CN107872439A - A kind of personal identification method, apparatus and system - Google Patents

A kind of personal identification method, apparatus and system Download PDF

Info

Publication number
CN107872439A
CN107872439A CN201610859898.7A CN201610859898A CN107872439A CN 107872439 A CN107872439 A CN 107872439A CN 201610859898 A CN201610859898 A CN 201610859898A CN 107872439 A CN107872439 A CN 107872439A
Authority
CN
China
Prior art keywords
operation requests
requests
grade
user
malicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610859898.7A
Other languages
Chinese (zh)
Other versions
CN107872439B (en
Inventor
张小龙
胡境彬
袁丽娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610859898.7A priority Critical patent/CN107872439B/en
Publication of CN107872439A publication Critical patent/CN107872439A/en
Application granted granted Critical
Publication of CN107872439B publication Critical patent/CN107872439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Abstract

The invention discloses a kind of personal identification method, the personal identification method includes receiving the operation requests that user terminal is sent, the identity that the operation requests generate using browser feature;Obtain operation data corresponding to the identity;And determine whether the operation requests are malicious requests according to the operation data, and operated and responded according to corresponding to the determination result to the user terminal return operation requests.The present invention also provides a kind of identity recognition device and system.The identity and the operation data according to corresponding to operation mark that personal identification method provided by the invention, apparatus and system are generated using browser feature automatically carry out identification, safe, and without manually operated, Consumer's Experience is good.

Description

A kind of personal identification method, apparatus and system
Technical field
The present invention relates to a kind of Internet technical field, more particularly to a kind of personal identification method, apparatus and system.
Background technology
With the development of Internet technology, perfect, the big portion of browser and server (Browser/Server, BS) framework The mode that subnetting station all employs browser end loading is run, and criminal is refreshed using malice, data falsification is submitted automatically etc. Mode realizes its illegal purpose, and web portal security side is badly in need of that one kind can prevent criminal's malice from refreshing, data falsification enters The ability of row infiltration.
Existing webpage identity recognizing technology mainly sets state to realize the authentication of user, lead to by cookie Cross and issue identifying code to realize the operation demonstration of user, security is low, and Consumer's Experience is bad.
The content of the invention
In view of this, the present invention provides a kind of personal identification method, apparatus and system, and safe, Consumer's Experience is good.
The embodiments of the invention provide a kind of personal identification method, including receive the operation requests that user terminal is sent, institute State the identity that operation requests generate using browser feature;Obtain operation data corresponding to the identity;With And determine whether the operation requests are malicious requests according to the operation data, and determine result to the user according to described Terminal returns to operation response corresponding to the operation requests.
The embodiment of the present invention additionally provides a kind of personal identification method, the personal identification method be applied to user terminal with Between server, methods described includes the user terminal and sends operation requests to server, the operation requests using The identity of browser feature generation;The server obtains operation data corresponding to the identity, with according to Operation data determines whether the operation requests are malicious requests, and returns to institute to the user terminal according to the determination result State operation response corresponding to operation requests.
The embodiment of the present invention additionally provides a kind of identity recognition device, applied to server, the identity recognition device bag Include receiving module, acquisition module, judge module and respond module;The receiving module is used for the behaviour for receiving user terminal transmission Ask, the identity that the operation requests generate using browser feature;The acquisition module is described for obtaining Operation data corresponding to identity;And the judge module is used to determine that the operation requests are according to the operation data No is malicious requests;The respond module is used to return to the operation requests pair to the user terminal according to the determination result The operation response answered.
The embodiment of the present invention additionally provides a kind of identification system, and the identification system includes user terminal and clothes Business device;The user terminal is used to send operation requests to server, and the operation requests are using the generation of browser feature Identity;The server is used to receive the operation requests, and obtains operation data corresponding to the identity, with It is whole to the user according to the determination result after determining whether the operation requests are malicious requests according to the operation data End returns to operation response corresponding to the operation requests.
The identity and basis of personal identification method provided by the invention, apparatus and system using the generation of browser feature Operation data corresponding to operation mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good.
For the above and other objects, features and advantages of the present invention can be become apparent, preferred embodiment cited below particularly, And coordinate institute's accompanying drawings, it is described in detail below.
Brief description of the drawings
Fig. 1 is the personal identification method of one embodiment of the invention offer, the applied environment figure of apparatus and system;
Fig. 2 shows a kind of structured flowchart of server;
Fig. 3 is the flow chart for the personal identification method that first embodiment of the invention provides;
Fig. 4 is the flow chart for the personal identification method that second embodiment of the invention provides;
Fig. 5 is the flow chart for the personal identification method that third embodiment of the invention provides;
Fig. 6 is the structure chart for the identity recognition device that fourth embodiment of the invention provides;
Fig. 7 is the structure chart for the identification system that fifth embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
Personal identification method that various embodiments of the present invention are provided, apparatus and system, can be applied to application as shown in Figure 1 In environment, web page access or instant messaging etc. are realized.As shown in figure 1, user terminal 100 is located at wireless network with server 200 In network or cable network, by the wireless network or cable network, user terminal 100 interacts with server 200.
Wherein, user terminal 100 can include PC (Personal Computer, personal computer), all-in-one, knee The computer terminals such as mo(u)ld top half pocket computer, car-mounted terminal, and smart mobile phone, tablet personal computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard sound Frequency aspect 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard Audio aspect 4) mobile terminal device such as player.
Fig. 2 shows a kind of structured flowchart of server.Structure shown in Fig. 2 is applicable to server 200, such as Fig. 2 institutes Show, server includes:Memory 301, processor 302 and mixed-media network modules mixed-media 303.
It is appreciated that the structure shown in Fig. 2 is only to illustrate, server may also include more more or less than shown in Fig. 2 Component, or there is the configuration different from shown in Fig. 2.Each component shown in Fig. 2 can use hardware, software or its combination Realize.In addition, the server in the embodiment of the present invention can also include the server of multiple specific difference in functionalitys.
Memory 301 can be used for storage software program and module, such as the personal identification method in the embodiment of the present invention, dress Put and system corresponding to programmed instruction/module, processor 302 by operation be stored in software program in memory 301 and Module, so as to perform various function application and data processing, that is, realize the personal identification method in the embodiment of the present invention.Storage Device 301 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage device, Flash memory or other non-volatile solid state memories.In some instances, memory 301 can further comprise relative to processing The remotely located memory of device 302, these remote memories can pass through network connection to server.Further, it is above-mentioned soft Part program and module may also include:Operating system 321 and service module 322.Wherein operating system 321, such as can be LINUX, UNIX, WINDOWS, its may include it is various be used for management system task (such as memory management, storage device control, electricity Source control etc.) component software and/or driving, and can mutually be communicated with various hardware or component software, it is soft so as to provide other The running environment of part component.Service module 322 is operated on the basis of operating system 321, and passes through the network of operating system 321 The request for carrying out automatic network is monitored in service, completes corresponding data processing according to request, and return to result to client.Also It is to say, service module 322 is used to provide network service to client.
Mixed-media network modules mixed-media 303 is used to receiving and sending network signal.Above-mentioned network signal may include wireless signal or have Line signal.In an example, above-mentioned network signal is cable network signal.Now, mixed-media network modules mixed-media 303 may include processor, The elements such as random access memory, converter, crystal oscillator.
First embodiment
Fig. 3 is the flow chart for the personal identification method that first embodiment of the invention provides.The present embodiment is logical for server 200 Cross the personal identification method performed by network.As shown in figure 3, the personal identification method of the present embodiment may include following steps:
Step S31:Receive the operation requests that user terminal is sent, the body that operation requests generate using browser feature Part mark;
Wherein, operation requests can be, but not limited to include web access requests, account logging request etc..
Wherein, browser feature can be, but not limited to include the running environment of browser attribute in itself and/or browser.
Preferably, browser feature includes browser attribute in itself and the running environment of browser this at least two dimension Data, to improve the accuracy of identity.
Specifically, the attribute of browser in itself can be, but not limited to include the kernel of browser, browser version, browse Language that plug-in unit, the browser of device use, whether can follow the trail of (navigator.doNotTrack) etc..The operation of browser Environment can be, but not limited to include operating system used in user terminal, CPU type, screen resolution, screen side To, screen palette matching depth etc..
Step S32:Obtain operation data corresponding to identity;And
Wherein, operation data can be, but not limited to include the interaction data of user and the page, the running environment of current page At least one of in.
Preferably, operation data include user and the page interaction data and current page running environment this at least two The data of dimension, more accurately to carry out identification.
Specifically, the interaction data of user and the page can be, but not limited to include mouse track, mouse click action and when Between, keyboard tap the frequency, touch or slide the screen frequency at least one of.
Specifically, the running environment of current page can be, but not limited to include whether to install plug-in unit, url (Uniform Resoure Locator:Uniform resource locator) address, Referer addresses (also referred to as page source address), operating system At least one of in version.
Step S33:Determine whether operation requests are malicious requests according to operation data, and it is whole to user according to determination result End returns to operation response corresponding to operation requests.
Personal identification method provided in an embodiment of the present invention utilizes the identity of browser feature generation and according to operation Operation data corresponding to mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good.
Second embodiment
Fig. 4 is the flow chart for the personal identification method that second embodiment of the invention provides.The present embodiment is logical for server 200 Cross the personal identification method performed by network.As shown in figure 4, the personal identification method of the present embodiment may include following steps:
Step S41:Receive the operation requests that user terminal is sent, the body that operation requests generate using browser feature Part mark;
Wherein, operation requests can be, but not limited to include web access requests, account logging request etc..
Wherein, browser feature can be, but not limited to include the running environment of browser attribute in itself and/or browser.
Preferably, browser feature includes browser attribute in itself and the running environment of browser this at least two dimension Data, to improve the accuracy of identity.
Specifically, the attribute of browser in itself can be, but not limited to include the kernel of browser, browser version, browse Language that plug-in unit, the browser of device use, whether can follow the trail of (navigator.doNotTrack) etc..The operation of browser Environment can be, but not limited to include operating system used in user terminal, CPU type, screen resolution, screen side To, screen palette matching depth etc..
Step S42:Obtain operation data corresponding to identity;
Wherein, operation data can be, but not limited to include the interaction data of user and the page, the running environment of current page At least one of in.
Preferably, operation data include user and the page interaction data and current page running environment this at least two The data of dimension, more accurately to carry out identification.
Specifically, the interaction data of user and the page can be, but not limited to include mouse track, mouse click action and when Between, keyboard tap the frequency, touch or slide the screen frequency at least one of.
Specifically, the running environment of current page can be, but not limited to include whether to install plug-in unit, url (Uniform Resoure Locator:Uniform resource locator) address, Referer addresses (being also page source address), operating system version At least one of in this.
Step S43:The grade of operation requests is confirmed according to the type of operation requests;
Specifically, such as the grade of operation requests can be divided into three-level, if operation requests are logged on asking, pay and ask Ask etc., then grade is three-level, if operation requests is delete account, change account information etc., grade is two level, if Operation requests is send request, mark request etc., then grade is one-level.
Step S44:The grade of user is confirmed according to operation data;
Specifically, with the running environment of interaction data of the operation data including user and the page, current page, user and page The interaction data in face includes mouse track, keyboard taps the frequency, and the running environment of current page is included whether exemplified by installing plug-in unit, If the frequency that the track of mouse does not include submitting button, keyboard taps is less than threshold values in preset time, and does not install plug-in unit then The grade for confirming user is one-level, if the track of mouse does not include submitting button or the frequency of keyboard percussion is small in preset time In threshold values or plug-in unit is not installed, then the grade of user is two level, if the track of mouse includes the frequency for submitting button, keyboard taps It is not less than threshold values in preset time, and is mounted with plug-in unit, then the grade of user is three-level.Certain those skilled in the art can It is above-mentioned to be used only for for example, not for limiting the invention with understanding.
Step S45:Judge whether the grade of user is less than the grade of operation requests;
If the grade of user is less than the grade of operation requests, into step S46:It is malicious requests to determine operation requests;
Step S47:Refuse operation requests;
If the grade of user is not less than the grade of operation requests, into step S48:Determine that operation requests please for non-malicious Ask;
Step S49:Corresponding request data is returned to, to respond operation requests.
Personal identification method provided in an embodiment of the present invention utilizes the identity of browser feature generation and according to operation Operation data corresponding to mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good, and enters Grade distinguishing is carried out to one step to operation requests and user, can be more so as to which operation response can be carried out according to the type of operation requests Further improve Consumer's Experience.
3rd embodiment
Fig. 5 is the flow chart for the personal identification method that third embodiment of the invention provides.The present embodiment is user terminal 100 Pass through the personal identification method performed by network between server 200.As shown in figure 5, the personal identification method of the present embodiment It may include following steps:
Step S51:User terminal sends operation requests to server, operation requests and generated using browser feature Identity;
Wherein, operation requests can be, but not limited to include web access requests, account logging request etc..
Wherein, browser feature can be, but not limited to include the running environment of browser attribute in itself and/or browser.
Preferably, browser feature includes browser attribute in itself and the running environment of browser this at least two dimension Data, to improve the accuracy of identity.
Specifically, the attribute of browser in itself can be, but not limited to include the kernel of browser, browser version, browse Language that plug-in unit, the browser of device use, whether can follow the trail of (navigator.doNotTrack) etc..The operation of browser Environment can be, but not limited to include operating system used in user terminal, CPU type, screen resolution, screen side To, screen palette matching depth etc..
Step S52:Server obtains operation data corresponding to identity, to determine that operation requests are according to operation data No is malicious requests, and operates and respond according to corresponding to determining result to user terminal return operation requests.
Wherein, operation data can be, but not limited to include the interaction data of user and the page, the running environment of current page At least one of in.
Preferably, operation data include user and the page interaction data and current page running environment this at least two The data of dimension, more accurately to carry out identification.
Specifically, the interaction data of user and the page can be, but not limited to include mouse track, mouse click action and when Between, keyboard tap the frequency, touch or slide the screen frequency at least one of.
Specifically, the running environment of current page can be, but not limited to include whether to install plug-in unit, url (Uniform Resoure Locator:Uniform resource locator) address, Referer addresses (being also page source address), operating system version At least one of in this.
Personal identification method provided in an embodiment of the present invention utilizes the identity of browser feature generation and according to operation Operation data corresponding to mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good.
Fourth embodiment
Fig. 6 is the structure chart for the identity recognition device that fourth embodiment of the invention provides.The embodiment of the present invention as shown in Figure 6 The identity recognition device 60 of offer includes receiving module 601, acquisition module 602, judge module 603 and respond module 604.
Wherein, receiving module 601 is used for the operation requests for receiving user terminal transmission, and operation requests are using browser The identity of feature generation.
Wherein, operation requests can be, but not limited to include web access requests, account logging request etc..
Wherein, browser feature can be, but not limited to include the running environment of browser attribute in itself and/or browser.
Preferably, browser feature includes browser attribute in itself and the running environment of browser this at least two dimension Data, to improve the accuracy of identity.
Specifically, the attribute of browser in itself can be, but not limited to include the kernel of browser, browser version, browse Language that plug-in unit, the browser of device use, whether can follow the trail of (navigator.doNotTrack) etc..The operation of browser Environment can be, but not limited to include operating system used in user terminal, CPU type, screen resolution, screen side To, screen palette matching depth etc..
Wherein, acquisition module 602 is used to obtain operation data corresponding to identity.
Wherein, operation data can be, but not limited to include the interaction data of user and the page, the running environment of current page At least one of in.
Preferably, operation data include user and the page interaction data and current page running environment this at least two The data of dimension, more accurately to carry out identification.
Specifically, the interaction data of user and the page can be, but not limited to include mouse track, mouse click action and when Between, keyboard tap the frequency, touch or slide the screen frequency at least one of.
Specifically, the running environment of current page can be, but not limited to include whether to install plug-in unit, url (Uniform Resoure Locator:Uniform resource locator) address, Referer addresses (being also page source address), operating system version At least one of in this.
Judge module 603 is used to determine whether operation requests are malicious requests according to operation data.
Specifically, judge module 603 includes operation requests grade confirmation unit, user gradation confirmation unit, judging unit. Operation requests grade confirmation unit is used for the grade that operation requests are confirmed according to the type of operation requests;User gradation confirmation unit For confirming the grade of user according to operation data;The grade that judging unit is used in user determines when being less than the grade of operation requests Operation requests are malicious requests, and user grade be not less than operation requests grade, it is determined that operation requests are non-malicious Request.
Wherein, respond module 604 is used to operate according to corresponding to determining result to user terminal return operation requests and responded.
Identity recognition device provided in an embodiment of the present invention utilizes the identity of browser feature generation and according to operation Operation data corresponding to mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good.
5th embodiment
Fig. 7 is the structure chart for the identification system 70 that fifth embodiment of the invention provides.As shown in fig. 7, identification System 70 includes user terminal 700 and server 701.
Wherein, user terminal 700 is used to send operation requests to server 701, and operation requests are using browser spy Levy the identity of generation.Server 701 is used to receive operation requests, and obtains operation data corresponding to identity, with root After determining whether operation requests are malicious requests according to operation data, according to determining that result returns to operation requests to user terminal 700 Corresponding operation response.
Wherein, operation requests can be, but not limited to include web access requests, account logging request etc..
Wherein, browser feature can be, but not limited to include the running environment of browser attribute in itself and/or browser.
Preferably, browser feature includes browser attribute in itself and the running environment of browser this at least two dimension Data, to improve the accuracy of identity.
Specifically, the attribute of browser in itself can be, but not limited to include the kernel of browser, browser version, browse Language that plug-in unit, the browser of device use, whether can follow the trail of (navigator.doNotTrack) etc..The operation of browser Environment can be, but not limited to include operating system used in user terminal, CPU type, screen resolution, screen side To, screen palette matching depth etc..
Wherein, operation data can be, but not limited to include the interaction data of user and the page, the running environment of current page At least one of in.
Preferably, operation data include user and the page interaction data and current page running environment this at least two The data of dimension, more accurately to carry out identification.
Specifically, the interaction data of user and the page can be, but not limited to include mouse track, mouse click action and when Between, keyboard tap the frequency, touch or slide the screen frequency at least one of.
Specifically, the running environment of current page can be, but not limited to include whether to install plug-in unit, URL (Uniform Resoure Locator:Uniform resource locator) address, Referer addresses (being also page source address), operating system version At least one of in this.
Wherein, server 701 can be, but not limited to include certificate server 711 and response service end 721.Certificate server 711 may be referred to server shown in Fig. 2 with the concrete structure of response service end 721, will not be repeated here.
Respond service end 721 and receive operation requests, and send the identity to certificate server 711.
Certificate server 711 obtains operation data corresponding to identity, to determine that operation requests are according to operation data It is no be malicious requests after, return determine result to respond service end 721, with cause respond service end 721 according to determine result to User terminal 700 returns to operation response corresponding to operation requests.
Specifically, certificate server 711 confirms the grade of operation requests according to the type of operation requests, and according to identity mark Operation data corresponding to knowledge confirms the grade of user, when the grade of user is less than the grade of operation requests, determines operation requests For malicious requests, when the grade of user is not less than the grade of operation requests, determine that operation requests are asked for non-malicious.
Specifically, respond service end 721 and receive the confirmation result that certificate server 711 returns, and be non-in operation requests Corresponding request data is returned to during malicious requests to user terminal 700, to respond operation requests;It is malicious requests in operation requests When then refuse operation requests.
Identification system provided in an embodiment of the present invention, using browser feature generation identity and according to operation Operation data corresponding to mark automatically carries out identification, safe, and without manually operated, Consumer's Experience is good.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight Point explanation is all difference with other embodiment, between each embodiment identical similar part mutually referring to. For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is joined See the part explanation of embodiment of the method.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Nonexcludability includes, so that process, method, article or device including a series of elements not only will including those Element, but also the other element including being not expressly set out, or it is this process, method, article or device also to include Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Other identical element also be present in process, method, article or device including key element.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment To complete, can also by program come instruct correlation hardware complete, program can be stored in a kind of computer-readable storage In medium, storage medium mentioned above can be read-only storage, disk or CD etc..
More than, only it is presently preferred embodiments of the present invention, any formal limitation not is made to the present invention, although this Invention is disclosed above with preferred embodiment, but is not limited to the present invention, any person skilled in the art, Do not depart from the range of technical solution of the present invention, when the technology contents using the disclosure above make a little change or are modified to equivalent The equivalent embodiment of change, as long as being without departing from technical solution of the present invention content, the technical spirit according to the present invention is real to more than Any simple modification, equivalent change and modification that example is made is applied, in the range of still falling within technical solution of the present invention.

Claims (17)

  1. A kind of 1. personal identification method, it is characterised in that including:
    Receive the operation requests that user terminal is sent, the identity that the operation requests generate using browser feature;
    Obtain operation data corresponding to the identity;And
    Determine whether the operation requests are malicious requests according to the operation data, and determine result to the use according to described Family terminal returns to operation response corresponding to the operation requests.
  2. 2. personal identification method as claimed in claim 1, it is characterised in that the browser feature includes browser in itself The running environment of attribute, browser.
  3. 3. personal identification method as claimed in claim 1 or 2, it is characterised in that the operation data includes user and the page Interaction data, the running environment of current page.
  4. 4. personal identification method as claimed in claim 3, it is characterised in that described that the behaviour is determined according to the operation data Asking the step of whether being malicious requests includes:
    The grade of the operation requests is confirmed according to the type of the operation requests;
    The grade of user is confirmed according to the operation data;
    Judge whether the grade of the user is less than the grade of the operation requests;
    If the grade of the user is less than the grade of the operation requests, it is determined that the operation requests are malicious requests;And
    If the grade of the user is not less than the grade of the operation requests, it is determined that the operation requests are asked for non-malicious.
  5. 5. personal identification method as claimed in claim 4, it is characterised in that determine result to the user terminal according to described The step of returning to operation response corresponding to the operation requests includes:
    If the operation requests are asked for non-malicious, corresponding request data is returned to, to respond the operation requests;And
    If the operation requests are malicious requests, refuse the operation requests.
  6. A kind of 6. personal identification method, it is characterised in that the personal identification method is applied between user terminal and server, Methods described includes:
    The user terminal sends operation requests to the server, the operation requests and generated using browser feature Identity;
    The server obtains operation data corresponding to the identity, to determine that the operation please according to the operation data No Seeking Truth is malicious requests, and is operated and rung according to corresponding to the determination result to the user terminal return operation requests Should.
  7. 7. personal identification method as claimed in claim 6, it is characterised in that the browser feature includes browser in itself The running environment of attribute, browser.
  8. 8. personal identification method as claimed in claims 6 or 7, it is characterised in that the operation data includes user and the page Interaction data, the running environment of current page.
  9. 9. personal identification method as claimed in claim 8, it is characterised in that described that the behaviour is determined according to the operation data Asking the step of whether being malicious requests includes:
    The grade of the operation requests is confirmed according to the type of the operation requests;
    The grade of user is confirmed according to the operation data;
    Judge whether the grade of the user is less than the grade of the operation requests;
    If the grade of the user is less than the grade of the operation requests, it is determined that the operation requests are malicious requests;And
    If the grade of the user is not less than the grade of the operation requests, it is determined that the operation requests are asked for non-malicious.
  10. 10. personal identification method as claimed in claim 9, it is characterised in that whole to the user according to the determination result End, which returns to the step of response is operated corresponding to the operation requests, to be included:
    If the operation requests are asked for non-malicious, corresponding request data is returned to the user terminal, with described in response Operation requests;And
    If the operation requests are malicious requests, refuse the operation requests.
  11. A kind of 11. identity recognition device, applied to server, it is characterised in that the identity recognition device include receiving module, Acquisition module, judge module and respond module;
    The receiving module is used for the operation requests for receiving user terminal transmission, and the operation requests are using browser feature The identity of generation;
    The acquisition module is used to obtain operation data corresponding to the identity;
    The judge module is used to determine whether the operation requests are malicious requests according to the operation data;And
    The respond module is used for the operation according to corresponding to the determination result to the user terminal return operation requests Response.
  12. 12. identity recognition device as claimed in claim 11, it is characterised in that the judge module includes operation requests grade Confirmation unit, user gradation confirmation unit, judging unit;
    The operation requests grade confirmation unit is used for the grade that the operation requests are confirmed according to the type of the operation requests;
    The user gradation confirmation unit is used for the grade that user is confirmed according to the operation data;
    The grade that the judging unit is used in the user determines that the operation requests are when being less than the grade of the operation requests Malicious requests, and the user grade be not less than the operation requests grade, it is determined that the operation requests are non-evil Meaning request.
  13. 13. a kind of identification system, it is characterised in that the identification system includes user terminal and server;
    The user terminal is used to send operation requests to the server, and the operation requests are using the life of browser feature Into identity;
    The server is used to receive the operation requests, and obtains operation data corresponding to the identity, with according to institute State after operation data determines whether the operation requests are malicious requests, returned according to the determination result to the user terminal Operation response corresponding to the operation requests.
  14. 14. identification system as claimed in claim 13, it is characterised in that the browser feature includes browser in itself Attribute, the running environment of browser.
  15. 15. the identification system as described in claim 13 or 14, it is characterised in that the operation data includes user and page The interaction data in face, the running environment of current page.
  16. 16. identification system as claimed in claim 15, it is characterised in that the server includes certificate server and sound Answer service end;
    The response service end receives the operation requests, and sends the identity to the certificate server;
    The certificate server obtains operation data corresponding to identity, with according to operation data determine operation requests whether be After malicious requests, return and determine result to the response service end, to respond service end according to determining result to the use Family terminal returns to operation response corresponding to the operation requests.
  17. 17. identification system as claimed in claim 16, it is characterised in that:
    The certificate server confirms the grade of the operation requests according to the type of the operation requests, and according to the operation The grade of data validation user, when the grade of the user is less than the grade of the operation requests, determine the operation requests For malicious requests, when the grade of the user is not less than the grade of the operation requests, it is non-evil to determine the operation requests Meaning request;
    The response service end receives the confirmation result that the certificate server returns, and please for non-malicious in the operation requests Corresponding request data is returned to when asking to the user terminal, to respond the operation requests;It is malice in the operation requests Then refuse the operation requests during request.
CN201610859898.7A 2016-09-28 2016-09-28 Identity recognition method, device and system Active CN107872439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610859898.7A CN107872439B (en) 2016-09-28 2016-09-28 Identity recognition method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610859898.7A CN107872439B (en) 2016-09-28 2016-09-28 Identity recognition method, device and system

Publications (2)

Publication Number Publication Date
CN107872439A true CN107872439A (en) 2018-04-03
CN107872439B CN107872439B (en) 2021-02-05

Family

ID=61761078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610859898.7A Active CN107872439B (en) 2016-09-28 2016-09-28 Identity recognition method, device and system

Country Status (1)

Country Link
CN (1) CN107872439B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179560A (en) * 2006-11-28 2008-05-14 腾讯科技(深圳)有限公司 Method and device for detecting age of user
CN102571873A (en) * 2010-12-31 2012-07-11 上海可鲁系统软件有限公司 Bidirectional security audit method and device in distributed system
CN102737019A (en) * 2011-03-31 2012-10-17 阿里巴巴集团控股有限公司 Machine behavior determining method, webpage browser and webpage server
CN102938037A (en) * 2012-11-26 2013-02-20 北京奇虎科技有限公司 Plug-in calling method and plug-in manager for browser
CN103763124A (en) * 2013-12-26 2014-04-30 孙伟力 Internet user behavior analyzing and early-warning system and method
CN103763355A (en) * 2014-01-07 2014-04-30 天地融科技股份有限公司 Cloud data uploading and access control method
CN103902885A (en) * 2014-03-04 2014-07-02 重庆邮电大学 Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system
CN105684388A (en) * 2013-09-20 2016-06-15 甲骨文国际公司 Web-based single sign-on with form-fill proxy application
CN105897776A (en) * 2016-06-27 2016-08-24 浪潮(北京)电子信息产业有限公司 Safety management and control method based on cloud computation system and safety management and control system based on cloud computation system
CN105930726A (en) * 2016-04-20 2016-09-07 广东欧珀移动通信有限公司 Processing method for malicious operation behavior and user terminal

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179560A (en) * 2006-11-28 2008-05-14 腾讯科技(深圳)有限公司 Method and device for detecting age of user
CN102571873A (en) * 2010-12-31 2012-07-11 上海可鲁系统软件有限公司 Bidirectional security audit method and device in distributed system
CN102737019A (en) * 2011-03-31 2012-10-17 阿里巴巴集团控股有限公司 Machine behavior determining method, webpage browser and webpage server
CN102938037A (en) * 2012-11-26 2013-02-20 北京奇虎科技有限公司 Plug-in calling method and plug-in manager for browser
CN105684388A (en) * 2013-09-20 2016-06-15 甲骨文国际公司 Web-based single sign-on with form-fill proxy application
CN103763124A (en) * 2013-12-26 2014-04-30 孙伟力 Internet user behavior analyzing and early-warning system and method
CN103763355A (en) * 2014-01-07 2014-04-30 天地融科技股份有限公司 Cloud data uploading and access control method
CN103902885A (en) * 2014-03-04 2014-07-02 重庆邮电大学 Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system
CN105930726A (en) * 2016-04-20 2016-09-07 广东欧珀移动通信有限公司 Processing method for malicious operation behavior and user terminal
CN105897776A (en) * 2016-06-27 2016-08-24 浪潮(北京)电子信息产业有限公司 Safety management and control method based on cloud computation system and safety management and control system based on cloud computation system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张梦媛: "《浏览器的安全访问及指纹识别技术》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
徐晏等: "《基于浏览器的用户身份识别系统》", 《计算机技术与发展》 *

Also Published As

Publication number Publication date
CN107872439B (en) 2021-02-05

Similar Documents

Publication Publication Date Title
US11212271B2 (en) Trusted login of user accounts
CN104144419B (en) Identity authentication method, device and system
CN104283841B (en) The method, apparatus and system of service access control are carried out to third-party application
US20090187442A1 (en) Feedback augmented object reputation service
US10313322B2 (en) Distinguishing human-generated input from programmatically-generated input
CN105407074A (en) Authentication method, apparatus and system
CN104660481A (en) Instant messaging processing method and device
KR102429406B1 (en) Check user interactions on the content platform
CN104158802A (en) Platform authorization method, platform service side, application client side and system
CN111885007B (en) Information tracing method, device, system and storage medium
CN104580112A (en) Service authentication method and system, and server
CN104348617A (en) Verification code processing method and device, and terminal and server
WO2018082560A1 (en) Account number registration method, related device, and system
US11949688B2 (en) Securing browser cookies
CN109002733A (en) A kind of pair of equipment carries out the method and device of reliability evaluation
CN115277143A (en) Data secure transmission method, device, equipment and storage medium
CN105373715A (en) Wearable device based data access method and apparatus
CN107872439A (en) A kind of personal identification method, apparatus and system
EP3804221B1 (en) Improving data integrity with trusted code attestation tokens
KR102133902B1 (en) Secure input device
CN114489658A (en) Packaging method based on WEB leading edge page bottom code
CN106357603A (en) Web page security detection processing method and device
CN110177096A (en) Client certificate method, apparatus, medium and calculating equipment
CN109960924A (en) One subsystem login method, device, system and electronic equipment
JP5010927B2 (en) Authentication apparatus and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant