CN107241336B - Identity verification method and device - Google Patents
Identity verification method and device Download PDFInfo
- Publication number
- CN107241336B CN107241336B CN201710465761.8A CN201710465761A CN107241336B CN 107241336 B CN107241336 B CN 107241336B CN 201710465761 A CN201710465761 A CN 201710465761A CN 107241336 B CN107241336 B CN 107241336B
- Authority
- CN
- China
- Prior art keywords
- user
- verification
- terminal
- authentication
- additional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses an identity authentication method and device, and belongs to the technical field of internet. The method comprises the following steps: receiving a first verification request sent by a first terminal, wherein the first verification request carries user information of a user and a target verification mode of the user request, and the user information at least comprises a user identifier; determining whether the user is a malicious user or not according to the user information; if the user is a malicious user, performing additional verification on the user based on a first additional verification mode, wherein the first additional verification mode is different from the target verification mode; and when the user passes the additional authentication based on the first additional authentication mode, performing identity authentication on the user based on the target authentication mode and the user identification. The invention increases the first additional verification mode, thereby increasing the verification cost of the malicious user and reducing the attack to the server.
Description
Technical Field
The invention relates to the technical field of internet, in particular to an identity authentication method and device.
Background
With the development of internet technology, more and more application programs are installed on a terminal; moreover, most applications require the user to register a user account in the server in advance and set a login password. When the user uses the application program, the terminal logs in the server based on the user account and the login password. However, the user may forget the login password, and the server needs to authenticate the user; and when the authentication is passed, allowing the terminal to log in the server or modifying the login password.
Currently, when a user registers a user account in a server, a mobile phone number may be reserved in the server. When the terminal applies for the server to carry out identity authentication on the user, the server sends a first authentication code to the mobile phone corresponding to the reserved mobile phone number; if the server receives a second verification code returned by the terminal within a preset time after sending the first verification code, and the first verification code is the same as the second verification code, the server determines that the identity verification of the user is passed; otherwise, the server determines that the authentication of the user is not passed. If the authentication is not passed, the terminal can reapply the server to authenticate the user identity based on the steps until the authentication is passed or the terminal stops applying for the authentication.
In the process of implementing the invention, the inventor finds that the prior art has at least the following problems:
if the malicious user is registering the user account, filling in the telephone number at will; however, when the server authenticates the user, a malicious user continuously applies for authentication and retries the authentication code by using the automated program, thereby attacking the server.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides an identity authentication method and an identity authentication device. The technical scheme is as follows:
the invention provides an identity authentication method, which comprises the following steps:
receiving a first verification request sent by a first terminal, wherein the first verification request carries user information of a user and a target verification mode of the user request, and the user information at least comprises a user identifier;
determining whether the user is a malicious user or not according to the user information;
if the user is a malicious user, performing additional verification on the user based on a first additional verification mode, wherein the first additional verification mode is different from the target verification mode;
and when the user passes the additional authentication based on the first additional authentication mode, performing identity authentication on the user based on the target authentication mode and the user identification.
In a possible implementation manner, the determining whether the user is a malicious user according to the user information includes:
counting a first time according to the user identification, wherein the first time is the time of receiving a verification request carrying the user identification in a first preset time before the current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, determining whether the first terminal identification exists in a malicious terminal identification library; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting a second time according to the first terminal identification, wherein the second time is the time of receiving a verification request sent by the first terminal within a second preset time before the current time; if the second time is greater than a second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting the number of users according to the first terminal identification and the user identification, wherein the number of the users is the number of the users sending verification requests through the first terminal within a third preset time before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
In one possible implementation manner, the performing additional authentication on the user based on the first additional authentication manner includes:
sending first verification information to the first terminal, and receiving second verification information returned by the first terminal based on the first verification information;
and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
In one possible implementation, the method further includes:
and when the additional verification of the user based on the first additional verification mode fails, performing additional verification on the user based on a second additional verification mode again until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
In a possible implementation manner, when the target authentication manner is short message authentication, the authenticating the user based on the target authentication manner and the user identifier includes:
according to the user identification, sending a first verification code to a second terminal indicated by a second terminal identification reserved by the user;
if a second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity verification is passed;
and if the second verification code is not received within a fifth preset time after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
In one possible implementation, the method further includes:
if the user identity authentication is not passed, determining a second failed authentication frequency of the user within a sixth preset time before the current time;
if the second failure verification frequency is not more than a fourth preset frequency, executing the step of sending third verification information to the terminal indicated by the second terminal identifier reserved by the user according to the user identifier;
and if the second failed verification times are larger than the fourth preset times, executing the step of performing additional verification on the user based on the first additional verification mode.
In one possible implementation, the method further includes:
determining a third failed verification frequency of the user within a seventh preset time before the current time when the additional verification of the user based on the first additional verification mode fails or the user identity verification fails;
determining the retry prohibition duration of the user according to the third failure verification times;
and if a second verification request sent by the first terminal is received within the retry prohibition duration, ignoring the second verification request, wherein the second verification request carries the user identifier.
In a second aspect, the present invention provides an authentication apparatus, comprising:
the system comprises a receiving module, a first authentication module and a second authentication module, wherein the receiving module is used for receiving a first authentication request sent by a first terminal, the first authentication request carries user information of a user and a target authentication mode of the user request, and the user information at least comprises a user identifier;
the determining module is used for determining whether the user is a malicious user according to the user information;
an additional authentication module, configured to perform additional authentication on the user based on a first additional authentication manner if the user is a malicious user, where the first additional authentication manner is different from the target authentication manner;
and the identity authentication module is used for authenticating the identity of the user based on the target authentication mode and the user identification when the additional authentication of the user based on the first additional authentication mode passes.
In a possible implementation manner, the determining module is further configured to count a first time according to the user identifier, where the first time is a time when an authentication request carrying the user identifier is received within a first preset time before a current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module is further configured to determine whether the first terminal identifier exists in a malicious terminal identifier library when the user information further includes the first terminal identifier of the first terminal; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library; and/or the presence of a gas in the gas,
the determining module is further configured to count a second time according to the first terminal identifier when the user information further includes the first terminal identifier of the first terminal, where the second time is a time for receiving a verification request sent by the first terminal within a second preset time period before the current time; if the second time is greater than a second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module is further configured to count the number of users according to the first terminal identifier and the user identifier when the user information further includes the first terminal identifier of the first terminal, where the number of users is the number of users who send an authentication request through the first terminal within a third preset time period before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
In a possible implementation manner, the additional verification module is further configured to send first verification information to the first terminal, and receive second verification information returned by the first terminal based on the first verification information; and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
In a possible implementation manner, the additional verification module is further configured to perform additional verification on the user again based on a second additional verification manner when the additional verification on the user based on the first additional verification manner fails, until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
In a possible implementation manner, when the target verification manner is short message verification, the identity verification module is further configured to send a first verification code to a second terminal indicated by a second terminal identifier reserved by the user according to the user identifier; if a second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity verification is passed; and if the second verification code is not received within a fifth preset time after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
In a possible implementation manner, the additional verification module is further configured to determine, if the user identity verification fails, a second number of times of failed verification of the user within a sixth preset time period before the current time;
the identity authentication module is further configured to send third authentication information to a terminal indicated by a second terminal identifier reserved by the user according to the user identifier if the second failed authentication frequency is not greater than a fourth preset frequency;
the additional verification module is further configured to perform additional verification on the user based on a first additional verification manner if the second failed verification frequency is greater than the fourth preset frequency.
In one possible implementation, the apparatus further includes: a module is ignored;
the determining module is further configured to determine, when the additional authentication on the user based on the first additional authentication manner fails or the authentication on the user identity fails, a third number of times of failed authentication of the user within a seventh preset time period before the current time;
the determining module is further configured to determine a retry prohibition duration of the user according to the third failed verification number;
the ignoring module is further configured to ignore a second authentication request sent by the first terminal if the second authentication request is received within the retry prohibition duration, where the second authentication request carries the user identifier.
In the embodiment of the invention, when the user is authenticated, whether the user is a malicious user is determined according to the user information of the user; if the user is a malicious user, performing additional authentication on the user based on the first additional authentication mode, and performing identity authentication on the user based on the target authentication mode and the user identification of the user only when the additional authentication on the user based on the first additional authentication mode passes. Due to the fact that the first additional verification mode is added, the verification cost of a malicious user is increased, and attacks on the server are reduced.
Drawings
FIG. 1 is a schematic diagram of an implementation environment provided by an embodiment of the invention;
fig. 2 is a flowchart of an authentication method according to an embodiment of the present invention;
fig. 3-1 is a signaling interaction diagram of an authentication method according to an embodiment of the present invention;
fig. 3-2 is a flowchart of an authentication method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an identity device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Currently, when a user uses an application installed on a first terminal, the first terminal needs to log in a server based on a user identifier and a login password. However, when the user forgets the login password, the user can apply the server for authentication of the user. When the authentication is passed, the first terminal may modify the login password or login to the server.
In another scenario, when the user registers the user account with the server, the server also needs to authenticate the user. And when the authentication is passed, the server stores the corresponding relation between the user identification of the user and the login password.
In the prior art, a server generally sends a first verification code to a second terminal corresponding to a mobile phone number reserved in the server by a user, and receives a second verification code returned by a first terminal based on the first verification code; and performing identity verification on the user based on the first verification code and the second verification code. However, if a malicious user randomly fills in a phone number when registering a user account, the malicious user continuously applies for authentication and retries an authentication code by using an automated program when the server authenticates the user, thereby attacking the server.
In order to reduce attacks on the server, the first authentication request sent by the first terminal to the server carries user information, the user information at least comprises a user identifier, and the user identifier can be a user account registered in the server in advance by the user. The user account may be a name or a mobile phone number of the user, etc. The user information may further include a first terminal identifier of the first terminal, where the first terminal identifier may be a telephone number of the user, an ID (Identity) or an IP (Internet Protocol, etc.) of the first terminal. Before the server authenticates the user, the server determines whether the user is a malicious user based on the user information. If the user is a malicious user, before the server performs identity authentication on the user based on the target authentication mode, the server performs additional authentication on the user based on a first additional authentication mode, where the first additional authentication mode may be picture-filling authentication codes, instructing the second terminal to send first specified information to the server, and the like. And when the additional authentication of the user based on the first additional authentication mode passes, performing identity authentication on the user based on the target authentication mode and the user identification.
In the embodiment of the invention, before the server performs identity authentication on the user, the server determines whether the user is a malicious user or not based on the user information, and if the user is the malicious user, the server performs additional authentication on the user based on the first additional authentication mode, so that the authentication cost of the malicious user is increased, and the attack on the server is reduced.
An embodiment of the present invention provides a schematic diagram of an implementation environment, referring to fig. 1, including a server 10 and a first terminal 20. The server 10 and the first terminal 20 are connected via a communication network. The first terminal 20 runs an application associated with the server 10 and can log in to the server 10 based on the user identification and the login password, thereby interacting with the server 10. The application can be various applications such as social applications, video applications, live applications, audio applications, cloud storage applications and the like.
When the user forgets the login password, the first terminal 20 is configured to send a first authentication request to the server 10, where the first authentication request carries the user information of the user and the target authentication manner requested by the user. The user information at least comprises a user identifier and a first terminal identifier of the first terminal. The target verification mode can be short message verification or mail verification and the like.
The server 10 is configured to receive the first authentication request, and determine whether the user is a malicious user according to the user information; if the user is a malicious user, performing additional authentication on the user based on a first additional authentication mode, wherein the first additional authentication mode is different from the target authentication, and the first additional authentication mode can be picture filling authentication codes, instructing the first terminal to send first specified information to the server, and the like.
The server 10 is further configured to authenticate the user based on the target authentication manner and the user identifier when the additional authentication of the user based on the first additional authentication manner passes.
The embodiment further comprises a second terminal 30, and the second terminal 30 is a terminal corresponding to a telephone number reserved in the server 10 when the user registers the user account. The first terminal 20 and the second terminal 30 may be the same terminal or different terminals.
Correspondingly, when the target verification mode is short message verification, the server 10 is further configured to send a first verification code to a second terminal indicated by a second terminal identifier reserved by the user according to the user identifier; if the second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity authentication is passed; and if the second verification code is not received within a fifth preset time length after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
The first terminal 20 may be a mobile phone terminal Device, a PAD (Portable Android Device) terminal Device, a computer terminal Device, or the like; the second terminal 30 may be a mobile phone terminal or the like. The server 10 may be a server, a server cluster composed of a plurality of servers, or a cloud computing server center, which is not limited in this embodiment of the present invention.
The embodiment of the invention provides an identity authentication method, and an execution subject of the method can be a server. Referring to fig. 2, the method includes:
step 201: receiving a first authentication request sent by a first terminal, wherein the first authentication request carries user information of a user and a target authentication mode of the user request, and the user information at least comprises a user identifier.
Step 202: and determining whether the user is a malicious user or not according to the user information.
Step 203: and if the user is a malicious user, performing additional authentication on the user based on a first additional authentication mode, wherein the first additional authentication mode is different from the target authentication mode.
Step 204: and when the additional authentication of the user based on the first additional authentication mode passes, performing identity authentication on the user based on the target authentication mode and the user identification.
In one possible implementation manner, determining whether the user is a malicious user according to the user information includes:
counting a first time according to the user identification, wherein the first time is the time of receiving a verification request carrying the user identification in a first preset time before the current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information also comprises a first terminal identifier of the first terminal, determining whether the first terminal identifier exists in a malicious terminal identifier library; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting a second time according to the first terminal identification, wherein the second time is the time of receiving a verification request sent by the first terminal within a second preset time before the current time; if the second time is greater than the second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting the number of users according to the first terminal identification and the user identification, wherein the number of the users is the number of the users sending verification requests through the first terminal in a third preset time before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
In one possible implementation manner, performing additional authentication on the user based on the first additional authentication manner includes:
sending first verification information to the first terminal, and receiving second verification information returned by the first terminal based on the first verification information;
and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
In one possible implementation, the method further includes:
and when the additional verification of the user based on the first additional verification mode fails, performing additional verification on the user based on the second additional verification mode again until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
In one possible implementation manner, when the target authentication manner is short message authentication, performing identity authentication on the user based on the target authentication manner and the user identifier includes:
according to the user identification, sending a first verification code to a second terminal indicated by a second terminal identification reserved by the user;
if the second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity authentication is passed;
and if the second verification code is not received within a fifth preset time length after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
In one possible implementation, the method further includes:
if the user identity authentication is not passed, determining a second failed authentication frequency of the user within a sixth preset time before the current time;
if the second failure verification frequency is not more than the fourth preset frequency, executing the step of sending third verification information to the terminal indicated by the second terminal identification reserved by the user according to the user identification;
and if the second failed verification frequency is greater than the fourth preset frequency, executing a step of performing additional verification on the user based on a first additional verification mode.
In one possible implementation, the method further includes:
when the additional authentication of the user is failed based on the first additional authentication mode or the authentication of the user is failed, determining a third failed authentication frequency of the user within a seventh preset time before the current time;
determining the retry prohibition duration of the user according to the third failure verification times;
and if a second verification request sent by the first terminal is received within the retry prohibition duration, ignoring the second verification request, wherein the second verification request carries the user identifier.
In the embodiment of the invention, when the user is authenticated, whether the user is a malicious user is determined according to the user information of the user; if the user is a malicious user, performing additional authentication on the user based on the first additional authentication mode, and performing identity authentication on the user based on the target authentication mode and the user identification of the user only when the additional authentication on the user based on the first additional authentication mode passes. Due to the fact that the first additional verification mode is added, the verification cost of a malicious user is increased, and attacks on the server are reduced.
The embodiment of the invention provides an identity authentication method, which is applied between a first terminal and a server; referring to fig. 3-1, the method includes:
step 301: the first terminal sends a first verification request to the server, wherein the first verification request carries user information of a user and a target verification mode of the user request.
When the first terminal logs in the server based on the application program installed on the first terminal, the first terminal displays a login interface, and the login interface comprises a first input box, a second input box and a login button. The first input box is used for inputting user identification, and the second input box is used for inputting a login password. The user may enter a user identification in a first input box, enter a login password in a second input box, and click a login button. When the first terminal detects that the login button is triggered, the first terminal obtains the user identifier input in the first input box and the login password input in the second input box, and sends a login request to the server, wherein the login request carries the user identifier and the login password. And the server receives a login request sent by the first terminal, and if the user identification is matched with the login password, the first terminal is determined to be successfully logged in. And if the user identification is not matched with the login password, determining that the first terminal fails to login.
The login interface further comprises: an authentication button, which may be a "forget password button". The authentication button is used for the server to authenticate the user. When the first terminal fails to log in or the user forgets the login password, the user can click the authentication button. And when the first terminal detects that the identity authentication button is triggered, displaying an authentication interface, wherein the authentication interface comprises at least one authentication mode and an application button. The user may select a target authentication mode based on the at least one authentication mode and click the apply button. At this time, when the first terminal detects that the application button is clicked, the first terminal acquires a target verification mode selected by the user and sends a first verification request to the server, wherein the first verification request carries user information and the target verification mode. The first authentication request may also carry a target operation.
In another implementation scenario, when the first terminal registers the user account in the server based on the application installed thereon, the first terminal displays a registration interface, which includes a third input box and a registration button. The third input box is used for inputting user identification. The user may enter the user identification in the third input box and click the register button. And when the first terminal detects that the registration button is triggered, displaying a verification interface, wherein the verification interface comprises at least one verification mode and an application button. The user may select a target authentication mode based on the at least one authentication mode and click the apply button. At this time, when the first terminal detects that the application button is clicked, the first terminal acquires a target verification mode selected by the user and sends a first verification request to the server, wherein the first verification request carries user information and the target verification mode. The first authentication request may also carry a target operation.
The user information at least comprises a user identifier, the user identifier is a user account registered in the server in advance by the user, the user information further comprises a first terminal identifier, and the first terminal identifier can be a mobile phone number of the user, an ID (identity) or an IP (Internet protocol) of the first terminal, and the like. The target verification mode can be short message verification or mail verification and the like. The destination operation may be a login operation or a modify login password operation.
Step 302: the server receives a first verification request sent by the first terminal, and determines whether the user is a malicious user or not according to the user information.
When the user information only includes the user identifier, this step may be implemented in the following first manner; when the user information further includes the first terminal identifier, this step may be implemented in the following second, third, or fourth manner. And, when it is determined that the user is a malicious user, performing step 303; when it is determined that the user is not a malicious user, step 304 is performed.
The user information includes a user identification; a user may be a malicious user if the user requests authentication multiple times over a period of time; correspondingly, for the first implementation manner, the step may be:
the server counts a first time according to the user identifier, wherein the first time is the time of receiving the verification request carrying the user identifier in a first preset time before the current time. The server determines whether the first time is greater than a first preset time; if the first time is greater than a first preset time, the server determines that the user is a malicious user; and if the first time is not more than the first preset time, the server determines that the user is not a malicious user.
When the server receives a first verification request sent by a first terminal, the server obtains the current time as the sending time of the first verification request, the corresponding relation between the sending time and the user identification is stored in a user verification record, and the corresponding relation between the sending time of the user history sending the first verification request through the terminal and the user identification is stored in the user verification record. Correspondingly, the step of counting the first number of times by the server according to the user identifier may be:
and the server counts the number of the corresponding relations of the user identification and the sending time within a first preset time before the current time from the user verification record according to the user identification, and takes the number as a first time.
The first preset time and the first preset times can be set and changed as required, and in the embodiment of the present invention, the first preset time and the first preset times are not specifically limited. For example, the first preset duration may be half a day, 1 day, or 2 days. The first preset number may be 5 or 8.
Since the server may not use the corresponding relationship between the sending time far from the current time and the user identifier, in order to save the storage space and improve the statistical efficiency, the server periodically updates the user verification record, and the specific process may be as follows:
and the server deletes the corresponding relation between the sending time and the user identification, wherein the sending time in the user verification record is not within the eighth preset time before the current time.
The eighth preset duration is greater than or equal to the first preset duration. In addition, the eighth preset time period may also be set and changed as needed, and in the embodiment of the present invention, the eighth preset time period is not specifically limited. For example, the eighth preset time period may be 1 month or half month, etc.
(II): the user information also comprises a first terminal identification; the server forms a malicious terminal identification library in advance through continuous accumulation, and the malicious terminal identification library is used for storing terminal identifications of terminals used by malicious users; correspondingly, for the second implementation manner, the step may be:
the server determines whether the first terminal identification exists in the malicious terminal identification library. If the first terminal identification exists in the malicious terminal identification library, the server determines that the user is a malicious user; and if the first terminal identification does not exist in the malicious terminal identification library, the server determines that the user is not a malicious user.
(III): the user information also comprises a first terminal identification; if the first terminal requests authentication several times within a certain time, the user may be a malicious user; correspondingly, for the third implementation manner, the step may be:
and the server counts a second time according to the first terminal identification, wherein the second time is the time of receiving the verification request sent by the first terminal within a second preset time before the current time. The server determines whether the second time is greater than a second preset time; if the second time is greater than the second preset time, the server determines that the user is a malicious user; and if the second time is not more than the second preset time, the server determines that the user is not a malicious user.
When the server receives a first verification request sent by a first terminal, the server obtains the current time as the sending time of the first verification request sent by the first terminal, and stores the corresponding relation between the sending time and a first terminal identifier into a terminal verification record, wherein the corresponding relation between the sending time of the first verification request sent by the first terminal in history and the first terminal identifier is stored in the terminal verification record. Correspondingly, the step of counting, by the server, a second number of times that the first terminal sends the first verification request within a second preset duration before the current time according to the first terminal identifier may be:
and the server counts the number of the corresponding relations of the first terminal identification and the sending time within a second preset time before the current time from the terminal verification record according to the first terminal identification, and takes the number as a second time.
The second preset time period may be the same as or different from the first preset time period. The second preset number and the first preset number may be the same or different. The second preset time and the second preset time period may be set and changed as needed, and in the embodiment of the present invention, the second preset time period and the second preset time period are not specifically limited. For example, the second preset duration may be half a day, 1 day, or 2 days. The second preset number may be 5 or 8.
The server may not use the corresponding relation between the sending time far away from the current time and the first terminal identifier; therefore, in order to save the storage space and improve the statistical efficiency, the server periodically updates the terminal verification record, and the specific process may be as follows:
and the server deletes the corresponding relation between the sending time and the first terminal identification, wherein the sending time in the terminal verification record is not within a ninth preset time before the current time.
The ninth preset time is greater than or equal to the second preset time. In addition, the ninth preset time period may also be set and changed as needed, and in the embodiment of the present invention, the ninth preset time period is not specifically limited. For example, the ninth preset time period may be 1 month or half month, etc.
(IV): the user information also comprises a first terminal identification; if a plurality of people use the first terminal to send the first verification request within a period of time, the user is possibly a malicious user; correspondingly, for the fourth implementation manner, the step may be:
the server counts the number of users according to the first terminal identification and the user identification, wherein the number of the users is the number of the users sending the first verification request through the first terminal within a third preset time before the current time. The server determines whether the number of the users is larger than a preset number; if the number of the users is larger than the preset number, the server determines that the users are malicious users; and if the number of the users is not more than the preset number, the server determines that the users are not malicious users.
When the server receives a first verification request sent by a first terminal, the server acquires the current time as the sending time of the first verification request sent by the first terminal, and stores the sending time, the corresponding relation between the user identifier and the first terminal identifier in a user-terminal verification record, wherein the sending time of the first verification request sent by the user through the first terminal, the corresponding relation between the user identifier and the first terminal identifier are stored in the user-terminal verification record. Correspondingly, the step of counting the number of users by the server according to the first terminal identifier and the user identifier may be:
and the server counts the number of the corresponding relation between the user identifier and the first terminal identifier and the sending time within a third preset time before the current time from the user-terminal verification record according to the first terminal identifier and the user identifier, and takes the number as the number of the users.
The third preset time period may be the same as or different from the first preset time period. The third preset time period and the second preset time period may be the same or different. The preset number and the first preset number may be the same or different. The preset number and the second preset number may be the same or different. The third preset duration and the preset number may be set and changed as needed, and in the embodiment of the present invention, the third preset duration and the preset number are not specifically limited. For example, the third preset duration may be half a day, 1 day, or 2 days. The preset number may be 3 times or 5 times.
The server may not use the sending time far away from the current time, the corresponding relation between the user identifier and the first terminal identifier; therefore, in order to save storage space and improve statistical efficiency, the server periodically updates the user-terminal authentication record, and the specific process may be:
and the server deletes the sending time of which the sending time is not within the tenth preset time before the current time in the user-terminal verification record and the corresponding relation between the user identifier and the first terminal identifier.
The tenth preset duration is greater than or equal to the third preset duration. In addition, the tenth preset time period may also be set and changed as needed, and in the embodiment of the present invention, the tenth preset time period is not specifically limited. For example, the tenth preset time period may be 1 month or half month, etc.
It should be noted that, when the server determines whether the user is a malicious user according to the user information, the server may use one or more of the first implementation manner to the fourth implementation manner. If the server determines whether the user is a malicious user according to the user information, the second implementation mode is not passed; and when the server determines that the user is a malicious user, the server adds the first terminal identifier to a malicious terminal identifier library so that when the first terminal sends a first verification request subsequently, the server determines whether the user is a malicious user or not through a second mode.
Further, the identity authentication method provided by the embodiment of the present invention is to effectively intercept the authentication of the malicious user, and if the normal user makes a judgment error in the identity authentication process, the server determines that the normal user is mistaken for the malicious user, and at this time, the user may also perform complaint correction, and the specific process may be as follows:
and when the server determines that the user is a malicious user, displaying first prompt information, wherein the first prompt information comprises malicious user indication information and a complaint correction mode. The malicious user indication information may be "you are suspicious users". The complaint correction mode can be to send third specified information to the server or to dial a specified telephone number. The third specifying information includes the user identification and the specified content. The specified content may be "i am not a suspicious user".
Further, if the server receives third specified information or the customer service receives the telephone feedback of the user, the server determines that the user is not a malicious user, and performs identity authentication on the user based on a target authentication mode and the user identification.
Further, when the server determines that the user is not a malicious user, the first terminal identification is deleted from the malicious terminal identification library.
Step 303: and if the user is a malicious user, the server performs additional authentication on the user based on a first additional authentication mode, wherein the first additional authentication mode is different from the target authentication mode.
The first additional verification means may be to fill in the picture verification code, instruct the first terminal to send the first specific information to the server, and the like. When the first additional verification mode is to fill in the picture verification code, the step can be realized by the following first mode; when the first additional authentication mode is to instruct the second terminal to send the first specific information to the server, this step may be implemented in the following second mode. And if the user additional authentication based on the first additional authentication mode passes, executing step 305; if the additional authentication for the user based on the first additional authentication means is not passed, step 304 is performed.
For the first implementation, this step may be implemented by the following steps (1) to (4), including:
(1): the server sends the first authentication information to the first terminal.
The first verification information comprises picture data of a plurality of pictures and second prompt information. The second prompt is used for instructing the user to select a picture from the plurality of pictures. For example, the pictures are a stool, a table and a bag. The second prompt message is "please select a table picture from a plurality of pictures".
(2): the first terminal receives the first verification information sent by the server and returns second verification information to the server based on the first verification information.
Rendering a plurality of pictures by the first terminal based on picture data of the plurality of pictures; and displaying the second prompt message. And the user selects the picture identification indicated by the second prompt message from a plurality of pictures based on the second prompt message. And the first terminal acquires the picture identification selected by the user and forms the second verification information by the picture identification.
(3): and the server receives second verification information returned by the first terminal and determines whether the first verification information is matched with the second verification information.
And the server determines the picture identifier indicated by the second prompt message according to the first verification message. If the picture identification indicated by the second prompt message is the same as the picture identification included in the second verification message; the server determines that the first authentication information and the second authentication information match. And if the picture identifier indicated by the second prompt message is not the same as the picture identifier included in the second verification message, the server determines that the first verification message is not matched with the second verification message.
(4): if the first verification information and the second verification information are matched, the server determines that the additional verification of the user passes; if the first authentication information and the second authentication information do not match, the server determines that the additional authentication for the user does not pass.
For the second implementation, the present step can be implemented by the following steps (a) to (D), including:
(A) the method comprises the following steps And the server sends third verification information to the first terminal, wherein the third verification information is used for indicating the second terminal to send the first specified information to the server.
The first specific information may be a short message or a WeChat. And the first specifying information includes the user identification and the target operation information. For example, when the user wants to reset the login password, the target operation information is the reset login password information; for another example, when the user wants to log in the server through the first terminal, the target operation information is login information.
In the embodiment of the invention, when the first designated information is the short message, the verification cost of the malicious user can be increased.
(B) The method comprises the following steps And the first terminal receives the third verification information sent by the server and displays the third verification information.
The user may transmit the first specification information to the server through the second terminal based on the third authentication information.
(C) The method comprises the following steps And the second terminal sends the fourth verification information to the server.
(D) The method comprises the following steps The server receives fourth verification information sent by the second terminal, and if the fourth verification information comprises the first specified information, the server determines that the additional verification of the user is passed; if the fourth authentication information does not include the first specification information, the server determines that the additional authentication for the user is not passed.
Step 304: if the server fails to perform the additional verification on the user based on the first additional verification mode, the server performs the additional verification on the user based on the second additional verification mode again until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency, and the verification difficulty of the second additional verification mode can be greater than, equal to or less than the verification difficulty of the first additional verification mode. And both the first additional authentication means and the second additional authentication means are used for preventing the automation program.
The second additional verification method may also be to fill in the picture verification code or instruct the first terminal to send second specified information to the server. The number of the pictures corresponding to the second additional verification mode is larger than, equal to or smaller than the number of the pictures corresponding to the first additional verification mode. The difficulty of the second specifying information is greater than, equal to, or less than the difficulty of the first specifying information.
If the additional authentication for the user based on the second additional authentication mode passes, executing step 305; and if the additional verification of the user based on the second additional verification mode fails, performing additional verification on the user based on the second additional verification mode again until the additional verification of the user passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
The fourth preset time and the third preset times can be set and changed as required, and in the embodiment of the invention, the fourth preset time and the third preset times are not specifically limited; for example, the fourth preset duration may be half an hour or 1 hour, and the third preset number may be 3 or 5 times. The first number of failed verifications may be the number of failed verifications of the additional verification, may also be the number of failed verifications of the identity verification, and may also include the number of failed verifications of the additional verification and the number of failed verifications of the identity verification.
Step 305: and when the additional authentication passes, the server authenticates the user based on the target authentication mode and the user identification.
The target verification mode can be short message verification or mail verification. When the target verification mode is short message verification, the step can be realized by the following steps (1) to (4), including:
(1): and the server sends the first verification code to a second terminal indicated by a second terminal identifier reserved by the user according to the user identifier.
The server stores a second terminal identifier reserved during the registration of each user, wherein the second terminal identifier can be a mobile phone number of the user; correspondingly, the steps can be as follows:
the server acquires a second terminal identification reserved by the user according to the user identification; and sending the first verification code to the second terminal indicated by the second terminal identification according to the second terminal identification.
(2): and the second terminal receives the first verification code sent by the server and displays the first verification code.
The user may send a second verification code to the server through the first terminal based on the first verification code.
(3): and the server receives the second verification code within a fifth preset time after the current time, the first verification code is the same as the second verification code, and the server passes the user identity verification. And if the second verification code is not received within a fifth preset time length after the current time, or the first verification code is different from the second verification code, the server fails the user identity verification.
The fifth preset time period may be set and changed as needed, and in the embodiment of the present disclosure, the fifth preset time period is not specifically limited. For example, the fifth preset time period may be 60 seconds or 90 seconds. The first verification code and the second verification code are both short message verification codes, and the first verification code may include characters with a preset number of words, where the characters may be one or more of numbers, letters, or Chinese characters. The preset word number can be set and changed as required, and in the embodiment of the invention, the preset word number is not specifically limited. For example, the preset number of words may be 4 or 6, etc.
In the embodiment of the invention, if the user is a malicious user, the user is subjected to additional authentication in a first additional authentication mode. If additional authentication passes, it is generally assumed that the user is not an automated process; and if the additional verification fails, continuing to verify in an additional verification mode until the verification passes or the verification times reach a certain number. Therefore, the embodiment of the invention can reduce the short message verification cost and reduce the economic loss.
When the target verification mode is mail verification, the step can be realized by the following steps (a) to (C), including:
(A) the method comprises the following steps And the server sends fifth verification information to a third terminal corresponding to the mailbox address reserved by the user according to the user identifier, wherein the fifth verification information can be a login link or a reset password link.
(B) The method comprises the following steps And the third terminal receives the fifth verification information and displays the fifth verification information.
The user may click on a link in the fifth authentication information to trigger the third terminal to send an authentication response to the server.
(C) The method comprises the following steps If the server receives an authentication response sent by the third terminal within an eleventh preset time after the current time, the server determines that the authentication of the user is passed; and if the server does not receive the authentication response sent by the third terminal within an eleventh preset time after the current time, the server determines that the authentication of the user is not passed.
The eleventh preset time period may be set and changed as needed, and in the embodiment of the present invention, the eleventh preset time period is not specifically limited; for example, the eleventh preset time period may be 2 minutes or 5 minutes, etc.
Further, if the server fails to verify the identity of the user, determining a second failure verification frequency of the user within a sixth preset time before the current time; and (4) if the second failed verification time is not more than the fourth preset time, re-verifying the identity of the user based on the target verification mode and the user identification, namely, executing the step (1) or (A). If the second failed verification number is greater than the fourth preset number, go to step 303.
The sixth preset time and the fourth preset number may be set and changed as needed, and in the embodiment of the present invention, the sixth preset time and the fourth preset number are not specifically limited. For example, the sixth preset time period may be 1 day or half a day. The fourth preset number may be 3 or 5.
In order to further increase the time cost of the malicious user, in this step, when the server fails to authenticate the user, the server may set a retry prohibition duration within which the user is not allowed to make an authentication request. Correspondingly, the method further comprises the following steps:
when the server fails the additional authentication of the user based on the first additional authentication mode or fails the authentication of the user identity, determining a third authentication failure frequency of the user within a seventh preset time before the current time; determining the retry prohibition duration of the user according to the third failure verification times; and if a second verification request sent by the first terminal is received within the retry prohibition duration, ignoring the second verification request, wherein the second verification request carries the user identifier. Further, when the retry prohibition duration arrives, the user is additionally authenticated based on the first additional authentication mode.
The server stores the corresponding relation between the number of times of failure verification and the retry prohibition duration in advance; correspondingly, the step of determining, by the server, the retry prohibition duration of the user according to the third number of failed verifications may be:
and the server acquires the retry prohibition duration of the user from the corresponding relation between the failure verification times and the retry prohibition duration according to the third failure verification times.
The server may further store a reference time length, and correspondingly, the step of determining, by the server according to the third number of failed verifications, the retry prohibition time length of the user may be:
and the server multiplies the third failure verification times by the reference time length to obtain the retry-prohibited time length of the user.
The seventh preset time period may be set and changed as needed, and in the embodiment of the present invention, the seventh preset time period is not specifically limited; for example, the seventh preset time period may be 1 hour, 2 hours, or the like.
Further, before executing step 305, the server determines a third number of times that the authentication request carrying the user identifier is received within a twelfth preset time period before the current time; if the third time is more than the fifth preset time; the retry inhibit duration is set. If the third time is not greater than the fifth predetermined time, go to step 305.
The twelfth preset time and the fifth preset frequency can be set and changed according to requirements, and in the embodiment of the invention, the twelfth preset time and the fifth preset frequency are not specifically limited; for example, the twelfth preset time period may be 1 hour or half an hour; the fifth preset number may be 5 or 8, etc.
For example, referring to FIG. 3-2, a first additional way of authentication is to push a challenge topic. And when the server receives the first verification request, judging whether the user is a malicious user according to the user information. If the user is a malicious user, pushing a challenge question; determining whether the challenge question passes; if the flow passes, the subsequent flow is carried out; if not, whether the challenge times exceed a third preset time M or not is judged; and if the number of times exceeds a third preset number M, setting a retry prohibiting duration, and continuing to push the challenge question when the retry prohibiting duration is up.
If the user is not a malicious user, the code verification process is normal; determining whether the retransmission times exceed a fifth preset time K; if the retransmission times exceed a fifth preset time K, pushing challenge questions; if the retransmission times do not exceed the fifth preset times K, determining whether the verification code is correct; if the result is correct, carrying out the subsequent process; if not, whether the verification code is mistakenly input for a fourth preset time N or not is judged; if yes, pushing a challenge question; if not, the subsequent process is carried out.
Further, the server performs the target operation when the user authentication is passed. For example, when the target operation is a login operation, the server allows the first terminal to login to the server. For another example, when the target operation is a password modification operation, the server receives the login password sent by the first terminal, and modifies the login password corresponding to the stored user identifier into the login password sent by the first terminal.
In the embodiment of the invention, when the user is authenticated, whether the user is a malicious user is determined according to the user information of the user; if the user is a malicious user, performing additional authentication on the user based on the first additional authentication mode, and performing identity authentication on the user based on the target authentication mode and the user identification of the user only when the additional authentication on the user based on the first additional authentication mode passes. Due to the fact that the first additional verification mode is added, the verification cost of a malicious user is increased, and attacks on the server are reduced.
The embodiment of the invention provides an identity authentication device, which is applied to a server and used for executing steps executed by the server in the identity authentication method. Referring to fig. 4, the apparatus includes:
a receiving module 401, configured to receive a first authentication request sent by a first terminal, where the first authentication request carries user information of a user and a target authentication manner of the user request, and the user information at least includes a user identifier;
a determining module 402, configured to determine whether the user is a malicious user according to the user information;
an additional authentication module 403, configured to perform additional authentication on the user based on a first additional authentication manner if the user is a malicious user, where the first additional authentication manner is different from the target authentication manner;
an authentication module 404, configured to authenticate the user based on the target authentication manner and the user identifier when the additional authentication of the user based on the first additional authentication manner passes.
In a possible implementation manner, the determining module 402 is further configured to count a first time according to the user identifier, where the first time is a time when an authentication request carrying the user identifier is received within a first preset time before a current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module 402 is further configured to determine whether the first terminal identifier exists in a malicious terminal identifier library when the user information further includes the first terminal identifier of the first terminal; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library; and/or the presence of a gas in the gas,
the determining module 402 is further configured to count a second time according to the first terminal identifier when the user information further includes the first terminal identifier of the first terminal, where the second time is a time for receiving a verification request sent by the first terminal within a second preset time period before the current time; if the second time is greater than a second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module 402 is further configured to, when the user information further includes a first terminal identifier of the first terminal, count a number of users according to the first terminal identifier and the user identifier, where the number of users is a number of users that have sent an authentication request through the first terminal within a third preset time period before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
In a possible implementation manner, the additional verification module 403 is further configured to send first verification information to the first terminal, and receive second verification information returned by the first terminal based on the first verification information; and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
In a possible implementation manner, the additional verification module 403 is further configured to perform additional verification on the user again based on a second additional verification manner when the additional verification on the user based on the first additional verification manner fails, until the additional verification passes or the first failed verification frequency within a fourth preset time period before the current time reaches a third preset frequency.
In a possible implementation manner, when the target verification manner is short message verification, the identity verification module 404 is further configured to send a first verification code to a second terminal indicated by a second terminal identifier reserved by the user according to the user identifier; if a second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity verification is passed; and if the second verification code is not received within a fifth preset time after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
In a possible implementation manner, the additional verification module 403 is further configured to determine, if the user identity verification fails, a second number of times of failed verification of the user within a sixth preset time period before the current time;
the identity authentication module 404 is further configured to send third authentication information to a terminal indicated by a second terminal identifier reserved by the user according to the user identifier if the second failed authentication frequency is not greater than a fourth preset frequency;
the additional verification module 403 is further configured to perform additional verification on the user based on a first additional verification manner if the second failed verification frequency is greater than the fourth preset frequency.
In one possible implementation, the apparatus further includes: a module is ignored;
the determining module 402 is further configured to determine, when the additional authentication on the user based on the first additional authentication manner fails or the authentication on the user identity fails, a third number of times of failed authentication of the user within a seventh preset time period before the current time;
the determining module 402 is further configured to determine a retry prohibition duration of the user according to the third failed verification number;
the ignoring module is further configured to ignore a second authentication request sent by the first terminal if the second authentication request is received within the retry prohibition duration, where the second authentication request carries the user identifier.
In the embodiment of the invention, when the user is authenticated, whether the user is a malicious user is determined according to the user information of the user; if the user is a malicious user, performing additional authentication on the user based on the first additional authentication mode, and performing identity authentication on the user based on the target authentication mode and the user identification of the user only when the additional authentication on the user based on the first additional authentication mode passes. Due to the fact that the first additional verification mode is added, the verification cost of a malicious user is increased, and attacks on the server are reduced.
It should be noted that: in the authentication device provided in the above embodiment, only the division of the functional modules is illustrated in the example of the authentication, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the identity authentication device and the identity authentication method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments in detail and are not described herein again.
Fig. 5 illustrates a server for authentication, according to an example embodiment. Referring to fig. 5, server 500 includes a processing component 522 that further includes one or more processors and memory resources, represented by memory 532, for storing instructions, such as applications, that are executable by processing component 522. The application programs stored in memory 532 may include one or more modules that each correspond to a set of instructions. Further, the processing component 522 is configured to execute instructions to perform the functions performed by the server in the above-described method of extracting tag information.
The server 500 may also include a power component 526 configured to perform power management for the server 500, a wired or wireless network interface 550 configured to connect the server 500 to a network, and an input/output (I/O) interface 558. The Server 500 may operate based on an operating system, such as Windows Server, stored in the memory 532TM,Mac OSXTM,UnixTM,LinuxTM,FreeBSDTMOr the like.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium may be a computer-readable storage medium contained in the memory in the foregoing embodiment; or it may be a computer-readable storage medium that exists separately and is not assembled into a server. The computer readable storage medium stores one or more programs for use by one or more processors in performing a method of extracting tag information.
The terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying a number of the indicated technical features. Thus, a defined feature of "first", "second", may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (12)
1. An identity verification method, the method comprising:
receiving a first verification request sent by a first terminal, wherein the first verification request carries user information of a user and a target verification mode of the user request, and the user information at least comprises a user identifier;
determining whether the user is a malicious user or not according to the user information;
if the user is a malicious user, performing additional verification on the user based on a first additional verification mode, wherein the first additional verification mode is different from the target verification mode;
when the user passes the additional authentication based on the first additional authentication mode, performing identity authentication on the user based on the target authentication mode and the user identification;
the determining whether the user is a malicious user according to the user information includes:
when the user information further comprises a first terminal identification of the first terminal, determining whether the first terminal identification exists in a malicious terminal identification library; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library;
and when the additional verification of the user based on the first additional verification mode fails, performing additional verification on the user based on a second additional verification mode again until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
2. The method of claim 1, wherein determining whether the user is a malicious user according to the user information further comprises:
counting a first time according to the user identification, wherein the first time is the time of receiving a verification request carrying the user identification in a first preset time before the current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting a second time according to the first terminal identification, wherein the second time is the time of receiving a verification request sent by the first terminal within a second preset time before the current time; if the second time is greater than a second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
when the user information further comprises a first terminal identification of the first terminal, counting the number of users according to the first terminal identification and the user identification, wherein the number of the users is the number of the users sending verification requests through the first terminal within a third preset time before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
3. The method of claim 1, wherein the additional authentication of the user based on the first additional authentication manner comprises:
sending first verification information to the first terminal, and receiving second verification information returned by the first terminal based on the first verification information;
and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
4. The method of claim 1, wherein when the target authentication manner is short message authentication, the authenticating the user based on the target authentication manner and the user identifier comprises:
according to the user identification, sending a first verification code to a second terminal indicated by a second terminal identification reserved by the user;
if a second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity verification is passed;
and if the second verification code is not received within a fifth preset time after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
5. The method of claim 4, further comprising:
if the user identity authentication is not passed, determining a second failed authentication frequency of the user within a sixth preset time before the current time;
if the second failure verification frequency is not more than a fourth preset frequency, executing the step of sending third verification information to the terminal indicated by the second terminal identifier reserved by the user according to the user identifier;
and if the second failed verification times are larger than the fourth preset times, executing the step of performing additional verification on the user based on the first additional verification mode.
6. The method according to any one of claims 1-5, further comprising:
determining a third failed verification frequency of the user within a seventh preset time before the current time when the additional verification of the user based on the first additional verification mode fails or the user identity verification fails;
determining the retry prohibition duration of the user according to the third failure verification times;
and if a second verification request sent by the first terminal is received within the retry prohibition duration, ignoring the second verification request, wherein the second verification request carries the user identifier.
7. An authentication apparatus, the apparatus comprising:
the system comprises a receiving module, a first authentication module and a second authentication module, wherein the receiving module is used for receiving a first authentication request sent by a first terminal, the first authentication request carries user information of a user and a target authentication mode of the user request, and the user information at least comprises a user identifier;
the determining module is used for determining whether the user is a malicious user according to the user information;
an additional authentication module, configured to perform additional authentication on the user based on a first additional authentication manner if the user is a malicious user, where the first additional authentication manner is different from the target authentication manner;
the identity authentication module is used for authenticating the user based on the target authentication mode and the user identification when the additional authentication of the user based on the first additional authentication mode passes;
the determining module is further configured to determine whether the first terminal identifier exists in a malicious terminal identifier library when the user information further includes the first terminal identifier of the first terminal; if the first terminal identification exists in the malicious terminal identification library, determining that the user is a malicious user, and storing the terminal identification of the terminal used by the malicious user in the malicious terminal identification library;
the additional verification module is further configured to perform additional verification on the user again based on a second additional verification mode when the additional verification on the user based on the first additional verification mode does not pass, until the additional verification passes or the first failed verification frequency within a fourth preset time before the current time reaches a third preset frequency.
8. The apparatus of claim 7,
the determining module is further configured to count a first time according to the user identifier, where the first time is a time for receiving a verification request carrying the user identifier within a first preset time before the current time; if the first time is greater than a first preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module is further configured to count a second time according to the first terminal identifier when the user information further includes the first terminal identifier of the first terminal, where the second time is a time for receiving a verification request sent by the first terminal within a second preset time period before the current time; if the second time is greater than a second preset time, determining that the user is a malicious user; and/or the presence of a gas in the gas,
the determining module is further configured to count the number of users according to the first terminal identifier and the user identifier when the user information further includes the first terminal identifier of the first terminal, where the number of users is the number of users who send an authentication request through the first terminal within a third preset time period before the current time; and if the number of the users is larger than the preset number, determining that the users are malicious users.
9. The apparatus of claim 7,
the additional verification module is further configured to send first verification information to the first terminal, and receive second verification information returned by the first terminal based on the first verification information; and if the first verification information and the second verification information are matched, determining that the additional verification of the user is passed based on the first additional verification mode.
10. The device of claim 7, wherein when the target authentication mode is short message authentication, the identity authentication module is further configured to send a first authentication code to a second terminal indicated by a second terminal identifier reserved by the user according to the user identifier; if a second verification code is received within a fifth preset time after the current time, and the first verification code is the same as the second verification code, the user identity verification is passed; and if the second verification code is not received within a fifth preset time after the current time, or the first verification code is different from the second verification code, the user identity authentication is not passed.
11. The apparatus of claim 10,
the additional verification module is further configured to determine a second failed verification frequency of the user within a sixth preset time before the current time if the user identity verification fails;
the identity authentication module is further configured to send third authentication information to a terminal indicated by a second terminal identifier reserved by the user according to the user identifier if the second failed authentication frequency is not greater than a fourth preset frequency;
the additional verification module is further configured to perform additional verification on the user based on a first additional verification manner if the second failed verification frequency is greater than the fourth preset frequency.
12. The apparatus of any of claims 7-11, further comprising: a module is ignored;
the determining module is further configured to determine, when the additional authentication on the user based on the first additional authentication manner fails or the authentication on the user identity fails, a third number of times of failed authentication of the user within a seventh preset time period before the current time;
the determining module is further configured to determine a retry prohibition duration of the user according to the third failed verification number;
the ignoring module is further configured to ignore a second authentication request sent by the first terminal if the second authentication request is received within the retry prohibition duration, where the second authentication request carries the user identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710465761.8A CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710465761.8A CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107241336A CN107241336A (en) | 2017-10-10 |
| CN107241336B true CN107241336B (en) | 2020-05-19 |
Family
ID=59986411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710465761.8A Active CN107241336B (en) | 2017-06-19 | 2017-06-19 | Identity verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107241336B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107749844A (en) * | 2017-10-16 | 2018-03-02 | 维沃移动通信有限公司 | Auth method and mobile terminal |
| CN108171024A (en) * | 2017-11-28 | 2018-06-15 | 苏州市东皓计算机系统工程有限公司 | A kind of encryption method of computer system |
| CN108183924A (en) * | 2018-03-01 | 2018-06-19 | 深圳市买买提信息科技有限公司 | A kind of login validation method and terminal device |
| CN108810831B (en) * | 2018-04-17 | 2020-03-10 | 平安科技(深圳)有限公司 | Short message verification code pushing method, electronic device and readable storage medium |
| CN108900525B (en) * | 2018-07-19 | 2021-05-18 | 中国联合网络通信集团有限公司 | Processing method and device for verification code request |
| CN109121100A (en) * | 2018-09-27 | 2019-01-01 | 沈文策 | A kind of short message communication control method and device |
| CN110839217B (en) * | 2019-10-24 | 2022-03-11 | 深圳市梦网科技发展有限公司 | Addressing method, device, server and medium for mobile terminal |
| CN113852630A (en) * | 2021-09-24 | 2021-12-28 | 广东睿住智能科技有限公司 | Data transmission method, data transmission device, server and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102347929A (en) * | 2010-07-28 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Verification method of user identity and apparatus thereof |
| CN104125062A (en) * | 2013-04-26 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Login method, device, login authentication device, server, terminals and system |
| CN104518876A (en) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Service login method and device |
| CN104917740A (en) * | 2014-03-14 | 2015-09-16 | 中国移动通信集团广东有限公司 | Password resetting method and password verifying method and device |
| CN105323253A (en) * | 2015-11-17 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN105656898A (en) * | 2016-01-07 | 2016-06-08 | 广西英腾教育科技股份有限公司 | Multi-dimensional information based activation code data processing system and method |
-
2017
- 2017-06-19 CN CN201710465761.8A patent/CN107241336B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102347929A (en) * | 2010-07-28 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Verification method of user identity and apparatus thereof |
| CN104125062A (en) * | 2013-04-26 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Login method, device, login authentication device, server, terminals and system |
| CN104518876A (en) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Service login method and device |
| CN104917740A (en) * | 2014-03-14 | 2015-09-16 | 中国移动通信集团广东有限公司 | Password resetting method and password verifying method and device |
| CN105323253A (en) * | 2015-11-17 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN105656898A (en) * | 2016-01-07 | 2016-06-08 | 广西英腾教育科技股份有限公司 | Multi-dimensional information based activation code data processing system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107241336A (en) | 2017-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107241336B (en) | Identity verification method and device | |
| US10057251B2 (en) | Provisioning account credentials via a trusted channel | |
| CN104753943B (en) | The log-in control method of third party's account and device | |
| CN105450643B (en) | The authentication method of network insertion, apparatus and system | |
| WO2014040479A1 (en) | User identity authenticating method and device for preventing malicious harassment | |
| CN107196917B (en) | Service response method and middleware thereof | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| US10321315B2 (en) | Identity and phone number verification | |
| CN109995748B (en) | Verification code processing method, device and system | |
| CN107710725B (en) | Method and system for authenticating a user by a telephone number | |
| US20190020764A1 (en) | Provisioning a trial service to a mobile device | |
| CN110958119A (en) | Identity verification method and device | |
| CN105828329A (en) | Authentication management method for mobile terminals | |
| CN109510799B (en) | Page display method, browser client, equipment and storage medium | |
| WO2020073538A1 (en) | Message sending method, device and system | |
| US9680814B2 (en) | Method, device, and system for registering terminal application | |
| CN109525588B (en) | Verification code processing method, device and system | |
| CN105230091A (en) | Make a call in a communications system | |
| EP3079329B1 (en) | Terminal application registration method, device and system | |
| CN111356090B (en) | Networking method of network, device thereof, terminal and computer readable storage medium | |
| CN111371787B (en) | Login registration method, device, system, server and medium for middle station service | |
| CN109460647B (en) | Multi-device secure login method | |
| CN102137044A (en) | Method and system for safely interacting group information based on community platform | |
| CN105472577A (en) | Communication method and system established in number transmission manner | |
| WO2020073537A1 (en) | Message sending method, device, and public platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211126 Address after: 31a, 15 / F, building 30, maple mall, bangrang Road, Brazil, Singapore Patentee after: Baiguoyuan Technology (Singapore) Co.,Ltd. Address before: 511442 room 2705, 27 / F, building B-1, Wanda Plaza North, Wanbo business district, 79 Wanbo 2nd Road, Nancun Town, Panyu District, Guangzhou City, Guangdong Province Patentee before: GUANGZHOU BAIGUOYUAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |