CN107257325A - User profile guard method and device - Google Patents
User profile guard method and device Download PDFInfo
- Publication number
- CN107257325A CN107257325A CN201710323919.8A CN201710323919A CN107257325A CN 107257325 A CN107257325 A CN 107257325A CN 201710323919 A CN201710323919 A CN 201710323919A CN 107257325 A CN107257325 A CN 107257325A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- action log
- identifying code
- various dimensions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present application provides user profile guard method and device; when monitoring user's sensitive operation; user's various dimensions information is gathered, user's various dimensions information includes user account, user cipher, user fingerprints, user browser information and/or user equipment information;The user's various dimensions information preserved in user's various dimensions information and date storehouse of the collection is matched;When matching inconsistent, identifying code is generated using User action log corresponding with the user account;Safety verification is carried out to user's various dimensions information of the collection using the identifying code, obtained because identifying code is associated with User action log, dynamic change can be carried out according to the change of User action log, it is not easy to be cracked by network hacker, it is ensured that the safety coefficient of user profile checking is more increased.
Description
Technical field
The application is related to technical field of network security, more particularly to a kind of user profile guard method and device.
Background technology
With the development of Internet technology, in order to ensure the security of Internet user's information, it usually needs build backstage
Database to carry out safety verification to user profile, so that it is determined that whether user can correctly sign in network application or enter
The network operations such as row network trading.
Yet with the wildness of network hacker, only by the checking of the such single factors of user profile, can not effectively it protect
Hinder the safety of user profile, so that various user information safety accidents continually occur.To solve this information security issue, may be used also
By the second proving program of setting, such as to obtain dynamic verification code by SMS and carry out user's checking.But, it is this
Mobile phone short message verification method needs to expend extra resource, substantially increases network verification cost, user experience also declines.
The content of the invention
The many aspects of the application provide a kind of user profile guard method and device, are improving the peace of user profile checking
Checking cost is reduced while full property, user experience is greatly improved.
The embodiment of the present application provides a kind of user profile guard method, including:
When monitoring user's sensitive operation, user's various dimensions information is gathered, user's various dimensions information includes user's account
Number, user cipher, user fingerprints, user browser information and/or user equipment information;
User's various dimensions information of the collection is matched with the various dimensions information of user's registration;
When matching inconsistent, identifying code is generated using User action log corresponding with the user account;
Safety verification is carried out to user's various dimensions information of the collection using the identifying code.
Alternatively, identifying code is generated using User action log corresponding with the user account, including:
According to the User action log, analysis obtains user interest profile information;
According to the user interest profile information, identifying code corresponding with the user interest profile information is generated, it is described
Identifying code includes one or more.
Alternatively, according to the User action log, analysis obtains user interest profile information, including:
According to the User action log, the type of the User action log is determined;
According to the type of the User action log, it is determined that interest corresponding with the type of the User action log is crucial
Word;
According to the interest keyword of the determination, matched, obtained and the interest in the User action log
The interest characteristics information of Keywords matching.
Alternatively, described method also includes:
Corresponding relation between the type and interest keyword of pre-set user user behaviors log, each User action log
The interest keyword of type correspondence 1 or more than 1.
Alternatively, according to the user interest profile information, checking corresponding with the user interest profile information is generated
Code, including:
Obtain at least two information in word, icon, numeral and/or character that the user interest profile information includes
It is combined, generates identifying code corresponding with the user interest profile information.
Alternatively, safety verification is carried out to user's various dimensions information of the collection using the identifying code, including:
User's checking interface is shown, the user's checking interface includes one or more User action logs
Identifying code, the identifying code of the multiple User action log random distribution in the user's checking interface arranges;
Monitor and obtain the information that user inputs in the user's checking interface;
The information that the user is inputted is matched with the identifying code of the User action log, when the match is successful,
Then determine that user's various dimensions information of the collection passes through safety verification, it is allowed to user's sensitive operation, and by the use of the collection
Family various dimensions information is saved in user's various dimensions information database corresponding with the user account.
The present invention also provides a kind of user profile protection device, including:
Acquisition module, for monitoring during user's sensitive operation, gathers user's various dimensions information, user's various dimensions letter
Breath includes user account, user cipher, user fingerprints, user browser information and/or user equipment information;
A matching module, for the various dimensions information of user's various dimensions information of the collection and user's registration to be carried out
Match somebody with somebody;
Generation module, for when matching inconsistent, being generated using User action log corresponding with the user account
Identifying code;
Authentication module, for carrying out safety verification to user's various dimensions information of the collection according to the identifying code.
Alternatively, described device also includes:
Analysis module, for according to the User action log, analysis to obtain user interest profile information;
The generation module, for according to the user interest profile information, generation and the user interest profile information
Corresponding identifying code, the identifying code includes one or more.
Alternatively, the analysis module specifically for:
According to the User action log, the type of the User action log is determined;
According to the type of the User action log, it is determined that interest corresponding with the type of the User action log is crucial
Word;
According to the interest keyword of the determination, matched, obtained and the interest in the User action log
The interest characteristics information of Keywords matching.
Alternatively, the generation module specifically for:
Obtain at least two information in word, icon, numeral and/or character that the user interest profile information includes
It is combined, generates identifying code corresponding with the user interest profile information.
Alternatively, the authentication module specifically for:
User's checking interface is shown, the user's checking interface includes one or more User action logs
Identifying code, the identifying code of the multiple User action log random distribution in the user's checking interface arranges;
Monitor and obtain the information that user inputs in the user's checking interface;
The information that the user is inputted is matched with the identifying code of the User action log, when the match is successful,
Then determine that user's various dimensions information of the collection passes through safety verification, it is allowed to user's sensitive operation, and by the use of the collection
Family various dimensions information is saved in user's various dimensions information database corresponding with the user account.
In the embodiment of the present application, when monitoring user's sensitive operation, user's various dimensions information, user's multidimensional are gathered
Spending information includes user account, user cipher, user fingerprints, user browser information and/or user equipment information;Adopted described
The user's various dimensions information preserved in user's various dimensions information and date storehouse of collection is matched;When matching inconsistent, utilize
User action log corresponding with the user account generates identifying code;Utilize user multidimensional of the identifying code to the collection
Spend information and carry out safety verification, obtained because identifying code is associated with User action log, can be according to User action log
Change carry out dynamic change, it is not easy to cracked by network hacker, it is ensured that user profile checking safety coefficient more increase.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen
Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In the accompanying drawings:
The schematic flow sheet for the user profile guard method that Fig. 1 provides for the embodiment of the application one;
The schematic flow sheet for the verification code generation method that Fig. 2 provides for another embodiment of the application;
The schematic flow sheet for the user profile guard method that Fig. 3 provides for the embodiment of the application one;
The structural representation for the user profile protection device that Fig. 4 provides for the embodiment of the application one.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, described embodiment is only the application one
Section Example, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out the every other embodiment obtained under the premise of creative work, belong to the scope of the application protection.
There are substantially following several verification code technologies in the prior art:
(1) word identifying code (the problem of being typically question and answer)
For example, may I ask:4+4=Answer:8, however, word identifying code needs the problem of various non-machines of manual editing are answered, dimension
Protect cost slightly higher.
(2) picture validation code
The picture of an identifying code (such as emsf) is generated, user fills in checking according to the verification code information of picture presentation
Code, however, picture validation code is easier to be recognized by ocr softwares, does not reach identifying code effect.
(3) Gif animations identifying code
The animation that generation one contains identifying code (such as 41 border UM), the verification code information that user is shown according to animation,
Identifying code is filled in, however, Gif animation identifying codes are easier above the focus of user to animation, while also can be to whole
Individual page layout produces some influences.
(4) mobile phone note verification code
By sending identifying code to mobile phone, user is allowed to fill in corresponding identifying code, however, mobile phone note verification code needs to connect
Enter SMS operating service business, obtain corresponding identifying code short message and issue service, short message cost is of a relatively high.
(5) speech identifying code
A, direct voice broadcast identifying code;And b, mobile phone speech identifying code, corresponding phone is dialed, identifying code is reported,
However, speech identifying code is not very convenient to use in most of public arenas.
(6) video verification code
The identifying code that random digit, letter and Chinese are combined is dynamically embedded into the video of the forms such as MP4, flv,
Difficulty is cracked although increasing, the technology of video verification code realizes that difficulty is of a relatively high, it is difficult to popularize.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
The schematic flow sheet for the user profile guard method that Fig. 1 provides for the embodiment of the application one.This method is applied to use
Family include the application scenarios during sensitive operations such as user cipher modification or network payment.As shown in figure 1, methods described bag
Include:
When the 101st, monitoring user's sensitive operation, user's various dimensions information is gathered.
User's various dimensions information described in the embodiment of the present invention includes but is not limited to user account, user cipher, user and referred to
The multinomial informations such as line, user browser information and user equipment information.For example, when user carries out net purchase payment or worked as to use
, it is necessary to gather the currently used various dimensions information of user when family carries out the sensitive operations such as user cipher modification, such as collection user works as
The currently used browser information of the preceding user account used, user cipher, user or the currently used user equipment of user
Information etc..
102nd, user's various dimensions information of the collection is matched with the various dimensions information of user's registration.
, can not effective guarantee only by the checking to the such single factors of user cipher due to the wildness of network hacker
The safety of user profile, so that various user information safety accidents continually occur, therefore, is provided with multidimensional in background server
Information database is spent, user preserves the various dimensions information of each registered user's registration, and generally, user, can be by user in registration
The various dimensions information such as account, user cipher, user fingerprints, user browser information and user equipment information are sent to background service
Device is stored in various dimensions information database corresponding with user account.
Client is collected in the currently used various dimensions information of user and background server various dimensions information database
The various dimensions information of the user's registration preserved is matched, if any one of various dimensions information information has unmatched feelings
During condition, it may be determined that user's various dimensions information of collection and the various dimensions information of user's registration be match it is inconsistent, now, in order to
Safeguard protection is carried out to user profile, suspends user's sensitive operation.
103rd, when matching inconsistent, identifying code is generated using User action log corresponding with the user account.
For example, when user is registered using iPhone, the user equipment information of registration is iPhone information, when
When user carries out network payment using Huawei's mobile phone, therefore the user equipment information Huawei cellphone information collected, collects
User equipment information when user equipment information is with registration matches inconsistent, and user cannot use Huawei's mobile phone to be paid.
It can ensure that user can be carried out in secure payment, the present embodiment while re-registering again in order to reduce or remit user, Ke Yili
Identifying code is generated with the corresponding User action log of the user account, and utilizes user various dimensions information of the identifying code to collection
Safety verification.
Below to being described in detail using User action log corresponding with user account generation identifying code:
Each user is after logging in network application is operated, and the corresponding background server of the network application can all be preserved
The user is directed to the User action log of the network application.For example, after User logs in Taobao carries out Shopping Behaviors, wash in a pan
The corresponding background server of treasured net preserves the corresponding User action log of the user account.
Therefore, setting up the corresponding relation having between each user account and User action log in background server, therefore
Can be according to the user account in user's various dimensions information of collection, you can obtain the corresponding user behavior day of the user profile
Will.
It should be noted that generally User action log is directly proportional to the user in the frequency that logging in network is applied, if with
Family login times are more, and the User action log data of the user can be huge, in order to reduce data acquisition amount, reduce system resource
Pressure is obtained, nearest User action log can be obtained, nearest User action log, represent user nearest
Behavioural characteristic or the nearest interest characteristics of user.
In a kind of optional embodiment of the present invention, according to user account, obtain user corresponding with the user account and step on
Record the frequency;According to the User logs in frequency, it is determined that obtaining the initial time of User action log;Obtain current time with it is described
User action log between initial time.
It should be noted that in the embodiment of the present invention, user just logs in primary network application for a long time, that is, logs in the frequency
Than relatively low, then the initial time for obtaining User action log is more early;The frequent logging in online application of user, that is, log in the frequency and compare
Height, then obtain the initial time of User action log closer to current time.
In a kind of optional embodiment of the present invention, according to the User action log of acquisition, generation and the user behavior
The corresponding identifying code of daily record, including:
According to the User action log, analysis obtains user interest profile information;
According to the user interest profile information, identifying code corresponding with the user interest profile information is generated, it is described
Identifying code includes one or more.
Such as so that the multimedia of user is shared as an example, according to the multimedia splitting glass opaque daily record of user (i.e. passing one section of user
Some behavioral datas shared on multimedia in time) it can analyze and obtain the interest characteristics letter that the multimedia of the user is shared
Breath, specifically, the user interest profile information that multimedia is shared can include shop, the purchase that user paid close attention within two weeks
The interest characteristics information such as article, the article of collection that the article crossed, forwarding are shared.
Background server can be according to user interest profile information, and the article that user was bought recently, forwarding are shared
Article, the article of collection are used as the corresponding identifying code of the User action log.
104th, safety verification is carried out to user's various dimensions information of the collection using the identifying code.
Specifically, user's checking interface is shown in client, the user's checking interface includes one or more
The identifying code of the User action log, the identifying code of the multiple User action log is random in the user's checking interface
It is arranged evenly.Client monitors simultaneously obtain the information that user inputs in the user's checking interface;Background server is by client
The information of user's input of end monitoring is matched with the identifying code of User action log, when the match is successful, it is determined that described
User's various dimensions information of collection passes through safety verification, it is allowed to user's sensitive operation, and user's various dimensions of the collection are believed
Breath is saved in user's various dimensions information database corresponding with the user account.
In the embodiment of the present application, when monitoring user's sensitive operation, user's various dimensions information, user's multidimensional are gathered
Spending information includes user account, user cipher, user fingerprints, user browser information and/or user equipment information;Adopted described
The user's various dimensions information preserved in user's various dimensions information and date storehouse of collection is matched;When matching inconsistent, utilize
User action log corresponding with the user account generates identifying code;Utilize user multidimensional of the identifying code to the collection
Spend information and carry out safety verification, obtained because the identifying code in the embodiment of the present invention is associated with User action log, therefore,
Identifying code is can to carry out dynamic change according to the change of User action log, it is not easy to cracked by network hacker, it is ensured that user
The safety coefficient of Information Authentication is more increased, relatively reliable, simple to operate, and user experience is high.
The schematic flow sheet for the verification code generation method that Fig. 2 provides for another embodiment of the application;As shown in Fig. 2 including:
201st, User action log is obtained;
For example, when user logs in live video client by iPhone carries out user cipher modification, stepping on
Record interface inputs the user account and user cipher of the user, and client can collect the currently used user's various dimensions of user
Information, is specifically included:User account, user cipher, iPhone information, ISO system informations etc., client is by the user of collection
Various dimensions information is sent to corresponding background server, and background server is according to user account, in corresponding user's various dimensions letter
User's various dimensions information during the user's registration is obtained in breath database, the two is matched, if matching is inconsistent, it is assumed that note
User equipment information during volume is Huawei's cellphone information, then does not allow user to carry out password modification.But obtained according to user account
Take the corresponding User action log of the user account.
Because each user carries out the behaviors such as live video viewing after being logged in using user account, in the live video
Background server produce User action log (also known as user behavior data).Therefore the user account and user's row of each user
It is one-to-one for daily record.
202nd, the type of User action log is determined;
The User action log that different applications is produced is different, in order to which significantly more efficient analysis subsequent user interest is special
Reference is ceased, and in the embodiment of the present invention, User action log is classified.For example, the user that user produces in shopping application
User behaviors log is to belong to different types of daily record with the User action log produced in live video application.Therefore, the present invention is real
Apply in example, the classification to User action log can classify according to its corresponding application attribute, and set corresponding type
Mark.The user that type identification such as the User action log that shopping application is produced is the first kind, live video application is produced
The type identification of user behaviors log is Second Type, by that analogy, and the present invention is not limited type identification, is only intended to determine user
The type of user behaviors log.
203rd, interest keyword corresponding with the type of User action log is determined;
Pre-set the corresponding interest keyword of type of each User action log, i.e. pre-set user user behaviors log
Corresponding relation between type and interest keyword.Wherein, the type of each User action log can correspond to 1 or 1
Interest keyword above.
For example, live video application base attribute is relevant with user's viewing live video, then the program letter of live video
Breath and main broadcaster's information could be arranged to the interest keyword for the User action log that live video application is produced, wherein, section
Mesh information includes the information such as program category, programm name, program viewing time, and main broadcaster's information includes main broadcaster's title, the pet name, head portrait
Etc. information.
204th, according to the interest keyword of determination, matched, obtained and interest keyword in User action log
The interest characteristics information matched somebody with somebody;
So that live video is applied as an example, according to the interest keyword such as the programme information of determination or main broadcaster's information, live
Matched in the User action log that video is produced, for example, according to the length of program viewing time, can be in user behavior day
Matching obtains the program that user is most interested in will, and then can obtain program category and programm name that user is most interested in etc.
User interest profile information.In another example, the main broadcaster's information paid close attention to according to user is obtained that can be matched in User action log
The main broadcaster that user is most interested in, and then the user interest profiles such as main broadcaster's title, the pet name, head portrait that user is most interested in can be obtained
Information.
205th, at least two information obtained in word, icon, numeral or character that user interest profile information includes are entered
Row combination, generates identifying code corresponding with the user interest profile information.
User interest profile information obtained above includes multiple information, for example including word, icon, numeral and/or
The information such as character.In order to strengthen in the security of identifying code, the present embodiment, obtain user interest profile information include word,
At least two information in icon, numeral and/or character are combined, and generate test corresponding with the user interest profile information
Demonstrate,prove code.
So that live video is applied as an example, user interest profile information include user's program category interested, programm name,
The information such as main broadcaster's title, main broadcaster's pet name, main broadcaster's head portrait, can obtain two therein or multinomial information is combined into the user behavior
The corresponding identifying code of daily record.Wherein, the information such as program category, programm name, main broadcaster's title, main broadcaster's pet name, main broadcaster's head portrait can be with
It is indicated with the mark such as word, icon, numeral and/or character.
In the embodiment of the present application, according to User action log, the type of the User action log is determined;According to described
The type of User action log, it is determined that interest keyword corresponding with the type of the User action log;Determined according to described
Interest keyword, matched in the User action log, obtain the interest characteristics with the interest Keywords matching
Information, and then obtain at least two letters in word, icon, numeral and/or character that the user interest profile information includes
Breath is combined, and generates identifying code corresponding with the user interest profile information.Due to the identifying code in the embodiment of the present invention
It is to be associated with user interest profile, therefore, identifying code is can to carry out dynamic change according to the change of user interest profile, no
Easily cracked by network hacker, it is ensured that the safety coefficient of user profile checking is more increased, relatively reliable, simple to operate, user's body
Degree of testing is high.
The schematic flow sheet for the user profile guard method that Fig. 3 provides for the embodiment of the application one;As shown in figure 3, including:
301st, display user's checking interface;
Alternatively, the user's checking interface of the present embodiment includes but is not limited to nine grids checking interface.Wherein, nine grids are tested
Card interface includes the above-mentioned identifying code determined according to User action log, wherein, identifying code is to obtain user interest profile letter
At least two information ceased in word, icon, numeral and/or the character included are combined generation.Identifying code is tested in user
Card can be arranged in interface with random distribution.In addition, also including the information of other interference in user's checking interface.
302nd, the information that user inputs in user's checking interface is obtained;
303rd, by the information inputted in user's checking interface and above-mentioned generation identifying code corresponding with User action log
Matched, when the match is successful, perform step 304, it is unsuccessful matching, perform step 305.
304th, the user's various dimensions information for determining collection is safety, it is allowed to user's sensitive operation, and by the use of the collection
Family various dimensions information is saved in user's various dimensions information database corresponding with the user account.
305th, dangerous tip is carried out, and freezes user's sensitive operation.
For example, when identifying code includes main broadcaster's information of newest concern and most interested programme information, then user
Verify information and the most interested programm names such as the head portrait or the pet name of the main broadcaster that can include the newest concern of user in interface
Etc. information, in addition to other interference informations.When client detects the master that user clicks on newest concern on user's checking interface
When broadcasting head portrait, the pet name and programm name, and head portrait, the pet name and the programm name of the main broadcaster for the newest concern that user is clicked on are sent
To background server, head portrait, the pet name and the programm name of the main broadcaster for the newest concern that background server sends client are with after
Head portrait, the pet name and the programm name of the main broadcaster for the newest concern that platform server is determined according to User action log is matched, if
Match unanimously, it is determined that user operation is safe, it is allowed to which user carries out subsequent operation, otherwise do not allow for user's progress
Subsequent operation, can also carry out dangerous tip.
Further, when user's checking interface includes the corresponding identifying code of User action log of multiple above-mentioned determinations
When, in order to improve the security of checking, multiple identifying codes can be randomly arranged on user's checking interface, when specifically verifying,
User is not required nothing more than correctly clicks on or select correct identifying code on user's checking interface, and also further checking click is tested
Code order is demonstrate,proved, i.e., acquisition user inputs in the user's checking interface information and the order of input information are used described
It is corresponding with User action log that the information and the order of input information inputted in the checking interface of family is determined with background server
Identifying code and the order of identifying code matched, match identifying code it is all consistent with identifying code order when, determine that user grasps
Work is safety, and unlocks user's operation, otherwise determines that user's operation carries out dangerous tip, does not allow for subsequent user operation.
For example, when user's checking interface includes the head portrait of multiple main broadcasters of the newest concern of user, in addition to other interference
Information, when client detects the head portrait for the main broadcaster that user clicks on newest concern on user's checking interface, user is clicked on
Newest concern main broadcaster head portrait and concern order be sent to background server, background server sends client most
The master for the newest concern that the head portrait of the main broadcaster newly paid close attention to and concern order are determined with background server according to User action log
The head portrait broadcast and concern order are matched, and determine that user operation is safe when matching consistent, it is allowed to after user is carried out
Continuous operation, does not otherwise allow for user and carries out subsequent operation, can carry out dangerous tip.
In the embodiment of the present application, when monitoring that user carries out sensitive operation (such as password knee or network payment),
According to the user account in collection user's various dimensions information, User action log corresponding with the user account is obtained, according to this
User action log generates corresponding identifying code, and safety verification is carried out to user's various dimensions information of collection using the identifying code,
Obtained because the identifying code in the embodiment of the present invention is associated with User action log, and User action log is over time
It is to carry out dynamic change, therefore, identifying code is can also to carry out dynamic change according to the change of User action log, it is not easy to
Cracked by network hacker, it is ensured that the safety coefficient of user profile checking is more increased, relatively reliable, simple to operate, user experience
It is high.
The structural representation for the user profile protection device that Fig. 4 provides for the embodiment of the application one, as shown in figure 4, including:
Acquisition module 41, for monitoring during user's sensitive operation, gathers user's various dimensions information, user's various dimensions
Information includes user account, user cipher, user fingerprints, user browser information and/or user equipment information;
A matching module 42, for the various dimensions information of user's various dimensions information of the collection and user's registration to be carried out
Match somebody with somebody;
Generation module 43, for when matching inconsistent, being given birth to using User action log corresponding with the user account
Into identifying code;
Authentication module 44, for carrying out safety verification to user's various dimensions information of the collection according to the identifying code.
Alternatively, described device also includes:
Analysis module 45, for the User action log gathered according to acquisition module 41, analysis obtains user interest profile
Information;
The generation module 43, for according to the user interest profile information, generation to be believed with the user interest profile
Corresponding identifying code is ceased, the identifying code includes one or more.
Alternatively, the analysis module 45 specifically for:
According to the User action log, the type of the User action log is determined;
According to the type of the User action log, it is determined that interest corresponding with the type of the User action log is crucial
Word;
According to the interest keyword of the determination, matched, obtained and the interest in the User action log
The interest characteristics information of Keywords matching.
Alternatively, the generation module 43 specifically for:
Obtain at least two information in word, icon, numeral and/or character that the user interest profile information includes
It is combined, generates identifying code corresponding with the user interest profile information.
Alternatively, the authentication module 44 specifically for:
User's checking interface is shown, the user's checking interface includes one or more User action logs
Identifying code, the identifying code of the multiple User action log random distribution in the user's checking interface arranges;
Monitor and obtain the information that user inputs in the user's checking interface;
The information that the user is inputted is matched with the identifying code of the User action log, when the match is successful,
Then determine that user's various dimensions information of the collection passes through safety verification, it is allowed to user's sensitive operation, and by the use of the collection
Family various dimensions information is saved in user's various dimensions information database corresponding with the user account.
Said apparatus can perform the method in Fig. 1-embodiment illustrated in fig. 3, and its implementing principle and technical effect is no longer gone to live in the household of one's in-laws on getting married
State.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (11)
1. a kind of user profile guard method, it is characterised in that including:
When monitoring user's sensitive operation, user's various dimensions information is gathered, user's various dimensions information includes user account, used
Family password, user fingerprints, user browser information and/or user equipment information;
User's various dimensions information of the collection is matched with the various dimensions information of user's registration;
When matching inconsistent, identifying code is generated using User action log corresponding with the user account;
Safety verification is carried out to user's various dimensions information of the collection using the identifying code.
2. according to the method described in claim 1, it is characterised in that utilize User action log corresponding with the user account
Identifying code is generated, including:
According to the User action log, analysis obtains user interest profile information;
According to the user interest profile information, identifying code corresponding with the user interest profile information, the checking are generated
Code includes one or more.
3. method according to claim 2, it is characterised in that according to the User action log, it is emerging that analysis obtains user
Interesting characteristic information, including:
According to the User action log, the type of the User action log is determined;
According to the type of the User action log, it is determined that interest keyword corresponding with the type of the User action log;
According to the interest keyword of the determination, matched in the User action log, obtain crucial with the interest
The interest characteristics information of word matching.
4. method according to claim 3, it is characterised in that also include:
Corresponding relation between the type and interest keyword of pre-set user user behaviors log, the type of each User action log
The interest keyword of correspondence 1 or more than 1.
5. method according to claim 3, it is characterised in that according to the user interest profile information, generation with it is described
The corresponding identifying code of user interest profile information, including:
At least two information obtained in word, icon, numeral and/or character that the user interest profile information includes are carried out
Combination, generates identifying code corresponding with the user interest profile information.
6. the method according to any one of claim 1-5, it is characterised in that using the identifying code to the collection
User's various dimensions information carries out safety verification, including:
User's checking interface is shown, the user's checking interface includes testing for one or more User action logs
Demonstrate,prove code, identifying code random distribution arrangement in the user's checking interface of the multiple User action log;
Monitor and obtain the information that user inputs in the user's checking interface;
The information that the user is inputted is matched with the identifying code of the User action log, when the match is successful, then really
User's various dimensions information of the fixed collection passes through safety verification, it is allowed to user's sensitive operation, and the user of the collection is more
Dimensional information is saved in user's various dimensions information database corresponding with the user account.
7. a kind of user profile protection device, it is characterised in that including:
Acquisition module, for monitoring during user's sensitive operation, gathers user's various dimensions information, user's various dimensions packet
Include user account, user cipher, user fingerprints, user browser information and/or user equipment information;
Matching module, for user's various dimensions information of the collection to be matched with the various dimensions information of user's registration;
Generation module, for when matching inconsistent, being generated and being verified using User action log corresponding with the user account
Code;
Authentication module, for carrying out safety verification to user's various dimensions information of the collection according to the identifying code.
8. device according to claim 7, it is characterised in that including:
Analysis module, for according to the User action log, analysis to obtain user interest profile information;
The generation module, for according to the user interest profile information, generating corresponding with the user interest profile information
Identifying code, the identifying code include one or more.
9. device according to claim 8, it is characterised in that the analysis module specifically for:
According to the User action log, the type of the User action log is determined;
According to the type of the User action log, it is determined that interest keyword corresponding with the type of the User action log;
According to the interest keyword of the determination, matched in the User action log, obtain crucial with the interest
The interest characteristics information of word matching.
10. device according to claim 9, it is characterised in that the generation module specifically for:
At least two information obtained in word, icon, numeral and/or character that the user interest profile information includes are carried out
Combination, generates identifying code corresponding with the user interest profile information.
11. the device according to any one of claim 7-10, it is characterised in that the authentication module specifically for:
User's checking interface is shown, the user's checking interface includes testing for one or more User action logs
Demonstrate,prove code, identifying code random distribution arrangement in the user's checking interface of the multiple User action log;
Monitor and obtain the information that user inputs in the user's checking interface;
The information that the user is inputted is matched with the identifying code of the User action log, when the match is successful, then really
User's various dimensions information of the fixed collection passes through safety verification, it is allowed to user's sensitive operation, and the user of the collection is more
Dimensional information is saved in user's various dimensions information database corresponding with the user account.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710323919.8A CN107257325A (en) | 2017-05-09 | 2017-05-09 | User profile guard method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710323919.8A CN107257325A (en) | 2017-05-09 | 2017-05-09 | User profile guard method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107257325A true CN107257325A (en) | 2017-10-17 |
Family
ID=60028130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710323919.8A Pending CN107257325A (en) | 2017-05-09 | 2017-05-09 | User profile guard method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107257325A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111832060A (en) * | 2019-04-17 | 2020-10-27 | 北京搜狗科技发展有限公司 | Data processing method and device and electronic equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102035649A (en) * | 2009-09-29 | 2011-04-27 | 国际商业机器公司 | Authentication method and device |
CN104852886A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Protection method and device for user account |
CN104967603A (en) * | 2015-04-17 | 2015-10-07 | 腾讯科技(成都)有限公司 | Application account security verification method and apparatus |
CN104994060A (en) * | 2015-05-15 | 2015-10-21 | 百度在线网络技术(北京)有限公司 | Method and device for providing verification for user login |
CN105099675A (en) * | 2014-04-17 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method and device for generating authentication data for identity authentication and method and device for identity authentication |
CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
CN105553947A (en) * | 2015-12-08 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Methods and devices for finding account back, protecting account security and preventing account theft |
CN106027520A (en) * | 2016-05-19 | 2016-10-12 | 微梦创科网络科技(中国)有限公司 | Method and device for detecting and processing stealing of website accounts |
CN106529288A (en) * | 2016-11-16 | 2017-03-22 | 智者四海(北京)技术有限公司 | Account risk identification method and device |
-
2017
- 2017-05-09 CN CN201710323919.8A patent/CN107257325A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102035649A (en) * | 2009-09-29 | 2011-04-27 | 国际商业机器公司 | Authentication method and device |
CN104852886A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Protection method and device for user account |
CN105099675A (en) * | 2014-04-17 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method and device for generating authentication data for identity authentication and method and device for identity authentication |
CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
CN104967603A (en) * | 2015-04-17 | 2015-10-07 | 腾讯科技(成都)有限公司 | Application account security verification method and apparatus |
CN104994060A (en) * | 2015-05-15 | 2015-10-21 | 百度在线网络技术(北京)有限公司 | Method and device for providing verification for user login |
CN105553947A (en) * | 2015-12-08 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Methods and devices for finding account back, protecting account security and preventing account theft |
CN106027520A (en) * | 2016-05-19 | 2016-10-12 | 微梦创科网络科技(中国)有限公司 | Method and device for detecting and processing stealing of website accounts |
CN106529288A (en) * | 2016-11-16 | 2017-03-22 | 智者四海(北京)技术有限公司 | Account risk identification method and device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111832060A (en) * | 2019-04-17 | 2020-10-27 | 北京搜狗科技发展有限公司 | Data processing method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107104973A (en) | The method of calibration and device of user behavior | |
Jung et al. | Accounttrade: Accountable protocols for big data trading against dishonest consumers | |
US9590969B2 (en) | Identity verification services using private data | |
CN104488277B (en) | For monitoring the method and apparatus of media presentation | |
EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
JP6609047B2 (en) | Method and device for application information risk management | |
CN104202339B (en) | A kind of across cloud authentication service method based on user behavior | |
US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
CN107852412A (en) | For phishing and the system and method for brand protection | |
CN104135365A (en) | A method, a server, and a client for verifying an access request | |
CN105743905B (en) | A kind of method that realizing secure log, unit and system | |
CN107203713A (en) | Verification code generation method and device | |
Edu et al. | Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS analysis | |
WO2019024497A1 (en) | Method, device, terminal equipment and medium for generating customer return visit event | |
CN113486122A (en) | Data sharing method and electronic equipment | |
CN107103243A (en) | The detection method and device of leak | |
CN107257325A (en) | User profile guard method and device | |
CN107679383A (en) | A kind of auth method and device based on geographical position and contact pressure area | |
CN107294766B (en) | Centralized control method and system | |
CN107018148A (en) | User logs in control method and device | |
CN107679865B (en) | Identity verification method and device based on touch area | |
CN116049138A (en) | Transaction data tracing method, tracing device and tracing system | |
CN114817867A (en) | Publication issuing platform based on internet | |
CN114153838A (en) | Encryption storage and query method for member information | |
Smith et al. | A Study of GDPR Compliance under the Transparency and Consent Framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171017 |