CN108011863A - Identify the method and device of Brute Force - Google Patents
Identify the method and device of Brute Force Download PDFInfo
- Publication number
- CN108011863A CN108011863A CN201710728889.9A CN201710728889A CN108011863A CN 108011863 A CN108011863 A CN 108011863A CN 201710728889 A CN201710728889 A CN 201710728889A CN 108011863 A CN108011863 A CN 108011863A
- Authority
- CN
- China
- Prior art keywords
- password
- terminal
- brute force
- current system
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000012795 verification Methods 0.000 claims abstract description 62
- 238000010200 validation analysis Methods 0.000 claims description 27
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000004321 preservation Methods 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 18
- 238000012360 testing method Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 208000032767 Device breakage Diseases 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Abstract
The present invention discloses a kind of method and device for identifying Brute Force, is related to technical field of data security, can solve the problems, such as to identify that Brute Force efficiency is low in the prior art.The method of the present invention includes:Obtain and be used to logging in the username and password of current system, it is registered in advance in the current system to have the password for meeting preset password strength range and corresponding user name;According to the preset password strength range, Cipher Strength verification is carried out to the password of acquisition;If the password of the acquisition is not verified by Cipher Strength, during judging that the terminal of the request login current system logs in the current system using the user name obtained, whether the number not verified by Cipher Strength continuously reaches preset times threshold value;If reach the preset times threshold value, it is determined that the terminal is Brute Force terminal.The present invention is mainly suitable in the scene of Account Logon.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of method and device for identifying Brute Force.
Background technology
Existing application program be all by the form of username and password carry out registration login, if such as user want to make
With mailbox, then need first to be registered using username and password, to be registered by rear, user can input in login interface
The username and password registered before enters mailbox homepage.
Although password can ensure the safety of account to a certain extent, hacker passes through Brute Force (i.e. the method for exhaustion)
Mode be but easy to successfully decryption.In order to identify Brute Force terminal, to prevent the Brute Force terminal from continuing brokenly
Other accounts are solved, existing identification method is pre-registered in the username and password and database that server sends terminal
Username and password is matched, if it fails to match, record login failure 1 time, until the terminal using same user name into
During row logs in, for continuous n times when all it fails to match, it is Brute Force terminal to determine the terminal, and wherein N is positive integer.So
And during Brute Force terminal is identified, it must all be taken a significant amount of time user during user identity due to verifying every time
Name and the password database larger with data volume are matched, so that identifying that the efficiency of Brute Force substantially reduces.
The content of the invention
In view of this, the present invention provides a kind of method and device for identifying Brute Force, can solve to know in the prior art
The problem of other Brute Force efficiency is low.
In a first aspect, the present invention provides it is a kind of identify Brute Force method, the described method includes:
Obtain and be used to logging in the user name password of current system, in the current system it is registered in advance have meet preset password
The password of strength range and corresponding user name;
According to the preset password strength range, Cipher Strength verification is carried out to the password of acquisition;
If the password of the acquisition is not verified by Cipher Strength, judging the terminal of the request login current system makes
During logging in the current system with the user name of acquisition, whether the number not verified by Cipher Strength continuously reaches pre-
If frequency threshold value;
If reach the preset times threshold value, it is determined that the terminal is Brute Force terminal.
Second aspect, the present invention provides a kind of device for identifying Brute Force, described device includes:
Acquiring unit, for obtaining the username and password for being used for logging in current system, is noted in advance in the current system
Volume has the password for meeting preset password strength range and corresponding user name;
Verification unit, for according to the preset password strength range, being carried out to the password that the acquiring unit obtains close
Code Stren gsth test;
Judging unit, for when the password of the acquisition is not verified by Cipher Strength, judging that request logs in described work as
During the terminal of preceding system logs in the current system using the user name obtained, do not verified by Cipher Strength continuously
Whether number reaches preset times threshold value;
Determination unit, for when reaching the preset times threshold value, determining that the terminal is Brute Force terminal.
The third aspect, the present invention provides a kind of storage medium, the storage medium is stored with a plurality of instruction, described instruction
Method suitable for being loaded by processor and being performed identification Brute Force as described in relation to the first aspect.
Fourth aspect, the present invention provides a kind of server, the server includes storage medium and processor;
The processor, is adapted for carrying out each instruction;
The storage medium, suitable for storing a plurality of instruction;
Described instruction is suitable for being loaded by the processor and being performed the method for identification Brute Force as described in relation to the first aspect.
By above-mentioned technical proposal, the method and device of identification Brute Force provided by the invention, can allow user's registration
Meet the password of preset password strength range and corresponding user name, during subsequent user logs in current system, working as
After the server of preceding system gets password and user name for logging in current system, be not directly by by the user name
Matched mode is carried out to identify Brute Force terminal with the larger pre-registered username and password of password and data volume, and
It is to identify Brute Force terminal by way of carrying out Cipher Strength verification to the password of acquisition, as long as that is, the terminal uses together
During one user name logs in current system, the number not verified by Cipher Strength continuously reaches preset times threshold value, just
The terminal is determined as Brute Force terminal, so as to improve the efficiency of identification Brute Force.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole attached drawing, identical component is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows a kind of flow chart of method for identifying Brute Force provided in an embodiment of the present invention;
Fig. 2 shows the flow chart of the method for another identification Brute Force provided in an embodiment of the present invention;
Fig. 3 shows the interaction figure of terminal and server in a kind of account registration process provided in an embodiment of the present invention;
Fig. 4 shows the interaction figure of terminal and server in a kind of account login process provided in an embodiment of the present invention;
Fig. 5 shows a kind of composition frame chart of device for identifying Brute Force provided in an embodiment of the present invention;
Fig. 6 shows the composition frame chart of the device of another identification Brute Force provided in an embodiment of the present invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
In order to improve identification Brute Force efficiency, an embodiment of the present invention provides it is a kind of identify Brute Force method,
As shown in Figure 1, the described method includes:
101st, the username and password for being used for logging in current system is obtained.
Wherein, it is registered in advance in the current system to have the password for meeting preset password strength range and corresponding user
Name, that is to say, that only Cipher Strength meets that the password of preset password strength range can just succeed in registration.Since Cipher Strength is got over
By force, the possibility cracked by other people is with regard to smaller, so preset password strength range can be " to be more than or equal to preset strength threshold
Value ".
102nd, according to the preset password strength range, Cipher Strength verification is carried out to the password of acquisition.
When preset password strength range is more than or equal to preset strength threshold value, Cipher Strength verification is carried out to password
Specific implementation can be:Whether the password for judging to obtain is more than or equal to preset strength threshold value;If the password obtained
More than or equal to preset strength threshold value, it is determined that the password of acquisition passes through cryptographic check;If the password obtained is less than default strong
Spend threshold value, it is determined that the password of acquisition is not verified by Cipher Strength.
You need to add is that in order to further reduce the risk of Brute Force, the verification of identifying code can also be increased.When depositing
In the verification of identifying code, for verification identifying code the step of and verification password Cipher Strength the step of, do not limit successively it is suitable
Sequence.Can first verify identifying code, when by verifying code check, then the Cipher Strength of verification password;Can also first verify
The Cipher Strength of password, when being verified by Cipher Strength, then verifies identifying code;Can also be that both verify at the same time.
If the 103, the password of the acquisition is not verified by Cipher Strength, judge that request logs in the end of the current system
During end logs in the current system using the user name obtained, whether the number not verified by Cipher Strength continuously reaches
To preset times threshold value.
Hacker often first opens during brute force crack utility decryption is write from the weaker password of Cipher Strength
Begin to attempt, if failure is repeatedly attempted, then gradually enhancing Cipher Strength is attempted.Therefore, if continuous several times use Cipher Strength
Weaker password request logs in current system, then the terminal for asking to log in is probably Brute Force terminal, so in order to identify
Brute Force terminal, after determining that this password obtained is not verified by Cipher Strength, it can be determined that once up to the present,
During request logs in user name login current system of the terminal of current system using this acquisition, do not pass through password continuously
Whether the number of Stren gsth test reaches preset times threshold value, if reaching preset times threshold value, performs step 104, that is, determining should
Terminal is Brute Force terminal, if not up to preset times threshold value, it is determined that the terminal is not Brute Force terminal.Wherein, in advance
If frequency threshold value is to be counted and obtained according to the Brute Force behavior of the whole network Brute Force terminal.
When the password of acquisition is not verified by Cipher Strength, it is pre-registered close to illustrate that the password is unlikely to be user
Code, thus may determine that this login failure.In order to allow user to know login failure, login failure can be returned to terminal
Prompt message.
If the 104th, reach the preset times threshold value, it is determined that the terminal is Brute Force terminal.
After the definite terminal is Brute Force terminal, if the terminal ask again log in current system, without into
Row Cipher Strength verifies, and directly returns to login failure prompt message.That is, asked when the account for receiving terminal transmission logs in
It after asking, can first judge whether the terminal is Brute Force terminal, if Brute Force terminal, then directly return and step on to the terminal
Record failure prompt message, without carrying out any verification.
The method of identification Brute Force provided in an embodiment of the present invention, can allow user's registration to meet preset password intensity model
The password enclosed and corresponding user name, during subsequent user logs in current system, obtain in the server of current system
It is not directly by the way that the user's name and password and data volume is larger to after password and the user name for logging in current system
Pre-registered username and password carry out matched mode to identify Brute Force terminal, but pass through the password to acquisition
The mode for carrying out Cipher Strength verification identifies Brute Force terminal, as long as that is, the terminal is logged in using same user name and is currently
During system, the number not verified by Cipher Strength continuously reaches preset times threshold value, and the terminal just is determined as violence
Terminal is cracked, so as to improve the efficiency of identification Brute Force.In addition, current system is quickly recognized by Cipher Strength verification
Do not allow the password of registration, the efficiency of authentication can be improved.
Further, according to the method shown in Fig. 1, an alternative embodiment of the invention additionally provides a kind of identification violence and breaks
The method of solution, as shown in Fig. 2, the described method includes:
201st, account registration request is received.
Wherein, the username and password of request registration is carried in account registration request.When user is first using current system
, it is necessary to which the client-side in current system inputs username and password to be registered during system, after user, which clicks on, to register, client
The account for carrying a username and password registration, which can be generated, to ask, and the account registration request is sent to current system
Server, so as to server according to account registration request carry out Account Registration operation.
202nd, according to preset password strength range, Cipher Strength verification is carried out to the password in the account registration request;
If verification passes through, step 203 is performed;If verification is not by performing step 204.
Disabled user, can be with using the password of the weaker password success Brute Force user account of Cipher Strength in order to prevent
User is forced when account is registered, with regard to the stronger password of log-in password intensity.In order to realize the function, sent receiving terminal
Account registration request after, the Cipher Strength of password in the account registration request can be verified.Specifically, it may determine that
Whether the Cipher Strength of password is more than or equal to preset strength threshold value in account registration request;If the Cipher Strength of the password is big
In or equal to preset strength threshold value, it is determined that the password is verified by Cipher Strength;If the Cipher Strength of the password is less than pre-
If intensity threshold, it is determined that the password is not verified by Cipher Strength.
203rd, uniqueness verification and format check are carried out to the user name in the account registration request;If verification passes through,
Then perform step 205;If verification is not by performing step 204.
In order to enable user name is corresponded with account, when user asks register account number, it is also necessary to which user is asked to note
The user name of volume carries out uniqueness verification, that is, judges whether the user name of request registration is identical with pre-registered user name, if
It is different, it is determined that to ask the user name of registration to be verified by uniqueness, if identical, it is determined that to ask the user name of registration not pass through
Uniqueness verifies.In addition, in order to quickly identify user name, generally require to limit the form of user name, such as must
It must be English alphabet sum number combinatorics on words, therefore also need to carry out user name format check, that is, judge the user of request registration
Whether name meets preset format, if satisfied, then the user name of definite request registration is by format check, if not satisfied, then determining
The user name of request registration does not pass through format check.
It should be noted that the embodiment of the present invention is to first carry out step 202, then performs and be introduced exemplified by step 203,
In practical applications, the execution sequence of the two steps can not be defined.Step 203 can also be first carried out, then is held
Row step 202, can also both perform at the same time.And as long as the judging result of one of step is not validated, then holds
Row step 204.
204th, registration failure prompt message is returned to terminal.
Wherein, registration failure prompt message can also carry in addition to it can be used for prompting the user with registration failure to user
The reason for showing registration failure, so that user quickly changes log-on message according to the reason.
205th, the password in the account registration request and user name are carried out corresponding to preservation, and returns and note to the terminal
Volume success prompt message.
When the check results of above-mentioned steps 202 and 203 are to pass through, it may be determined that user apply for the registration of user name and
Password is satisfied by requiring, and can carry out the user's name and password to correspond to preservation at this time, and return to prompting of succeeding in registration to terminal
Information, so that user is directly using the user's name and password login current system, and during user logs in current system,
The verification of log-on message can be such as following step 206-214.
206th, account logging request is received.
Wherein, carried in the account logging request for log in current system password, user name.
207th, username and password is obtained from account logging request.
Due in practical applications, the account of some very important persons or some contain more secret account by violence
The risk cracked is larger, so in order to further improve the security of these accounts, the terminal that can be logged in request is done into one
Step is demonstrate,proved.
Specifically, after username and password is got, it may be determined that the risk class of the user name of the acquisition;If institute
State risk class and meet the first estate scope, then sent to the terminal and the risk class is corresponding, is used for verifying
Other validation problems of family identity, after receiving the Validation Answer Key that the terminal is sent, carry out just the Validation Answer Key
True property verification;If the risk class meets the second rate range, sent to the terminal and improve Cipher Strength prompt message,
After receiving the raising Cipher Strength prompt message so as to the terminal, original password is changed to improve Cipher Strength.
Wherein, the risk class is to be divided according to the corresponding password of user name by the number of Brute Force, i.e.,
More by the number of Brute Force, risk class is higher.The first estate may range from (the first estate threshold value, the second grade threshold
Value) either (the second grade threshold of the first estate threshold value] or [the first estate threshold value, the second grade threshold], the second grade model
Enclose can be (the second grade threshold ,+∞) or [the second grade threshold ,+∞), wherein the second grade threshold is more than the first estate
Threshold value, and when the first estate scope includes the second grade threshold, the second rate range does not include the second grade threshold, the first estate
When scope does not include the second grade threshold, the second rate range includes the second grade threshold.That is, when the risk of user name
Grade be not very high (i.e. in the first estate scope) when, some validation problems can be increased, further to verify user identity;
And when risk class very high (i.e. in the second rate range) of user name, user's Modify password can be directly forced, to carry
High Cipher Strength.
Wherein, for verifying that other validation problems of user identity can include according to page text prompt input validation
Code, by SMS input validation code, filter out from plurality of pictures designated pictures, according to specifying ordering requirements to multiple figures
Piece is ranked up etc..And the validation problem of different difficulty can be set according to the difference of risk class, such as can be wind
Dangerous higher grade, and the validation problem of setting is more difficult to, or risk class is higher, and the validation problem of addition is more.
It should be noted that when the risk class of user name is in the first estate scope, for the correct of Validation Answer Key
Property verification and Cipher Strength verification for, both execution sequence embodiment of the present invention do not limit.Both can hold at the same time
OK;Correctness verification can also be first carried out to Validation Answer Key, it is to be verified by rear, then the Cipher Strength of password is verified;
First the Cipher Strength of password can also be verified, when Cipher Strength verification passes through, then to the correctness of Validation Answer Key into
Row verification.When the risk class of user name is in the second rate range, due to needing to force user's Modify password, so need not
Cipher Strength verification is carried out to the password inputted before user.
208th, according to the preset password strength range, Cipher Strength verification is carried out to the password of acquisition;If the acquisition
Password do not verified by Cipher Strength, then perform step 209, if the password of the acquisition is verified by Cipher Strength, hold
Row step 212.
The specific implementation of this step is consistent with above-mentioned steps 102, and details are not described herein.
209th, login failure prompt message is returned to terminal;Judge that the terminal of the request login current system uses acquisition
User name log in the current system during, whether the number not verified by Cipher Strength continuously reaches preset times
Threshold value.If reaching the preset times threshold value, step 210 is performed;If not up to described preset times threshold value, performs step
211。
, can be by pre-recorded continuously not by close after determining that this password obtained is not verified by Cipher Strength
The number of code Stren gsth test adds 1, that is, the continuous number not verified by Cipher Strength is updated, to be subsequently directed to the number
Carry out judgement operation.
210th, it is Brute Force terminal to determine the terminal.
In the case that validated user forgets Password, it is also possible to same terminal occurs and uses the continuous n times of same user name
During request logs in current system, successful phenomenon is not logged in.Misjudgment phenomenon in order to prevent, can be at the definite end
Hold as before Brute Force terminal, the user identity used when being first used for Modify password to terminal transmission is pre-set is tested
Card problem;Then the Validation Answer Key that the terminal is sent is received;Correctness verification is carried out to the Validation Answer Key again;If described test
Demonstrate,prove answer mistake, it is determined that the terminal is Brute Force terminal;If the Validation Answer Key is correct, it is determined that the terminal is not
Brute Force terminal.
Wherein, the pre-set subscriber authentication problem for being used to use during Modify password can be user setting,
Can also be that system is set.For example, the validation problem of user setting can be " when my birthday is ", " my primary school Chinese
Whom teacher is " etc.;The validation problem that system is set can be " asking input handset number to obtain short message verification code ".
211st, it is not Brute Force terminal to determine the terminal.
212nd, the user name of acquisition, the password obtained are matched with pre-registered username and password;If matching
Success, then perform step 213;If it fails to match, step 214 is performed.
When the password for determining to obtain is verified by Cipher Strength, it may be determined that the password is probably correct password, is
Further determine that whether the password is correct, can be by the user's name and password and pre-registered user name in database and close
Code division is not matched, when both successful match, it may be determined that the user name and password can Successful login current system,
And the First page information under the user's name account corresponding with password is returned to terminal, and when user name or password match fail
When, it may be determined that the user name and password can not Successful login current system, and to terminal return login failure prompt message.
213rd, determine active user can Successful login current system, and return to the corresponding homepage of the user name to terminal
Information.
214th, login failure prompt message is returned to terminal;Judge that the terminal of the request login current system uses acquisition
User name log in the current system during, whether the number of continuous coupling failure reaches preset times threshold value.If reach
To the preset times threshold value, then step 210 is performed;If not up to described preset times threshold value, step 211 is performed.
In practical applications, hacker may know that current system forces user stronger using Cipher Strength by certain approach
Identification number register account, therefore the password probably initially attempted to can just be verified by Cipher Strength.In such case
Under, when the password that continuous several times are verified but used by Cipher Strength is incorrect, the terminal for asking to log in is also likely to be violence
Crack terminal.In order to further identify Brute Force terminal, it can judge that the terminal uses acquisition when password match fails
User name log in current system during, continuous coupling failure number whether reach preset times threshold value;If reach pre-
If frequency threshold value, then it is Brute Force terminal that can determine the terminal;If not up to preset times threshold value, can determine the end
End is not Brute Force terminal.
Exemplary, when user's registration account, the interaction scenario of terminal and server can be as shown in Figure 3;Work as user
During logon account, to the interaction scenario of terminal and server by taking login interface needs to input user name, password and identifying code as an example
Can be as shown in Figure 4.
301st, terminal receives the username and password that user is inputted based on enrollment page;
302nd, terminal generates account registration request according to the username and password received;
303rd, account registration request is sent to server by terminal;
304th, server receives account registration request;
305th, server carries out Cipher Strength school according to preset password strength range to the password in account registration request
Test;Uniqueness verification and format check are carried out to the user name in account registration request;If step is all performed by verification
306;If there are not validated, execution step 308;
306th, server sends the prompt message that succeeds in registration to terminal;
307th, terminal receives the prompt message that succeeds in registration;
308th, server sends registration failure prompt message to terminal;
309th, terminal receives registration failure prompt message.
310th, terminal receives user name, password and the identifying code that user is inputted based on login page;
311st, terminal generates account logging request according to the user name, password and the identifying code that receive;
312nd, account logging request is sent to server by terminal;
313rd, server receives account logging request;
314th, server verifies the identifying code in account logging request;If verification passes through, step 320 is performed;
If verification is not by performing step 315 and 318;
315th, during server judges that terminal logs in the current system using the user name, continuously not by testing
Whether the number of card code check reaches preset times threshold value;If reaching preset times threshold value, step 316 is performed;If not up to
Preset times threshold value, then perform step 317;
316th, server determines that the terminal is Brute Force terminal;
317th, server determines that the terminal is not Brute Force terminal;
318th, server sends login failure prompt message to terminal;
319th, terminal receives login failure prompt message;
320th, server verifies the Cipher Strength of password in account logging request;If verification passes through, step is performed
Rapid 323;If verification is not by performing step 321 and step 322;
321st, server sends login failure prompt message to terminal, so that terminal performs step 319;
322nd, during server judges that terminal logs in the current system using the user name, continuously not by close
Whether the number of code Stren gsth test reaches preset times threshold value;If reaching preset times threshold value, step 316 is performed;If do not reach
To preset times threshold value, then step 317 is performed;
323rd, server by pre-registered user name in the username and password and database in account logging request and
Password is matched;If successful match;Then perform step 326;If it fails to match, step 324 and step 325 are performed;
324th, server sends login failure prompt message to terminal, so that terminal performs step 319;
325th, during server judges that terminal logs in the current system using the user name, continuous coupling failure
Number whether reach preset times threshold value;If reaching preset times threshold value, step 316 is performed;If not up to preset times
Threshold value, then perform step 317;
326th, server sends the First page information for the account that request logs in terminal;
327th, terminal receives First page information.
You need to add is that when identifying Brute Force terminal according to preset times threshold value, except that will can not lead to continuously
The number, the continuous number not verified by Cipher Strength or the number of continuous coupling failure for crossing verification code check are used as judgement
, can also be using the number of continuous login failure as basis for estimation according to outside.Login failure includes:Not verified code check,
Not by Cipher Strength verification and it fails to match.If for example, not verified code school during certain terminal first time request login account 1
Test, then record continuous login failure 1 time, if the terminal asks not verify by Cipher Strength during login account 1 for second, remember
Record continuous login failure 2 times, if it fails to match during terminal third time request login account 1, record continuous login failure 3
It is secondary.
Further, according to above method embodiment, an alternative embodiment of the invention additionally provides a kind of identification violence
The device cracked, as shown in figure 5, described device mainly includes:Acquiring unit 41, verification unit 42, judging unit 43 and really
Order member 44.Wherein,
Acquiring unit 41, it is advance in the current system for username and password of the acquisition for logging in current system
Register with the password for meeting preset password strength range and corresponding user name;
Verification unit 42, for according to the preset password strength range, to the password that the acquiring unit 31 obtains into
Row Cipher Strength verifies;
Judging unit 43, for when the password of the acquisition is not verified by Cipher Strength, judging described in request login
During the terminal of current system logs in the current system using the user name obtained, do not verified by Cipher Strength continuously
Number whether reach preset times threshold value;
Determination unit 44, for when reaching the preset times threshold value, determining that the terminal is Brute Force terminal.
Further, the determination unit 44 be additionally operable to obtain be used for log in current system username and password it
Afterwards, the risk class of the user name of the acquisition is determined, the risk class is to be broken according to the corresponding password of user name by violence
What the number of solution was divided;
As shown in fig. 6, described device further includes:
First transmitting element 45, for when the risk class meets the first estate scope, to the terminal send with
The risk class is corresponding, other validation problems for verifying user identity, to receive the terminal transmission
After Validation Answer Key, correctness verification is carried out to the Validation Answer Key;
First transmitting element 45 is additionally operable to, when the risk class meets the second rate range, send out to the terminal
Send and improve Cipher Strength prompt message, after receiving the raising Cipher Strength prompt message so as to the terminal, modification is original
Password is to improve Cipher Strength.
Further, as shown in fig. 6, described device further includes:
Second transmitting element 46, for before the definite terminal is Brute Force terminal, being sent to the terminal pre-
The subscriber authentication problem for being used to use during Modify password first set;
First receiving unit 47, the Validation Answer Key sent for receiving the terminal;
The determination unit 44 is used for when the Validation Answer Key mistake, and it is Brute Force terminal to determine the terminal.
Further, as shown in fig. 6, described device further includes:
First storage unit 48, after being Brute Force terminal in the definite terminal, by the terminal of the terminal
Mark is preserved into Brute Force database.
Further, as shown in fig. 6, described device further includes:
3rd transmitting element 49, for when the password of the acquisition is not verified by Cipher Strength, being returned to the terminal
Return login failure prompt message.
Computing unit 410, for the continuous number not verified by Cipher Strength to be added 1.
Further, when the password that the determination unit 44 is additionally operable to the acquisition is verified by Cipher Strength, pass through by
The user name of the acquisition, the password of the acquisition are matched with pre-registered username and password to determine active user
Whether being capable of current system described in Successful login.
Further, as shown in fig. 6, described device further includes:
Second receiving unit 411, for receiving account registration request;
The verification unit 42 is additionally operable to according to the preset password strength range, to close in the account registration request
Code carries out Cipher Strength verification;And uniqueness verification and format check are carried out to the user name in the account registration request;
Second storage unit 412, for when the password in the account registration request by Cipher Strength verify and it is described
When user name in account registration request is by uniqueness verification and format check, by the password in the account registration request and
User name carries out corresponding to preservation;
4th transmitting element 413 is additionally operable to return to the prompt message that succeeds in registration to the terminal.
The device of identification Brute Force provided in an embodiment of the present invention, can allow user's registration to meet preset password intensity model
The password enclosed and corresponding user name, during subsequent user logs in current system, obtain in the server of current system
It is not directly by the way that the user's name and password and data volume is larger to after password and the user name for logging in current system
Pre-registered username and password carry out matched mode to identify Brute Force terminal, but pass through the password to acquisition
The mode for carrying out Cipher Strength verification identifies Brute Force terminal, as long as that is, the terminal is logged in using same user name and is currently
During system, the number not verified by Cipher Strength continuously reaches preset times threshold value, and the terminal just is determined as violence
Terminal is cracked, so as to improve the efficiency of identification Brute Force.In addition, current system is quickly recognized by Cipher Strength verification
Do not allow the password of registration, the efficiency of authentication can be improved.
Further, a kind of storage medium is additionally provided according to above method embodiment, an alternative embodiment of the invention,
The storage medium is stored with a plurality of instruction, and described instruction is suitable for being loaded by processor and being performed identification violence as described above
The method cracked.
The instruction stored in the storage medium of identification Brute Force provided in an embodiment of the present invention, can allow user's registration to expire
The password of sufficient preset password strength range and corresponding user name, during subsequent user logs in current system, current
After the server of system gets password and user name for logging in current system, be not directly by by the user name and
Password carries out matched mode to identify Brute Force terminal with the larger pre-registered username and password of data volume, but
Identify Brute Force terminal by way of carrying out Cipher Strength verification to the password of acquisition, if that is, the terminal use it is same
During user name logs in current system, the number not verified by Cipher Strength continuously reaches preset times threshold value, just will
The terminal is determined as Brute Force terminal, so as to improve the efficiency of identification Brute Force.In addition, verified by Cipher Strength fast
Speed identifies that current system does not allow the password of registration, can improve the efficiency of authentication.
Further, a kind of server, institute are additionally provided according to above method embodiment, an alternative embodiment of the invention
Stating server includes storage medium and processor;
The processor, is adapted for carrying out each instruction;
The storage medium, suitable for storing a plurality of instruction;
Described instruction is suitable for the method for being loaded by the processor and being performed identification Brute Force as described above.
The server of identification Brute Force provided in an embodiment of the present invention, can allow user's registration to meet preset password intensity
The password of scope and corresponding user name, during subsequent user logs in current system, are obtained in the server of current system
After getting password and the user name for logging in current system, be not directly by by the user's name and password and data volume compared with
Big pre-registered username and password carries out matched mode to identify Brute Force terminal, but by the close of acquisition
The mode that code carries out Cipher Strength verification identifies Brute Force terminal, as long as that is, the terminal is logged in currently using same user name
During system, the number not verified by Cipher Strength continuously reaches preset times threshold value, is just determined as the terminal cruelly
Power cracks terminal, so as to improve the efficiency of identification Brute Force.In addition, current system is quickly recognized by Cipher Strength verification
System does not allow the password of registration, can improve the efficiency of authentication.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in the above method, apparatus and system can be referred to mutually.In addition, above-mentioned reality
It is to be used to distinguish each embodiment to apply " first " in example, " second " etc., and does not represent the quality of each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize the method and dress of identification Brute Force according to embodiments of the present invention
The some or all functions of some or all components in putting.The present invention is also implemented as being used to perform described here
Method some or all equipment or program of device (for example, computer program and computer program product).This
The program of the realization present invention of sample can store on a computer-readable medium, or can have one or more signal
Form.Such signal can be downloaded from internet website and obtained, and either be provided or with any other on carrier signal
Form provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (10)
- A kind of 1. method for identifying Brute Force, it is characterised in that the described method includes:Obtain and be used to logging in the username and password of current system, in the current system it is registered in advance have meet that preset password is strong Spend the password of scope and corresponding user name;According to the preset password strength range, Cipher Strength verification is carried out to the password of acquisition;If the password of the acquisition is not verified by Cipher Strength, judge that the terminal use of the request login current system obtains During the user name taken logs in the current system, whether the number not verified by Cipher Strength continuously reaches default time Number threshold value;If reach the preset times threshold value, it is determined that the terminal is Brute Force terminal.
- 2. according to the method described in claim 1, it is characterized in that, obtaining the username and password for logging in current system Afterwards, the method further includes:Determine the risk class of the user name of the acquisition, the risk class is to be broken according to the corresponding password of user name by violence What the number of solution was divided;If the risk class meets the first estate scope, sent to the terminal and the risk class is corresponding, uses In other validation problems of verification user identity, after receiving the Validation Answer Key that the terminal is sent, the verification is answered Case carries out correctness verification;If the risk class meets the second rate range, sent to the terminal and improve Cipher Strength prompt message, so as to After the terminal receives the raising Cipher Strength prompt message, original password is changed to improve Cipher Strength.
- 3. method according to claim 1 or 2, it is characterised in that before the definite terminal is Brute Force terminal, The method further includes:The subscriber authentication problem used when being used for Modify password to terminal transmission is pre-set;Receive the Validation Answer Key that the terminal is sent;It is described to determine that the terminal includes for Brute Force terminal:If the Validation Answer Key mistake, it is determined that the terminal is Brute Force terminal.
- 4. according to the method described in claim 3, it is characterized in that, the definite terminal be Brute Force terminal after, institute The method of stating further includes:The terminal iidentification of the terminal is preserved into Brute Force database.
- If 5. according to the method described in claim 1, it is characterized in that, the password of the acquisition is not verified by Cipher Strength, Then the method further includes:Login failure prompt message is returned to the terminal;And/or the continuous number not verified by Cipher Strength is added 1.
- 6. according to the method described in claim 1, it is characterized in that, the method further includes:If the password of the acquisition is verified by Cipher Strength, by by the password of the user name of the acquisition, the acquisition Matched with pre-registered username and password to determine whether active user being capable of current system described in Successful login.
- 7. the method according to any one of claim 1 to 2,4 to 6, it is characterised in that the method further includes:Receive account registration request;According to the preset password strength range, Cipher Strength verification is carried out to the password in the account registration request;And Uniqueness verification and format check are carried out to the user name in the account registration request;If the password in the account registration request is verified by Cipher Strength and the user name in the account registration request is led to Uniqueness verification and format check are crossed, then the password in the account registration request and user name correspond to preservation, and to The terminal returns to the prompt message that succeeds in registration.
- 8. a kind of device for identifying Brute Force, it is characterised in that described device includes:Acquiring unit, it is registered in advance in the current system to have for username and password of the acquisition for logging in current system Meet the password of preset password strength range and corresponding user name;Verification unit, for according to the preset password strength range, it is strong to carry out password to the password that the acquiring unit obtains Degree verification;Judging unit, for when the password of the acquisition is not verified by Cipher Strength, judging that request logs in the current system During the terminal of system logs in the current system using the user name obtained, do not pass through the number of Cipher Strength verification continuously Whether preset times threshold value is reached;Determination unit, for when reaching the preset times threshold value, determining that the terminal is Brute Force terminal.
- 9. a kind of storage medium, it is characterised in that the storage medium is stored with a plurality of instruction, and described instruction is suitable for by handling The method that device loads and performs the identification Brute Force as any one of claim 1 to 7.
- 10. a kind of server, it is characterised in that the server includes storage medium and processor;The processor, is adapted for carrying out each instruction;The storage medium, suitable for storing a plurality of instruction;Described instruction is suitable for being loaded as the processor and performing the identification violence as any one of claim 1 to 7 breaking The method of solution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710728889.9A CN108011863B (en) | 2017-08-23 | 2017-08-23 | Method and device for identifying brute force cracking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710728889.9A CN108011863B (en) | 2017-08-23 | 2017-08-23 | Method and device for identifying brute force cracking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108011863A true CN108011863A (en) | 2018-05-08 |
| CN108011863B CN108011863B (en) | 2020-12-15 |
Family
ID=62051404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710728889.9A Active CN108011863B (en) | 2017-08-23 | 2017-08-23 | Method and device for identifying brute force cracking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108011863B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660556A (en) * | 2019-01-11 | 2019-04-19 | 平安科技(深圳)有限公司 | User log-in method, device, equipment and storage medium based on information security |
| CN109933973A (en) * | 2019-01-24 | 2019-06-25 | 平安科技(深圳)有限公司 | Cryptographic check method, apparatus, computer equipment and storage medium |
| CN110581827A (en) * | 2018-06-07 | 2019-12-17 | 深信服科技股份有限公司 | Detection method and device for brute force cracking |
| CN110995738A (en) * | 2019-12-13 | 2020-04-10 | 北京天融信网络安全技术有限公司 | Violent cracking behavior identification method and device, electronic equipment and readable storage medium |
| CN111641658A (en) * | 2020-06-09 | 2020-09-08 | 杭州安恒信息技术股份有限公司 | Request intercepting method, device, equipment and readable storage medium |
| CN112583789A (en) * | 2020-11-04 | 2021-03-30 | 杭州数梦工场科技有限公司 | Method, device and equipment for determining illegally logged-in login interface |
| CN112738006A (en) * | 2019-10-28 | 2021-04-30 | 深信服科技股份有限公司 | Identification method, device and storage medium |
| CN112738084A (en) * | 2020-12-28 | 2021-04-30 | 放宠(无锡)网络科技有限公司 | User login system and method |
| CN112910905A (en) * | 2021-02-07 | 2021-06-04 | 中国工商银行股份有限公司 | Security verification method and device |
| US11108818B2 (en) | 2019-02-17 | 2021-08-31 | Microsoft Technology Licensing, Llc | Credential spray attack detection |
| WO2021188212A1 (en) * | 2020-03-14 | 2021-09-23 | Microsoft Technology Licensing, Llc | Identity attack detection and blocking |
| CN113852630A (en) * | 2021-09-24 | 2021-12-28 | 广东睿住智能科技有限公司 | Data transmission method, data transmission device, server and storage medium |
| CN114626055A (en) * | 2022-03-31 | 2022-06-14 | 杭州玳数科技有限公司 | Interactive method and system for lightweight password strength verification |
| CN114978758A (en) * | 2022-06-23 | 2022-08-30 | 广东瑞普科技股份有限公司 | Network and information security encryption method |
| CN116992433A (en) * | 2023-09-28 | 2023-11-03 | 江苏友谱信息科技有限公司 | Password cracking attack detection method and assembly based on WEB application system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131760A (en) * | 2006-08-25 | 2008-02-27 | 阿里巴巴公司 | Method and system for checking account security |
| CN102750486A (en) * | 2012-06-29 | 2012-10-24 | 奇智软件(北京)有限公司 | Method and device for updating login information by login control |
| CN104011727A (en) * | 2011-10-24 | 2014-08-27 | 施耐德电器工业公司 | System and method for managing industrial processes |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN104883351A (en) * | 2015-03-13 | 2015-09-02 | 小米科技有限责任公司 | Multiple-factor authentication method and device |
| CN105553982A (en) * | 2015-12-17 | 2016-05-04 | 上海斐讯数据通信技术有限公司 | Security detection method and system for router and router |
| CN105844140A (en) * | 2016-03-21 | 2016-08-10 | 国家电网公司 | Website login brute force crack method and system capable of identifying verification code |
| WO2017106669A1 (en) * | 2015-12-17 | 2017-06-22 | Massachusetts Institute Of Technology | Systems and methods evaluating password complexity and strength |
-
2017
- 2017-08-23 CN CN201710728889.9A patent/CN108011863B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131760A (en) * | 2006-08-25 | 2008-02-27 | 阿里巴巴公司 | Method and system for checking account security |
| CN104011727A (en) * | 2011-10-24 | 2014-08-27 | 施耐德电器工业公司 | System and method for managing industrial processes |
| CN102750486A (en) * | 2012-06-29 | 2012-10-24 | 奇智软件(北京)有限公司 | Method and device for updating login information by login control |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN104883351A (en) * | 2015-03-13 | 2015-09-02 | 小米科技有限责任公司 | Multiple-factor authentication method and device |
| CN105553982A (en) * | 2015-12-17 | 2016-05-04 | 上海斐讯数据通信技术有限公司 | Security detection method and system for router and router |
| WO2017106669A1 (en) * | 2015-12-17 | 2017-06-22 | Massachusetts Institute Of Technology | Systems and methods evaluating password complexity and strength |
| CN105844140A (en) * | 2016-03-21 | 2016-08-10 | 国家电网公司 | Website login brute force crack method and system capable of identifying verification code |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110581827A (en) * | 2018-06-07 | 2019-12-17 | 深信服科技股份有限公司 | Detection method and device for brute force cracking |
| CN109660556A (en) * | 2019-01-11 | 2019-04-19 | 平安科技(深圳)有限公司 | User log-in method, device, equipment and storage medium based on information security |
| CN109660556B (en) * | 2019-01-11 | 2022-11-29 | 平安科技(深圳)有限公司 | User login method, device, equipment and storage medium based on information security |
| CN109933973A (en) * | 2019-01-24 | 2019-06-25 | 平安科技(深圳)有限公司 | Cryptographic check method, apparatus, computer equipment and storage medium |
| CN109933973B (en) * | 2019-01-24 | 2024-01-19 | 平安科技(深圳)有限公司 | Password verification method, password verification device, computer equipment and storage medium |
| US11108818B2 (en) | 2019-02-17 | 2021-08-31 | Microsoft Technology Licensing, Llc | Credential spray attack detection |
| CN112738006B (en) * | 2019-10-28 | 2023-11-07 | 深信服科技股份有限公司 | Identification method, equipment and storage medium |
| CN112738006A (en) * | 2019-10-28 | 2021-04-30 | 深信服科技股份有限公司 | Identification method, device and storage medium |
| CN110995738A (en) * | 2019-12-13 | 2020-04-10 | 北京天融信网络安全技术有限公司 | Violent cracking behavior identification method and device, electronic equipment and readable storage medium |
| CN110995738B (en) * | 2019-12-13 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Violent cracking behavior identification method and device, electronic equipment and readable storage medium |
| WO2021188212A1 (en) * | 2020-03-14 | 2021-09-23 | Microsoft Technology Licensing, Llc | Identity attack detection and blocking |
| US11936664B2 (en) | 2020-03-14 | 2024-03-19 | Microsoft Technology Licensing, Llc | Identity attack detection and blocking |
| CN111641658A (en) * | 2020-06-09 | 2020-09-08 | 杭州安恒信息技术股份有限公司 | Request intercepting method, device, equipment and readable storage medium |
| CN112583789A (en) * | 2020-11-04 | 2021-03-30 | 杭州数梦工场科技有限公司 | Method, device and equipment for determining illegally logged-in login interface |
| CN112738084A (en) * | 2020-12-28 | 2021-04-30 | 放宠(无锡)网络科技有限公司 | User login system and method |
| CN112910905A (en) * | 2021-02-07 | 2021-06-04 | 中国工商银行股份有限公司 | Security verification method and device |
| CN113852630A (en) * | 2021-09-24 | 2021-12-28 | 广东睿住智能科技有限公司 | Data transmission method, data transmission device, server and storage medium |
| CN114626055A (en) * | 2022-03-31 | 2022-06-14 | 杭州玳数科技有限公司 | Interactive method and system for lightweight password strength verification |
| CN114978758A (en) * | 2022-06-23 | 2022-08-30 | 广东瑞普科技股份有限公司 | Network and information security encryption method |
| CN116992433A (en) * | 2023-09-28 | 2023-11-03 | 江苏友谱信息科技有限公司 | Password cracking attack detection method and assembly based on WEB application system |
| CN116992433B (en) * | 2023-09-28 | 2023-12-01 | 江苏友谱信息科技有限公司 | Password cracking attack detection method and assembly based on WEB application system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108011863B (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108011863A (en) | Identify the method and device of Brute Force | |
| US9705893B2 (en) | Mobile human challenge-response test | |
| US8856892B2 (en) | Interactive authentication | |
| CN103618717B (en) | The dynamic confirming method of more account client informations, device and system | |
| CN104580264B (en) | Login method, entering device and login and Accreditation System | |
| CN105099707B (en) | A kind of offline authentication method, server and system | |
| US20150047000A1 (en) | Authentication System | |
| CN105162604B (en) | A kind of verification method, server and system based on characteristic image identification | |
| CN104901970B (en) | A kind of Quick Response Code login method, server and system | |
| CN105184567B (en) | Processing method, processing unit and the mobile terminal of information | |
| CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
| CN106130998A (en) | A kind of identifying code transmission method and device | |
| CN105827664B (en) | Leak detection method and device | |
| CN108076056A (en) | Cloud server login method and device | |
| US9801061B2 (en) | Multi-factor user authentication based on decoy security questions | |
| CN105337739B (en) | Safe login method, device, server and terminal | |
| CN105991519B (en) | A kind of method, apparatus and system verifying identifying code | |
| CN107241329A (en) | Account login process method and device | |
| CN106209793A (en) | A kind of auth method and checking system | |
| Ulqinaku et al. | Is real-time phishing eliminated with {FIDO}? social engineering downgrade attacks against {FIDO} protocols | |
| CN102833247A (en) | Method for anti-sweeping ciphers in user login system and device thereof | |
| CN108390848B (en) | Information witness method and device | |
| CN105095729B (en) | A kind of Quick Response Code login method, server and system | |
| CN107241362B (en) | Method and device for identifying identity of verification code input user | |
| CN113326488A (en) | Personal information protection system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors Patentee after: BEIJING CHJ AUTOMOTIVE TECHNOLOGY Co.,Ltd. Address before: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors Patentee before: Beijing Chehejia Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211123 Address after: Room 103, building 1, yard 4, Hengxing Road, Gaoliying Town, Shunyi District, Beijing Patentee after: Beijing Rockwell Technology Co.,Ltd. Address before: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors Patentee before: BEIJING CHJ AUTOMOTIVE TECHNOLOGY Co.,Ltd. |