504, for generating identifying code input interface according to the identifying code.
(5) display unit 505;
Display unit 505, for showing the identifying code and identifying code input interface according to preset strategy.
Wherein, which can be configured according to the demand of practical application, for example, can be such that
The display unit 505 specifically can be used for generating one combobox/side framing according to the safety verification triggering key,
The identifying code and identifying code input interface are shown in the combobox/side framing.
Wherein, the display format of the identifying code and identifying code input interface can depending on the demand based on practical application, than
Such as, which can be set to input frame, etc..
Optionally, after showing the identifying code and identifying code input interface according to preset strategy at this, user can be with root
Corresponding identifying code is inputted in the identifying code input interface according to the identifying code of the display and inputs information, for example, if identifying code is
" 12ab ", then user can input " 12ab ", etc. in the identifying code input interface, then, by the authentication trigger device
The first authentication request is sent to the server, and carries identifying code input information and mirror in first authentication request
Information is weighed, so that the server inputs information and authentication information progress authentication according to the identifying code;I.e. the authentication is touched
Transmitting apparatus can also include acquiring unit, as follows:
Acquiring unit, it is defeated for obtaining the authentication information of user, and by identifying code input interface acquisition identifying code
Enter information.
Then at this point, transmission unit 502, can be also used for sending the first authentication request, first body to the server
Part checking request carries identifying code input information and authentication information, so that the server inputs information and mirror according to the identifying code
It weighs information and carries out authentication.
Hereafter, receiving unit 503 can also receive the response about authentication result of server return, such as identity
Be verified or authentication do not pass through, etc., then by display unit 505 show the authentication as a result, authentication not
By when, the corresponding failure cause of user can also be prompted, for example be authentication information mistake or identifying code mistake etc..
Wherein, authentication information refer in addition to identifying code other be used for authentication information, for example, the authentication believe
Breath may include user account and password, can also include other information, such as user's name etc..
In addition, it should be noted that, which can also receive server and determine that current operation is non-
The response that the expression safety verification that machine is returned when attacking passes through generates safety according to the response that the expression safety verification passes through
It is verified prompt information, and shows that the safety verification passes through prompt information, such as display " safety verification passes through " printed words etc.,
That is:
The receiving unit 503 can be also used for reception server and return when determining that current operation is attacked by non-machine
The response that passes through of expression safety verification.
Then at this point, display unit 505, can be also used for that the display state of current page is switched to second according to the response
State, wherein the second state instruction safety verification passes through.
For example, the display unit 505, the response that specifically can be used for being passed through according to the expression safety verification generates safety and tests
Card shows that the safety verification passes through prompt information by prompt information.For example, at this point it is possible to being tested in current page or the safety
On the predeterminated position of the triggering key of card, display " being verified " printed words, etc..
Optionally, after sending security authentication request to server, current state is known for the ease of user, may be used also
To receive the prompt information for indicating verifying of server transmission, and user is prompted currently to verify according to the prompt information
In, it may be assumed that
Receiving unit 503 can be also used for receiving the prompt information that the expression that server is sent is being verified;
Then at this point, display unit 505, can be also used for being switched to the display state of current page according to the prompt information
First state, wherein first state instruction is currently carrying out safety verification.
For example, at this point, display unit 505 can on the predeterminated position of the triggering key of current page or the safety verification,
Show " in verifying " printed words, etc..
When it is implemented, above each unit can be used as independent entity to realize, any combination can also be carried out, is made
It is realized for same or several entities, the specific implementation of above each unit can be found in the embodiment of the method for front, herein not
It repeats again.
The authentication trigger device specifically can integrate in the network equipments such as terminal, for example, with client or software
Etc. forms installation in the terminal, which is specifically as follows the equipment such as mobile phone, tablet computer or PC.
From the foregoing, it will be observed that the authentication trigger device of the present embodiment can be when safety verification interface be triggered, by triggering
Unit 501 generates security authentication request, then, by sending security authentication request to server, so that server is according to the peace
Whether full checking request is that machine attack is tested to current operation, and only when determining current operation is machine attack,
It just issues identifying code and identifying code input interface is generated according to the identifying code by the generation unit 504 of terminal to terminal, and by showing
Unit 505 shows the identifying code and identifying code input interface according to preset strategy;Since the program can carry out current operation
Safety verification, and identifying code is just only issued when determining that current operation is machine attack, accordingly, with respect in the prior art not
For how pipe present case requires the scheme of progress identifying code verifying, user's operation can be greatly simplified, verifying is improved
Treatment effeciency;Moreover, because the identifying code temporarily issues, and type is also flexibly to change, and only test in safety
Obstructed out-of-date just display is demonstrate,proved, accordingly, it is difficult to cracked by way of automatic machine, for existing scheme, Ke Yi great
Its safety is improved greatly.
Further, since the security validation operation can voluntarily be chosen whether to trigger by user, accordingly, with respect to existing
For the scheme directly detected in technology by system background, realize it is more flexible, it is not only user-friendly, but also can be with
User experience is greatly improved, is conducive to improve QoS.
Embodiment six,
In addition, the embodiment of the present invention also provides a kind of authentication system, it may include provided by the embodiment of the present invention
Any authentication means and any authentication trigger device, for details, reference can be made to example IVs and five, for example, can be as
Under:
Authentication trigger device, for sending security authentication request to server, so that the server is according to the safety
Whether checking request is that machine attack is tested to current operation;Server is received when determining current operation is machine attack
The identifying code returned;Identifying code input interface is generated according to the identifying code;The identifying code and verifying are shown according to preset strategy
Code input interface.
Authentication means, for receiving the security authentication request of terminal transmission;Net is obtained according to the security authentication request
Network environmental information and user behavior data;Determine whether current operation is machine according to the network environment information and user behavior data
Device attack;If so, obtaining the identifying code of preset type according to preset strategy, and identifying code is issued to the terminal, to carry out body
Part verifying;If not, it is determined that safety verification passes through.
Wherein, which can be integrated in terminal in the form of client or other softwares and summarize, and
Authentication means then can integrate in the network equipments such as server, and details are not described herein.
The specific implementation of above each equipment can be found in the embodiment of front, and details are not described herein.
In addition, the authentication system can also include equipment therein, for example, gateway or other servers, such as
User behavior data storage server and web environment data storage server etc., details are not described herein.
Since the authentication system may include any authentication means and body provided by the embodiment of the present invention
Part verifying trigger device, it is thereby achieved that any authentication means and authentication provided by the embodiment of the present invention
Beneficial effect achieved by trigger device is detailed in the embodiment of front, and details are not described herein.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can
It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage
Medium may include: read-only memory (ROM, Read Only Memory), random access memory (RAM, Random
Access Memory), disk or CD etc..
Be provided for the embodiments of the invention a kind of auth method above, device and system are described in detail,
Used herein a specific example illustrates the principle and implementation of the invention, and the explanation of above embodiments is only used
In facilitating the understanding of the method and its core concept of the invention;Meanwhile for those skilled in the art, think of according to the present invention
Think, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as pair
Limitation of the invention.
Claims (30)
1. a kind of auth method characterized by comprising
Receive the security authentication request that user is triggered by the safety verification triggering key in operation respective page;
Network environment information and user behavior data are obtained according to the security authentication request;
Determine whether current operation is machine attack according to the network environment information and user behavior data;
If so, obtaining the identifying code of preset type according to preset strategy, and identifying code is issued to terminal, is tested with carrying out identity
Card;
If not, it is determined that safety verification passes through;
It is described to include: according to the preset tactful identifying code for obtaining preset type
A type of identifying code is randomly selected from different types of identifying code;Wherein the identifying code includes but is not limited to spell
Figure identifying code, picture validation code or character identifying code;
Before carrying out safety verification, the text prompt of the safety verification triggering key is to generate the prompt of security authentication request;
During safety verification, the text prompt of the safety verification triggering key is first state prompt;Pass through in safety verification
Afterwards, the text prompt of the safety verification triggering key is the second state instruction.
2. the method according to claim 1, wherein the identifying code for obtaining preset type according to preset strategy
Include:
It is that a possibility that machine is attacked is assessed to current operation;
The identifying code of respective type is obtained according to assessment result.
3. the method according to claim 1, wherein the identifying code for obtaining preset type according to preset strategy
Include:
Obtain service identification corresponding to current operation;
The identifying code of respective type is obtained according to the service identification.
4. method according to any one of claims 1 to 3, which is characterized in that it is described according to the network environment information and
User behavior data determines whether current operation is machine attack, comprising:
Network behavior model parameter and web environment model parameter are extracted from the network environment information;
Personal behavior model parameter is extracted from the user behavior data;
According to the network behavior model parameter, web environment model parameter and personal behavior model parameter, according to preset point
Analysis model is analyzed;
Determine whether current operation is machine attack based on the analysis results.
5. method according to any one of claims 1 to 3, which is characterized in that it is described to the terminal issue identifying code it
Afterwards, further includes:
The first authentication request that terminal is sent is received, first authentication request carries identifying code input information and use
The authentication information at family;
If the authentication information is correct, and identifying code input information is consistent with the identifying code, it is determined that authentication is logical
It crosses.
6. method according to any one of claims 1 to 3, which is characterized in that after the safety verification passes through, also wrap
It includes:
The second authentication request that terminal is sent is received, second authentication request carries the authentication information of user;
If the authentication information is correct, it is determined that authentication passes through.
7. method according to any one of claims 1 to 3, which is characterized in that it is described according to the network environment information and
When user behavior data determines whether current operation is machine attack, further includes:
Sending to terminal indicates the prompt information verified, so as to terminal according to the prompt information by the display of current page
State is switched to first state, and the first state instruction is currently carrying out safety verification.
8. method according to any one of claims 1 to 3, which is characterized in that after the determining safety verification passes through, also
Include:
The response for indicating that safety verification passes through is returned to, to terminal so that the terminal is responded according to described by the display of current page
State is switched to the second state, and the second state instruction safety verification passes through.
9. a kind of auth method characterized by comprising
When user triggers safety verification interface by the safety verification triggering key in operation respective page, generates safety verification and ask
It asks;
To server send security authentication request, so as to the server according to the security authentication request to current operation whether
It tests for machine attack;
Receive server identifying code for returning when determining current operation for machine attack, the identifying code by server according to
Preset strategy obtains the identifying code of preset type and obtains;
Identifying code input interface is generated according to the identifying code;
The identifying code and identifying code input interface are shown according to preset strategy;
It is described to include: according to the preset tactful identifying code for obtaining preset type
A type of identifying code is randomly selected from different types of identifying code;Wherein the identifying code includes but is not limited to spell
Figure identifying code, picture validation code or character identifying code;
Before carrying out safety verification, the text prompt of the safety verification triggering key is to generate the prompt of security authentication request;
During safety verification, the text prompt of the safety verification triggering key is first state prompt;Pass through in safety verification
Afterwards, the text prompt of the safety verification triggering key is the second state instruction.
10. according to the method described in claim 9, it is characterized in that, the safety verification interface is safety verification triggering key, then
It is described when safety verification interface is triggered, generate security authentication request, comprising:
It receives user and the safety verification instruction that triggering key is triggered is verified by safe operation;
It is instructed according to the safety verification and generates security authentication request.
11. according to the method described in claim 10, it is characterized in that, described show the identifying code according to preset strategy and test
Demonstrate,prove code input interface, comprising:
One combobox/side framing is generated according to the safety verification triggering key;
The identifying code and identifying code input interface are shown in the combobox/side framing.
12. according to the method for claim 11, which is characterized in that it is described in the combobox/side framing display described in
Identifying code and identifying code input interface, comprising:
Combobox/the side framing is unfolded in dynamic;
The identifying code and identifying code input interface are shown in combobox/side framing of expansion.
13. according to the described in any item methods of claim 9 to 12, which is characterized in that described to send safety verification to server
After request, further includes:
Receive the prompt information that the expression that server is sent is being verified;
The display state of current page is switched to first state according to the prompt information, the first state instruction is current just
Carrying out safety verification.
14. according to the described in any item methods of claim 9 to 12, which is characterized in that further include:
Receive the response that the expression safety verification that server is returned when determining that current operation is attacked by non-machine passes through;
The display state of current page is switched to the second state according to the response, the second state instruction safety verification is logical
It crosses.
15. according to the method for claim 14, which is characterized in that described to be responded according to described by the display shape of current page
State is switched to the second state, and the second state instruction safety verification passes through, comprising:
Safety verification, which is generated, according to the response that the expression safety verification passes through passes through prompt information;
Show that the safety verification passes through prompt information.
16. according to the method for claim 14, which is characterized in that described to be responded according to described by the display shape of current page
State is switched to after the second state, further includes:
Obtain the authentication information of user;
The second authentication request is sent to the server, second authentication request carries the authentication information, with
Toilet states server and carries out authentication according to the authentication information.
17. according to the described in any item methods of claim 9 to 12, which is characterized in that it is described show according to preset strategy described in
After identifying code and identifying code input interface, further includes:
The authentication information of user is obtained, and identifying code is obtained by the identifying code input interface and inputs information;
The first authentication request is sent to the server, first authentication request carries the identifying code input letter
Breath and authentication information, so that the server inputs information and authentication information progress authentication according to the identifying code.
18. a kind of authentication means characterized by comprising
Receiving unit receives the security authentication request that user is triggered by the safety verification triggering key in operation respective page;
Acquiring unit, for obtaining network environment information and user behavior data according to the security authentication request;
Authentication unit, for determining whether current operation is that machine is attacked according to the network environment information and user behavior data
It hits, if so, randomly select a type of identifying code from different types of identifying code according to preset strategy, and under terminal
Identifying code is sent out, to carry out authentication;If not, it is determined that safety verification passes through;Wherein the identifying code includes but is not limited to spell
Figure identifying code, picture validation code or character identifying code;
Before carrying out safety verification, the text prompt of the safety verification triggering key is to generate the prompt of security authentication request;
During safety verification, the text prompt of the safety verification triggering key is first state prompt;Pass through in safety verification
Afterwards, the text prompt of the safety verification triggering key is the second state instruction.
19. device according to claim 18, which is characterized in that
The authentication unit, specifically for determining that current operation is attacked for machine in the network environment information and user behavior data
When hitting, it is that a possibility that machine is attacked is assessed to current operation, the identifying code of respective type is obtained according to assessment result.
20. device according to claim 18, which is characterized in that
The authentication unit, specifically for determining that current operation is attacked for machine in the network environment information and user behavior data
When hitting, service identification corresponding to current operation is obtained, the identifying code of respective type is obtained according to the service identification.
21. 8 to 20 described in any item devices according to claim 1, which is characterized in that
The authentication unit is specifically used for extracting network behavior model parameter and web environment mould from the network environment information
Shape parameter;Personal behavior model parameter is extracted from the user behavior data;According to the network behavior model parameter, webpage
Environmental model parameter and personal behavior model parameter, are analyzed according to preset analysis model;Determination is worked as based on the analysis results
Whether preceding operation is machine attack.
22. 8 to 20 described in any item devices according to claim 1, which is characterized in that
The authentication unit, be also used to according to the network environment information and user behavior data determine current operation whether be
When machine is attacked, sending to terminal indicates the prompt information verified, so as to terminal according to the prompt information by current page
The display state in face is switched to first state, and the first state instruction is currently carrying out safety verification.
23. 8 to 20 described in any item devices according to claim 1, which is characterized in that
The authentication unit is also used to after determining that safety verification passes through, and the sound for indicating that safety verification passes through is returned to terminal
It answers, so that the display state of current page is switched to the second state according to the response by the terminal, second state refers to
Show that safety verification passes through.
24. a kind of authentication trigger device characterized by comprising
Trigger unit, it is raw when triggering safety verification interface by the safety verification triggering key in operation respective page for user
At security authentication request;
Transmission unit, for sending security authentication request to server, so that the server is according to the security authentication request
It whether is that machine attack is tested to current operation;
Receiving unit, the identifying code returned for receiving server when determining that current operation is attacked by machine, the verifying
Code randomly selects a type of identifying code according to preset strategy by server from different types of identifying code;It is wherein described to test
Demonstrate,proving code includes but is not limited to picture mosaic identifying code, picture validation code or character identifying code;
Generation unit, for generating identifying code input interface according to the identifying code;
Display unit, for showing the identifying code and identifying code input interface according to preset strategy;
Before carrying out safety verification, the text prompt of the safety verification triggering key is to generate the prompt of security authentication request;
During safety verification, the text prompt of the safety verification triggering key is first state prompt;Pass through in safety verification
Afterwards, the text prompt of the safety verification triggering key is the second state instruction.
25. device according to claim 24, which is characterized in that
The trigger unit verifies the safety verification instruction that triggering key is triggered by safe operation specifically for receiving user,
It is instructed according to the safety verification and generates security authentication request.
26. device according to claim 25, which is characterized in that
The display unit is specifically used for generating one combobox/side framing according to the safety verification triggering key, in the drop-down
The identifying code and identifying code input interface are shown in frame/side framing.
27. according to the described in any item devices of claim 24 to 26, which is characterized in that
The receiving unit is also used to receive the prompt information that the expression of server transmission is being verified;
The display unit is also used to that the display state of current page is switched to first state according to the prompt information, institute
It states first state instruction and is currently carrying out safety verification.
28. according to the described in any item devices of claim 24 to 26, which is characterized in that
The receiving unit is also used to receive the expression safety that server is returned when determining that current operation is attacked by non-machine
The response being verified;
The display unit is also used to that the display state of current page is switched to the second state according to the response, and described the
Two-state instruction safety verification passes through.
29. device according to claim 28, which is characterized in that
The display unit generates safety verification specifically for the response passed through according to the expression safety verification and passes through prompt letter
Breath, shows that the safety verification passes through prompt information.
30. a kind of authentication system, which is characterized in that including the described in any item authentication means of claim 18 to 23
With the described in any item authentication trigger devices of claim 24 to 29.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510786095.9A CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
PCT/CN2016/086678 WO2017084337A1 (en) | 2015-11-16 | 2016-06-22 | Identity verification method, apparatus and system |
US15/690,469 US10547624B2 (en) | 2015-11-16 | 2017-08-30 | Identity authentication method, apparatus, and system |
US16/709,416 US11258810B2 (en) | 2015-11-16 | 2019-12-10 | Identity authentication method, apparatus, and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510786095.9A CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106713241A CN106713241A (en) | 2017-05-24 |
CN106713241B true CN106713241B (en) | 2019-09-27 |
Family
ID=58930534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510786095.9A Active CN106713241B (en) | 2015-11-16 | 2015-11-16 | A kind of auth method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106713241B (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989263B (en) * | 2017-05-31 | 2020-12-01 | 中移动信息技术有限公司 | Short message verification code attack protection method, server and computer readable storage medium |
CN107294981B (en) * | 2017-06-29 | 2020-04-17 | 苏州锦佰安信息技术有限公司 | Authentication method and equipment |
CN107612904A (en) * | 2017-09-13 | 2018-01-19 | 浙江电力建设监理有限公司 | Identity identifying method and system for intelligent monitoring management |
CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
CN110769013A (en) * | 2018-07-26 | 2020-02-07 | 国信优易数据有限公司 | User dynamic recording method, user identity authentication method and device |
CN109359972B (en) * | 2018-08-15 | 2020-10-30 | 创新先进技术有限公司 | Core product pushing and core method and system |
CN109271152A (en) * | 2018-08-17 | 2019-01-25 | 五八有限公司 | A kind of method of calibration, device, storage medium and the terminal of input frame content |
CN109547426B (en) * | 2018-11-14 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Service response method and server |
CN109784015B (en) * | 2018-12-27 | 2023-05-12 | 腾讯科技(深圳)有限公司 | Identity authentication method and device |
CN109862562A (en) * | 2019-01-02 | 2019-06-07 | 武汉极意网络科技有限公司 | A kind of dynamic verification code choosing method and system |
CN110427745B (en) * | 2019-07-02 | 2022-03-08 | 五八有限公司 | Verification code obtaining method and device, electronic equipment and computer readable medium |
CN112131551A (en) * | 2020-09-25 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Verification code verification method and device, computer equipment and readable storage medium |
CN113656789B (en) * | 2021-10-18 | 2022-04-22 | 北京新氧科技有限公司 | Debugging tool starting control method and device, electronic equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102737019A (en) * | 2011-03-31 | 2012-10-17 | 阿里巴巴集团控股有限公司 | Machine behavior determining method, webpage browser and webpage server |
CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
CN104580117A (en) * | 2013-10-28 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102184359B (en) * | 2011-04-29 | 2013-09-04 | 德讯科技股份有限公司 | Method for realizing identity discrimination of operation user through keyboard and mouse input habit recognition |
CN102790674B (en) * | 2011-05-20 | 2016-03-16 | 阿里巴巴集团控股有限公司 | Auth method, equipment and system |
US20130007875A1 (en) * | 2011-06-30 | 2013-01-03 | Ebay, Inc. | Interactive CAPTCHA |
CN102594811A (en) * | 2012-01-15 | 2012-07-18 | 青岛印象派信息技术有限公司 | Video identifying code cloud technology |
US20130191641A1 (en) * | 2012-01-19 | 2013-07-25 | F2Ware Inc. | Captcha (completely automated public test to tell computers and humans apart) data generation methods and related data management systems and computer program products thereof |
CN104902008A (en) * | 2015-04-26 | 2015-09-09 | 成都创行信息科技有限公司 | Crawler data processing method |
-
2015
- 2015-11-16 CN CN201510786095.9A patent/CN106713241B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102737019A (en) * | 2011-03-31 | 2012-10-17 | 阿里巴巴集团控股有限公司 | Machine behavior determining method, webpage browser and webpage server |
CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
CN104580117A (en) * | 2013-10-28 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106713241A (en) | 2017-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106713241B (en) | A kind of auth method, device and system | |
CN108650226B (en) | A kind of login validation method, device, terminal device and storage medium | |
CN104065621B (en) | A kind of auth method of third party's service, client and system | |
CN106100848B (en) | Double factor identity authorization system and method based on smart phone and user password | |
CN104580125B (en) | A kind of payment verification methods, devices and systems | |
CN107689936B (en) | Security verification system, method and device for login account | |
CN103312664B (en) | Form validation methods, devices and systems | |
CN107872438B (en) | Verification method, device and terminal | |
CN106411950B (en) | Authentication method, apparatus and system based on block chain transaction id | |
CN108229956A (en) | Network bank business method, apparatus, system and mobile terminal | |
CN102216935B (en) | Apparatus and method for inputting password using game | |
CN105354481B (en) | Network verification method and network authentication server | |
CN104657653B (en) | The verification method and checking device of image authentication code | |
CN106713370A (en) | Identity authentication method, server and mobile terminal | |
CN109547426A (en) | Service response method and server | |
CN106452738A (en) | Authentication method, device and system for logging in equipment | |
CN104935548B (en) | Auth method, apparatus and system based on intelligent equipment of tatooing | |
CN107967422A (en) | One kind verification implementation method and electric terminal | |
CN108234533A (en) | User operation processing method and relevant device | |
CN104281795A (en) | Mouse action based password fault tolerance method | |
CN109407947A (en) | Interface alternation and its verification method, logging request generation and verification method and device | |
CN104468486B (en) | Information processing method, system and electronic equipment | |
CN107563764A (en) | A kind of method of network payment and system | |
CN104853030B (en) | The method and mobile terminal of a kind of information processing | |
CN109977641A (en) | A kind of authentication processing method and system of Behavior-based control analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |