CN108449367A - Manage method, apparatus, electronic equipment and the readable medium of user's login security - Google Patents

Manage method, apparatus, electronic equipment and the readable medium of user's login security Download PDF

Info

Publication number
CN108449367A
CN108449367A CN201810660985.9A CN201810660985A CN108449367A CN 108449367 A CN108449367 A CN 108449367A CN 201810660985 A CN201810660985 A CN 201810660985A CN 108449367 A CN108449367 A CN 108449367A
Authority
CN
China
Prior art keywords
address
user
login
management
common
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810660985.9A
Other languages
Chinese (zh)
Other versions
CN108449367B (en
Inventor
郝飞虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201810660985.9A priority Critical patent/CN108449367B/en
Publication of CN108449367A publication Critical patent/CN108449367A/en
Application granted granted Critical
Publication of CN108449367B publication Critical patent/CN108449367B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a kind of method, apparatus, electronic equipment and the computer-readable medium of management user's login security.This method includes:Obtain the IP address that user logs in;Judge the IP address whether be the user common IP address;If it is determined that the IP address is the common IP address of the user, then:Obtain the currently active number of sessions of the IP address;It is logged according to the currently active number of sessions management user of the IP address.Method, apparatus, electronic equipment and the computer-readable medium of management user's login security of the application can carry out effective safety management to the session status that user logs in IP address.

Description

Manage method, apparatus, electronic equipment and the readable medium of user's login security
Technical field
The present invention relates to computer and internet arena more particularly to a kind of method of management user's login security, dresses It sets, electronic equipment and readable medium.
Background technology
It is mostly important in the information assets of information age today, enterprise, particularly with Internet company.Therefore protection company Security of information assets, be just particularly important.The security of information assets of protection company, on the one hand needs company personnel to follow public affairs The information security management system of department;On the other hand also the security of information assets of company can be protected by writing safe system.
In terms of the use angle of user, security system focuses on the routine use specification of user account.The use of mainstream at present Family account management system is typically single-node login system (SSO:Single SignOn).The type of business of company's early stage may be compared with It is single, needs the scene logged in also more single.And with the expansion of scope of the enterprise, type of business will increase, phase The login scene provided to the user with answering can also increase.This development trend produces following problem:If user often uses one A login scene just needs to log in once, when exiting, and each scene is needed to exit one by one.This phenomenon will give User brings very poor user experience.
For this phenomenon, single-node login system comes into being.
The characteristics of single-node login system be exactly user only need to log in it is primary, so that it may be with access that other trust each other System, and do not limited by domain name etc..But it only needs to log in once just because of user, other belief systems authorized can also It accesses, single-node login system is caused also to bring some security risks.
For example, there is no limit for access of the single-node login system to different browsers.This is because single-node login system relies on In Cookie.Due to different browser storages and the mode difference for reading Cookie, server is different browsers write-in Cookie is different.Thus each browser can not share Cookie.If user uses A browser login systems, also B browser login systems can be used.Under this case, user's malice will not be limited using the login of more browsers by system.
In addition, there is no limit for access of the single-node login system to different machines.This is because http protocol belongs to stateless Agreement, server each of receives request and is independent of each other.If do not limited the source of request, as long as Login authentication is passed through, the same user account can access system on different machines.It is in this way and unsafe.
Invention content
In view of this, the disclosure provides a kind of method and apparatus of management user's login security, use can be effectively managed The safety that family logs in.
Other characteristics and advantages of the application will be apparent from by the following detailed description, or partially by the application Practice and acquistion.
According to a first aspect of the embodiments of the present invention, a kind of method of management user's login security, this method packet are proposed It includes:Obtain the IP address that user logs in;Judge the IP address whether be the user common IP address;If it is determined that described IP address is the common IP address of the user, then obtains the currently active number of sessions of the IP address;According to the IP The currently active number of sessions management user of location logs in.
It is described to be used according to the currently active number of sessions management of the IP address in a kind of example embodiment of the present invention Family logs in:Judge whether the currently active number of sessions of the user reaches session status threshold value;Described in judgement When the currently active number of sessions of user is not up to session shape threshold value, the user is made normally to log in.
It is the common IP address of the user judging the IP address not in a kind of example embodiment of the present invention When, it is logged according to the IP address management user.
In a kind of example embodiment of the present invention, described logged according to the IP address management user includes:Judge institute State IP address whether be the user the IP address that is of little use;Judge the IP address not and be the user with being of little use IP When location, the user is made to be logged in by stringent verification mode.
In a kind of example embodiment of the present invention, described logged according to the IP address management user further includes:Sentencing Break the IP address be the user be of little use IP address when:Obtain effective login times of the IP address;Described in judgement Whether effective login times of IP address reach the login times threshold value for the IP address that is of little use;If it is determined that the IP address has When effect login times reach the login times threshold value for the IP address that is of little use, the user is made to be stepped on by stringent verification mode Record, otherwise the user normally logs in.
In a kind of example embodiment of the present invention, the prompt user carries out login packet by stringent verification mode It includes:If when the user's checking success:Obtain the quantity of the currently logged IP address that is of little use of the user;Described in judgement The quantity of user reaches when being of little use IP address threshold value, described in deletion with being of little use the minimum IP of login times in IP address Location, and this login IP address is included in described be of little use in IP address.
In a kind of example embodiment of the present invention, the prompt user log in also by stringent verification mode Including:When the user's checking fails, tested if it is determined that the predetermined time verification number of the user is not up to the predetermined time Frequency threshold value is demonstrate,proved, the user is made to verify login again.
According to a second aspect of the embodiments of the present invention, a kind of device of management user's login security, the device packet are proposed It includes:First acquisition module is configured to obtain the IP address of user's logging device;Judgment module is configured to judge the IP address Whether be the user common IP address;Second acquisition module is configured to obtain the currently active session number of the IP address Amount;Management module is logged in, is configured to when the IP address is the common IP address of the user, according to the institute of the IP address The currently active number of sessions management user is stated to log in.
In a kind of example embodiment of the present invention, the login management module is additionally configured to:It is not in the IP address When the common IP address of the user, logged according to the IP address management user.
According to a third aspect of the embodiments of the present invention, propose that a kind of electronic equipment, the electronic equipment include:Memory;With And it is coupled to the processor of the memory, the processor is configured as, based on the instruction being stored in the memory, holding The method of row management user's login security as described in any one of the above embodiments.
According to a fourth aspect of the embodiments of the present invention, it proposes a kind of computer-readable medium, is stored thereon with program, the journey The method that management user's login security as described in any one of the above embodiments is realized when sequence is executed by processor.
According to the method and system of management user's login security provided by the invention, the session shape that user can be logged in State and IP address carry out effective safety management.
It should be understood that above general description and following detailed description is merely exemplary, this can not be limited Invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention Example, and be used to explain the principle of the present invention together with specification.Drawings discussed below is only some embodiments of the present disclosure, For for those of ordinary skill in the art, without creative efforts, it can also obtain according to these attached drawings Obtain other attached drawings.
Fig. 1 shows the flow chart of the method for management user's login security according to the ... of the embodiment of the present invention;
Fig. 2 shows according to illustrated embodiments of the invention management user's login security method flow chart;
Fig. 3 shows the flow chart of the method for management user's login security according to illustrated embodiments of the invention;
Fig. 4 is the flow chart logged in by stringent verification mode according to the user shown in illustrated embodiments of the invention;
Fig. 5 shows the block diagram of the device of management user's login security according to illustrated embodiments of the invention;
Fig. 6 shows the system architecture signal of the device of management user's login security according to illustrated embodiments of the invention Figure;
Fig. 7 shows the electronic equipment according to illustrated embodiments of the invention.
Specific implementation mode
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the present invention will be comprehensively and complete It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical reference numeral indicates in figure Same or similar part, thus repetition thereof will be omitted.
Described feature, structure or characteristic can be incorporated in one or more embodiments in any suitable manner In.In the following description, many details are provided to fully understand embodiments of the present invention to provide.However, It will be appreciated by persons skilled in the art that technical scheme of the present invention can be put into practice and omit it is one or more in specific detail, Or other methods, constituent element, device, step may be used etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Attached drawing is only the schematic illustrations of the present invention, and identical reference numeral indicates same or similar part in figure, because And repetition thereof will be omitted.Some block diagrams shown in attached drawing not necessarily must with it is physically or logically independent Entity is corresponding.Software form may be used to realize these functional entitys, or in one or more hardware modules or integrated electricity These functional entitys are realized in road, or these work(are realized in heterogeneous networks and/or processor device and/or microcontroller device It can entity.
Flow chart shown in attached drawing is merely illustrative, it is not necessary to including all content and step, nor It must be executed by described sequence.For example, the step of having can also decompose, and the step of having can merge or part merges, Therefore the sequence actually executed is possible to be changed according to actual conditions.
Example embodiment of the present invention is described in detail below in conjunction with the accompanying drawings.
Fig. 1 shows the flow chart of the method for management user's login security according to illustrated embodiments of the invention.
With reference to figure 1, the method 100 of management user's login security may include:
Step S110 obtains the IP address that user logs in.
Step S120, judge IP address whether be user common IP address.
Step S130 then obtains the currently active session of IP address if it is determined that IP address is the common IP address of user Quantity;
Step S140 manages user according to the currently active number of sessions of IP address and logs in.
According to the method for management user's login security provided by the invention, according to the IP address logged in user and work as The management of preceding active session quantity can effectively manage the safety of user's login.
Next, with reference to Fig. 1, the method for management user's login security in this example embodiment is illustrated.
In step s 110, the IP address that user logs in is obtained.
IP address is the unique mark that equipment is connected to internet.Under normal conditions, when user is logined mutually by same interface When networking, IP address will not change.
In the step s 120, judge IP address whether be user common IP address.
The common IP address of user refers to IP address the most commonly used when user's accessing system.
According to example embodiment, the number for commonly using IP address can be set as one or more.For example, common IP address Number is set as 2, is thought of as the IP address that user is in and when company's accessing system uses respectively, but the present invention to this not Make particular determination.
According to example embodiment, the Set data types of such as Redis databases can be used to be operated.The data type It can ensure that the member in set is unique, not reproducible.It is generated using unique ID+ designated identifications of user globally unique Key, Value is the common login IP of user.When logging in system by user, SISMEMBER key commands can be used to sentence Whether the login IP address of disconnected user is in the Set set of the common IP address of the user.The function of SISMEMBER orders is to sentence Disconnected members element whether be set member, if so, return 1, if it is not, or key be not present, return 0.But the present invention's Technical solution is without being limited thereto, can also use other modes management is common to log in IP.
In step s 130, if it is determined that IP address is the common IP address of user, then the currently active of IP address is obtained Number of sessions.
According to example embodiment, the currently active number of sessions can be managed by Session (session).With Cookie Unlike, Session is stored in server.Server can be for example, by JSESSIONID to the Session of each user It distinguishes.JSESSIONID is the address to Session Id in Apache Tomcat application servers, Session Id by Server-side creates, and is stored in the Cookie of browser, for distinguishing specific user.But technical scheme of the present invention is unlimited In this, other application server and corresponding Session way to manages can also be used.
According to example embodiment, when it is the common IP address of user to judge IP address not, according to IP address management user It logs in.
In step S140, user is managed according to the currently active number of sessions of IP address and is logged in.
According to example embodiment, it manages user according to the currently active number of sessions of IP address and logs in and may include:Judge Whether the currently active number of sessions of user reaches session status threshold value;It is not up in the currently active number of sessions for judging user When session shape threshold value, user is made normally to log in.
According to example embodiment, session status threshold value can be set as 3.Each browser can retain a session shape State, you can control same user and at most carry out login system using 3 browsers in its common IP.As previously described, it is contemplated that clothes The presence of business device cluster can use Redis databases to realize the Session of server shared, unique ID+ of user is used Family, which is fixed, logs in IP+ designated identifications to generate global unique Key, and Value is exactly the log-on count of the logging in system by user. Using the String data types of Redis databases, when users log on, first judge whether the login times of user reach specified The session upper limit log-on count for recording logging in system by user is added 1 if calling INCR key commands without if;Otherwise it reaches The upper limit logged in user, then will prompt user that cannot carry out login system using excessive browser.The function of INCR key commands For the digital value stored in key is increased one.But technical scheme of the present invention is without being limited thereto, can also use other databases and phase It should instruct and the currently active number of sessions is managed.
Fig. 2 shows according to illustrated embodiments of the invention management user's login security method flow chart.
It should be appreciated that the flow chart that Fig. 2 is shown is only an example, to the function of the embodiment of the present invention and should not be applicable in Range band carrys out any restrictions.
It pre-recorded can be used so that active user is using the common IP address accessing system logged in other than IP as an example with reference to Fig. 2 Family be of little use IP address set and be arranged be of little use IP log in the upper limit.
When logging in system by user, step S210~step S270 can be carried out.
Step S210, obtains the login IP of user, and judge whether be the user common login IP.If it is not, holding Row step S220.
Step S220 obtains the IP address set that is of little use.
Accoding to exemplary embodiment, the IP address that is of little use set is used when can include user's accessing system but makes With the few IP address of number.For example, the IP address that is of little use can record the IP address that accessing system uses when user goes on business, but Technical solution of the present invention is not particularly limited this.
Step S230 judges this time to log in whether IP is being of little use in IP address set.If so, step S240 is carried out, Otherwise step S270 is carried out.
Step S240 obtains the login times for this time logging in IP.
Step S250, judges whether the login times for this time logging in IP reach the login upper limit for the IP address that is of little use.If It is to execute step S270, otherwise, executes step S260.
Accoding to exemplary embodiment, when this login IP login times reach logging in limited time for the IP address that is of little use, The Sorted Set data types that Redis can be used, the login times of user can be recorded using its score grammer.When with When family is proved to be successful, the quantity of the currently logged IP address that is of little use of user can be obtained;If it is determined that the quantity of user reaches When the IP address upper limit that is of little use, the minimum IP address of login times in IP address that is of little use is deleted, and this is logged in into IP address It is included in and is of little use in IP address.But technical scheme of the present invention is not limited to this, and can also be used other databases and accordingly be referred to It enables and being managed to logging in IP.
Step S260, user normally log in.
Step S270 verifies user identity using QR Code.
According to example embodiment, QR Code are one kind of stringent verification login mode.Step S270 is intended to prompt user logical Stringent verification mode is crossed to be logged in.Stringent verification mode can by QRCode carry out barcode scanning login, but the present invention is not limited to This.For example, it is also possible to strictly be verified by sending the modes such as identifying code to binding mailbox or mobile phone.
According to example embodiment, when user's checking fails, if it is determined that the predetermined time verification number of user is not up to Predetermined time verifies the number upper limit, and user is prompted to verify login again.
The flow chart shown according to fig. 2 may be implemented as previously described when the common IP that judge IP address not and be user When location, logged according to IP address management user.
Fig. 3 shows the flow chart of the method for management user's login security according to illustrated embodiments of the invention.
It should be appreciated that the flow chart that Fig. 3 is shown is only an example, to the function of the embodiment of the present invention and should not be applicable in Range band carrys out any restrictions.
With reference to Fig. 3, by active user using it is common log in IP accessing systems for, can pre-recorded user common login IP address, and the session status threshold value of individual machine is set.
When logging in system by user, step S310~S370 can be carried out.
Step S310, obtain user log in IP address, and judge its whether be the user common IP address.If It is to execute step S320.
Step S320 obtains the currently active number of sessions of the common IP.
Step S330, judges whether the currently active number of sessions of the common IP reaches the session status threshold of individual machine Value.If so, executing step S340, otherwise, step S360 is executed.
According to example embodiment, it can be 3 that the session of individual machine, which logs in the upper limit, indicate that active user at most uses 3 A different browser accessing system, the present invention are not particularly limited this.
Step S340 prompts user to reach individual machine and logs in the upper limit.
Step S350, user cannot log in, and terminate flow.
Step S360 updates the session login count of single user.
According to example embodiment, the session login count of active user is updated, can reuses and works as user When preceding IP login systems, the management of its session status is prepared.
Step S370, user normally log in, and terminate flow.
Fig. 4 shows the flow chart that the user according to illustrated embodiments of the invention is logged in by stringent verification mode.
It should be appreciated that the flow chart that Fig. 4 is shown is only an example, to the function of the embodiment of the present invention and should not be applicable in Range band carrys out any restrictions.
With reference to Fig. 4, when using the IP address login system other than the IP address that is of little use with user, user is made to use QR For Code verifications log in, one day verification number upper limit of user and one week verification number upper limit can be pre-set.Wherein, QR Code is one kind of Quick Response Code, specific to generate the ZXing that use Google, and formation efficiency is high.The stringent of the present invention is tested Card mode is not limited in QR Code verification modes, and technical scheme of the present invention is not limited thereto.
When verifying user identity using QR Code, step S410~S490 can be carried out.
In step S410, judge whether to be proved to be successful.If it is successful, step S420 is executed, it is no to then follow the steps S440.
According to example embodiment, it is contemplated that the timeliness of Quick Response Code verification needs to sentence when scanning input verifies Quick Response Code At the appointed time whether the generated time of disconnected Quick Response Code and the interval of current authentication time in range.If user's checking is overtime , then user is needed to refresh verification again.
According to example embodiment, the scene of authentication failed can be the case where non-present user verifies, and can also wrap The case where including other authentication faileds, technical solution of the present invention is not particularly limited this.
In step S420, this login IP is added in Set set and Sorted Set set, and removes using minimum IP.
According to example embodiment, if user's checking is successful, the collection that IP is logged in from record user's different machines is needed The machine IP of minimum login record is removed in conjunction, and this login IP is recorded in Set set and Sorted Set set.Its In, Set set can preserve the IP of different machines login, and Sorted Set set can preserve the login times of IP.It should manage Solution, technical scheme of the present invention is not limited thereto, can also use other data type storages be of little use IP address and Its login times.
In step S430, user normally logs in, and terminates flow.
In step S440, same day verification number is obtained.
According to example embodiment, one day number that barcode scanning is verified in the middle of record user can similarly use Redis's The INCR key of String data types verify number to record the nearest barcode scanning of user, on the day of Key then uses the unique ID+ of user Time+designated identification, to generate global unique Key.The number of user's checking in one week is also recorded simultaneously.But the present invention Technical solution be not limited thereto, other databases and corresponding instruction can also be used to be read out behaviour to verification number Make.
In step S450, judge whether that reaching the same day verifies the number upper limit.If so, executing step S460, otherwise execute Step S490.
In step S460, one week verification number of the user is obtained.
In step S470, judge whether one week verification number of user reaches this week verification number upper limit.If so, executing step Rapid S480, it is no to then follow the steps S490.
In step S480, it is desirable that user's more new password terminates flow.
According to example embodiment, it if one day verification number of user and one week verification number have reached the upper limit, needs Want user's Modify password.For the sake of security, can the several times nearest password of rule cannot repeat, but technical scheme of the present invention It is not limited thereto.
In step S490, it is desirable that user verifies login again, executes step S410 after verification again.
Fig. 5 shows the block diagram of the device of management user's login security according to illustrated embodiments of the invention.
With reference to Fig. 5, the device of management user's login security may include:First acquisition module 510, judgment module 520, Second acquisition module 530 logs in management module 540.
In the device of management user's login security, the first acquisition module 510 is configured to obtain user's logging device IP address.Judgment module 520 be configured to judge IP address whether be user common IP address.Second acquisition module 530 configures To obtain the currently active number of sessions of IP address.Management module 540 is logged in be configured in the common IP that IP address is user When location, user is managed according to the currently active number of sessions of IP address and is logged in.
According to example embodiment, management module 540 is logged in be additionally configured to:It is not the common IP address of user in IP address When, it is logged according to IP address management user.
Fig. 6 shows the system architecture signal of the device of management user's login security according to illustrated embodiments of the invention Figure.
It should be appreciated that the system architecture schematic diagram that Fig. 6 is shown is only an example, it should not be to the work(of the embodiment of the present invention Any restrictions can be brought with the scope of application.
With reference to Fig. 6, the device for managing user's login security can include to log in IP blockers 610, application server collection Group 620 and data server cluster 630.
As previously mentioned, referring to Fig.1, IP blockers 610 are configurable to step on user according to the login IP address of user Record is managed.
According to example embodiment, application server cluster 620 is configurable to the session status to user according to Session It is managed.As previously mentioned, referring to Fig.1, application server cluster is configurable to when user is logged in using common IP, according to The currently active number of sessions management user of common IP logs in.
According to example embodiment, data server cluster 630 can be comprising Redis databases or MySQL database etc., this The technical solution of invention is not particularly limited this.
Fig. 7 shows the electronic equipment according to illustrated embodiments of the invention, can be used for realizing preceding method.
As shown in fig. 7, server apparatus 700 may include processor 710, memory 720, network adapter 730 and monitoring Device 740.
Memory 720 can store the instruction that operation processing is controlled for processor 710.Memory 720 may include volatibility Or nonvolatile memory, as static RAM (SRAM), electrically erasable programmable read-only memory (EEPROM), Erasable Programmable Read Only Memory EPROM (EPROM), programmable read only memory (PROM), read-only memory (ROM) etc., the present invention It is not limited in this respect.
Processor 710 can call the instruction stored in memory 720 to control relevant operation.According to an embodiment, memory 720 storages control the instruction executed according to the method for the aforementioned embodiment of the present invention for processor 710.It can be readily appreciated that memory 720 can also store the instruction that other operations according to the ... of the embodiment of the present invention are controlled for processor 710, and which is not described herein again.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, the present invention is implemented The technical solution of example can be expressed in the form of software products, which can be stored in a non-volatile memories In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are used so that a computing device (can be People's computer, server, mobile terminal or smart machine etc.) it executes according to the method for the embodiment of the present invention.
In addition, above-mentioned attached drawing is only the schematic theory of the processing included by method according to an exemplary embodiment of the present invention It is bright, rather than limit purpose.It can be readily appreciated that the time that above-mentioned processing shown in the drawings did not indicated or limited these processing is suitable Sequence.In addition, being also easy to understand, these processing for example can be executed either synchronously or asynchronously in multiple modules.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the application His embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or Adaptive change follow the general principle of the present invention and include common knowledge in the art that the present invention does not apply or Conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by claim It points out.
It should be understood that the present invention is not limited to the detailed construction that there have shown, attached drawing mode or implementation method, On the contrary, it is intended to cover comprising various modifications and equivalence setting in the spirit and scope of the appended claims.

Claims (11)

1. a kind of method of management user's login security, which is characterized in that including:
Obtain the IP address that user logs in;
Judge the IP address whether be the user common IP address;
If it is determined that the IP address is the common IP address of the user, then:
Obtain the currently active number of sessions of the IP address;
It is logged according to the currently active number of sessions management user of the IP address.
2. the method as described in claim 1, which is characterized in that the currently active session number buret according to the IP address User is managed to log in, including:
Judge whether the currently active number of sessions of the user reaches session status threshold value;
When the currently active number of sessions for judging the user is not up to session shape threshold value, the user is made normally to step on Record.
3. the method as described in claim 1, which is characterized in that further include:
When it is the common IP address of the user to judge the IP address not, logged according to the IP address management user.
4. method as claimed in claim 3, which is characterized in that it is described to be logged according to the IP address management user, including:
Judge the IP address whether be the user the IP address that is of little use;
Judge the IP address not and be the user be of little use IP address when, make the user by stringent verification mode into Row logs in.
5. method as claimed in claim 4, which is characterized in that described to further include according to IP address management user login:
Judge the IP address for the user be of little use IP address when:
Obtain effective login times of the IP address;
Judge whether effective login times of the IP address reach the login times threshold value for the IP address that is of little use;
When the effective login times for judging the IP address reach the login times threshold value for the IP address that is of little use, make the user It is logged in by stringent verification mode, otherwise the user normally logs in.
6. method as claimed in claim 4, which is characterized in that the prompt user is stepped on by stringent verification mode Record includes:
In user's checking success:
Obtain the quantity of the currently logged IP address that is of little use of the user;
When the quantity for judging the user reaches and is of little use IP address threshold value, it is of little use in IP address and logs in described in deletion The minimum IP address of number, and this login IP address is included in described be of little use in IP address.
7. method as described in claim 4 or 5, which is characterized in that the prompt user by stringent verification mode into Row logs in:
When the user's checking fails, if it is determined that the predetermined time verification number of the user is not up to predetermined time verification Frequency threshold value makes the user verify login again.
8. a kind of device of management user's login security, which is characterized in that including:
First acquisition module is configured to obtain the IP address of user's logging device;
Judgment module, be configured to judge the IP address whether be the user common IP address;
Second acquisition module is configured to obtain the currently active number of sessions of the IP address;
Management module is logged in, is configured to when the IP address is the common IP address of the user, according to the IP address The currently active number of sessions management user logs in.
9. device as claimed in claim 8, which is characterized in that the login management module is additionally configured to:In the IP address When not being the common IP address of the user, logged according to the IP address management user.
10. a kind of electronic equipment, which is characterized in that including:
Memory;And
It is coupled to the processor of the memory, the processor is configured as based on the instruction being stored in the memory, The method for executing management user's login security as described in any one of claim 1-7.
11. a kind of computer-readable medium, is stored thereon with program, such as claim 1- is realized when which is executed by processor The method of management user's login security described in any one of 7.
CN201810660985.9A 2018-06-25 2018-06-25 Method and device for managing user login security, electronic equipment and readable medium Active CN108449367B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810660985.9A CN108449367B (en) 2018-06-25 2018-06-25 Method and device for managing user login security, electronic equipment and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810660985.9A CN108449367B (en) 2018-06-25 2018-06-25 Method and device for managing user login security, electronic equipment and readable medium

Publications (2)

Publication Number Publication Date
CN108449367A true CN108449367A (en) 2018-08-24
CN108449367B CN108449367B (en) 2021-03-30

Family

ID=63207226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810660985.9A Active CN108449367B (en) 2018-06-25 2018-06-25 Method and device for managing user login security, electronic equipment and readable medium

Country Status (1)

Country Link
CN (1) CN108449367B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743306A (en) * 2018-12-27 2019-05-10 北京奇安信科技有限公司 A kind of account number safety appraisal procedure, system, equipment and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090055912A1 (en) * 2007-08-21 2009-02-26 Nhn Corporation User authentication system using ip address and method thereof
CN102664877A (en) * 2012-03-30 2012-09-12 北京千橡网景科技发展有限公司 Method and device for exception handling in login process
CN103731413A (en) * 2013-11-18 2014-04-16 广州多益网络科技有限公司 Abnormal login handling method
WO2015032318A1 (en) * 2013-09-03 2015-03-12 腾讯科技(深圳)有限公司 Exceptional account determination method and device
CN104917756A (en) * 2015-05-08 2015-09-16 四川天上友嘉网络科技有限公司 Login authentication method for network games
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090055912A1 (en) * 2007-08-21 2009-02-26 Nhn Corporation User authentication system using ip address and method thereof
CN102664877A (en) * 2012-03-30 2012-09-12 北京千橡网景科技发展有限公司 Method and device for exception handling in login process
WO2015032318A1 (en) * 2013-09-03 2015-03-12 腾讯科技(深圳)有限公司 Exceptional account determination method and device
CN103731413A (en) * 2013-11-18 2014-04-16 广州多益网络科技有限公司 Abnormal login handling method
CN104917756A (en) * 2015-05-08 2015-09-16 四川天上友嘉网络科技有限公司 Login authentication method for network games
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743306A (en) * 2018-12-27 2019-05-10 北京奇安信科技有限公司 A kind of account number safety appraisal procedure, system, equipment and medium

Also Published As

Publication number Publication date
CN108449367B (en) 2021-03-30

Similar Documents

Publication Publication Date Title
US10771471B2 (en) Method and system for user authentication
CN109639740B (en) Login state sharing method and device based on equipment ID
CN108475249B (en) Distributed, decentralized data aggregation
CN108234653A (en) A kind of method and device of processing business request
US20180262529A1 (en) Honeypot computing services that include simulated computing resources
CN104253686B (en) Method, equipment and the system that account logs in
CN110401655A (en) Access control right management system based on user and role
CN103731413B (en) A kind of method for handling abnormal login
CN108108973A (en) Business risk control method and device
US20210099431A1 (en) Synthetic identity and network egress for user privacy
CN109981664A (en) Website logging method, device and the realization device of page end
CN105471581A (en) Identity verification method and device
CN106027462A (en) Operation request control method and device
CN110430205A (en) Single-point logging method, device, equipment and computer readable storage medium
CN108848113A (en) Client device log-in control method, device, storage medium and server
CN108289101A (en) Information processing method and device
CN110162994A (en) Authority control method, system, electronic equipment and computer readable storage medium
CN109831310B (en) Identity verification method, system, equipment and computer readable storage medium
CN108829838A (en) A kind of account information batch processing method and server
CN106453206A (en) Identity verification method and identity verification device
CN110324344A (en) The method and device of account information certification
CN110636038A (en) Account number analysis method, account number analysis device, security gateway and system
CN108076077A (en) A kind of conversation controlling method and device
CN111797418A (en) Control method and device of online service, service terminal, server and storage medium
CN109451503A (en) A kind of offline user authentication state maintaining method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant