CN108462704B - Login validation method, device, computer equipment and storage medium - Google Patents

Login validation method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN108462704B
CN108462704B CN201810163982.4A CN201810163982A CN108462704B CN 108462704 B CN108462704 B CN 108462704B CN 201810163982 A CN201810163982 A CN 201810163982A CN 108462704 B CN108462704 B CN 108462704B
Authority
CN
China
Prior art keywords
login
authentication
historical log
client
characteristic information
Prior art date
Application number
CN201810163982.4A
Other languages
Chinese (zh)
Other versions
CN108462704A (en
Inventor
李波
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Priority to CN201810163982.4A priority Critical patent/CN108462704B/en
Publication of CN108462704A publication Critical patent/CN108462704A/en
Application granted granted Critical
Publication of CN108462704B publication Critical patent/CN108462704B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/083Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0876Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Abstract

The invention discloses a kind of login validation method, device, computer equipment and storage mediums, wherein the login validation method includes: the authentication request for obtaining client and sending, and authentication request includes identity characteristic information and terminal identification information;If identity characteristic information does not pass through authentication, historical log number corresponding with identity characteristic information and terminal identification information is obtained;If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.In this method, when identity characteristic information and the corresponding historical log number of terminal identification information reach certification frequency threshold value, the second verification mode is pushed to client, good user experience can be obtained to verify user in a manner of through another authentication, client brute force attack crack servers are prevented to reach, log in safety to achieve the purpose that ensure.

Description

Login validation method, device, computer equipment and storage medium

Technical field

The present invention relates to authentication field more particularly to a kind of login validation method, device, computer equipment and storages Medium.

Background technique

It is realized currently, establishing secure connection between client and server generally by client input login password , there are security risks for such authentication mode.If malicious client takes Brute Force login password to server, have Server may be invaded, to cause information leakage.

The malicious attack of client in order to prevent, server are needed in user login services device, and setting prevents client The measure of malicious attack, but these measures need user to input much information login progress safety verification, so that user experience is poor, Particularly with the mobile terminal that information input is more inconvenient.

Summary of the invention

The embodiment of the present invention provides a kind of login validation method, device, computer equipment and storage medium, current to solve User avoids the problem that malicious attack leads to information leakage when logging in.

In a first aspect, the embodiment of the present invention provides a kind of login validation method, comprising:

The authentication request that client is sent is obtained, authentication request includes identity characteristic information and terminal recognition letter Breath;

If identity characteristic information does not pass through authentication, obtain corresponding with identity characteristic information and terminal identification information Historical log number;

If historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;

The secondary checking request that client is inputted based on the second verification mode is obtained, and is stepped on based on secondary checking request Record verifying.

Second aspect, the embodiment of the present invention provide a kind of login authentication device, comprising:

Authentication request module is obtained, for obtaining the authentication request of client transmission, authentication request packet Include identity characteristic information and terminal identification information;

Historical log number module is obtained, if not passing through authentication for identity characteristic information, is obtained special with identity Reference ceases historical log number corresponding with terminal identification information;

The second verification mode module is pushed, if reaching certification frequency threshold value for historical log number, push second is tested Card mode is to client;

Progress login authentication module, the secondary checking request inputted for obtaining client based on the second verification mode, and Login authentication is carried out based on secondary checking request.

Third aspect present invention provides a kind of computer equipment, including memory, processor and is stored in the storage In device and the computer program that can run on the processor, the processor are realized when executing the computer program such as this The step of inventing the login validation method.

Fourth aspect present invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has The step of computer program, the computer program realizes login validation method as described herein when being executed by processor.

Login validation method, device, computer equipment and storage medium provided in an embodiment of the present invention, by obtaining simultaneously Historical log number corresponding with identity characteristic information and terminal identification information truer comprehensively can determine to come from client The malicious attack at end;When identity characteristic information and terminal identification information historical log number reach certification frequency threshold value, push the Two verification modes verify user in a manner of through another authentication, prevent client to reach to client Brute force attack crack servers log in safety to achieve the purpose that ensure.

Detailed description of the invention

In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention Example, for those of ordinary skill in the art, without any creative labor, can also be according to these attached drawings Obtain other attached drawings.

Fig. 1 is a flow chart of login validation method in the embodiment of the present invention 1.

Fig. 2 is another specific flow chart of login validation method in the embodiment of the present invention 1.

Fig. 3 is another specific flow chart of login validation method in the embodiment of the present invention 1.

Fig. 4 is another specific flow chart of login validation method in the embodiment of the present invention 1.

Fig. 5 is a functional block diagram of login authentication device in the embodiment of the present invention 2.

Fig. 6 is a schematic diagram of computer equipment in the embodiment of the present invention 4.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.

Embodiment 1

Fig. 1 shows the flow chart of login validation method in the present embodiment.The present embodiment, which is applied, is carrying out letter by internet Between the client and server for ceasing interaction, wherein client includes but is not limited to browser and software login-port.This implementation Client in example is preferably this mobile terminal of smart phone.Server is to receive the request of client and based on the request Distribute the management end of application service.Following login validation method is using server as executing subject.As shown in Figure 1, the login authentication Method includes the following steps:

S10. the authentication request that client is sent is obtained, authentication request includes that identity characteristic information and terminal are known Other information.

Specifically, authentication request is that client is initiated when needing to connect server to server, for carrying out body The request of part verifying.Authentication request includes identity characteristic information and terminal identification information, so that server is based on therein Identity characteristic information and terminal identification information verify identity, to determine that can the client establish secure connection with server.

Identity characteristic information is available to information of the server to identify user identity.Terminal identification information is available to The environmental information of the client for identification of server.

Specifically, server can first be based on the identity characteristic after the authentication request for receiving client transmission Information carries out authentication, if identity characteristic information passes through authentication, i.e. execution step S50;If identity characteristic information is not led to Authentication is crossed, S20 is thened follow the steps.The method of authentication has very much, includes but is not limited in the present embodiment: based on shared The authentication of key, the authentication based on biological property and authentication based on public key encryption algorithm etc..This Step first passes through authentication request and carries out first time verifying to the identity of user, preliminary to ensure that server and client side establishes company The safety connect.

If S20. identity characteristic information does not pass through authentication, obtain and identity characteristic information and terminal identification information phase Corresponding historical log number.

Specifically, historical log number is specific spy in the characteristic item for indicate identity characteristic information and terminal identification information Levy number most in the number of item login service device.For example, the characteristic item of identity characteristic information includes but is not limited to register ID, The characteristic item of terminal identification information includes but is not limited to device id and logs in IP, and registers ID, device id and log in IP three, The highest number of login service device number is exactly historical log number.Wherein, it was registered when registration ID is user login services device Can unique identification user identity information, such as user name, cell-phone number and identification card number etc..Device id is stepped on for client The unique production equipment number in the whole world of the hardware of record, for example, mobile phone device id be mobile phone production sequence number, desktop computer sets Standby ID can be the MAC Address etc. of network interface card.Log in the address or privately owned of used public network distribution when IP is client online IP address.

Further, going through for user login services device is investigated by two aspects of identity characteristic information and terminal identification information History login times, the case where can be more comprehensive and truly investigate user login services device.For example, if using the same registration ID, when by different smart phone repeat logon servers, the login times of the registration ID recognized are most, it is thus determined that being Historical log number.Alternatively, if when same smart phone uses different registration ID repeat logon servers, the equipment that recognizes The login times of ID are most, it is thus determined that being historical log number.Or if different intelligent mobile phone is corresponding in different login IP Network under use different registration ID repeat logon servers when, recognize login IP login times maximum, it is thus determined that For historical log number.Therefore, its corresponding history is determined by the different situations of identity characteristic information and terminal identification information Login times, the case where being beneficial to prevent malicious client attack server to a certain extent appearance, to avoid information leakage, To ensure information security.

The historical log number referred in the present embodiment can be the note within a preset period of time being recorded in server The most login times of number are determined as historical log number by volume ID, device id login times corresponding with IP is logged in.

If S30. historical log number reaches certification frequency threshold value, the second verification mode is pushed to client.

Wherein, certification frequency threshold value is that the historical log number of identity characteristic information and terminal identification information can log in clothes The maximum login times of business device.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server is not Receive same type of authentication request again, then takes the second authentication mode.

Specifically, the second verification mode includes but is not limited to: sliding block, picture mosaic, letter and number etc., with artificial subjective sense The verification mode received.

The mode of authentication is forced to be switched to the second authentication mode with artificial subjective feeling, can effectively be determined The authenticity of client prevents client from invading server by the malicious way of Brute Force.

S40. obtain the secondary checking request that input based on the second verification mode of client, and be based on secondary checking request into Row login authentication.

Specifically, secondary checking request is the checking request that client is directed to that the second verification mode gives a response.

Server verifies the secondary checking request that client is sent, for example, if client is directed to graphical verification code In text send back to the secondary checking request with text, server determines the correctness of the text, to complete login authentication.This In embodiment, server is tested by log in the second checking request fed back based on the second authentication mode that client is sent Card, can avoid passing through Brute Force machine make client to server initiate malicious attack so that server be cracked into And lead to information leakage.

Preferably, after step slo, i.e., after the step of obtaining the authentication request that client is sent, this is stepped on Recording verification method further includes following steps:

If S50. identity characteristic information is established safety with client and is connected by authentication by authentication request It connects.

It is to be appreciated that illustrating that server can lead to when the authentication request that server authentication is sent by client The safety of the identity characteristic information of the stored validation of information client of database is crossed, and then safety can be established with client Connection.By this step, secure connection is had been established in client and server, and server offer is further obtained convenient for client Specific business information.

Preferably, after step S20, that is, history corresponding with identity characteristic information and terminal identification information is being obtained After the step of login times, the method for the login authentication further includes following steps:

If S60. historical log number not up to authenticates frequency threshold value, prompts client to retransmit authentication and ask It asks.

Specifically, certification frequency threshold value is that the historical log number of identity characteristic information and terminal identification information can log in The maximum login times of server.For example, certification frequency threshold value is 5, namely when historical log number is accumulated to 5, server No longer receive same type authentication request, then takes other authentication modes.

Further, historical log number does not reach the cognition frequency threshold value of server formulation, illustrates that server may be used also To receive the same type of authentication request of client transmission again, enhance server to the flexible of client certificate Property.Login validation method provided in an embodiment of the present invention, by obtaining and identity characteristic information and terminal identification information phase simultaneously Corresponding historical log number more really can comprehensively determine the malicious attack from client;When historical log number reaches To certification frequency threshold value when, push the second verification mode to client, in a manner of through another authentication to user into Row verifying, prevents client brute force attack crack servers to reach, and logs in safety to achieve the purpose that ensure, and can obtain Good user experience is obtained, especially for the mobile terminal user that information input is more inconvenient.

In a specific embodiment, identity characteristic information includes registration ID, and terminal identification information includes device id and steps on IP is recorded, as shown in Fig. 2, obtaining historical log corresponding with identity characteristic information and terminal identification information in step S20 Number specifically comprises the following steps:

S21. the historical log data in preset time period are counted, are obtained respectively and registration ID, device id or login IP phase Corresponding first login times, the second login times and third login times.

Wherein, historical log data are to register ID, device id and the phase for logging in IP login service device within a preset period of time Close data, including respective login times, login time etc..All historical log data, each history is stored in advance in server Logon data be corresponding with registration ID, device id and log in IP, also with its login time associated storage.It is to be appreciated that first steps on Record number refers to that the number of registration ID login service device within a preset period of time, the second login times refer to device id when default Between in section login service device number, third login times are the numbers for logging in IP login service device within a preset period of time.This Preset time period in embodiment can be falls since the time or current time in system for getting the authentication request The a period of time moved back can be set to 1 day or 1 week.

S22. maximum value is chosen from the first login times, the second login times and third login times as historical log Number.

For example, registration ID, device id or corresponding first login times of login IP, the second login times and third login time Number be respectively 3,5 and 8, then historical log number be the corresponding third login times of historical log number, i.e., 8 times.

In order to which the client to login service device accomplishes all-around defense, need to investigate client login service from three angles The case where device.As shown in this example, corresponding first login times of registration ID only have 3 times, and the login IP that login IP is used It has been be used 8 times that, the corresponding third login times of login IP are determined as historical log number due to safety concerns, so as to In the Prevention-Security to server is better achieved.The situation that accessing server by customer end is investigated by multi-angle, can be more Information security that is comprehensive and being effectively protected in server.

Preferably, after step s 22, i.e., from the first login times, the second login times and third login times After choosing the step of maximum value is as historical log number, the login validation method further include:

If S23. historical log number not up to authenticates frequency threshold value, make the first login times, the second login times and the The corresponding number of three login times adds 1, and updates historical log number.

It is to be appreciated that server is connected to the authentication request namely the corresponding note of client of this client transmission Volume ID, device id and login IP are logged in once again, should be logged in corresponding first login times, the second login times and third secondary Number plus 1, while updating corresponding historical log number.

For example, if certification frequency threshold value is 5, the history after authentication request three times is received the following are server The record form of login times:

Register ID Device id Log in IP Authentication request 1 0 1 1 Authentication request 2 1 1 0 Authentication request 3 0 1 1

Register ID Device id Log in IP Historical log number 1 3 2 3

At this point, historical log number is 3, frequency threshold value 5 is not up to authenticated.Therefore, when server receives four identity The record form of historical log number after checking request changes are as follows:

Register ID Device id Log in IP Authentication request 1 0 1 1 Authentication request 2 1 1 0 Authentication request 3 0 1 1 Authentication request 4 1 1 1

Register ID Device id Log in IP Historical log number 2 4 3 4

For the client of all-around defense login service device, history of the present embodiment from registration ID, device id and login IP The case where logon data is set out, integrated survey accessing server by customer end more comprehensively and can be effectively protected server.And And timely updated historical log number according to the authentication request of accessing server by customer end, keep the true of server data Real validity.

In a specific embodiment, as shown in figure 3, before step S21, i.e., the history in statistics preset time period is stepped on Before the step of recording data, login validation method further includes following steps:

S70. the historical log data stored in the form of KEY-VALUE in REDIS database are counted, ID, equipment will be registered ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding VALUE。

Specifically, the present embodiment uses REDIS database purchase historical log data.REDIS is one high performance KEY-VALUE database plays good supplementary function to relational database.The type of REDIS intermediate value is not limited only to character string, Also support following abstract data type: character string list, unordered unduplicated string assemble, orderly unduplicated character trail Closing key, value all is the Hash table of character string.The type of value determines the operation that value itself is supported.REDIS supports that difference is unordered, has The list of sequence, the advanced server end atomic operations such as intersection, union between unordered, orderly set.

The historical log data stored in the form of KEY-VALUE in the present embodiment, EDIS database by registration ID, are set Standby ID and IP is logged in as KEY, using the first login times, the second login times and third login times as corresponding VALUE, as shown in the table.

Register ID First login times X1 5

Device id Second login times 00-01-6C-06-A6-29 6

Log in IP Third login times 183.53.240.209 9

In this implementation, the registration ID being related in authentication request, device id are stored by KEY-VALUE form and stepped on The historical log data of IP are recorded, it is concise, obtain corresponding log-on message in time conducive to server.

S80. the historical log data between current time in system and preset time period are obtained, are inquired using KEY-VALUE Mode obtains the first login times corresponding with registration ID, device id or login IP, the second login times and third respectively and steps on Record number.

Specifically, preset time period is the specified refresh data of server, by the period in relation to zeros data.In order to protect The timeliness of authentication request is held, server specifies preset time period to be zeroed out processing to the data of database purchase.In In the present embodiment, the corresponding data of KEY can be arranged to preset time end, such as 24 hours, then every 24 hours by the number in KEY It is handled according to being zeroed out.

It is to be appreciated that registration ID, device id or login IP that server is stored according to KEY key, can directly acquire opposite The VALUE: the first login times, the second login times and the corresponding specific value of third login times that should be stored, it is simple and fast.

The present embodiment stores the registration being related in authentication request by REDIS database in the form of KEY-VALUE ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.

In a specific embodiment, identity characteristic information includes registration ID and customer authentication code, as shown in figure 4, step In S20, even identity characteristic information does not pass through authentication, specifically comprises the following steps:

S24. based on registration ID, corresponding server authentication code is obtained.

Specifically, registration ID when being user login services device it is registered can unique identification user identity information, such as User name, cell-phone number and identification card number etc..

Server authentication code includes but is not limited to: save in the server with the corresponding log-in password of registration ID or Identifying code etc..

Server can be used for the customer authentication code sent to client by the storage registration corresponding server authentication code of ID It compares, to determine the authenticity of the corresponding identity of client, so that it is guaranteed that server and client side establishes the peace of connection Quan Xing.

If S25. authentication server identifying code and the matching of customer authentication code are inconsistent, identity characteristic information, which does not pass through, to be tested Card.

It is to be appreciated that server not can determine that visitor if authentication server identifying code and the matching of customer authentication code are inconsistent The authenticity at family end needs client to do further or re-start authentication namely this identity characteristic information is not led to Cross verifying.

The authenticity of client, simple and fast, reliability are verified in the present embodiment by registration ID and server identifying code It is high.

Login validation method provided in an embodiment of the present invention is believed by obtaining simultaneously with identity characteristic information and terminal recognition The corresponding historical log number of manner of breathing more really can comprehensively determine the malicious attack from client;Only work as history Login times reach certification frequency threshold value, just push the second verification mode to client, can obtain good user experience, especially It is the mobile terminal user more inconvenient for information input.

For the client of all-around defense login service device, the present embodiment also investigates client from multi-angle comprehensive and logs in clothes The case where business device, more comprehensively and can be effectively protected server.Also, according to the authentication of accessing server by customer end The historical log number that timely updates is requested, the real effectiveness of server data is kept.

The present embodiment stores the registration being related in authentication request by REDIS database in the form of KEY-VALUE ID, device id and the historical log data for logging in IP, it is concise, obtain corresponding log-on message in time conducive to server;And And section is zeroed out processing, the timeliness of effective guarantee authentication request to the data in database at preset timed intervals.

It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.

Embodiment 2

Fig. 5 shows the functional block diagram with the one-to-one login authentication device of login validation method in embodiment 1.Such as Fig. 5 Shown, which includes obtaining authentication request module 10, obtains historical log number module 20, push second Verification mode module 30 and progress login authentication module 40.Wherein, authentication request module 10 is obtained, historical log time is obtained Digital-to-analogue block 20 pushes the realization function of the second verification mode module 30 and progress login authentication module 40 and logs in embodiment and tests The corresponding step of card method corresponds, and to avoid repeating, the present embodiment is not described in detail one by one.

Authentication request module 10 is obtained, for obtaining the authentication request of client transmission, authentication request Including identity characteristic information and terminal identification information.

Historical log number module 20 is obtained, if not passing through authentication, acquisition and identity for identity characteristic information Characteristic information and the corresponding historical log number of terminal identification information.

It pushes the second verification mode module 30 and pushes second if reaching certification frequency threshold value for historical log number Verification mode is to client.

Progress login authentication module 40, the secondary checking request inputted for obtaining client based on the second verification mode, And login authentication is carried out based on secondary checking request.

Preferably, login authentication device further includes establishing secure connection module 50.

Secure connection module 50 is established, if passing through authentication request by authentication for identity characteristic information, Secure connection is established with client.

Preferably, login authentication device further includes retransmitting authentication request module 60.

Authentication request module 60 is retransmitted, if not up to authenticating frequency threshold value for historical log number, is mentioned Show that client retransmits authentication request.

Preferably, identity characteristic information includes registration ID, and terminal identification information includes device id and login IP.

Obtaining historical log number module 20 further includes statistical history logon data unit 21 and selection historical log number Unit 22.

Statistical history logon data unit 21, for counting the historical log data in preset time period, respectively obtain with It registers ID, device id or logs in corresponding first login times of IP, the second login times and third login times.

Historical log time counting unit 22 is chosen, is used for from the first login times, the second login times and third login times Middle selection maximum value is as historical log number.

Preferably, obtaining historical log number module 20 further includes updating historical log time counting unit 23.

Update historical log time counting unit 23 makes first to step on if not up to authenticating frequency threshold value for historical log number Record number, the second login times and the corresponding number of third login times add 1, and update historical log number.

Preferably, login authentication device further includes statistical history logon data module 70 and acquisition historical log data module 80。

Statistical history logon data module 70, for counting the history stored in the form of KEY-VALUE in REDIS database Logon data using registration ID, device id and logs in IP as KEY, the first login times, the second login times and third is logged in Number is respectively as corresponding VALUE.

Historical log data module 80 is obtained, for obtaining the historical log between current time in system and preset time period Data obtain the first login time corresponding with registration ID, device id or login IP using KEY-VALUE inquiry mode respectively Number, the second login times and third login times.

Preferably, identity characteristic information includes registration ID and customer authentication code.

Obtaining historical log number module 20 further includes obtaining server authentication code unit 24 and unverified unit 25.

Server authentication code unit 24 is obtained, for obtaining corresponding server authentication code based on registration ID.

Unverified unit 25, if matching inconsistent, identity for authentication server identifying code and customer authentication code Characteristic information is unverified.

Embodiment 3

The present embodiment provides a computer readable storage medium, computer journey is stored on the computer readable storage medium Sequence realizes login validation method in embodiment 1 when the computer program is executed by processor, no longer superfluous here to avoid repeating It states.Alternatively, realizing the function of each module/unit in login authentication device in embodiment 2 when the computer program is executed by processor Can, to avoid repeating, which is not described herein again.

It is to be appreciated that the computer readable storage medium may include: that can carry the computer program code Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal and telecommunications letter Number etc..

Embodiment 4

Fig. 6 is the schematic diagram for the computer equipment that one embodiment of the invention provides.As shown in fig. 6, the calculating of the embodiment Machine equipment 90 includes: processor 91, memory 92 and is stored in the calculating that can be run in memory 92 and on processor 91 Machine program 93.The step of processor 91 realizes login validation method in above-described embodiment 1 when executing computer program 93, such as scheme Step S10 to S40 shown in 1.Alternatively, processor 91 realizes each mould in above-mentioned each Installation practice when executing computer program 93 Block/unit function, such as authentication request module 10 is obtained shown in Fig. 5, obtain historical log number module 20, push the Two verification mode modules 30 and the function of carrying out login authentication module 40.

It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing The all or part of function of description.

Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations.Although referring to aforementioned reality Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (9)

1. a kind of login validation method characterized by comprising
The authentication request that client is sent is obtained, the authentication request includes identity characteristic information and terminal recognition letter Breath;
If identity characteristic information does not pass through authentication, obtain and the identity characteristic information and the terminal identification information phase Corresponding historical log number;
If the historical log number reaches certification frequency threshold value, the second verification mode is pushed to client;
Obtain the secondary checking request that input based on second verification mode of client, and be based on the secondary checking request into Row login authentication;
Wherein, the identity characteristic information includes registration ID, and the terminal identification information includes device id and login IP;
It is described to obtain historical log number corresponding with the identity characteristic information and the terminal identification information, comprising:
The historical log data in preset time period are counted, are obtained and the registration ID, the device id or the login respectively Corresponding first login times of IP, the second login times and third login times;
It is chosen from first login times, second login times and the third login times described in maximum value conduct Historical log number.
2. login validation method as described in claim 1, which is characterized in that it is described acquisition with the identity characteristic information and After the step of terminal identification information corresponding historical log number, the login validation method further include:
If the historical log number is not up to the certification frequency threshold value, prompts client to retransmit authentication and ask It asks.
3. login validation method as described in claim 1, which is characterized in that it is described from first login times, it is described After choosing the step of maximum value is as the historical log number in second login times and the third login times, this is stepped on Record verification method further include:
If the historical log number is not up to the certification frequency threshold value, log in first login times, described second Number and the corresponding number of the third login times add 1, and update the historical log number.
4. login validation method as described in claim 1, which is characterized in that the history in the statistics preset time period is stepped on Before the step of recording data, the login validation method further include:
The historical log data stored in the form of KEY-VALUE in REDIS database are counted, by registration ID, device id and login IP is as KEY, using first login times, second login times and the third login times as corresponding VALUE;
The historical log data between current time in system and preset time period are obtained, are distinguished using KEY-VALUE inquiry mode Obtain corresponding with the registration ID, the device id or the login IP the first login times, the second login times and the Three login times.
5. login validation method as described in claim 1, which is characterized in that in the authentication that the acquisition client is sent After the step of request, the login validation method further include:
If identity characteristic information establishes secure connection with client by the authentication request by authentication.
6. login validation method as described in claim 1, which is characterized in that the identity characteristic information includes registration ID and visitor Family identifying code;
If the identity characteristic information does not pass through authentication, comprising:
Based on the registration ID, corresponding server authentication code is obtained;
If verifying the server authentication code and customer authentication code matching being inconsistent, the identity characteristic information does not pass through Verifying.
7. a kind of login authentication device characterized by comprising
Authentication request module is obtained, for obtaining the authentication request of client transmission, the authentication request packet Include identity characteristic information and terminal identification information;
Historical log number module is obtained, if not passing through authentication for identity characteristic information, is obtained special with the identity Reference ceases historical log number corresponding with the terminal identification information;
The second verification mode module is pushed, if reaching certification frequency threshold value for the historical log number, push second is tested Card mode is to client;
Progress login authentication module, the secondary checking request inputted for obtaining client based on second verification mode, and Login authentication is carried out based on the secondary checking request;
Wherein, the identity characteristic information includes registration ID, and the terminal identification information includes device id and login IP;
It is described to obtain historical log number corresponding with the identity characteristic information and the terminal identification information, comprising:
The historical log data in preset time period are counted, are obtained and the registration ID, the device id or the login respectively Corresponding first login times of IP, the second login times and third login times;
It is chosen from first login times, second login times and the third login times described in maximum value conduct Historical log number.
8. a kind of computer equipment, including memory, processor and storage are in the memory and can be in the processor The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to The step of any one of 6 login validation method.
9. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In the step of realization login validation method as described in any one of claim 1 to 6 when the computer program is executed by processor Suddenly.
CN201810163982.4A 2018-02-27 2018-02-27 Login validation method, device, computer equipment and storage medium CN108462704B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810163982.4A CN108462704B (en) 2018-02-27 2018-02-27 Login validation method, device, computer equipment and storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810163982.4A CN108462704B (en) 2018-02-27 2018-02-27 Login validation method, device, computer equipment and storage medium
PCT/CN2018/081548 WO2019165675A1 (en) 2018-02-27 2018-04-02 Login verification method and apparatus, computer device, and storage medium

Publications (2)

Publication Number Publication Date
CN108462704A CN108462704A (en) 2018-08-28
CN108462704B true CN108462704B (en) 2019-08-06

Family

ID=63216595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810163982.4A CN108462704B (en) 2018-02-27 2018-02-27 Login validation method, device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108462704B (en)
WO (1) WO2019165675A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110276183A (en) * 2019-06-19 2019-09-24 同盾控股有限公司 Reversed Turing verification method and device, storage medium, electronic equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9736131B2 (en) * 2013-09-24 2017-08-15 Cellco Partnership Secure login for subscriber devices
CN104144419B (en) * 2014-01-24 2017-05-24 腾讯科技(深圳)有限公司 Identity authentication method, device and system
CN104539604B (en) * 2014-12-23 2017-11-24 北京奇安信科技有限公司 Website protection method and device
US9514294B1 (en) * 2015-11-12 2016-12-06 International Business Machines Corporation Accessing a computing resource
CN105654303A (en) * 2015-12-31 2016-06-08 拉扎斯网络科技(上海)有限公司 High-risk user recognition method and device
CN107438049A (en) * 2016-05-25 2017-12-05 百度在线网络技术(北京)有限公司 A kind of malice logs in recognition methods and device

Also Published As

Publication number Publication date
CN108462704A (en) 2018-08-28
WO2019165675A1 (en) 2019-09-06

Similar Documents

Publication Publication Date Title
US8132239B2 (en) System and method for validating requests in an identity metasystem
US8495720B2 (en) Method and system for providing multifactor authentication
AU2007215180B2 (en) System and method for network-based fraud and authentication services
US8230490B2 (en) System and method for authentication of users in a secure computer system
US8613067B2 (en) Single sign on with multiple authentication factors
US8819253B2 (en) Network message generation for automated authentication
US20070186103A1 (en) Common authentication service for network connected applications, devices, users, and web services
CN101764819B (en) For detecting the method and system of man-in-the-browser attacks
US7571473B1 (en) Identity management system and method
US8869253B2 (en) Electronic system for securing electronic services
US20130054433A1 (en) Multi-Factor Identity Fingerprinting with User Behavior
CN104144419B (en) Identity authentication method, device and system
US10404678B2 (en) Security object creation, validation, and assertion for single sign on authentication
US9407622B2 (en) Methods and apparatus for delegated authentication token retrieval
US8473749B1 (en) Methods and apparatus for preprovisioning authentication tokens to mobile applications
CN102187701A (en) User authentication management
CN101075875B (en) Method and system for realizing monopoint login between gate and system
CN101461209A (en) Arrangement and method for securing data transmission
US20130297513A1 (en) Multi factor user authentication
CN103249045B (en) A kind of methods, devices and systems of identification
CN103930897A (en) Mobile application, single sign-on management
CN102469075A (en) Integration authentication method based on WEB single sign on
US8613055B1 (en) Methods and apparatus for selecting an authentication mode at time of issuance of an access token
US8726358B2 (en) Identity ownership migration
US9871791B2 (en) Multi factor user authentication on multiple devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant