CN107742067A - A kind of auth method, device and system - Google Patents

A kind of auth method, device and system Download PDF

Info

Publication number
CN107742067A
CN107742067A CN201610934283.6A CN201610934283A CN107742067A CN 107742067 A CN107742067 A CN 107742067A CN 201610934283 A CN201610934283 A CN 201610934283A CN 107742067 A CN107742067 A CN 107742067A
Authority
CN
China
Prior art keywords
information
user
identifying code
authentication
network environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610934283.6A
Other languages
Chinese (zh)
Inventor
陈云云
郭计伟
张小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610934283.6A priority Critical patent/CN107742067A/en
Publication of CN107742067A publication Critical patent/CN107742067A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention discloses a kind of auth method, device and system;The embodiment of the present invention is after receiving Client-initiated identifying code and obtaining request, the user history information of the acquisition request user can be obtained according to the identifying code, and identifying code is generated according to the user history information, then, authentication is carried out to the user based on the identifying code of generation;The program can improve the reliability of authentication, and the security of information.

Description

A kind of auth method, device and system
Technical field
The present invention relates to communication technical field, and in particular to a kind of auth method, device and system.
Background technology
Nowadays, various information are flooded with the life of people, for example shopping at network, online transfer accounts and session Etc., it is related to the processing of information invariably, and information security, even more involves the security of the lives and property of people.
In order to improve the security of information processing, when handling information, except needing to the user name of user and Outside password is verified, it is also necessary to carry out " identifying code " checking;So-called identifying code, refer to generating a character at random by system String or picture, and require that user is inputted accordingly according to the character string or picture of display, the proposition of the technology is mainly Prevent some hacker from, to some particular registered user, continuous login attempt is carried out using specific program Brute Force mode The situation of (i.e. checking is attempted) occurs.
In the research and practice process to prior art, it was found by the inventors of the present invention that due to traditional identifying code all A small figure of character is randomly generated, adds an input frame, therefore, cracker can be easy to directly pull identifying code Picture, then cracked by way of automatic machine or machine learning, so, its security is not high.
The content of the invention
The embodiment of the present invention provides a kind of auth method, device and system, can improve the reliability of authentication, And the security of information.
A kind of auth method, including:
Receive Client-initiated identifying code and obtain request;
The user history information of user according to the identifying code obtains acquisition request;
Identifying code is generated according to the user history information;
Authentication is carried out to the user based on the identifying code of generation.
Accordingly, the embodiment of the present invention also provides a kind of authentication means, including:
Receiving unit, request is obtained for receiving Client-initiated identifying code;
Acquiring unit, the user history information for the user according to identifying code acquisition acquisition request;
Generation unit, for generating identifying code according to the user history information;
Authentication unit, for carrying out authentication to the user based on the identifying code of generation.
In addition, the embodiment of the present invention also provides a kind of authentication system, including it is provided in an embodiment of the present invention any Authentication means.
The embodiment of the present invention can obtain after receiving Client-initiated identifying code and obtaining request according to the identifying code The user history information of the acquisition request user, and identifying code, then, testing based on generation are generated according to the user history information Demonstrate,prove code and authentication is carried out to the user;Material due in this scenario, generating identifying code is mainly derived from user's oneself Behavior, therefore, privacy are higher, substantially increase the difficulty that illegal invasion person cracks, so, relative to existing scheme, The program can greatly improve the reliability of authentication, be advantageous to improve the security of information.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, make required in being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those skilled in the art, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached Figure.
Fig. 1 a are the schematic diagram of a scenario of auth method provided in an embodiment of the present invention;
Fig. 1 b are the flow charts of auth method provided in an embodiment of the present invention;
Fig. 2 is another flow chart of auth method provided in an embodiment of the present invention;
Fig. 3 a are the structural representations of authentication means provided in an embodiment of the present invention;
Fig. 3 b are another structural representations of authentication means provided in an embodiment of the present invention;
Fig. 4 is the structural representation of the network equipment provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
The embodiment of the present invention provides a kind of auth method, device and system.
Wherein, the authentication means can include any authentication means that the embodiment of the present invention is provided, should Authentication means can be integrated in the network equipment, such as the equipment such as terminal or server.
For example, so that the authentication means are integrated in the network device as an example, referring to Fig. 1 a, when user needs to carry out identity During checking, identifying code can be initiated to the network equipment and obtains request, the network equipment, can after receiving the identifying code and obtaining request To obtain the user history information of the acquisition request user according to the identifying code, such as, in such a month, and on such a day bought in certain year what, Certain year in such a month, and on such a day chat record with certain friend, books browing record, and/or review record etc., then, according to the user Historical information generates identifying code, such as, after corresponding information can be filtered out from the user history information according to preset strategy, Add scramble data to generate identifying code, hereafter, can with based on the identifying code of the generation to the user carry out authentication, than Such as the identifying code of generation can be sent to the user, so that user inputs corresponding checking information according to the identifying code, to enter Row authentication, etc..
It is described in detail individually below.It should be noted that the sequence number of following examples is not as preferably suitable to embodiment The restriction of sequence.
Embodiment one,
The present embodiment will be described from the angle of authentication means, and the authentication means can specifically be integrated in net In network equipment, such as terminal or server, the terminal can include mobile phone, tablet personal computer, notebook computer or personal computer Equipment such as (PC, Personal Computer).
A kind of auth method, including:Receive Client-initiated identifying code and obtain request, being obtained according to the identifying code please The user history information for obtaining the user is sought, identifying code is generated according to the user history information, based on the identifying code of generation to this User carries out authentication.
As shown in Figure 1 b, the idiographic flow of the auth method can be as follows:
101st, receive Client-initiated identifying code and obtain request.
For example, can receive user obtains request by the identifying code for clicking on or sliding default triggering interface to trigger, or Person, the identifying code that user is sent by other equipment can also be received and obtain request, etc..
102nd, the user history information of the acquisition request user is obtained according to the identifying code.
For example, request generation historical information can be obtained according to the identifying code obtains request, and obtained according to the historical information Take the user history information of the acquisition request user.
For example the historical information can be obtained to request and be sent to the equipment for preserving the user history information, to obtain Corresponding user history information.
Or request can also be obtained according to the historical information from local, such as journal file, the caching text locally preserved Part, which presss from both sides, and/or historical information file (such as Cookie) is middle extracts corresponding user history information, etc..
Wherein, user history information refers to:On the basis of current time, the preset time range before current time Interior user operation records, browse the information such as record and/chat record.Wherein, the preset time range can answer according to actual Demand is configured, and will not be repeated here.
103rd, identifying code is generated according to the user history information;For example, specifically can be as follows:
(1) network environment being presently in the user detects, and obtains network environment information.
For example network environment detection procedure can be specifically called, it is current to the user by the network environment detection procedure Residing network environment is detected, and obtains network environment information, etc..
Wherein, network environment information can include Internet protocol (IP, Internet Protocol) address, the end of terminal The information such as mouth, and/or media interviews (MAC, Media Access Control) address.
(2) corresponding information is selected from the user history information according to the network environment information, obtains material information.
Wherein, the mode of selection can depending on the demand of practical application, such as, certain type can be set, so The information of this type is selected from the user history information afterwards, as material information.
Optionally, can also be according to the difference of current network conditions in order to improve flexibility, and set different information sieves Mode is selected, such as, network environment can be divided into multiple safe classes, select material to believe according to different safe classes Breath, i.e., step " corresponding information being selected from the user history information according to the network environment information, obtain material information " can With including:
The safe class of current network conditions is determined according to the network environment information, is gone through according to the safe class from the user Corresponding information is selected in history information, obtains material information.
Wherein it is possible to the corresponding relation between the safe class of network environment and information sifting mode is pre-set, so, , can be with according to corresponding relation determination letter corresponding with the safe class after the safe class of current network conditions is known Screening mode is ceased, and then the user history information is screened using the information sifting mode, obtains material information;That is step " corresponding information being selected from the user history information according to the safe class, obtain material information " specifically can be as follows:
Default screening set information is obtained, the screening set information includes the safe class and information sifting of network environment Corresponding relation between mode;Information sifting mode corresponding with the safe class is determined according to the screening set information;According to The information sifting mode of determination is screened to the user history information, obtains material information.
Wherein, the screening set information can be pre-stored in the authentication means, can also be set by user Put and obtain, i.e., before step " obtaining default screening set information ", the auth method can also include:
The setting request of user is received, the safe class and information sifting mode of network environment are established according to setting request Between corresponding relation, the corresponding relation is preserved into screening set information.
(3) identifying code is generated according to the material information.
For example, specifically scramble data can be added in the material information, integrated information is obtained, using preset strategy to this Integrated information is handled, and is verified code.
Wherein, the preset strategy can depending on the demand of practical application, such as, can be generated according to the integrated information The problem of corresponding, selected for user;Or corresponding picture can be generated according to the integrated information, carried out a little for user Hit;Or corresponding gap-filling questions can also be generated according to the integrated information, be filled for user, etc., it is no longer superfluous herein State.
In addition, it should be noted that, while identifying code is generated, it is also necessary to corresponding identifying code answer sample is preserved, with Continuing after an action of the bowels can determine whether the identifying code answer that user inputs is correct according to the identifying code answer sample.Wherein, the checking Code answer sample can be stored in default check information.
104th, authentication is carried out to the user based on the identifying code of generation.For example, can be as follows:
(1) identifying code of generation is sent to the user, and receives the checking information of user's input.
For example, the identifying code of generation can be included on corresponding client end interface or webpage, or, can also be by life Into identifying code otherwise, such as short message, multimedia message, personal letter, mail, speech message, phone, PUSH message, and/or other The form of instant message is sent in the terminal belonging to user, etc..
Hereafter, user can input corresponding checking information according to the identifying code received, wherein, the checking information is at least Include the identifying code answer of user's input, in addition, the checking information can also include other authentication informations, such as, user name With password etc..
Wherein, identifying code answer refers to that the information that user inputs according to identifying code, such as user input in identifying code The information of frame input, or, the answer that user inputs according to the identifying code problem of display, or, user is according to display Identifying code picture and option for clicking on, etc..
(2) checking information is matched with default check information, if matching, it is determined that authentication passes through; If mismatch, it is determined that authentication does not pass through.
Wherein, the check information includes identifying code answer sample corresponding to the identifying code;Optionally, if in checking information also Include other authentication informations, then the answer sample of corresponding authentication information can also be preserved in the check information, such as, Username and password, etc..
For example, so that the checking information only includes identifying code answer as an example, then at this point it is possible to by the checking in the checking information Code answer is compared with the identifying code answer sample in the check information, if unanimously, showing that the checking information is believed with verification Breath matching, it may be determined that authentication passes through;Otherwise, if inconsistent, the bright checking information mismatches with check information, then Determine that authentication does not pass through.
In another example if the checking information in addition to including identifying code answer, further comprises other authentication informations, then this When, can by the identifying code answer in the checking information compared with the identifying code answer sample in the check information, and By other authentication informations in the checking information, for example, username and password respectively with other authentication informations in the check information Answer sample, for example username and password is compared, if consistent, shows that the checking information matches with check information, Authentication can be determined by otherwise, if there is one of which inconsistent, not showing the checking information and check information not Match somebody with somebody, it is thus determined that authentication does not pass through, etc..
From the foregoing, it will be observed that the present embodiment receive Client-initiated identifying code obtain request after, can be according to the checking Code obtains the user history information of the acquisition request user, and generates identifying code according to the user history information, then, based on life Into identifying code to the user carry out authentication;Because the material in this scenario, generating identifying code is mainly derived from user Factum, therefore, privacy are higher, substantially increase the difficulty that illegal invasion person cracks, so, relative to existing scheme , the program can greatly improve the reliability of authentication, be advantageous to improve the security of information.
Embodiment two,
According to the method described by embodiment one, citing is described in further detail below.
In the present embodiment, will be illustrated so that the authentication means specifically integrate in the network device as an example, wherein, The network equipment can be terminal or server.
As shown in Fig. 2 a kind of auth method, idiographic flow can be as follows:
201st, the network equipment receives Client-initiated identifying code and obtains request.
If for example, the network equipment is terminal, now, the identifying code acquisition that terminal can receive user user's triggering please Ask.Wherein, the mode of triggering can have a variety of, such as, click can be included, slide, touch and/or press etc..
In another example if the network equipment is the network side equipments such as server, now, server can receive user and pass through The identifying code that other equipment is sent obtains request, etc..
202nd, the network equipment obtains the user history information of the acquisition request user according to the identifying code.
Wherein, the user history information can include the use (in the preset time range i.e. before current time) in history Family operation note, browse the information such as record and/chat record.Such as can be in such a month, and on such a day bought in certain year what, certain Year in such a month, and on such a day the chat record with certain friend, books browing record, and/or review record etc..
The user history information can be stored in local, can also be stored in other equipment, such as high in the clouds, specific to preserve Mode can be depending on the demand of practical application.
For example, so that the network equipment is terminal as an example, then now, terminal can obtain request from originally according to the historical information Ground (i.e. terminal itself), such as journal file, cache file folder and/or the historical information file (such as Cookie) locally preserved The middle corresponding user history information of extraction.
In another example so that the network equipment is server as an example, then now, request generation history letter is obtained according to the identifying code Breath obtains request, and the historical information is obtained and asks to be sent to the equipment for preserving the user history information, corresponding to obtain User history information, etc..
203rd, the network environment that the network equipment is presently in the user detects, and obtains network environment information.For example, Specifically can be as follows:
The network equipment calls network environment detection procedure, and the user is presently in by the network environment detection procedure Network environment is detected, and obtains network environment information, etc..
Wherein, network environment information can include the information such as IP address, port, and/or the MAC Address of terminal.
204th, the network equipment selects corresponding information according to the network environment information from the user history information, obtains element Material information.
Wherein, the mode of selection can depending on the demand of practical application, such as, certain type can be set, so The information of this type is selected from the user history information afterwards, as material information.
For example the type to set as exemplified by " chat record ", then now, the network equipment can be from the user history information The middle information sifting that " chat record " is related comes out, as material information.
Again for example, by the type set as exemplified by " shopping record " and " books subscribe to record ", then now, the network equipment can So that all information siftings related to " shopping records " and " books, which are subscribed to, to be recorded " to be come out from the user history information, as Material information, by that analogy, etc..
Optionally, can also be according to the difference of current network conditions in order to improve flexibility, and set different information sieves Mode is selected, such as, network environment can be divided into multiple safe classes, select material to believe according to different safe classes Breath, i.e., specifically can be as follows:
The safe class of current network conditions is determined according to the network environment information, obtains default screening set information, Information sifting mode corresponding with the safe class is determined according to the screening set information;According to the information sifting mode pair of determination The user history information is screened, and obtains material information.
Wherein, the screening set information includes the corresponding pass between the safe class and information sifting mode of network environment System;The screening set information can be pre-stored in the authentication means, can also be configured and obtained by user, tool Body can be found in embodiment one, will not be repeated here.
In addition, it should be noted that, the safe class of network environment can be divided according to the demand of practical application, than Such as, " danger " and " safety " two grades can be simply divided, or, it can also be divided into according to the height of safety coefficient more Individual rank, for example it is divided into " one-level ", " two level ", " three-level " and " level Four " etc..
For example, if in home network, then safety coefficient highest is shown, therefore, safe class can be set as one-level, If in other conventional private networks, such as corporate networks, then show that safety coefficient is higher, therefore, safe class can be with It is set as two level, if in conventional public network, then shows certain danger coefficient be present, therefore, safe class can be with It is set as three-level, and if in strange public network, then show that danger coefficient is higher, therefore, safe class can be set For level Four, etc., no longer enumerate herein.
Optionally, for the higher network environment of safe class, relatively simple and negligible amounts use can typically be selected Family historical information then can typically select privacy higher as material information, and for the lower network environment of safe class And a fairly large number of user history information is as material information, etc..
205th, the network equipment generates identifying code according to the material information.
For example, the network equipment can add scramble data in the material information, integrated information is obtained, then, using pre- If strategy is handled the integrated information, code is verified.
Wherein, the preset strategy can depending on the demand of practical application, such as, can be generated according to the integrated information The problem of corresponding, selected for user;Or corresponding picture can be generated according to the integrated information, carried out a little for user Hit;Or corresponding gap-filling questions can also be generated according to the integrated information, be filled for user, etc., it is no longer superfluous herein State.
For example, using material information as " August user on the 8th has bought a book, and title is《ABCD》" exemplified by, then now, network Equipment can add scramble data in the material information, such as, title can be added《DFGHJK》With《One two three》, Ran Housheng Into corresponding identifying code, such as one problem of generation:" August user on the 8th has bought a book, and what title is ", and provide three Select answer:“A、《ABCD》;B、《DFGHJK》;C、《One two three》", etc..
In addition, it should be noted that, while identifying code is generated, it is also necessary to corresponding identifying code answer sample is preserved, with Continuing after an action of the bowels can determine whether the identifying code answer that user inputs is correct according to the identifying code answer sample.Wherein, the checking Code answer sample can be stored in default check information, such as, then at this point it is possible to will be correct by taking above-mentioned identifying code as an example Answer " A,《ABCD》" be stored in default check information, etc..
206th, the identifying code of generation is sent to the user by the network equipment, and receives the checking information of user's input.
For example, the identifying code of generation can be included on corresponding client end interface or webpage, or, can also be by life Into identifying code otherwise, such as short message, multimedia message, personal letter, mail, speech message, phone, PUSH message, and/or other The form of instant message is sent in the terminal belonging to user, etc..
Hereafter, user can input corresponding checking information according to the identifying code received, wherein, the checking information is at least Include the identifying code answer of user's input, in addition, the checking information can also include other authentication informations, such as, user name With password etc..
207th, the network equipment is matched the checking information with default check information, if matching, it is determined that identity It is verified;If mismatch, it is determined that authentication does not pass through.
Wherein, the check information includes identifying code answer sample corresponding to the identifying code;Optionally, if in checking information also Include other authentication informations, then the answer sample of corresponding authentication information can also be preserved in the check information, such as, Username and password, etc..
For example, with the example in step 205, and so that the checking information only includes identifying code answer as an example, then at this point it is possible to By the identifying code answer sample in the identifying code answer in the checking information and the check information, i.e., " A,《ABCD》" compared Compared with if unanimously, showing that the checking information matches with check information, it may be determined that authentication passes through;It is otherwise, if inconsistent, Such as user input identifying code answer be " B,《DFGHJK》", then the bright checking information mismatches with check information, then really Determine authentication not pass through.Such as
In another example or by taking the example in step 205 as an example, if the checking information in addition to including identifying code answer, Other authentication informations are further comprises, then at this point it is possible to by the identifying code answer in the checking information and the check information Identifying code answer sample (i.e. " A,《ABCD》") be compared, and by other authentication informations in the checking information, for example use Name in an account book and password the answer sample with other authentication informations in the check information respectively, such as username and password are compared Compared with if unanimously, showing that the checking information matches with check information, it may be determined that authentication is by otherwise, if having wherein One is inconsistent, such as, user input identifying code answer be " C,《One two three》", or, user name or code error, then table The bright checking information mismatches with check information, can then determine that authentication does not pass through.
From the foregoing, it will be observed that the present embodiment receive Client-initiated identifying code obtain request after, can be according to the checking Code obtains the user history information of the acquisition request user, and the network environment being presently in the user detects, so Afterwards, the network environment information obtained according to detection screens corresponding information as material information from the user history information, comes Identifying code is generated, and authentication is carried out to user based on the identifying code;Due in this scenario, generating the material master of identifying code User's factum is derived from, therefore, privacy is higher, substantially increases the difficulty that illegal invasion person cracks, so, phase For existing scheme, the program can greatly improve the reliability of authentication, be advantageous to improve the security of information.
Embodiment three,
In order to preferably implement above scheme, the embodiment of the present invention also provides a kind of authentication means, as shown in Figure 3 a, The authentication means can include receiving unit 301, acquiring unit 302, generation unit 303 and authentication unit 304, as follows:
(1) receiving unit 301;
Receiving unit 301, request is obtained for receiving Client-initiated identifying code.
For example, the receiving unit 301, specifically can be used for receiving user by clicking on or sliding default triggering interface to touch The identifying code of hair obtains request, or, the identifying code that user is sent by other equipment can also be received and obtain request, etc..
(2) acquiring unit 302;
Acquiring unit 302, for obtaining the user history information of the acquisition request user according to the identifying code.
For example, acquiring unit 302, specifically can be used for being obtained according to the identifying code and asks generation historical information acquisition please Ask, and the user history information of the acquisition request user is obtained according to the historical information.
Wherein, the user in preset time range before user history information can be included in current time operates note Record, browse the information such as record and/chat record.Wherein, the preset time range can be set according to the demand of practical application Put, will not be repeated here.
(3) generation unit 303;
Generation unit 303, for generating identifying code according to the user history information.
For example, the generation unit 303 can include detection sub-unit, selection subelement and generation subelement, it is as follows:
A) detection sub-unit;
The detection sub-unit, the network environment for being presently in the user detect, and obtain network environment information.
Wherein, network environment information can include the information such as IP address, port, and/or the MAC Address of terminal.
B subelement) is selected;
The selection subelement, for selecting corresponding information from the user history information according to the network environment information, Obtain material information.
Wherein, the mode of selection can depending on the demand of practical application, such as, certain type can be set, so The information of this type is selected from the user history information afterwards, as material information.
Optionally, can also be according to the difference of current network conditions in order to improve flexibility, and set different information sieves Mode is selected, such as, network environment can be divided into multiple safe classes, select material to believe according to different safe classes Breath, i.e.,:
The selection subelement, it specifically can be used for determining safety of current network conditions etc. according to the network environment information Level, selects corresponding information according to the safe class from the user history information, obtains material information.
Wherein it is possible to the corresponding relation between the safe class of network environment and information sifting mode is pre-set, so, , can be with according to corresponding relation determination letter corresponding with the safe class after the safe class of current network conditions is known Screening mode is ceased, and then the user history information is screened using the information sifting mode, obtains material information;I.e.:
The selection subelement, it specifically can be used for obtaining default screening set information, the screening set information includes net Corresponding relation between the safe class and information sifting mode of network environment, according to screening set information determination and the safety etc. Information sifting mode corresponding to level, screens to the user history information according to the information sifting mode of determination, obtains material Information.
Wherein, the screening set information can be pre-stored in the authentication means, can also be set by user Put and obtain, i.e., as shown in Figure 3 b, the authentication means can also include setting unit 305, as follows:
The receiving unit 301, it can be also used for receiving the setting request of user;
The setting unit 305, it can be used for the safe class and information sifting that network environment is established according to setting request Corresponding relation between mode, the corresponding relation is preserved into screening set information.
C subelement) is generated;
The generation subelement, for generating identifying code according to the material information.
For example, the generation subelement, specifically can be used for adding scramble data in the material information, obtains integrating letter Breath, is handled the integrated information using preset strategy, is verified code.
Wherein, the preset strategy can will not be repeated here depending on the demand of practical application.
In addition, it should be noted that, generation unit 303 is while identifying code is generated, it is also necessary to preserves corresponding identifying code Answer sample, subsequently to determine whether the identifying code answer that user inputs is correct according to the identifying code answer sample. Wherein, the identifying code answer sample can be stored in default check information.
(4) authentication unit 304;
Authentication unit 304, for carrying out authentication to the user based on the identifying code of generation, for example, can be as follows:
The identifying code of generation is sent to the user, and receives the checking information of user's input, by the checking information and in advance If check information matched, the check information includes the identifying code of the generation, if matching, it is determined that authentication is led to Cross;If mismatch, it is determined that authentication does not pass through.
When it is implemented, above unit can be realized respectively as independent entity, any group can also be carried out To close, realized as same or several entities, the specific implementation of above unit can be found in embodiment of the method above, This is repeated no more.
The authentication means can be specifically integrated in the network equipment, such as the equipment such as terminal or server, wherein, should Terminal can include the equipment such as mobile phone, tablet personal computer, notebook computer or PC.
From the foregoing, it will be observed that the present embodiment receive Client-initiated identifying code obtain request after, can be by acquiring unit 302 obtain the user history information of the acquisition request user according to the identifying code, and by generation unit 303 according to the user's history Information generates identifying code, then, authentication is carried out to the user based on the identifying code of generation by authentication unit 304;Due to In the program, the material for generating identifying code is mainly derived from user's factum, and therefore, privacy is higher, substantially increases The difficulty that illegal invasion person cracks, so, relative to existing scheme, the program can greatly improve the reliable of authentication Property, be advantageous to improve information security.
Example IV,
Accordingly, the embodiment of the present invention also provides a kind of authentication system, including times that the embodiment of the present invention is provided A kind of authentication means, it for details, reference can be made to embodiment three;For example, can be as follows:
Authentication means, request is obtained for receiving Client-initiated identifying code, and obtaining request according to the identifying code obtains The user history information of the user is taken, identifying code is generated according to the user history information, based on the identifying code of generation to the user Carry out authentication.
For example, the authentication means, specifically can be used for detecting the network environment that the user is presently in, obtain To network environment information, corresponding information is selected from the user history information according to the network environment information, obtains material letter Breath, identifying code is generated according to the material information.
Optionally, the authentication system can also include other equipment, if for example, the authentication means are integrated in In server, then the authentication system can also include terminal, as follows:
Terminal, request is obtained for sending identifying code to the authentication means (such as server), and receive the body The identifying code that part checking device (such as server) returns.
In another example if the authentication means are integrated in the terminal, the authentication system can be with other networks Side apparatus, for example cloud device can be included, it is as follows:
Cloud device, it can be used for providing user history information of user, etc. to authentication means (such as terminal).
The specific implementation of each equipment can be found in embodiment above above, will not be repeated here.
By the authentication system can include any authentication means for being provided of the embodiment of the present invention, because This, it is possible to achieve the beneficial effect achieved by any authentication means that the embodiment of the present invention is provided, refer to before Embodiment, will not be repeated here.
Embodiment five,
The embodiment of the present invention also provides a kind of server, as shown in figure 4, it illustrates the clothes involved by the embodiment of the present invention The structural representation of business device, specifically:
The server can include one or processor 401, one or more meters of more than one processing core Memory 402, radio frequency (Radio Frequency, RF) circuit 403, power supply 404, the input block of calculation machine readable storage medium storing program for executing The part such as 405 and display unit 406.It will be understood by those skilled in the art that the server architecture shown in Fig. 4 not structure The restriction of paired server, it can include than illustrating more or less parts, either combine some parts or different portions Part is arranged.Wherein:
Processor 401 is the control centre of the server, utilizes each of various interfaces and the whole server of connection Part, by running or performing the software program and/or module that are stored in memory 402, and call and be stored in memory Data in 402, the various functions and processing data of execute server, so as to carry out integral monitoring to server.Optionally, locate Reason device 401 may include one or more processing cores;Preferably, processor 401 can integrate application processor and modulatedemodulate is mediated Device is managed, wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor is main Handle radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 401.
Memory 402 can be used for storage software program and module, and processor 401 is stored in memory 402 by operation Software program and module, so as to perform various function application and data processing.Memory 402 can mainly include storage journey Sequence area and storage data field, wherein, storing program area can storage program area, the application program (ratio needed at least one function Such as sound-playing function, image player function) etc.;Storage data field can store uses created data according to server Deng.In addition, memory 402 can include high-speed random access memory, nonvolatile memory can also be included, for example, at least One disk memory, flush memory device or other volatile solid-state parts.Correspondingly, memory 402 can also include Memory Controller, to provide access of the processor 401 to memory 402.
RF circuits 403 can be used for during receiving and sending messages, the reception and transmission of signal, especially, by the descending letter of base station After breath receives, transfer to one or more than one processor 401 is handled;In addition, it is sent to base station by up data are related to.It is logical Often, RF circuits 403 include but is not limited to antenna, at least one amplifier, tuner, one or more oscillators, user identity Module (SIM) card, transceiver, coupler, low-noise amplifier (LNA, Low Noise Amplifier), duplexer etc..This Outside, RF circuits 403 can also be communicated by radio communication with network and other equipment.The radio communication can use any logical Beacon standard or agreement, including but not limited to global system for mobile communications (GSM, Global System of Mobile Communication), general packet radio service (GPRS, General Packet Radio Service), CDMA (CDMA, Code Division Multiple Access), WCDMA (WCDMA, Wideband Code Division Multiple Access), Long Term Evolution (LTE, Long Term Evolution), Email, short message clothes It is engaged in (SMS, Short Messaging Service) etc..
Server also includes the power supply 404 (such as battery) to all parts power supply, it is preferred that power supply 404 can pass through Power-supply management system and processor 401 are logically contiguous, so as to realize management charging, electric discharge, Yi Jigong by power-supply management system The functions such as consumption management.Power supply 404 can also include one or more direct current or AC power, recharging system, power supply The random component such as failure detector circuit, power supply changeover device or inverter, power supply status indicator.
The server may also include input block 405, and the input block 405 can be used for the numeral for receiving input or character letter Breath, and generation is set with user and function control is relevant keyboard, mouse, action bars, optics or trace ball signal are defeated Enter.Specifically, in a specific embodiment, input block 405 may include touch sensitive surface and other input equipments.It is touch-sensitive Surface, also referred to as touch display screen or Trackpad, collect user on or near it touch operation (such as user use The operation of any suitable object such as finger, stylus or annex on touch sensitive surface or near touch sensitive surface), and according to advance The formula of setting drives corresponding attachment means.Optionally, touch sensitive surface may include touch detecting apparatus and touch controller two Individual part.Wherein, the touch orientation of touch detecting apparatus detection user, and the signal that touch operation is brought is detected, signal is passed Give touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into contact coordinate, then Give processor 401, and the order sent of reception processing device 401 and can be performed.Furthermore, it is possible to using resistance-type, electric capacity The polytypes such as formula, infrared ray and surface acoustic wave realize touch sensitive surface.Except touch sensitive surface, input block 405 can also wrap Include other input equipments.Specifically, other input equipments can include but is not limited to physical keyboard, function key (such as volume control Button processed, switch key etc.), trace ball, mouse, the one or more in action bars etc..
The server may also include display unit 406, the display unit 406 can be used for display by user input information or Be supplied to the information of user and the various graphical user interface of server, these graphical user interface can by figure, text, Icon, video and its any combination are formed.Display unit 406 may include display panel, optionally, can use liquid crystal display Device (LCD, Liquid Crystal Display), Organic Light Emitting Diode (OLED, Organic Light-Emitting ) etc. Diode form configures display panel.Further, touch sensitive surface can cover display panel, when touch sensitive surface detects After touch operation on or near it, processor 401 is sent to determine the type of touch event, is followed by subsequent processing the basis of device 401 The type of touch event provides corresponding visual output on a display panel.Although in Fig. 4, touch sensitive surface is with display panel The part independent as two realizes input and input function, but in some embodiments it is possible to by touch sensitive surface with it is aobvious Show panel integrated and realize input and output function.
Although being not shown, server can also include camera, bluetooth module etc., will not be repeated here.Specifically in this reality Apply in example, the processor 401 in server can be according to following instruction, by the process pair of one or more application program The executable file answered is loaded into memory 402, and runs the application journey being stored in memory 402 by processor 401 Sequence is as follows so as to realize various functions:
Receive Client-initiated identifying code and obtain request, the user's history of the acquisition request user is obtained according to the identifying code Information, identifying code is generated according to the user history information, authentication is carried out to the user based on the identifying code of generation.
For example, can specifically be detected to the network environment that the user is presently in, network environment information is obtained, according to The network environment information selects corresponding information from the user history information, obtains material information, is given birth to according to the material information Into identifying code.
The specific implementation of each operation can be found in embodiment above above, will not be repeated here.
From the foregoing, it will be observed that the present embodiment receive Client-initiated identifying code obtain request after, can be according to the checking Code obtains the user history information of the acquisition request user, and generates identifying code according to the user history information, then, based on life Into identifying code to the user carry out authentication;Because the material in this scenario, generating identifying code is mainly derived from user Factum, therefore, privacy are higher, substantially increase the difficulty that illegal invasion person cracks, so, relative to existing scheme , the program can greatly improve the reliability of authentication, be advantageous to improve the security of information.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage Medium can include:Read-only storage (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc..
A kind of auth method for being there is provided above the embodiment of the present invention, device and system are described in detail, Specific case used herein is set forth to the principle and embodiment of the present invention, and the explanation of above example is simply used Understand the method and its core concept of the present invention in help;Meanwhile for those skilled in the art, the think of according to the present invention Think, in specific embodiments and applications there will be changes, in summary, this specification content should not be construed as pair The limitation of the present invention.

Claims (15)

  1. A kind of 1. auth method, it is characterised in that including:
    Receive Client-initiated identifying code and obtain request;
    The user history information of user according to the identifying code obtains acquisition request;
    Identifying code is generated according to the user history information;
    Authentication is carried out to the user based on the identifying code of generation.
  2. 2. according to the method for claim 1, it is characterised in that it is described that identifying code is generated according to the user history information, Including:
    The network environment being presently in the user detects, and obtains network environment information;
    Corresponding information is selected from the user history information according to the network environment information, obtains material information;
    Identifying code is generated according to the material information.
  3. 3. according to the method for claim 2, it is characterised in that described to be gone through according to the network environment information from the user Corresponding information is selected in history information, obtains material information, including:
    The safe class of current network conditions is determined according to the network environment information;
    Corresponding information is selected from the user history information according to the safe class, obtains material information.
  4. 4. according to the method for claim 3, it is characterised in that described to be believed according to the safe class from the user's history Corresponding information is selected in breath, obtains material information, including:
    Default screening set information is obtained, the screening set information includes safe class and the information sifting side of network environment Corresponding relation between formula;
    Information sifting mode corresponding with the safe class is determined according to the screening set information;
    The user history information is screened according to the information sifting mode of determination, obtains material information.
  5. 5. according to the method for claim 4, it is characterised in that before the default screening set information of acquisition, also wrap Include:
    Receive the setting request of user;
    According to the corresponding relation for setting request to establish between the safe class of network environment and information sifting mode;
    The corresponding relation is preserved into screening set information.
  6. 6. according to the method described in any one of claim 2 to 5, it is characterised in that described to be tested according to material information generation Code is demonstrate,proved, including:
    Scramble data is added in the material information, obtains integrated information;
    The integrated information is handled using preset strategy, is verified code.
  7. 7. according to the method described in any one of claim 1 to 5, it is characterised in that it is described based on the identifying code of generation to described User carries out authentication, including:
    The identifying code of generation is sent to the user, and receives the checking information of user's input;
    The checking information is matched with default check information;
    If match, it is determined that authentication passes through;
    If mismatch, it is determined that authentication does not pass through.
  8. A kind of 8. authentication means, it is characterised in that including:
    Receiving unit, request is obtained for receiving Client-initiated identifying code;
    Acquiring unit, the user history information for the user according to identifying code acquisition acquisition request;
    Generation unit, for generating identifying code according to the user history information;
    Authentication unit, for carrying out authentication to the user based on the identifying code of generation.
  9. 9. device according to claim 8, it is characterised in that it is single that the generation unit includes detection sub-unit, selection Member and generation subelement;
    The detection sub-unit, the network environment for being presently in the user detect, and obtain network environment information;
    The selection subelement, for selecting corresponding letter from the user history information according to the network environment information Breath, obtains material information;
    The generation subelement, for generating identifying code according to the material information.
  10. 10. device according to claim 9, it is characterised in that
    The selection subelement, the safe class specifically for determining current network conditions according to the network environment information, root Corresponding information is selected from the user history information according to the safe class, obtains material information.
  11. 11. device according to claim 10, it is characterised in that
    The selection subelement, specifically for obtaining default screening set information, the screening set information includes network rings Corresponding relation between the safe class and information sifting mode in border, according to screening set information determination and described safety etc. Information sifting mode corresponding to level, screens to the user history information according to the information sifting mode of determination, obtains element Material information.
  12. 12. device according to claim 11, it is characterised in that also including setting unit;
    The receiving unit, it is additionally operable to receive the setting request of user;
    The setting unit, for setting request to establish between the safe class of network environment and information sifting mode according to described Corresponding relation, the corresponding relation is preserved into screening set information.
  13. 13. according to the device described in any one of claim 9 to 12, it is characterised in that
    The generation subelement, specifically for adding scramble data in the material information, integrated information is obtained, using default Strategy is handled the integrated information, is verified code.
  14. 14. according to the device described in any one of claim 8 to 12, it is characterised in that the authentication unit, be specifically used for:
    The identifying code of generation is sent to the user, and receives the checking information of user's input;
    The checking information is matched with default check information;
    If match, it is determined that authentication passes through;
    If mismatch, it is determined that authentication does not pass through.
  15. 15. a kind of authentication system, it is characterised in that including the authentication means described in any one of claim 8 to 14.
CN201610934283.6A 2016-10-31 2016-10-31 A kind of auth method, device and system Pending CN107742067A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610934283.6A CN107742067A (en) 2016-10-31 2016-10-31 A kind of auth method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610934283.6A CN107742067A (en) 2016-10-31 2016-10-31 A kind of auth method, device and system

Publications (1)

Publication Number Publication Date
CN107742067A true CN107742067A (en) 2018-02-27

Family

ID=61235145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610934283.6A Pending CN107742067A (en) 2016-10-31 2016-10-31 A kind of auth method, device and system

Country Status (1)

Country Link
CN (1) CN107742067A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491734A (en) * 2018-03-27 2018-09-04 南京工业大学 A kind of computer software on-line debugging method
CN108600244A (en) * 2018-05-03 2018-09-28 惠龙易通国际物流股份有限公司 A kind of identity identifying method, equipment, system and computer storage media
CN110032860A (en) * 2018-12-27 2019-07-19 阿里巴巴集团控股有限公司 Push, methods of exhibiting, device and the equipment of login mode
CN110046490A (en) * 2019-03-06 2019-07-23 阿里巴巴集团控股有限公司 A kind of verification code generation method and device
CN112671738A (en) * 2020-12-16 2021-04-16 平安普惠企业管理有限公司 Login method, device, terminal and storage medium of enterprise internal system
CN113378142A (en) * 2021-06-28 2021-09-10 平安普惠企业管理有限公司 Verification method, device and equipment based on graphic verification code and storage medium
CN113965369A (en) * 2021-10-19 2022-01-21 北京顶象技术有限公司 Verification graph obtaining method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957682A (en) * 2011-08-30 2013-03-06 北京百度网讯科技有限公司 Method and equipment for providing picture verification code based on verification security level
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104954131A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Method for verifying verification code and system thereof
CN105099675A (en) * 2014-04-17 2015-11-25 阿里巴巴集团控股有限公司 Method and device for generating authentication data for identity authentication and method and device for identity authentication
CN105827409A (en) * 2016-02-29 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity verification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957682A (en) * 2011-08-30 2013-03-06 北京百度网讯科技有限公司 Method and equipment for providing picture verification code based on verification security level
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104954131A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Method for verifying verification code and system thereof
CN105099675A (en) * 2014-04-17 2015-11-25 阿里巴巴集团控股有限公司 Method and device for generating authentication data for identity authentication and method and device for identity authentication
CN105827409A (en) * 2016-02-29 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity verification method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491734A (en) * 2018-03-27 2018-09-04 南京工业大学 A kind of computer software on-line debugging method
CN108600244A (en) * 2018-05-03 2018-09-28 惠龙易通国际物流股份有限公司 A kind of identity identifying method, equipment, system and computer storage media
CN110032860A (en) * 2018-12-27 2019-07-19 阿里巴巴集团控股有限公司 Push, methods of exhibiting, device and the equipment of login mode
CN110046490A (en) * 2019-03-06 2019-07-23 阿里巴巴集团控股有限公司 A kind of verification code generation method and device
CN112671738A (en) * 2020-12-16 2021-04-16 平安普惠企业管理有限公司 Login method, device, terminal and storage medium of enterprise internal system
CN113378142A (en) * 2021-06-28 2021-09-10 平安普惠企业管理有限公司 Verification method, device and equipment based on graphic verification code and storage medium
CN113965369A (en) * 2021-10-19 2022-01-21 北京顶象技术有限公司 Verification graph obtaining method and device
CN113965369B (en) * 2021-10-19 2024-05-28 北京顶象技术有限公司 Verification graph acquisition method and device

Similar Documents

Publication Publication Date Title
CN107742067A (en) A kind of auth method, device and system
CN104601641B (en) Application link sharing method, apparatus and system
CN104462128B (en) The method, apparatus and terminal device of multimedia file processing
EP3200487B1 (en) Message processing method and apparatus
US20160241589A1 (en) Method and apparatus for identifying malicious website
US9203874B2 (en) Portal multi-device session context preservation
CN104243155B (en) The method and device of safety verification
US11258810B2 (en) Identity authentication method, apparatus, and system
US20060183462A1 (en) Managing an access account using personal area networks and credentials on a mobile device
CN107743086A (en) A kind of message treatment method and system, message is sent and reception device
CN104901805B (en) A kind of identification authentication methods, devices and systems
CN104967593B (en) A kind of auth method, device and system
US20180248821A1 (en) Information pushing method, apparatus, and system, and computer storage medium
WO2014108003A1 (en) Method for verifying sensitive operations, terminal device, server, and verification system
CN106909855A (en) File hiding method and device
CN104683301B (en) Password storage method and device
US11637795B1 (en) Techniques for templated messages
US11165899B1 (en) Techniques to manage contact records
CN107743112A (en) A kind of auth method, device and system
CN108234124A (en) Auth method, device and system
CN104573437A (en) Information authentication method, device and terminal
CN112235412B (en) Message processing method and device
CN107592289B (en) Password setting method and device
CN108234412A (en) Auth method and device
CN107743114B (en) Network access method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination