CN107517180A - Login method and device - Google Patents
Login method and device Download PDFInfo
- Publication number
- CN107517180A CN107517180A CN201610427357.7A CN201610427357A CN107517180A CN 107517180 A CN107517180 A CN 107517180A CN 201610427357 A CN201610427357 A CN 201610427357A CN 107517180 A CN107517180 A CN 107517180A
- Authority
- CN
- China
- Prior art keywords
- data
- server
- login
- login account
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The present invention relates to a kind of login method and device.The above method comprises the following steps:Receive logging request;Validation problem is randomly selected from default validation problem data according to the logging request and is shown;The first answer data for receiving the login account of input and being inputted according to the validation problem;The login account, validation problem and the first answer data are sent to server, so that the server searches the characteristic matched with the validation problem according to the login account in User Information Database, and verify whether first answer data is correct according to the characteristic found, if, then it is verified, do not pass through if it is not, then verifying;The result returned by the server is received, if being verified, is logined successfully, if checking is not by login failure.Above-mentioned login method and device, can prevent log-on message from revealing, and improve security.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of login method and device.
Background technology
With the high speed development of internet, user is frequently necessary to after being logged in using account number cipher, can just be made
The various functions provided with client, such as topic comment, shopping, viewing video etc., are used in traditional approach
The account and password at family are fixed, and password is easily obtained by unauthorized person and cracked, the log-on message of user
Leakage may cause the property loss of user and the leakage of other privacy informations etc., have larger potential safety hazard.
The content of the invention
Based on this, it is necessary to provide a kind of login method, can prevent log-on message from revealing, improve security.
A kind of entering device is provided in addition, there is a need to, can prevent log-on message from revealing, improves security.
A kind of login method, comprises the following steps:
Receive logging request;
Validation problem is randomly selected from default validation problem data according to the logging request and opened up
Show;
The first answer data for receiving the login account of input and being inputted according to the validation problem;
The login account, validation problem and the first answer data are sent to server, so that the service
Device searches the characteristic matched with the validation problem according to the login account in User Information Database
According to, and verify whether first answer data is correct according to the characteristic found, if so, then verifying
By not passing through if it is not, then verifying;
The result returned by the server is received, if being verified, is logined successfully, if checking is not
By then login failure.
In one of the embodiments, before the step of reception logging request, in addition to:
Gather user data;
The user data is analyzed, and extracts spy from the user data according to default validation problem data
Levy data;
The characteristic is sent to server, so that the server is by the characteristic and the use
Login account associated storage in user data is in User Information Database.
In one of the embodiments, it is described according to the logging request from default validation problem data
After the step of randomly selecting validation problem and being shown, in addition to:
Receive the password of input;
It is described that the login account, validation problem and the first answer data are sent to server, including:
The login account, password, validation problem and the first answer data are sent to server, so that institute
State server and judge whether the login account matches with the password, if matching, according to the login account
Search the characteristic matched with the validation problem number in User Information Database, and according to finding
Characteristic verifies whether first answer data is correct, if so, being then verified, if it is not, then verifying
Do not pass through.
In one of the embodiments, it is described according to the logging request from default validation problem data
After the step of randomly selecting validation problem and being shown, in addition to:
When receive forget log-on message request when, then
Forget the default abnormal problem data of log-on message acquisition request according to described, and asked according to the exception
Inscribe data display abnormal problem;
The second answer data for receiving the login account of input and being inputted according to the abnormal problem;
The login account and second answer data are sent to server so that the server according to
The login account obtains the personal login record matched with the login account, and according to second answer
Data and the matching degree of the personal login record determine confidence level, when the confidence level is more than
During predetermined level, then it is verified;
The result returned by the server is received, if being verified, is logined successfully.
In one of the embodiments, the characteristic includes behavioural characteristic data and personal information characteristic
According to;
Methods described also includes:
If logining successfully, the preset time period internal memory matched with the login account is obtained from the server
The behavioural characteristic data of storage are simultaneously shown.
A kind of entering device, including:
Request module is received, for receiving logging request;
Acquisition module, for randomly selecting checking from default validation problem data according to the logging request
Problem is simultaneously shown;
Input module is received, for receiving the login account inputted and inputted according to the validation problem first
Answer data;
Sending module, for the login account, validation problem and the first answer data to be sent into server,
So that the server is searched and the validation problem according to the login account in User Information Database
The characteristic matched somebody with somebody, and verify whether first answer data is correct according to the characteristic found, if
It is then to be verified, does not pass through if it is not, then verifying;
Object module is received, for receiving the result returned by the server, if being verified,
Login successfully, if checking is not by login failure.
In one of the embodiments, described device also includes:
Acquisition module, for gathering user data;
Analysis module, for analyzing the user data, and according to default validation problem data from the use
Characteristic is extracted in user data;
The sending module is additionally operable to the characteristic being sent to server, so that the server is by institute
The login account associated storage in characteristic and the user data is stated in User Information Database.
In one of the embodiments, the password for receiving input module and being additionally operable to receive input;
The sending module is additionally operable to send out the login account, password, validation problem and the first answer data
Server is given, so that the server judges whether the login account matches with the password, if matching,
The characteristic matched with the validation problem is then searched in User Information Database according to the login account
According to, and verify whether first answer data is correct according to the characteristic found, if so, then verifying
By not passing through if it is not, then verifying.
In one of the embodiments, it is described reception request module be additionally operable to reception forget log-on message ask;
The acquisition module is additionally operable to forget the default abnormal problem number of log-on message acquisition request according to
According to, and according to the abnormal problem data display abnormal problem;
The input module that receives is additionally operable to receive the login account of input and according to abnormal problem input
Second answer data;
The sending module is additionally operable to the login account and second answer data being sent to server,
So that the server obtains the personal login record matched with the login account according to the login account,
And confidence level is determined according to the matching degree of second answer data and the personal login record, when
When the confidence level is more than predetermined level, then it is verified;
The object module that receives is additionally operable to receive the result returned by the server, if being verified,
Then login successfully.
In one of the embodiments, the characteristic includes behavioural characteristic data and personal information characteristic
According to;
Described device also includes:
Display module, if for logining successfully, obtain what is matched with the login account from the server
The behavioural characteristic data of preset time period memory storage are simultaneously shown.
Above-mentioned login method and device, terminal receive logging request, randomly select validation problem, receive user
The login account of input and the first answer data of input, and by login account, validation problem and the first answer
Data are sent to server, and server is searched the characteristic matched with validation problem according to login account and judged
Whether the first answer data is correct, is verified, validation problem is various, and corresponding answer can be with actual conditions
Change, can prevent log-on message from revealing, improve security.
Brief description of the drawings
Fig. 1 is the system architecture diagram of login method in one embodiment;
Fig. 2 is the schematic flow sheet of login method in one embodiment;
Fig. 3 is login interface schematic diagram in one embodiment;
Fig. 4 is the schematic flow sheet that terminal extracts characteristic in one embodiment;
Fig. 5 is the schematic flow sheet of login method in another embodiment;
Fig. 6 is login interface schematic diagram in another embodiment;
Fig. 7 is the schematic flow sheet that terminal processes forget log-on message request in one embodiment;
Fig. 8 is the interface schematic diagram that log-on message is forgotten in one embodiment;
Fig. 9 is the structural representation of entering device in an example;
Figure 10 is the structural representation of entering device in another example;
Figure 11 is the structural representation of entering device in another example.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing and reality
Example is applied, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only
To explain the present invention, it is not intended to limit the present invention.
Fig. 1 is the system architecture diagram of login method in one embodiment.As shown in figure 1, terminal 10 can be with clothes
Business device 20 is attached by network.Terminal 10 receives logging request, is tested according to logging request from default
Validation problem is randomly selected in card problem data, and shows the validation problem.Terminal 10 receives user's input
Login account and the first answer data inputted according to validation problem, and by login account, validation problem and the
One answer data is sent to server 20.The login account of the receiving terminal 10 of server 20 transmission, checking are asked
Topic and the first answer data, search what is matched with validation problem according to login account in User Information Database
Characteristic, and verify whether the first answer data is correct according to the characteristic found, if so, then testing
Card passes through, and does not pass through if it is not, then verifying.Server 20 transmits verification result to terminal 10, terminal 10
The reception server 20 send the result, if being verified, login successfully, if checking not by,
Login failure.
As shown in Fig. 2 a kind of login method, is described from terminal, comprise the following steps:
Step S210, receive logging request.
Specifically, login button or option can be provided with terminal, when user clicks on the login button or option,
Terminal can receive caused logging request, wherein, terminal may include smart mobile phone, tablet personal computer, hand-held electric
Brain, desktop computer etc..
Step S220, validation problem is randomly selected from default validation problem data according to logging request and gone forward side by side
Row displaying.
Specifically, after terminal receives logging request, can be according to the logging request from default validation problem data
In randomly select validation problem, and show the validation problem randomly selected, wherein, default validation problem number
According to can mainly include the problem of related to the behavior record of user, concealed personal information etc., for example, " may I ask you
What the operation of last time is ", " may I ask your account balance also how many ", " may I ask your amount of money for transferring accounts of last time
Be how many " the problems such as, answer corresponding to the validation problem in validation problem data be not it is fixed, it is different
Answer all may be different when being logged in the different time by user.Detailed test can be set according to the actual requirements
Problem data is demonstrate,proved, more detailed validation problem security is higher.
Step S230, the first answer data for receiving the login account of input and being inputted according to validation problem.
Specifically, user can input login account in terminal, and first is inputted according to the validation problem of displaying
Answer data, it can be submitted after the completion of user's input, after terminal, which receives, submits input operation, terminal
The first answer data that the login account of input can be received and inputted according to validation problem.
Step S240, login account, validation problem and the first answer data are sent to server, so that clothes
Business device searches the characteristic matched with validation problem, and root according to login account in User Information Database
It is investigated that the characteristic found verifies whether the first answer data is correct, if so, be then verified, if it is not,
Then verify and do not pass through.
Specifically, the login account of reception, the first answer data and validation problem can be sent to clothes by terminal
Business device, can be first according to login account after server receives login account, validation problem and the first answer data
The characteristic of all storages corresponding with the login account is obtained in User Information Database.Wherein, it is special
Sign data refer to the reference user behavior come out from the behavioral data and personal information extracting data of user or
The data of some personal information, characteristic may include behavioural characteristic data and personal information characteristic, OK
Being characterized data may include the behavior record of user, such as:X days month Y, user carry out sweepstake;A
The B days moon, user inquire about account balance etc., and personal information characteristic may include the secret information of user account,
Such as account balance there remains X members etc..Server can be in the characteristic of all storages corresponding with login account
According to the middle characteristic searched and matched with validation problem, for example, validation problem is " when may I ask your last login
What the operation carried out is", the spy matched with the validation problem can be found from all characteristics
Data are levied as " X days month Y, user carry out sweepstake ", server is according to finding and validation problem
The characteristic matched somebody with somebody judges whether the first answer data is correct, can be by the first answer data and characteristic
Keyword is compared, for example, the first answer data is " prize drawing ", the keyword in characteristic is " to take out
Prize activity ", then judge that the first answer data is correct.If the first answer data is correct, server can be to terminal
The result being verified is returned to, if the first answer data mistake, server can be returned to terminal and verified
The result not passed through.
Step S250, the result returned by server is received, if being verified, is logined successfully, if
Checking is not by then login failure.
Specifically, the result that terminal the reception server returns, if the result is used to be verified
Family logins successfully, if the result is to verify not by that login failed for user, user can be allowed to re-start
Log in.Fig. 3 is login interface schematic diagram in one embodiment, as shown in figure 3, being shown in login frame 30
Account input frame 301, validation problem 303 and answer input box 305, user can be in account input frames 30
Login account is inputted, " it is assorted for may I ask the operation that you performed last time to validation problem 303 for the problem of randomly selecting
", user can be inputted in answer input box 305 corresponding to answer logged in, terminal by login account,
Validation problem and the answer data of user's input are sent to server, can be succeeded after by server authentication
Log in.
Above-mentioned login method, terminal receive logging request, randomly select validation problem, receive user's input
Login account and the first answer data of input, and login account, validation problem and the first answer data are sent out
Server is given, server searches the characteristic matched with validation problem according to login account and judges that first answers
Whether case data are correct, verified, validation problem is various, and corresponding answer can become with actual conditions
It is dynamic, it can prevent log-on message from revealing, improve security.In addition, user need not remember the close of uninteresting fixation
Code, only need to answer validation problem can be logged in, and can reduce the situation that user forgets password.
As shown in figure 4, in one embodiment, before step S210 receives logging request, in addition to:
Step S410, gather user data.
Specifically, terminal can gather user data, user data may include when user logs in and operated
The behavioral data and personal information data of user, the behavioral data of user may include that user performs the specific of operation
Content, the time for performing operation etc., personal information data may include login account, the IP (Internet logged in
Protocol, the agreement interconnected between network) address, user name, account balance, identification card number etc..
Step S420, user data is analyzed, and extracted according to default validation problem data from user data
Characteristic.
Specifically, terminal can analyze the user data of collection, and according to default validation problem data pair with testing
The related user data of card problem data carries out refining generation characteristic, for example, default validation problem number
According to including " what the operation that may I ask your last time is ", then can be extracted from user data related to user's operation
Data, and refine and obtain characteristic, for example, X days month Y, user carries out sweepstake.It is if default
Validation problem data include " may I ask your account balance also how many ", then can be extracted from user data and account
The related data of family remaining sum, and refined to obtain characteristic, for example, X days month Y, account balance are
500 yuan.
Step S430, characteristic is sent to server, so that server is by characteristic and user data
In login account associated storage in User Information Database.
Specifically, characteristic can be sent to server by terminal, server can incite somebody to action after receiving characteristic
Characteristic in User Information Database, facilitates subsequent user to log in corresponding login account associated storage
When, the answer inputted using characteristic to user is verified.
Above-mentioned login method, terminal collection user data, analyzes user data and according to default problem data
Extraction characteristic is stored server, can update the characteristic of user at any time, ensures validation problem
The accuracy of answer, validation problem answer can change with actual conditions, can prevent log-on message from revealing,
Improve security.
As shown in figure 5, in one embodiment, asked in step S220 according to logging request from default checking
After validation problem being randomly selected in topic data and being shown, in addition to:
Step S502, receive the password of input.
Specifically, after terminal randomly selects validation problem from default validation problem data and is shown,
Login account, the password of user's input, and the first answer data inputted according to validation problem can be received.
Step S240, login account, validation problem and the first answer data are sent to server, can be specific
Including:
Step S504, login account, password, validation problem and the first answer data are sent to server,
So that server judges whether login account matches with password, if matching, believed according to login account in user
Search the characteristic that is matched with validation problem in breath database, and the is verified according to the characteristic found
Whether one answer data is correct, if so, being then verified, does not pass through if it is not, then verifying.
Specifically, terminal can be and defeated according to validation problem by the login account, password, validation problem of reception
The first answer data entered is sent to server.After server receives, first login account and password can be carried out
Checking, whether inquiry judging login account and password match in User Information Database, if login account and
Password is mismatched, and the information of code error can be directly returned to terminal.If login account and password match,
All storages corresponding with the login account are further obtained in User Information Database according to login account
Characteristic, and therefrom search the characteristic matched with validation problem.Server is according to finding with testing
The characteristic of card problem matching judges whether the first answer data is correct, if the first answer data is correct,
Server can return to the result being verified to terminal, if the first answer data mistake, server can
The result verified and do not passed through is returned to terminal.
Fig. 6 is login interface schematic diagram in one embodiment, as shown in fig. 6, showing account in login frame 30
Number input frame 301, validation problem 303, answer input box 305 and Password Input frame 307, user can be in account
Login account is inputted in number input frame 301, password, validation problem 303 are inputted in Password Input frame 307
The problem of to randomly select, " may I ask the operation that you performed last time was what", user can be in answer input box 305
Answer corresponding to middle input is logged in, and terminal inputs login account, password, validation problem and user
Answer data is sent to server, first judges whether login account and password match by server, if the two
Match somebody with somebody, then whether Validation Answer Key data are correct, can Successful login after being verified.
Above-mentioned login method, terminal by the login account of reception, password and according to validation problem input first
Answer data is sent to server, first judges whether login account matches with password by server, if matching,
Verify whether the first answer data is correct again, traditional password authentification is combined with validation problem, carry out
Double verification, effectively prevent that unauthorized person stealing passwords from being logged in, further enter high security.
As shown in fig. 7, in one embodiment, in step S220 according to logging request from default validation problem
After validation problem is randomly selected in data and is shown, in addition to:
Step S702, reception forget that log-on message is asked.
Specifically, the validation problem that terminal display randomly selects, when user forgets the corresponding answer of validation problem
When, it can submit and forget that log-on message is asked, can be according to forgetting when terminal, which receives, forgets log-on message request
Log-on message request, which redirects, forgets the log-on message page, and is carried out by performing step S704 to step S710
Log in, logged in without performing step S230 to step S250.
Step S704, according to forgetting the default abnormal problem data of log-on message acquisition request, and according to exception
Problem data shows abnormal problem.
Specifically, abnormal problem data mainly include the problem of related to user's login data, for example, abnormal
Problem can be " may I ask when you are the last time logged in ", " may I ask the place that you often log in is
Where " the problems such as, terminal can according to default abnormal problem data display one or more abnormal problem for
Answered at family.
Step S706, the second answer data for receiving the login account of input and being inputted according to abnormal problem.
Specifically, user can input the login account for forgetting log-on message, and asked according to the exception of terminal display
Topic inputs corresponding second answer data, after terminal receives login account and the second answer data, will can receive
Login account and the second answer data are sent to server, are verified by server, after being verified
Login successfully.
Step S708, login account and the second answer data are sent to server, so that server is according to stepping on
Record account obtains the personal login record matched with login account, and is logged according to the second answer data with personal
The matching degree of record determines confidence level, when confidence level is more than predetermined level, is then verified.
Specifically, login account and the second answer data that server receiving terminal is sent, can be according to login account
Number inquiry obtains the personal login record that is matched with login account, may include in personal login record login time,
Log in place, log in IP address, MAC (Media Access Control, media access control layer) address
Etc. information.Server can pre-establish the second answer data and personal login record matching degree and confidence level etc.
The corresponding relation of level, and confidence level etc. is determined according to the matching degree of the second answer data and personal login record
Level, matching degree is higher, and confidence level is higher, wherein, confidence level can be carried out according to the actual requirements
Setting, such as 10 grades etc. can be divided into, but not limited to this.Server also can according to the MAC of terminal
The information such as location, IP address, terminal device number and the matching degree of personal login record determine confidence level.
When confidence level is more than predetermined level, such as predetermined level is 8, then illustrate that the user uses for trusted
Family, then the result being verified is returned to terminal, if confidence level is less than predetermined level, is returned to terminal
Return the result that checking does not pass through.
Step S710, the result returned by server is received, if being verified, is logined successfully.
Specifically, the result that terminal the reception server returns, if the result is used to be verified
Family logins successfully.Fig. 8 is the interface schematic diagram that log-on message is forgotten in one embodiment, as shown in figure 8,
Forget to show account input frame 801, abnormal problem 803 and answer input box 805 in log-on message frame 80,
User can input the login account for forgetting log-on message in account input frame 801, show in abnormal problem 803
Show abnormal problem " to may I ask when your the last log in is", user can be in answer input box 805
The middle corresponding answer of input, terminal receives the login account and answer data of input, and by login account and answers
Case data are sent to server, are verified by server, can Successful login after being verified.
Above-mentioned login method, when user forgets log-on message, terminal display abnormal problem, it is defeated to receive user
The login account that enters and the second answer data inputted according to abnormal problem, and by login account and the second answer
Data are sent to server, and server determines according to the matching degree of the second answer data and personal login record
Confidence level, verified with this, the user for forgetting log-on message can be helped to be logged in, convenient and swift and peace
Quan Xinggao.
In one embodiment, above-mentioned login method, in addition to:If logining successfully, obtained from server
The behavioural characteristic data of the preset time period memory storage matched with login account are simultaneously shown.
Specifically, characteristic may include behavioural characteristic data and personal information characteristic, behavioural characteristic number
Extract to obtain according to by the behavioral data of user, it may include the behavior record information of user, such as:X days month Y,
User carries out sweepstake;A days month B, user inquire about account balance etc..If user logins successfully, terminal
The behavioural characteristic data in preset time period memory storage matched with login account, such as 1 can be obtained from server
The behavioural characteristic data of the user in individual month, and behavioural characteristic data are shown, user's identification can be helped
Official website and fishing website, ensure user information safety.
Above-mentioned login method, after user logins successfully, preset time period that terminal display matches with login account
Interior behavioural characteristic data, prevent fishing website, help user's identification official website and fishing website, improve
Security.
As shown in figure 9, a kind of entering device, including receive request module 910, acquisition module 920, receive
Input module 930, sending module 940 and reception object module 950.
Request module 910 is received, for receiving logging request.
Specifically, login button or option can be provided with terminal, when user clicks on the login button or option,
Terminal can receive caused logging request, wherein, terminal may include smart mobile phone, tablet personal computer, hand-held electric
Brain, desktop computer etc..
Acquisition module 920, asked for randomly selecting checking from default validation problem data according to logging request
Inscribe and be shown.
Specifically, after terminal receives logging request, can be according to the logging request from default validation problem data
In randomly select validation problem, and show the validation problem randomly selected, wherein, default validation problem number
According to can mainly include the problem of related to the behavior record of user, concealed personal information etc., for example, " may I ask you
What the operation of last time is ", " may I ask your account balance also how many ", " may I ask your amount of money for transferring accounts of last time
Be how many " the problems such as, answer corresponding to the validation problem in validation problem data be not it is fixed, it is different
Answer all may be different when being logged in the different time by user.Detailed test can be set according to the actual requirements
Problem data is demonstrate,proved, more detailed validation problem security is higher.
Input module 930 is received, first for receiving the login account of input and being inputted according to validation problem is answered
Case data.
Specifically, user can input login account in terminal, and first is inputted according to the validation problem of displaying
Answer data, it can be submitted after the completion of user's input, after terminal, which receives, submits input operation, terminal
The first answer data that the login account of input can be received and inputted according to validation problem.
Sending module 940, for the login account, validation problem and the first answer data to be sent into service
Device, asked so that the server is searched according to the login account in User Information Database with the checking
The characteristic of matching is inscribed, and verifies whether first answer data is correct according to the characteristic found,
If so, being then verified, do not pass through if it is not, then verifying.
Specifically, the login account of reception, the first answer data and validation problem can be sent to clothes by terminal
Business device, can be first according to login account after server receives login account, validation problem and the first answer data
The characteristic of all storages corresponding with the login account is obtained in User Information Database.Wherein, it is special
Sign data refer to the reference user behavior come out from the behavioral data and personal information extracting data of user or
The data of some personal information, characteristic may include behavioural characteristic data and personal information characteristic, OK
Being characterized data may include the behavior record of user, such as:X days month Y, user carry out sweepstake;A
The B days moon, user inquire about account balance etc., and personal information characteristic may include the secret information of user account,
Such as account balance there remains X members etc..Server can be in the characteristic of all storages corresponding with login account
According to the middle characteristic searched and matched with validation problem, for example, validation problem is " when may I ask your last login
What the operation carried out is ", the feature matched with the validation problem can be found from all characteristics
Data are " X days month Y, user carry out sweepstake ", and server is matched with validation problem according to finding
Characteristic judge whether the first answer data correct, can be by the pass in the first answer data and characteristic
Key word is compared, for example, the first answer data is " prize drawing ", the keyword in characteristic is " prize drawing
Activity ", then judge that the first answer data is correct.If the first answer data is correct, server can return to terminal
The result being verified is returned, if the first answer data mistake, server can return to checking not to terminal
The result passed through.
Object module 950 is received, for receiving the result returned by server, if being verified, is stepped on
Record successfully, if checking is not by login failure.
Specifically, the result that terminal the reception server returns, if the result is used to be verified
Family logins successfully, if the result is to verify not by that login failed for user, user can be allowed to re-start
Log in.
Above-mentioned entering device, terminal receive logging request, randomly select validation problem, receive user's input
Login account and the first answer data of input, and login account, validation problem and the first answer data are sent out
Server is given, server searches the characteristic matched with validation problem according to login account and judges that first answers
Whether case data are correct, verified, validation problem is various, and corresponding answer can become with actual conditions
It is dynamic, it can prevent log-on message from revealing, improve security.In addition, user need not remember the close of uninteresting fixation
Code, only need to answer validation problem can be logged in, and can reduce the situation that user forgets password.
As shown in Figure 10, in one embodiment, above-mentioned entering device, except including receive request module 910,
Acquisition module 920, receive input module 930, sending module 940 and receive object module 950, in addition to
Acquisition module 960 and analysis module 970.
Acquisition module 960, for gathering user data.
Specifically, terminal can gather user data, user data may include when user logs in and operated
The behavioral data and personal information data of user, the behavioral data of user may include that user performs the specific of operation
Content, the time for performing operation etc., personal information data may include login account, the IP address logged in, use
Name in an account book, account balance, identification card number etc..
Analysis module 970, for analyzing user data, and according to default validation problem data from user data
Middle extraction characteristic.
Specifically, terminal can analyze the user data of collection, and according to default validation problem data pair with testing
The related user data of card problem data carries out refining generation characteristic, for example, default validation problem number
According to including " what the operation that may I ask your last time is ", then can be extracted from user data related to user's operation
Data, and refine and obtain characteristic, for example, X days month Y, user carries out sweepstake.It is if default
Validation problem data include " may I ask your account balance also how many ", then can be extracted from user data and account
The related data of family remaining sum, and refined to obtain characteristic, for example, X days month Y, account balance are
500 yuan.
Sending module 940 is additionally operable to characteristic being sent to server so that server by characteristic with
Login account associated storage in user data is in User Information Database.
Specifically, characteristic can be sent to server by terminal, server can incite somebody to action after receiving characteristic
Characteristic in User Information Database, facilitates subsequent user to log in corresponding login account associated storage
When, the answer inputted using characteristic to user is verified.
Above-mentioned entering device, terminal collection user data, analyzes user data and according to default problem data
Extraction characteristic is stored server, can update the characteristic of user at any time, ensures validation problem
The accuracy of answer, validation problem answer can change with actual conditions, can prevent log-on message from revealing,
Improve security.
In one embodiment, above-mentioned entering device, receive input module 930 and be additionally operable to receive the close of input
Code.
Specifically, after terminal randomly selects validation problem from default validation problem data and is shown,
Login account, the password of user's input, and the first answer data inputted according to validation problem can be received.
Sending module 940 is additionally operable to login account, password, validation problem and the first answer data being sent to
Server, so that server judges whether login account matches with password, if matching, according to login account
The characteristic matched with validation problem is searched in User Information Database, and according to the characteristic found
It is whether correct according to the first answer data of checking, if so, being then verified, do not pass through if it is not, then verifying.
Specifically, terminal can be and defeated according to validation problem by the login account, password, validation problem of reception
The first answer data entered is sent to server.After server receives, first login account and password can be carried out
Checking, whether inquiry judging login account and password match in User Information Database, if login account and
Password is mismatched, and the information of code error can be directly returned to terminal.If login account and password match,
All storages corresponding with the login account are further obtained in User Information Database according to login account
Characteristic, and therefrom search the characteristic matched with validation problem.Server is according to finding with testing
The characteristic of card problem matching judges whether the first answer data is correct, if the first answer data is correct,
Server can return to the result being verified to terminal, if the first answer data mistake, server can
The result verified and do not passed through is returned to terminal.
Above-mentioned entering device, terminal by the login account of reception, password and according to validation problem input first
Answer data is sent to server, first judges whether login account matches with password by server, if matching,
Verify whether the first answer data is correct again, traditional password authentification is combined with validation problem, carry out
Double verification, effectively prevent that unauthorized person stealing passwords from being logged in, further enter high security.
In one embodiment, above-mentioned entering device, reception request module 910 are additionally operable to reception and forget to log in
Information request.
Specifically, the validation problem that terminal display randomly selects, when user forgets the corresponding answer of validation problem
When, it can submit and forget that log-on message is asked, can be according to forgetting when terminal, which receives, forgets log-on message request
Log-on message request, which redirects, forgets the log-on message page.
Acquisition module 920 is additionally operable to basis and forgets the default abnormal problem data of log-on message acquisition request, and
According to abnormal problem data display abnormal problem.
Specifically, abnormal problem data mainly include the problem of related to user's login data, for example, abnormal
Problem can be " may I ask when you are the last time logged in ", " may I ask the place that you often log in is
Where " the problems such as, terminal can according to default abnormal problem data display one or more abnormal problem for
Answered at family.
Receive input module 930 and be additionally operable to receive the login account of input and inputted according to abnormal problem second
Answer data.
Specifically, user can input the login account for forgetting log-on message, and asked according to the exception of terminal display
Topic inputs corresponding second answer data, after terminal receives login account and the second answer data, will can receive
Login account and the second answer data are sent to server, are verified by server, after being verified
Login successfully.
Sending module 940 is additionally operable to login account and the second answer data being sent to server, so that service
Device obtains the personal login record that is matched with login account according to login account, and according to the second answer data and
The matching degree of personal login record determines confidence level, when confidence level is more than predetermined level, then
It is verified.
Specifically, login account and the second answer data that server receiving terminal is sent, can be according to login account
Number inquiry obtains the personal login record that is matched with login account, may include in personal login record login time,
Log in place, log in the information such as IP address, MAC Address.Server can pre-establish the second answer data with
The corresponding relation of personal login record matching degree and confidence level, and according to the second answer data and individual
The matching degree of login record determines confidence level, and matching degree is higher, and confidence level is higher, wherein,
Confidence level can be set according to the actual requirements, such as can be divided into 10 grades etc., but not limited to this.
Server also can be according to the information such as the MAC Address of terminal, IP address, terminal device number and personal login record
Matching degree determine confidence level.When confidence level is more than predetermined level, such as predetermined level for 8
When, then it is trusted user to illustrate the user, then the result being verified is returned to terminal, if confidence level etc.
Level is less than predetermined level, then the result verified and do not passed through is returned to terminal.
Object module 950 is received to be additionally operable to receive the result returned by server, if being verified,
Login successfully.
Specifically, the result that terminal the reception server returns, if the result is used to be verified
Family logins successfully.
Above-mentioned entering device, when user forgets log-on message, terminal display abnormal problem, it is defeated to receive user
The login account that enters and the second answer data inputted according to abnormal problem, and by login account and the second answer
Data are sent to server, and server determines according to the matching degree of the second answer data and personal login record
Confidence level, verified with this, the user for forgetting log-on message can be helped to be logged in, convenient and swift and peace
Quan Xinggao.
As shown in figure 11, in one embodiment, above-mentioned entering device, except including receive request module 910,
Acquisition module 920, receive input module 930, sending module 940, receive object module 950, collection mould
Block 960 and analysis module 970, in addition to display module 980.
Display module 980, if for logining successfully, from server obtain matched with login account it is default when
Between section memory storage behavioural characteristic data and be shown.
Specifically, characteristic may include behavioural characteristic data and personal information characteristic, behavioural characteristic number
Extract to obtain according to by the behavioral data of user, it may include the behavior record information of user, such as:X days month Y,
User carries out sweepstake;A days month B, user inquire about account balance etc..If user logins successfully, terminal
The behavioural characteristic data in preset time period memory storage matched with login account, such as 1 can be obtained from server
The behavioural characteristic data of the user in individual month, and behavioural characteristic data are shown, user's identification can be helped
Official website and fishing website, ensure user information safety.
Above-mentioned entering device, after user logins successfully, preset time period that terminal display matches with login account
Interior behavioural characteristic data, prevent fishing website, help user's identification official website and fishing website, improve
Security.
Each technical characteristic of embodiment described above can be combined arbitrarily, not right to make description succinct
The all possible combination of each technical characteristic in above-described embodiment is all described, as long as however, these skills
Contradiction is not present in the combination of art feature, is all considered to be the scope of this specification record.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more specific and detailed,
But can not therefore it be construed as limiting the scope of the patent.It should be pointed out that for this area
For those of ordinary skill, without departing from the inventive concept of the premise, some deformations can also be made and changed
Enter, these belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended power
Profit requires to be defined.
Claims (10)
1. a kind of login method, comprises the following steps:
Receive logging request;
Validation problem is randomly selected from default validation problem data according to the logging request and opened up
Show;
The first answer data for receiving the login account of input and being inputted according to the validation problem;
The login account, validation problem and the first answer data are sent to server, so that the service
Device searches the characteristic matched with the validation problem according to the login account in User Information Database
According to, and verify whether first answer data is correct according to the characteristic found, if so, then verifying
By not passing through if it is not, then verifying;
The result returned by the server is received, if being verified, is logined successfully, if checking is not
By then login failure.
2. login method according to claim 1, it is characterised in that in the reception logging request
Before step, in addition to:
Gather user data;
The user data is analyzed, and extracts spy from the user data according to default validation problem data
Levy data;
The characteristic is sent to server, so that the server is by the characteristic and the use
Login account associated storage in user data is in User Information Database.
3. login method according to claim 1, it is characterised in that asked described according to the login
After asking the step of randomly selecting validation problem from default validation problem data and being shown, in addition to:
Receive the password of input;
It is described that the login account, validation problem and the first answer data are sent to server, including:
The login account, password, validation problem and the first answer data are sent to server, so that institute
State server and judge whether the login account matches with the password, if matching, according to the login account
Search the characteristic matched with the validation problem number in User Information Database, and according to finding
Characteristic verifies whether first answer data is correct, if so, being then verified, if it is not, then verifying
Do not pass through.
4. login method according to claim 1, it is characterised in that asked described according to the login
After asking the step of randomly selecting validation problem from default validation problem data and being shown, in addition to:
When receive forget log-on message request when, then
Forget the default abnormal problem data of log-on message acquisition request according to described, and asked according to the exception
Inscribe data display abnormal problem;
The second answer data for receiving the login account of input and being inputted according to the abnormal problem;
The login account and second answer data are sent to server so that the server according to
The login account obtains the personal login record matched with the login account, and according to second answer
Data and the matching degree of the personal login record determine confidence level, when the confidence level is more than
During predetermined level, then it is verified;
The result returned by the server is received, if being verified, is logined successfully.
5. login method according to any one of claims 1 to 4, it is characterised in that the characteristic
Including behavioural characteristic data and personal information characteristic;
Methods described also includes:
If logining successfully, the preset time period internal memory matched with the login account is obtained from the server
The behavioural characteristic data of storage are simultaneously shown.
A kind of 6. entering device, it is characterised in that including:
Request module is received, for receiving logging request;
Acquisition module, for randomly selecting checking from default validation problem data according to the logging request
Problem is simultaneously shown;
Input module is received, for receiving the login account inputted and inputted according to the validation problem first
Answer data;
Sending module, for the login account, validation problem and the first answer data to be sent into server,
So that the server is searched and the validation problem according to the login account in User Information Database
The characteristic matched somebody with somebody, and verify whether first answer data is correct according to the characteristic found, if
It is then to be verified, does not pass through if it is not, then verifying;
Object module is received, for receiving the result returned by the server, if being verified,
Login successfully, if checking is not by login failure.
7. entering device according to claim 6, it is characterised in that described device also includes:
Acquisition module, for gathering user data;
Analysis module, for analyzing the user data, and according to default validation problem data from the use
Characteristic is extracted in user data;
The sending module is additionally operable to the characteristic being sent to server, so that the server is by institute
The login account associated storage in characteristic and the user data is stated in User Information Database.
8. entering device according to claim 6, it is characterised in that the reception input module is also used
In the password for receiving input;
The sending module is additionally operable to send out the login account, password, validation problem and the first answer data
Server is given, so that the server judges whether the login account matches with the password, if matching,
The characteristic matched with the validation problem is then searched in User Information Database according to the login account
According to, and verify whether first answer data is correct according to the characteristic found, if so, then verifying
By not passing through if it is not, then verifying.
9. entering device according to claim 6, it is characterised in that the reception request module is also used
Forget that log-on message is asked in reception;
The acquisition module is additionally operable to forget the default abnormal problem number of log-on message acquisition request according to
According to, and according to the abnormal problem data display abnormal problem;
The input module that receives is additionally operable to receive the login account of input and according to abnormal problem input
Second answer data;
The sending module is additionally operable to the login account and second answer data being sent to server,
So that the server obtains the personal login record matched with the login account according to the login account,
And confidence level is determined according to the matching degree of second answer data and the personal login record, when
When the confidence level is more than predetermined level, then it is verified;
The object module that receives is additionally operable to receive the result returned by the server, if being verified,
Then login successfully.
10. according to any described entering device of claim 6 to 9, it is characterised in that the characteristic
According to including behavioural characteristic data and personal information characteristic;
Described device also includes:
Display module, if for logining successfully, obtain what is matched with the login account from the server
The behavioural characteristic data of preset time period memory storage are simultaneously shown.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610427357.7A CN107517180B (en) | 2016-06-15 | 2016-06-15 | Login method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610427357.7A CN107517180B (en) | 2016-06-15 | 2016-06-15 | Login method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107517180A true CN107517180A (en) | 2017-12-26 |
| CN107517180B CN107517180B (en) | 2020-05-29 |
Family
ID=60720508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610427357.7A Active CN107517180B (en) | 2016-06-15 | 2016-06-15 | Login method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107517180B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108197901A (en) * | 2018-02-01 | 2018-06-22 | 宁夏灵智科技有限公司 | Working state determines method and system |
| CN108551451A (en) * | 2018-04-18 | 2018-09-18 | 何小林 | A kind of multiple-authentication method and system of protection application system permission |
| CN109858210A (en) * | 2019-01-07 | 2019-06-07 | 平安科技(深圳)有限公司 | Information Authentication method, apparatus, computer equipment and storage medium |
| CN111556031A (en) * | 2020-04-13 | 2020-08-18 | 江苏能电科技有限公司 | Safety login method and device of electric brake system, computer equipment and medium |
| CN115001798A (en) * | 2022-05-30 | 2022-09-02 | 中国银行股份有限公司 | Mobile phone bank login method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7269579B2 (en) * | 2001-09-18 | 2007-09-11 | Lovegren Victoria M | Method for tracking and assessing program participation |
| CN104580264A (en) * | 2015-02-13 | 2015-04-29 | 人民网股份有限公司 | Login method, registration method and login device as well as login and refrigeration system |
| CN104901924A (en) * | 2014-03-05 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Internet account verifying method and device |
| CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
-
2016
- 2016-06-15 CN CN201610427357.7A patent/CN107517180B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7269579B2 (en) * | 2001-09-18 | 2007-09-11 | Lovegren Victoria M | Method for tracking and assessing program participation |
| CN104901924A (en) * | 2014-03-05 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Internet account verifying method and device |
| CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
| CN104580264A (en) * | 2015-02-13 | 2015-04-29 | 人民网股份有限公司 | Login method, registration method and login device as well as login and refrigeration system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108197901A (en) * | 2018-02-01 | 2018-06-22 | 宁夏灵智科技有限公司 | Working state determines method and system |
| CN108551451A (en) * | 2018-04-18 | 2018-09-18 | 何小林 | A kind of multiple-authentication method and system of protection application system permission |
| CN109858210A (en) * | 2019-01-07 | 2019-06-07 | 平安科技(深圳)有限公司 | Information Authentication method, apparatus, computer equipment and storage medium |
| CN111556031A (en) * | 2020-04-13 | 2020-08-18 | 江苏能电科技有限公司 | Safety login method and device of electric brake system, computer equipment and medium |
| CN115001798A (en) * | 2022-05-30 | 2022-09-02 | 中国银行股份有限公司 | Mobile phone bank login method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107517180B (en) | 2020-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11847199B2 (en) | Remote usage of locally stored biometric authentication data | |
| US11423131B2 (en) | Systems and methods for improving KBA identity authentication questions | |
| US20090276839A1 (en) | Identity collection, verification and security access control system | |
| US8536976B2 (en) | Single-channel multi-factor authentication | |
| US20170201518A1 (en) | Method and system for real-time authentication of user access to a resource | |
| WO2020019963A1 (en) | Identity verification method and device and account information modification method and device | |
| US20050039056A1 (en) | Method and apparatus for authenticating a user using three party question protocol | |
| US10909230B2 (en) | Methods for user authentication | |
| CN107517180A (en) | Login method and device | |
| TW201435640A (en) | Method and system for identifying human/machine | |
| CN104426884A (en) | Method for authenticating identity and device for authenticating identity | |
| CN106789855A (en) | The method and device of user login validation | |
| US20220029981A1 (en) | Voice biometric authentication in a virtual assistant | |
| CN107025397A (en) | The acquisition methods and device of identity information | |
| CN113326488A (en) | Personal information protection system and method | |
| Marasco et al. | Biometric multi‐factor authentication: On the usability of the FingerPIN scheme | |
| CN109829321B (en) | Method, device, equipment and storage medium for authenticating identity | |
| JP2003263417A (en) | Authentication system | |
| CN104601532B (en) | A kind of method and device of logon account | |
| CN111047146B (en) | Risk identification method, device and equipment for enterprise users | |
| US10003464B1 (en) | Biometric identification system and associated methods | |
| CN107885986A (en) | A kind of form filling method, form data store method and device | |
| CN107426163A (en) | A kind of method and device of encryption | |
| CN107370603B (en) | Identity authentication method, server and computer readable storage medium | |
| JP2004013865A (en) | Personal identification method by associative memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |