CN107786553B - Identity authentication method, server and system based on workload certification - Google Patents

Identity authentication method, server and system based on workload certification Download PDF

Info

Publication number
CN107786553B
CN107786553B CN201710993568.1A CN201710993568A CN107786553B CN 107786553 B CN107786553 B CN 107786553B CN 201710993568 A CN201710993568 A CN 201710993568A CN 107786553 B CN107786553 B CN 107786553B
Authority
CN
China
Prior art keywords
authentication
sliding
client
result
sliding track
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710993568.1A
Other languages
Chinese (zh)
Other versions
CN107786553A (en
Inventor
汪德嘉
郭宇
王少凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd.
Jiangsu tongfudun blockchain Technology Co., Ltd
Original Assignee
Jiangsu Tongfudun Blockchain Technology Co Ltd
Jiangsu Pay Egis Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Tongfudun Blockchain Technology Co Ltd, Jiangsu Pay Egis Technology Co ltd filed Critical Jiangsu Tongfudun Blockchain Technology Co Ltd
Priority to CN201710993568.1A priority Critical patent/CN107786553B/en
Publication of CN107786553A publication Critical patent/CN107786553A/en
Application granted granted Critical
Publication of CN107786553B publication Critical patent/CN107786553B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an identity authentication method, a server and a system based on workload certification, wherein the identity authentication method based on workload certification is executed on the server side, and the method comprises the following steps: after confirming that the client successfully logs in the account, sending a sliding workload certification request to the client; receiving a sliding track operation result sent by a client; and authenticating the account identity according to the sliding track operation result to obtain an authentication result. According to the technical scheme provided by the invention, the server can effectively authenticate the account identity according to the sliding track operation result sent by the client, so that the cost of malicious attack on the client is effectively increased, the difficulty of the malicious attack is increased, and the stability of the server is favorably maintained.

Description

Identity authentication method, server and system based on workload certification
Technical Field
The invention relates to the technical field of internet, in particular to an identity authentication method, a server and a system based on workload certification.
Background
In the existing identity authentication technology, account login is mainly performed in a mode of an account and a password, so a hacker can conveniently complete account login through simple identity authentication after stealing a large number of accounts and passwords, and initiate DDoS (Distributed Denial of Service) attack through modes of initiating frequent database operation and the like after login without cost, so that a large number of server resources are occupied, the response speed of a server is delayed, and even the server is crashed and paralyzed.
Disclosure of Invention
In view of the above, the present invention has been made to provide a method, server and system for workload based attestation of identity that overcome or at least partially address the above-mentioned problems.
According to an aspect of the present invention, there is provided a workload proof based identity authentication method, the method being performed on a server side, the method comprising:
after confirming that the client successfully logs in the account, sending a sliding workload certification request to the client;
receiving a sliding track operation result sent by a client;
and authenticating the account identity according to the sliding track operation result to obtain an authentication result.
According to another aspect of the present invention, there is provided a workload certification method, performed on a client side, the method comprising:
receiving a sliding workload certification request sent by a server;
acquiring a sliding track input by a user according to a sliding workload certification request;
calculating the sliding track to obtain a sliding track calculation result;
and sending the sliding track operation result to a server.
According to another aspect of the present invention, there is provided a server including:
the first sending module is used for sending a sliding workload certification request to the client after the client is confirmed to successfully log in the account;
the first receiving module is used for receiving a sliding track operation result sent by the client;
and the authentication module is used for authenticating the account identity according to the sliding track operation result to obtain an authentication result.
According to another aspect of the present invention, there is provided a client comprising:
the second receiving module is used for receiving the sliding workload certification request sent by the server;
the processing module is used for acquiring a sliding track input by a user according to the sliding workload certification request;
the operation module is used for operating the sliding track to obtain a sliding track operation result;
and the second sending module is used for sending the sliding track operation result to the server.
According to an aspect of the present invention, there is provided a workload based authentication system, the system comprising: a server as described above and a client as described above.
According to another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the identity authentication method based on the workload certification.
According to another aspect of the present invention, there is provided a computer storage medium having at least one executable instruction stored therein, the executable instruction causing a processor to perform operations corresponding to the workload based authentication method as described above.
According to yet another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the workload certification authentication method.
According to yet another aspect of the present invention, a computer storage medium is provided, in which at least one executable instruction is stored, and the executable instruction causes a processor to perform operations corresponding to the above-mentioned workload certification method.
According to the technical scheme provided by the invention, after the client successfully logs in the account, the server can effectively authenticate the identity of the account according to the sliding track operation result sent by the client, so that the cost of malicious attack on the client is effectively increased, the malicious attack initiated by the stolen account and password without cost is prevented, the difficulty of the malicious attack is increased, and the server stability is favorably maintained.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flow chart illustrating a first embodiment of a workload based certification identity authentication method according to the present invention;
FIG. 2 is a flowchart illustrating a second embodiment of the workload based certification authentication method according to the present invention;
FIG. 3 is a flow diagram illustrating an embodiment of a workload attestation authentication method provided by the present invention;
FIG. 4 is a block diagram of a first embodiment of a server provided by the present invention;
FIG. 5 is a block diagram of a second embodiment of a server according to the present invention;
FIG. 6 is a block diagram illustrating the architecture of an embodiment of a client provided by the present invention;
FIG. 7 is a block diagram illustrating an embodiment of a workload based attestation identity authentication system provided by the present invention;
fig. 8 is a schematic structural diagram of an embodiment of a computing device provided by the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a schematic flowchart of a first embodiment of a workload-based certification identity authentication method according to the present invention, where the method is executed on a server side, and as shown in fig. 1, the method includes the following steps:
and step S100, after confirming that the client successfully logs in the account, sending a sliding workload certification request to the client.
When a client needs to perform account login, the client sends an account login request to a server, wherein the account login request can include information such as an account and a password, the server verifies the account and the password according to the account login request after receiving the account login request sent by the client, and if the verification is successful, the client is allowed to log in the account. After confirming that the client successfully logs in the account, in order to further authenticate the account identity and prevent a hacker from initiating a malicious attack without cost by using the stolen account and password, in step S100, a sliding workload certification request needs to be sent to the client.
After the server sends a sliding workload certification request to the client, the client receives the sliding workload certification request, displays a sliding window to a user at the client side according to the sliding workload certification request, the sliding window comprises indication information needing the user to perform sliding operation, the user can perform sliding operation in the sliding window according to the indication information, the client obtains a sliding track input by the user in the sliding window, then performs operation on the sliding track to obtain a sliding track operation result, and then sends the sliding track operation result to the server.
The sliding window and the indication information can be set by those skilled in the art according to actual needs, and are not limited herein. For example, a sliding curve may be displayed in the sliding window, the user may perform a sliding operation along the sliding curve in the sliding window, and then the client obtains the sliding track input by the user in the sliding window. Wherein, the sliding track can be a series of coordinates (X) corresponding to the sliding operation1,Y1)、(X2,Y2)、……、 (Xn,Yn)。
Specifically, when the client is a computer or other device, the user may perform a sliding operation on the screen of the client along a sliding curve in the displayed sliding window by using the mouse, and indicate that the user input is ended when the mouse of the user is no longer sliding; when the screen of the client is a touch screen, the user can perform a sliding operation on the touch screen of the client along the sliding curve in the displayed sliding window by using a finger or a touch pen, and the user input is indicated to be ended when the finger or the touch pen of the user does not slide any more.
And step S101, receiving a sliding track calculation result sent by the client.
After the sliding trajectory calculation result is obtained by the client, the sliding trajectory calculation result is sent to the server, and then in step S101, the server receives the sliding trajectory calculation result sent by the client.
And S102, authenticating the account identity according to the sliding track operation result to obtain an authentication result.
After receiving the sliding track operation result, in step S102, the account identity is authenticated according to the sliding track operation result, so as to obtain an authentication result indicating that the authentication is successful or failed.
According to the workload certification-based identity authentication method provided by the embodiment, after the client is confirmed to successfully log in the account, a sliding workload certification request is sent to the client, a sliding track operation result sent by the client is received, and then the account identity is authenticated according to the sliding track operation result to obtain an authentication result. According to the technical scheme provided by the invention, after the client successfully logs in the account, the server can effectively authenticate the identity of the account according to the sliding track operation result sent by the client, so that the cost of malicious attack on the client is effectively increased, the malicious attack initiated by the stolen account and password without cost is prevented, the difficulty of the malicious attack is increased, and the server stability is favorably maintained.
Fig. 2 shows a schematic flowchart of a second embodiment of the workload-based certification identity authentication method according to the present invention, where the method is executed on a server side, and as shown in fig. 2, the method includes the following steps:
step S200, after confirming that the client successfully logs in the account, judging whether the account information corresponding to the client meets the preset authentication condition; if yes, go to step S201; if not, the method ends.
When a client needs to perform account login, the client sends an account login request to a server, the server verifies an account and a password according to the account login request after receiving the account login request sent by the client, and if the verification is successful, the client is allowed to log in the account. After the client is confirmed to successfully log in the account, the invention can only require the sliding workload certification for the suspicious account, and specifically, whether the account is the suspicious account can be judged by judging whether the account information corresponding to the client meets the preset authentication condition. If the account information corresponding to the client is judged to meet the preset authentication condition, indicating that the account corresponding to the client is a suspicious account, executing step S201; if the account information corresponding to the client is judged not to meet the preset authentication condition, the account corresponding to the client is not a suspicious account, and the account does not need to require a sliding workload certification, the method is ended.
The skilled person can set the preset authentication condition according to the actual requirement, and the preset authentication condition is not limited herein. For example, the preset authentication conditions may include: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the account number is not logged in for more than a preset time interval. When the account logs in different regions, for example, different regions log in, the region information corresponding to the account login is different; when different clients are used for logging in the account, the clients corresponding to the account login are different. The skilled person can set the preset time interval according to actual needs, and the preset time interval is not limited herein. For example, the preset time interval may be set to 3 months.
Step S201, a sliding workload certification request is sent to the client.
In order to further authenticate the account identity and prevent hackers from initiating malicious attacks without cost by using stolen accounts and passwords, in step S201, a sliding workload certification request needs to be sent to the client. Wherein the sliding workload certification request includes an authentication code. The person skilled in the art can set the verification code according to actual needs, and is not limited herein. Specifically, to prevent the captcha from being reused, the captcha may be a single valid random number, such as a Nonce (number used once), which is an arbitrary or non-repeated random number that is used only once. The random number which is effective once is used as the verification code, so that replay attack can be effectively resisted, and the verification code is prevented from being repeatedly used.
The client receives the sliding workload certification request, displays a sliding window to a user at the client side according to the sliding workload certification request, the user can perform sliding operation in the sliding window, the client obtains a sliding track input by the user in the sliding window, then calculates the sliding track to obtain a sliding track calculation result, takes a verification code received in the sliding workload certification request as a check code, and then sends the sliding track calculation result and the check code to the server. The sliding track may be a series of coordinates corresponding to the sliding operation.
And step S202, receiving the sliding track operation result and the check code sent by the client.
Step S203, judging whether the check code is equal to the verification code; if yes, go to step S204; if not, go to step S207.
If the check code is judged to be equal to the verification code, executing the step S204; if the check code is not equal to the verification code, step S207 is executed.
And step S204, calculating the sliding track calculation result and the check code to obtain a verification calculation result.
And under the condition that the check code is judged to be equal to the verification code in the step S203, calculating the sliding track calculation result and the check code to obtain a verification calculation result. Specifically, the sliding track operation result and the check code can be operated by using a hash algorithm to obtain a verification operation result. After the result of the verification operation is obtained, the account identity may be subsequently authenticated according to the result of the verification operation to obtain an authentication result, which may be specifically implemented in steps S205 to S207.
Step S205, judging whether the verification operation result is less than or equal to a preset target result; if yes, go to step S206; if not, go to step S207.
If the result of the verification operation is less than or equal to the preset target result, executing step S206; if the result of the verification operation is greater than the predetermined target result, step S207 is executed. The preset target result can be set by those skilled in the art according to actual needs, and is not limited herein.
Step S206, an authentication result of successful authentication is obtained.
And obtaining an authentication result of successful authentication under the condition that the obtained verification operation result is judged to be less than or equal to the preset target result.
Step S207, an authentication result of the authentication failure is obtained.
And obtaining an authentication result of authentication failure under the condition that the obtained check code is not equal to the verification code and the condition that the obtained verification operation result is larger than a preset target result.
Step S208, the authentication result is sent to the client.
After the authentication result is obtained, the authentication result is sent to the client, so that the user at the client side can know whether the authentication is successful or not according to the authentication result.
According to the identity authentication method based on the workload certification, provided by the embodiment of the invention, after the client successfully logs in the account, the server only authenticates the suspicious account, so that the authentication workload is effectively reduced; and the server can realize effective authentication of the account number identity through multi-level authentication of the check code and the sliding track operation result, and only when the check code and the sliding track operation result pass authentication, the authentication can be successful, so that the cost of malicious attack of the client is effectively improved, the malicious attack initiated by using the stolen account number and password without cost is prevented, the difficulty of the malicious attack is increased, and the server stability is favorably maintained.
Fig. 3 shows a flowchart of an embodiment of the workload certification authentication method provided by the present invention, and as shown in fig. 3, the method is executed on the client side, and the method includes the following steps:
step S300, receiving a sliding workload certification request sent by the server.
After confirming that the client successfully logs in the account, the server sends a sliding workload certification request to the client, and then in step S300, receives the sliding workload certification request sent by the server.
Step S301, obtaining the sliding track input by the user according to the sliding workload certification request.
After receiving the sliding workload certification request, a sliding window may be displayed to a user at the client side, where the sliding window includes indication information that requires the user to perform a sliding operation, and the user may perform the sliding operation in the sliding window according to the indication information, and then the client obtains a sliding track input by the user in the sliding window. The sliding track may be a series of coordinates corresponding to the sliding operation. For example, a sliding curve is displayed in the sliding window, when the client is a computer or other device, the user can perform a sliding operation on the screen of the client along the sliding curve in the displayed sliding window by using the mouse, and when the mouse of the user no longer slides, the user input is indicated to be finished; when the screen of the client is a touch screen, the user can perform a sliding operation on the touch screen of the client along the sliding curve in the displayed sliding window by using a finger or a touch pen, and the user input is indicated to be ended when the finger or the touch pen of the user does not slide any more.
Step S302, the sliding track is operated to obtain the sliding track operation result.
After the sliding track is obtained, the sliding track can be operated by using a Hash algorithm to obtain a sliding track operation result.
Step S303, the sliding trajectory calculation result is sent to the server.
Optionally, the sliding workload certification request may include an authentication code, and then the sliding trajectory calculation result is sent to the server, and at the same time, a check code is also sent to the server. The client side takes the verification code in the sliding workload certification request received from the server as a check code, and then sends the sliding track operation result and the check code to the server, so that the server can authenticate the account identity according to the sliding track operation result and the check code.
Optionally, after sending the sliding trajectory operation result to the server, the method may further include: and receiving the authentication result sent by the server. After the server obtains the authentication result, the server sends the authentication result to the client, and the client receives the authentication result sent by the server, so that a user at the client side can know whether the authentication is successful or not according to the authentication result.
According to the workload certification authentication method provided by the embodiment, a sliding workload certification request sent by a server is received, then a sliding track input by a user is obtained according to the sliding workload certification request, the sliding track is calculated to obtain a sliding track calculation result, and the sliding track calculation result is sent to the server. According to the technical scheme provided by the invention, after the account is successfully logged in, the user can conveniently authenticate only by a sliding operation mode without inputting authentication characters, numbers or letters, so that the authentication efficiency is higher, the cost for carrying out malicious attack is effectively improved, the authentication by using a machine is also effectively prevented, and the safety is improved.
Fig. 4 shows a block diagram of a first embodiment of the server provided in the present invention, and as shown in fig. 4, the server 400 includes: a first transmitting module 410, a first receiving module 420, and an authentication module 430.
The first sending module 410 is configured to: and after the client is confirmed to successfully log in the account, sending a sliding workload certification request to the client.
In order to further authenticate the account identity and prevent a hacker from initiating malicious attack without cost by using a stolen account and password, after the client is confirmed to successfully log in the account, the first sending module 410 needs to send a sliding workload certification request to the client, the client receives the sliding workload certification request sent by the first sending module 410 and displays a sliding window to a user at the client side according to the sliding workload certification request, the user can perform sliding operation in the sliding window, the client acquires a sliding track input by the user in the sliding window, then performs operation on the sliding track to obtain a sliding track operation result, and then sends the sliding track operation result to the server.
The first receiving module 420 is configured to: and receiving a sliding track operation result sent by the client.
The authentication module 430 is configured to: and authenticating the account identity according to the sliding track operation result to obtain an authentication result.
The authentication module 430 authenticates the account identity according to the sliding track operation result, so as to obtain an authentication result of successful authentication or failed authentication.
According to the server provided by the embodiment, after the client successfully logs in the account, the server can effectively authenticate the account identity according to the sliding track operation result sent by the client, so that the cost of malicious attack on the client is effectively increased, the malicious attack initiated by the stolen account and password without cost is prevented, the difficulty of the malicious attack is increased, and the server is favorable for maintaining the stability of the server.
Fig. 5 shows a block diagram of a second embodiment of the server provided in the present invention, and as shown in fig. 5, the server 500 includes: a judging module 510, a first transmitting module 520, a first receiving module 530 and an authenticating module 540.
The determining module 510 is configured to: after the client is confirmed to successfully log in the account, whether the account information corresponding to the client meets the preset authentication condition is judged.
The invention can only require the sliding workload certification for the suspicious account, and particularly can judge whether the account is the suspicious account by judging whether the account information corresponding to the client meets the preset authentication condition. If the determining module 510 determines that the account information corresponding to the client meets the preset authentication condition, which indicates that the account corresponding to the client is a suspicious account, triggering the first sending module 520; if the determining module 510 determines that the account information corresponding to the client does not satisfy the preset authentication condition, which indicates that the account corresponding to the client is not a suspicious account, the account does not need to require a sliding workload certification. The preset authentication condition may include: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the account number is not logged in for more than a preset time interval.
The first sending module 520 is configured to: if the determining module 510 determines that the obtained account information meets the preset authentication condition, a sliding workload certification request is sent to the client. The sliding workload certification request comprises an identifying code which is a random number effective for a single time, so that replay attack can be effectively resisted, and the identifying code is prevented from being repeatedly used.
The client receives the sliding workload certification request sent by the first sending module 520, displays a sliding window to a user at the client side according to the sliding workload certification request, the user can perform sliding operation in the sliding window, the client obtains a sliding track input by the user in the sliding window, then performs operation on the sliding track to obtain a sliding track operation result, takes a verification code received in the sliding workload certification request as a check code, and then sends the sliding track operation result and the check code to the server.
The first receiving module 530 is configured to: and receiving a sliding track operation result and a check code sent by the client.
The authentication module 540 is used to: and authenticating the account identity according to the sliding track operation result and the check code to obtain an authentication result.
Specifically, the authentication module 540 may include: a determination unit 541, a result generation unit 542, an arithmetic unit 543, and an authentication unit 544.
The judgment unit 541 is configured to: and judging whether the check code is equal to the verification code.
The result generation unit 542 is configured to: if the determination unit 541 determines that the obtained check code is not equal to the verification code, an authentication result of authentication failure is obtained.
The arithmetic unit 543 is configured to: if the determination unit 541 determines that the obtained check code is equal to the verification code, the sliding track operation result and the check code are operated to obtain a verification operation result.
Optionally, the operation unit 543 is further configured to: and calculating the sliding track calculation result and the check code by utilizing a Hash algorithm to obtain a verification calculation result.
The authentication unit 544 is configured to: and according to the verification operation result, authenticating the account identity to obtain an authentication result.
Specifically, the authentication unit 544 is further configured to: and judging whether the verification operation result is less than or equal to a preset target result. In this case, the result generation unit 542 is further configured to: if the authentication unit 544 determines that the obtained verification operation result is less than or equal to the preset target result, an authentication result of successful authentication is obtained; if the authentication unit 544 determines that the obtained verification operation result is greater than the preset target result, an authentication result of authentication failure is obtained.
The first sending module 530 is further configured to: and sending the authentication result to the client.
According to the server provided by the embodiment, after the client successfully logs in the account, only the suspicious account is authenticated, so that the authentication workload is effectively reduced; and the effective authentication of the account number identity can be realized through multi-level authentication of the check code and the sliding track operation result, the authentication can be successful only when the check code and the sliding track operation result pass the authentication, the cost of malicious attack of the client is effectively improved, the malicious attack initiated by the stolen account number and password without cost is prevented, the difficulty of the malicious attack is increased, and the server stability is favorably maintained.
Fig. 6 shows a block diagram of an embodiment of the client provided in the present invention, and as shown in fig. 6, the client 600 includes: a second receiving module 610, a processing module 620, an operation module 630 and a second sending module 640.
The second receiving module 610 is configured to: and receiving a sliding workload certification request sent by the server.
After confirming that the client successfully logs in the account, the server sends a sliding workload certification request to the client 600, and then the second receiving module 610 receives the sliding workload certification request sent by the server. The sliding workload certification request may include a verification code, which may be a random number valid for a single time.
The processing module 620 is configured to: and acquiring a sliding track input by a user according to the sliding workload certification request.
Optionally, the processing module 620 is further configured to: displaying a sliding window according to the sliding workload certification request; and acquiring a sliding track input in the sliding window by the user. The sliding track may be a series of coordinates corresponding to the sliding operation.
The operation module 630 is configured to: and calculating the sliding track to obtain a sliding track calculation result.
Optionally, the operation module 630 is further configured to: and calculating the sliding track by utilizing a Hash algorithm to obtain a sliding track calculation result.
The second sending module 640 is configured to: and sending the sliding track operation result and the check code to the server.
The client 600 uses the verification code in the sliding workload certification request received from the server as the check code, and the second sending module 640 sends the sliding track operation result and the check code to the server, so that the server authenticates the account identity according to the sliding track operation result and the check code.
The second receiving module 610 is further configured to: and receiving the authentication result sent by the server.
According to the client provided by the embodiment of the invention, after the user successfully logs in the account, the user can conveniently authenticate only by a sliding operation mode without inputting authentication characters, numbers or letters, so that the client has higher authentication efficiency, effectively improves the cost of malicious attack, effectively prevents the authentication by using a machine, and improves the safety.
Fig. 7 is a block diagram illustrating a structure of an embodiment of the identity authentication system based on workload certification provided by the present invention, and as shown in fig. 7, the identity authentication system 700 based on workload certification includes: a server 500 and a client 600. The server 500 is a second server embodiment provided by the present invention, and the client 600 is a client embodiment provided by the present invention. By using the identity authentication system based on the workload certification, the server can effectively authenticate the identity of the account according to the sliding track operation result and the check code after the client successfully logs in the account, so that the cost of malicious attack of the client is effectively increased, the malicious attack initiated by using the stolen account and password without cost is prevented, the difficulty of the malicious attack is increased, and the stability of the server is favorably maintained.
The invention also provides a nonvolatile computer storage medium, and the computer storage medium stores at least one executable instruction which can execute the identity authentication method based on the workload certification in any method embodiment.
Fig. 8 is a schematic structural diagram of an embodiment of a computing device provided in the present invention, and a specific embodiment of the present invention does not limit a specific implementation of the computing device.
As shown in fig. 8, the computing device may include: a processor (processor)802, a Communications Interface 804, a memory 806, and a communication bus 808.
Wherein:
the processor 802, communication interface 804, and memory 806 communicate with one another via a communication bus 808.
A communication interface 804 for communicating with network elements of other devices, such as clients or other servers.
The processor 802, configured to execute the program 810, may specifically perform relevant steps in the above-described workload based authentication method embodiment.
In particular, the program 810 may include program code comprising computer operating instructions.
The processor 802 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
The memory 806 stores a program 810. The memory 806 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 810 may be specifically configured to cause the processor 802 to perform the method of workload based certification of identity authentication in any of the method embodiments described above. For specific implementation of each step in the program 810, reference may be made to corresponding steps and corresponding descriptions in units in the above-mentioned workload-based authentication embodiment, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The invention also provides a nonvolatile computer storage medium, wherein the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the workload certification authentication method in any method embodiment.
The present invention also provides a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus; the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the workload certification authentication method. The schematic structure of the computing device is the same as that of the computing device shown in fig. 8, and is not repeated here.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (31)

1. A workload based attestation identity authentication method, the method being performed on a server side, comprising:
after confirming that the client successfully logs in the account, judging whether account information corresponding to the client meets a preset authentication condition; wherein the preset authentication condition comprises: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the time that the account number is not logged in exceeds a preset time interval;
if the account information meets the preset authentication condition, sending a sliding workload certification request to the client;
receiving a sliding track operation result sent by the client;
according to the sliding track operation result, authenticating the account identity to obtain an authentication result;
the sliding track operation result is obtained by operating a sliding track, and the sliding track is a series of coordinates corresponding to the sliding operation of the user along the sliding curve.
2. The workload certificate based identity authentication method according to claim 1, wherein the sliding workload certificate request comprises a verification code;
while receiving a sliding track operation result sent by the client, the method further comprises: and receiving the check code sent by the client.
3. The workload certificate-based identity authentication method according to claim 2, wherein the authenticating an account identity according to the result of the sliding trajectory operation to obtain an authentication result further comprises:
judging whether the check code is equal to the verification code or not;
and if the verification code is judged to be not equal to the verification code, obtaining an authentication result of authentication failure.
4. The method of workload-attestation based identity authentication according to claim 3, the method further comprising:
if the check code is judged to be equal to the verification code, calculating the sliding track calculation result and the check code to obtain a verification calculation result; and according to the verification operation result, authenticating the account identity to obtain an authentication result.
5. The workload certificate-based identity authentication method according to claim 4, wherein the authenticating an account identity according to the result of the verification operation further comprises:
judging whether the verification operation result is less than or equal to a preset target result or not;
if so, obtaining an authentication result of successful authentication; if not, the authentication result of authentication failure is obtained.
6. The workload certificate-based identity authentication method according to claim 4, wherein the operation of the sliding track operation result and the check code to obtain the verification operation result further comprises:
and calculating the sliding track calculation result and the check code by utilizing a Hash algorithm to obtain a verification calculation result.
7. The method of workload-based attestation of identity authentication of claim 2, wherein the verification code is a single-time valid random number.
8. A method of workload-certification based identity authentication according to any one of claims 1 to 7, wherein after obtaining the authentication result, the method further comprises:
and sending the authentication result to the client.
9. A workload attestation authentication method, the method performed at a client side, comprising:
if the server judges that the account information corresponding to the client meets the preset authentication condition, receiving a sliding workload certification request sent by the server; wherein the preset authentication condition comprises: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the time that the account number is not logged in exceeds a preset time interval;
acquiring a sliding track input by a user according to the sliding workload certification request;
calculating the sliding track to obtain a sliding track calculation result;
sending the sliding track operation result to the server;
the sliding track is a series of coordinates corresponding to the sliding operation of the user along the sliding curve.
10. The workload certification method according to claim 9, wherein the sliding workload certification request includes a verification code;
while sending the sliding track operation result to the server, the method further comprises: and sending a check code to the server.
11. The workload certification method according to claim 9, wherein the obtaining of the sliding trajectory input by the user according to the sliding workload certification request further comprises:
displaying a sliding window according to the sliding workload certification request;
and acquiring a sliding track input in the sliding window by the user.
12. The workload certification authentication method according to claim 9, wherein the performing the operation on the sliding trajectory to obtain the sliding trajectory operation result further comprises:
and calculating the sliding track by utilizing a Hash algorithm to obtain a sliding track calculation result.
13. The workload certification authentication method according to any one of claims 9 to 12, wherein after the sending of the result of the sliding trajectory calculation to the server, the method further comprises:
and receiving an authentication result sent by the server.
14. A server, comprising:
the judging module is used for judging whether the account information corresponding to the client meets the preset authentication condition after the client is confirmed to successfully log in the account; wherein the preset authentication condition comprises: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the time that the account number is not logged in exceeds a preset time interval;
the first sending module is used for sending a sliding workload certification request to the client if the account information obtained by the judging module meets the preset authentication condition;
the first receiving module is used for receiving a sliding track operation result sent by the client;
the authentication module is used for authenticating the account identity according to the sliding track operation result to obtain an authentication result;
the sliding track operation result is obtained by operating a sliding track, and the sliding track is a series of coordinates corresponding to the sliding operation of the user along the sliding curve.
15. The server according to claim 14, wherein the sliding workload attestation request includes an authentication code;
the first receiving module is further configured to: and receiving a sliding track operation result sent by the client and receiving a check code sent by the client.
16. The server according to claim 15, wherein the authentication module comprises:
a judging unit, configured to judge whether the check code is equal to the verification code;
and the result generating unit is used for obtaining the authentication result of the authentication failure if the judging unit judges that the check code is not equal to the verification code.
17. The server according to claim 16, wherein the authentication module further comprises:
the operation unit is used for operating the sliding track operation result and the check code to obtain a verification operation result if the judgment unit judges that the check code is equal to the verification code;
and the authentication unit is used for authenticating the account identity according to the verification operation result to obtain an authentication result.
18. The server according to claim 17, wherein the authentication unit is further configured to: judging whether the verification operation result is less than or equal to a preset target result or not;
the result generation unit is further to: if the authentication unit judges that the obtained verification operation result is less than or equal to a preset target result, an authentication result of successful authentication is obtained; and if the authentication unit judges that the obtained verification operation result is larger than a preset target result, obtaining an authentication result of authentication failure.
19. The server according to claim 17, wherein the arithmetic unit is further configured to:
and calculating the sliding track calculation result and the check code by utilizing a Hash algorithm to obtain a verification calculation result.
20. The server according to claim 15, wherein the authentication code is a one-time valid random number.
21. The server according to any of claims 14-20, wherein the first sending module is further configured to:
and sending the authentication result to the client.
22. A client, comprising:
the second receiving module is used for receiving a sliding workload certification request sent by the server if the server judges that the account information corresponding to the client meets the preset authentication condition; wherein the preset authentication condition comprises: the account login corresponds to different region information; and/or the account number is different from the corresponding client; and/or the time that the account number is not logged in exceeds a preset time interval;
the processing module is used for acquiring a sliding track input by a user according to the sliding workload certification request;
the operation module is used for operating the sliding track to obtain a sliding track operation result;
the second sending module is used for sending the sliding track operation result to the server;
the sliding track is a series of coordinates corresponding to the sliding operation of the user along the sliding curve.
23. The client of claim 22, wherein the sliding workload attestation request includes an authentication code;
the second sending module is configured to: and sending a check code to the server while sending the sliding track operation result to the server.
24. The client of claim 22, wherein the processing module is further configured to:
displaying a sliding window according to the sliding workload certification request;
and acquiring a sliding track input in the sliding window by the user.
25. The client of claim 22, wherein the operation module is further configured to:
and calculating the sliding track by utilizing a Hash algorithm to obtain a sliding track calculation result.
26. The client of any one of claims 22-25, wherein the second receiving module is further configured to:
and receiving an authentication result sent by the server.
27. An identity authentication system based on workload certification, comprising: a server according to any of claims 14-21 and a client according to any of claims 22-26.
28. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the method for authenticating a workload-based credential as recited in any one of claims 1-8.
29. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the method of workload based authentication according to any one of claims 1-8.
30. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the workload certification method according to any one of claims 9 to 13.
31. A computer storage medium having stored therein at least one executable instruction that causes a processor to perform operations corresponding to the workload certification authentication method according to any one of claims 9 to 13.
CN201710993568.1A 2017-10-23 2017-10-23 Identity authentication method, server and system based on workload certification Active CN107786553B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710993568.1A CN107786553B (en) 2017-10-23 2017-10-23 Identity authentication method, server and system based on workload certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710993568.1A CN107786553B (en) 2017-10-23 2017-10-23 Identity authentication method, server and system based on workload certification

Publications (2)

Publication Number Publication Date
CN107786553A CN107786553A (en) 2018-03-09
CN107786553B true CN107786553B (en) 2020-09-29

Family

ID=61435042

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710993568.1A Active CN107786553B (en) 2017-10-23 2017-10-23 Identity authentication method, server and system based on workload certification

Country Status (1)

Country Link
CN (1) CN107786553B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855603B (en) * 2018-12-24 2021-11-09 互联网域名系统北京市工程研究中心有限公司 Method for preventing DoS attack based on block chain technology
CN109905395B (en) * 2019-03-07 2021-09-07 武汉斗鱼鱼乐网络科技有限公司 Method and related device for verifying credibility of client

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651541A (en) * 2008-08-14 2010-02-17 中华电信股份有限公司 System and method for authentication of network user
CN101854496A (en) * 2010-04-28 2010-10-06 青岛海信电器股份有限公司 Television set and control method and remote controller thereof
CN102880328B (en) * 2011-07-12 2015-11-04 中国移动通信有限公司 The defining method of click on area and device in a kind of touch-screen
CN102929503B (en) * 2012-10-30 2016-03-30 华为终端有限公司 The method of select File and terminal
US9202038B1 (en) * 2013-04-08 2015-12-01 Amazon Technologies, Inc. Risk based authentication
CN104660555B (en) * 2013-11-19 2019-05-03 腾讯科技(深圳)有限公司 A kind of confirmation processing method, relevant apparatus and system
CN104023029A (en) * 2014-06-19 2014-09-03 百度在线网络技术(北京)有限公司 Method and device for verifying verification codes
US9306940B2 (en) * 2014-09-08 2016-04-05 Square, Inc. Mitigating risk of account enumeration
CN104239761B (en) * 2014-09-15 2017-06-27 西安交通大学 The identity for sliding behavioural characteristic based on touch screen continues authentication method
CN104320262B (en) * 2014-11-05 2017-07-21 中国科学院合肥物质科学研究院 The method and system of client public key address binding, retrieval and the verification of account book technology are disclosed based on encryption digital cash
CN104618348B (en) * 2015-01-12 2019-10-22 中国科学院信息工程研究所 A kind of method of adversary procedure automation batch illegal act
CN105681351B (en) * 2016-03-21 2019-10-18 江苏通付盾科技有限公司 Verification method and system, user equipment, server based on interactive operation
CN106066959B (en) * 2016-05-25 2019-04-30 北京比邻弘科科技有限公司 A kind of method and device of bot access detection
CN106878318B (en) * 2017-03-03 2020-01-07 上海唯链信息科技有限公司 Block chain real-time polling cloud system

Also Published As

Publication number Publication date
CN107786553A (en) 2018-03-09

Similar Documents

Publication Publication Date Title
US11716324B2 (en) Systems and methods for location-based authentication
JP6585301B2 (en) Dynamic update of CAPTCHA challenge
US9059985B1 (en) Methods for fraud detection
JP6349579B2 (en) Conditional login promotion
JP5904616B2 (en) Secure user authentication and certification against remote servers
EP3378214B1 (en) Controlling access to online resources using device validations
US11310232B2 (en) Network identity authentication method and system, and user agent device used thereby
US20160078219A1 (en) Authentication using proof of work and possession
EP4002761A1 (en) Out-of-band remote authentication
KR20160006185A (en) Two factor authentication
US9747434B1 (en) Authenticating with an external device by providing a message having message fields arranged in a particular message field order
US9485255B1 (en) Authentication using remote device locking
WO2015010568A1 (en) Method,apparatus and server for identity authentication
CN107786553B (en) Identity authentication method, server and system based on workload certification
US20130185780A1 (en) Computer implemented method and system for generating a one time password
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN109428869B (en) Phishing attack defense method and authorization server
CN113746785B (en) Mailbox login and processing method, system and device
EP3036674B1 (en) Proof of possession for web browser cookie based security tokens
CN113935008A (en) User authentication method, device, electronic equipment and computer readable storage medium
US11042629B2 (en) Preventing malicious lockout of user accounts
US10277584B2 (en) Verification request
US11962580B2 (en) Browser extensionless phish-proof multi-factor authentication (MFA)
CN113806810A (en) Authentication method, authentication system, computing device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200831

Address after: 4f, building C2, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province, 215000

Applicant after: JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd.

Applicant after: Jiangsu tongfudun blockchain Technology Co., Ltd

Address before: Suzhou City, Jiangsu province 215021 East Road, Suzhou Industrial Park, No. 88 Suzhou 2.5 Industrial Park C2 building room 3F-301

Applicant before: JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant