CN109257321B - Secure login method and device - Google Patents

Secure login method and device Download PDF

Info

Publication number
CN109257321B
CN109257321B CN201710569411.6A CN201710569411A CN109257321B CN 109257321 B CN109257321 B CN 109257321B CN 201710569411 A CN201710569411 A CN 201710569411A CN 109257321 B CN109257321 B CN 109257321B
Authority
CN
China
Prior art keywords
account name
terminal
user
risk level
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710569411.6A
Other languages
Chinese (zh)
Other versions
CN109257321A (en
Inventor
许丹丹
张伟
张亮
罗达
年静
温树庭
祝光明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201710569411.6A priority Critical patent/CN109257321B/en
Publication of CN109257321A publication Critical patent/CN109257321A/en
Application granted granted Critical
Publication of CN109257321B publication Critical patent/CN109257321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The application discloses a secure login method and a secure login device, wherein the method comprises the following steps: receiving a login request sent by a user through a terminal, wherein the login request comprises an account name and an account password of the user; responding to the matching of the account name and the account password, inquiring a preset list, and determining a risk level corresponding to the account name, wherein the list is used for indicating the corresponding relation between the account name and the risk level; responding to the fact that the risk level corresponding to the account name is a preset risk level, performing safe login authentication on the terminal, and determining whether the terminal is a safe terminal; and responding to the fact that the terminal is a safe terminal, and returning a login success page to the terminal. The method improves the security of the terminal and the website.

Description

Secure login method and device
Technical Field
The application relates to the technical field of computers, in particular to the technical field of internet, and particularly relates to a secure login method and device.
Background
With the development of information technology, the internet can provide various conveniences to users. People can do online shopping without going out, and can send articles and retrieve information by using the Internet. The internet provides convenience for people and also has certain security risks, such as hackers stealing user accounts to conduct online transactions.
In the prior art, when a user logs in a website, the user usually matches a user name with a password to enter a website page requested to log in. Thus, it is difficult to distinguish whether or not the terminal requesting login is a hacked terminal.
Disclosure of Invention
The present application aims to provide an improved secure login method and apparatus to solve the technical problems mentioned in the above background.
In a first aspect, the present application provides a secure login method, including: receiving a login request sent by a user through a terminal, wherein the login request comprises an account name and an account password of the user; responding to the matching of the account name and the account password, inquiring a preset list, and determining a risk level corresponding to the account name, wherein the list is used for indicating the corresponding relation between the account name and the risk level; responding to the fact that the risk level corresponding to the account name is a preset risk level, performing safe login authentication on the terminal, and determining whether the terminal is a safe terminal; and responding to the fact that the terminal is a safe terminal, and returning a login success page to the terminal.
In some embodiments, the method further comprises a list establishing step, the list establishing step comprising: acquiring a first account name of a historical user registered in a target website within a preset time period and user information corresponding to the first account name; determining a risk level corresponding to the first account name according to the first account name and the user information; and establishing a list according to the first account name and the determined risk level.
In some embodiments, the risk level comprises a first risk level, the user information comprises a second account name registered by the user at a historical risk website, and the historical risk website is different from the current website; and determining a risk level corresponding to the first account name according to the first account name and the user information, wherein the risk level comprises the following steps: determining whether the second account name is the same as the first account name; and determining the risk level corresponding to the first account name as a first risk level in response to the second account name being the same as the first account name.
In some embodiments, the risk level comprises a second risk level, the user information further comprising behavioral data information of the user; and determining a risk level corresponding to the first account name according to the first account name and the user information, wherein the risk level comprises the following steps: determining a behavior value corresponding to the behavior data information according to the behavior data information; determining whether the behavior value is smaller than a preset threshold value or not in response to the fact that the second account name is different from the first account name; and if the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is a second risk level.
In some embodiments, performing secure login authentication on the terminal, and determining whether the terminal is a secure terminal, includes: responding to the first risk level of the risk level corresponding to the account name, and sending an instruction for resetting the account password to the terminal; receiving an account password reset by a user, and determining whether the reset account password is the same as the account password; and determining that the terminal is a safe terminal in response to the fact that the reset account password is different from the account password.
In some embodiments, performing secure login authentication on the terminal, and determining whether the terminal is a secure terminal, includes: responding to the second risk level of the risk level corresponding to the account name, and acquiring communication information corresponding to the account name according to the account name; responding to the success of obtaining the communication information, and sending first login verification information to the terminal; receiving second login authentication information input by a user, comparing the first login authentication information with the second login authentication information, and determining whether the first login authentication information is the same as the second login authentication information; and determining that the terminal is a safe terminal in response to the first login authentication information being the same as the second login authentication information.
In some embodiments, the login request further includes a login address of the user; and
before acquiring the communication information corresponding to the account name according to the account name, the method further comprises the following steps: determining whether the login address of the user is a historical login address; and responding to the fact that the login address of the user is not the historical login address, and acquiring communication information corresponding to the account name.
In a second aspect, the present application provides a secure login device, comprising: the terminal comprises a receiving unit, a sending unit and a processing unit, wherein the receiving unit is configured to receive a login request sent by a user through the terminal, and the login request comprises an account name and an account password of the user; the first determining unit is configured to respond to the matching of the account name and the account password, query a preset list and determine a risk level corresponding to the account name, wherein the list is used for indicating the corresponding relation between the account name and the risk level; the second determining unit is configured to respond to the fact that the risk level corresponding to the account name is a preset risk level, perform secure login authentication on the terminal, and determine whether the terminal is a secure terminal; and the returning unit is configured to respond to that the terminal is a safe terminal and return a login success page to the terminal.
In some embodiments, the apparatus further comprises a list establishing unit comprising: the acquisition subunit is configured to acquire a first account name of a historical user registered in a target website within a preset time period and user information corresponding to the first account name; the determining subunit is configured to determine a risk level corresponding to the first account name according to the first account name and the user information; and the list establishing subunit is configured to establish a list according to the first account name and the determined risk level.
In some embodiments, the risk level comprises a first risk level, the user information comprises a second account name registered by the user at a historical risk website, and the historical risk website is different from the current website; and the determining subunit is further configured to determine whether the second account name is the same as the first account name; and determining the risk level corresponding to the first account name as a first risk level in response to the second account name being the same as the first account name.
In some embodiments, the risk level comprises a second risk level, the user information further comprising behavioral data information of the user; the determining subunit is further configured to determine, according to the behavior data information, a behavior value corresponding to the behavior data information; determining whether the behavior value is smaller than a preset threshold value or not in response to the fact that the second account name is different from the first account name; and if the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is a second risk level.
In some embodiments, the second determining subunit is further configured to, in response to the risk level corresponding to the account name being the first risk level, issue an instruction to reset the account password to the terminal; receiving an account password reset by a user, and determining whether the reset account password is the same as the account password; and determining that the terminal is a safe terminal in response to the fact that the reset account password is different from the account password.
In some embodiments, the second determining subunit is further configured to, in response to the risk level corresponding to the account name being a second risk level, obtain, according to the account name, communication information corresponding to the account name; responding to the success of obtaining the communication information, and sending first login verification information to the terminal; receiving second login authentication information input by a user, comparing the first login authentication information with the second login authentication information, and determining whether the first login authentication information is the same as the second login authentication information; and determining that the terminal is a safe terminal in response to the first login authentication information being the same as the second login authentication information.
In some embodiments, the login request further includes a login address of the user, and before the communication information corresponding to the account name is acquired according to the account name, the second determining subunit is further configured to determine whether the login address of the user is a historical login address; and responding to the fact that the login address of the user is not the historical login address, and acquiring communication information corresponding to the account name.
According to the safe login method and the safe login device, the login request including the account name of the user sent by the user is received, the preset list is inquired, the risk level corresponding to the account name of the user is determined, the safe login verification is carried out on the terminal under the condition that the risk level corresponding to the account name is the preset risk level, the safety of the terminal is determined, and the login success page is returned to the safety terminal, so that the risk that an abnormal account number such as a stolen account number successfully logs in the webpage is reduced, and the safety of the account number and the website is improved.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram for one embodiment of a secure login method according to the present application;
FIG. 3 is a schematic diagram of an application scenario of a secure login method according to the present application;
FIG. 4 is a flow diagram of yet another embodiment of a secure login method according to the present application;
FIG. 5 is a schematic block diagram of one embodiment of a secure login device in accordance with the present application;
fig. 6 is a schematic structural diagram of a computer system suitable for implementing the terminal device or the server according to the embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the secure login method or secure login apparatus of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture Experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background web server providing support for web pages displayed on the terminal devices 101, 102, 103. The background web server may analyze and process data such as a login request sent by a user, and feed back a processing result (e.g., page data) to the terminal device.
It should be noted that the secure login method provided in the embodiment of the present application is generally executed by the server 105, and accordingly, the secure login apparatus is generally disposed in the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to FIG. 2, a flow 200 of one embodiment of a secure login method in accordance with the present application is shown. The safe login method comprises the following steps:
step 201, receiving a login request sent by a user through a terminal.
In this embodiment, an electronic device (for example, a server shown in fig. 1) on which the secure login method operates may receive a login request from a terminal with which a user logs in through a wired connection manner or a wireless connection manner, where the login request includes an account name of a website that the user desires to log in and an account password corresponding to the account name. In practice, some websites, such as shopping websites, reading websites, etc., need to register an account to perform some behavioral activities, such as shopping, reading, etc. The server on which the electronic device operates stores account names of users who have registered accounts and account passwords corresponding to the account names, the account names can be set for the users, the account names can also be automatically generated by the server according to a preset registration mode, and the account passwords are usually set by the users. When a registered user needs to log in a certain website, the account name registered on the website and the account password corresponding to the account name can be provided to the server, so that the server can perform identity verification on the account name.
Step 202, in response to the account name being matched with the account password, querying a preset list and determining a risk level corresponding to the account name.
In this embodiment, since the account of the user is often stolen, and the user performs some malicious behaviors (for example, bulk returns after bulk purchases of articles) on a website (for example, a shopping website) in the existing computer network, the server may perform risk determination on the registered account name, and pre-store the determined risk level corresponding to the account name in the list. The risk levels may include, for example, a lowest risk level, an intermediate risk level, and a highest risk level. When the user logs in the requested website again through the terminal by using the registered account name, the server may match the account name and the account password according to the account name of the user determined in step 201 and the account password corresponding to the account name of the user, and after the matching is successful, may further query a preset list, thereby further determining a risk level corresponding to the account name. In this embodiment, the list is used to indicate a correspondence between account names and risk levels.
And 203, responding to the preset risk level of the risk level corresponding to the account name, performing secure login authentication on the terminal, and determining whether the terminal is a secure terminal.
In this embodiment, a plurality of preset risk levels may be preset in the server, for example, the preset risk level may be a first risk level, a second risk level, a third risk level, and the like.
According to the risk level corresponding to the account name determined in step 202, the server may further determine which level of the preset risk levels the risk level corresponding to the account name is, so as to perform secure login authentication on the terminal. In some application scenarios, the secure login authentication can be performed by sending short message verification content to a server through an electronic device on which a user terminal operates, the server performs matching according to the received short message content sent by the user and preset encryption content of the short message content, and whether the terminal sending the short message is a secure terminal or not is detected according to a matching result.
In some optional implementations of this embodiment, the risk level may include a first risk level, which may represent a highest risk level. For example, the server may set a risk level corresponding to an account name for which the account is stolen to a first risk level. Because the account number is stolen, the account number password corresponding to the account number has potential safety hazard. When the server responds that the risk level corresponding to the account name is the first risk level, the server can send an instruction for resetting the account password to the terminal on which the electronic equipment runs. After an instruction of resetting the account password is sent, the server can receive the account password reset by the user and determine whether the reset account password is the same as the account password. When the server detects that the reset account password is different from the account password, the terminal can be determined to be a safe terminal. Here, when the user performs a process of resetting the account password, the server may send a verification instruction to a mailbox stored in the registration information when the user performs account registration, and perform password resetting in the mailbox, so that the security of the terminal may be further ensured.
In some optional implementations of this embodiment, the risk level may include a second risk level, which may represent a next highest risk level. In a specific application scenario, the server may set the risk level corresponding to the account name with a lower credit value of the user as the second risk level. As an example, when the website requested to be logged in by the user is a shopping website, a credit value may be set for an account name registered by the user at the website according to behavior information of the user at the website. For example, a credit value may be added when a user successfully purchases a commodity and reasonably evaluates the purchased commodity at the website; when the product has no quality problem and the user buys the commodity in batch and returns the commodity in batch, the credit value can be reduced. When the website which requests for logging in responds that the risk level corresponding to the account name is a second risk level, the user can acquire the communication information corresponding to the account name according to the account name. Here, the communication information may be a mobile phone number stored in the registration information when the user performs account registration, or may be a mailbox account stored in the registration information. The server responds to the successful acquisition of the communication information and can send first login authentication information to the terminal on which the electronic equipment runs. The first login authentication information may be verification code information sent to the mobile phone number or the mailbox, or information for prompting the user to send short message information to the website platform requested to log in through the registered mobile phone number. The server may receive second login authentication information input by the user after sending the first login authentication information to the terminal, where the second login authentication information is used to authenticate whether the terminal requesting login is a secure terminal. Next, the server may compare the first login authentication information with the second login authentication information to determine whether the first login authentication information is the same as the second login authentication information. And the server can determine that the terminal which requests to log in the website is a safe terminal in response to the first login authentication information being the same as the second login authentication information. For example, when the authentication code sent by the server to the mobile phone number of the user is "4321" and the authentication code input by the user at the website requested to log in through the terminal is also "4321", it may be determined that the terminal is a secure terminal. Here, when the server can acquire the mobile phone number of the user, the server can preferentially send first login authentication information to the mobile phone number of the user; when the server cannot acquire the mobile phone number of the user, acquiring a mailbox account of the user, and sending first login authentication information to the mailbox account of the user; the server can also send different first login authentication information to the mobile phone number or the mailbox of the user at the same time, and the user can determine that the terminal corresponding to the account name is a safe terminal after the user needs to verify both the two first login authentication information. When the server does not successfully acquire the communication information corresponding to the account according to the account name, the server can send information for acquiring a mobile phone number or a mailbox to the terminal requesting for login.
In some optional implementation manners of this embodiment, the login request may further include a login address of the user, where the login address may include a device ID model applicable to the user and an IP (Internet Protocol) address of the user. The server can determine whether the login address of the user is a historical login address when receiving the login request of the user. And when the server responds that the login address of the user is not the historical login address, the server can acquire the communication information corresponding to the account name. The server responds to the success of obtaining the communication information and sends first login verification information to the terminal; receiving second login authentication information input by a user, comparing the first login authentication information with the second login authentication information, and determining whether the first login authentication information is the same as the second login authentication information; and determining that the terminal is a safe terminal in response to the first login authentication information being the same as the second login authentication information. Here, the history login address may be a login address used when the user registers an account, or may be an address used when the user logs in the website last time.
And step 204, responding to the fact that the terminal is a safe terminal, and returning a login success page to the terminal.
In this embodiment, according to whether the terminal determined in step 203 is a secure terminal, the server may return a page with a successful login to the terminal when responding that the terminal is a secure terminal. The page with successful login may be a page requested to be logged in by the user, or may be a page with a "login success" identifier.
With continuing reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the secure login method according to the present embodiment. In the application scenario 300 of fig. 3, the "afser" first issues, via the terminal device 301, a login request to the login page currently presented by the terminal device 301, the login request including the account name "afser" and the account password "×". Next, the server 302 checks whether the account name and the account password match each other after receiving the login request from the terminal device 301. The server 302 is provided with a list in which account names "a user, B user, C user …" of a plurality of users and risk levels corresponding to the account names are described in advance. For example, the risk level corresponding to "user a" is "primary", the risk level corresponding to "user B" is "secondary", and the risk level corresponding to "C user" is "tertiary" …. In the event that the account name matches the account password, the server may query the list to determine the risk level corresponding to "user a". When the server 302 determines that the risk level corresponding to the account name "a user" is "one level" set in advance, the secure login authentication may be performed on the terminal according to an authentication method with the risk level being "one level", for example, the authentication may be to reset the login password of the user. After the user resets the login password, the server 302 may return a page containing several words "login successful" to the terminal device 301.
According to the method and the device, after a login request sent by a user is received, a preset list is inquired, a risk level corresponding to an account name is determined, a terminal is subjected to safe login authentication according to a login authentication condition corresponding to the preset risk level, whether the terminal is a safe terminal is determined, and a page with successful login is returned to the terminal after the terminal is responded to be the safe terminal, so that the risk that an abnormal account such as a stolen account successfully logs in a webpage is reduced, and the safety of the account and the website is improved.
With further reference to fig. 4, a flow 400 of yet another embodiment of a secure login method is shown. The process 400 of the secure login method includes the following steps:
step 401, acquiring a first account name of a historical user registered in a target website within a preset time period and user information corresponding to the first account name.
In this embodiment, when a user registers an account in a target website, the account name and user information corresponding to the account name may be set. The target website is a website which the terminal currently requests to log in, and the user information may include a mobile phone number of the user, an identity number of the user, a mailbox account number of the user, personal attribute information (such as age and gender) of the user, and the like. After the account registration of the user is completed, the account name and information corresponding to the account name are stored in the server. Therefore, the server can acquire the first account name of the historical user registered in the target website and the user information corresponding to the first account name according to the preset time period. The preset time period can be set manually or by default.
Step 402, determining a risk level corresponding to the first account name according to the first account name and the user information.
The server can evaluate the first account name of the historical user according to the acquired first account name of the historical user and the user information corresponding to the first account name, so that the risk level corresponding to the first account name is determined.
In some optional implementation manners of this embodiment, the risk level may include a first risk level, the user information may include a second account name registered by the user at a historical risk website, and the historical risk website is a different website from the current website. The historical risk website can be a website which has an account password stolen once, a website which steals sensitive information of a user, a website which does not allow the user to tamper user information and the like. Generally, the source code and the registered account name of the user are leaked by the historical risk websites, so that when the user uses the same account name as the historical risk websites at the target website, user information corresponding to the account name (when the website is a shopping website, the user information may be, for example, an identity number of the user, a bank card password, and the like) is leaked, and thus, the server may obtain the second account name registered by the user in the historical risk websites by querying the web page source code of the risk websites. After the server obtains a second account name of the user in the historical risk website, whether the second account name is the same as the first account name or not can be determined. For example, when the account names are composed of words and letters, it may be checked whether the words and letters of the first account name are the same as those of the second account name, and when the words and letters are the same, it may be determined that the second account name is the same as the first account name. When the second account name is the same as the first account name, the risk level corresponding to the first account name may be determined to be a first risk level.
In some optional implementations of this embodiment, the risk level may include a second risk level, and the user information may further include behavior data information of the user. When the website requested to be logged in by the user is a shopping website, the behavior data information can be information of purchasing articles by the user on the website, information of evaluating the articles and the like; when the website that the user requests to log in is a blog-like website, the behavior data information may be information that the user publishes an article on the website, information that the article is commented on, and the like. According to the behavior data information, the server can determine a behavior value corresponding to the behavior data information. When the user purchases articles and objectively evaluates the commodities, the behavior value can be increased, and when the user evaluates the commodities unrealistically, the behavior value can be decreased; when the user issues an article which does not relate to the sensitive words and is referred for multiple times, the behavior value can be increased, and when the user issues malicious comments and has personal attack, the behavior value can be reduced. A threshold value of the behavior value may be preset in the server, and the server may determine whether the user belongs to the second risk level according to the preset threshold value of the behavior. The server may further determine whether the behavior value is smaller than a preset threshold value in response to that the first account name is different from the second account name, that is, the risk level corresponding to the account name does not belong to the first risk level. And when the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is a second risk level.
Step 403, a list is established according to the first account name and the determined risk level.
In this embodiment, the list may be established according to the first account name of the target registered historical user and the risk level determined in step 402 corresponding to the first account name.
It can be seen from the foregoing embodiment that, different from the embodiment shown in fig. 2, the embodiment mainly describes the step of establishing the list, and different risk levels can be defined for account names and stored in the server through the step of establishing the list, so that the terminal corresponding to the account name is verified according to different risk levels, and the security of the terminal and the security of the website are further improved.
With further reference to fig. 5, as an implementation of the method shown in the above-mentioned figures, the present application provides an embodiment of a secure login apparatus, which corresponds to the embodiment of the method shown in fig. 2, and which can be applied in various electronic devices.
As shown in fig. 5, the secure login apparatus 500 of the present embodiment includes: a receiving unit 501, a first determining unit 502, a second determining unit 503, and a returning unit 504. The receiving unit 501 is configured to receive a login request sent by a user through a terminal, where the login request includes an account name and an account password of the user; the first determining unit 502 is configured to, in response to a match between the account name and the account password, query a preset list and determine a risk level corresponding to the account name, where the list is used to indicate a correspondence between the account name and the risk level; the second determining unit 503 is configured to perform secure login authentication on the terminal in response to that the risk level corresponding to the account name is a preset risk level, and determine whether the terminal is a secure terminal; and the returning unit 504 is configured to return a login success page to the terminal in response to the terminal being a secure terminal.
In this embodiment, the specific processing of the receiving unit 501, the first determining unit 502, the second determining unit 503, and the returning unit 504 may refer to detailed descriptions of step 201, step 202, step 203, step 204, and step 205 in the embodiment of fig. 2, and is not described herein again.
In some optional implementation manners of this embodiment, the secure login apparatus further includes a list establishing unit, where the list establishing unit includes: an acquisition subunit (not shown) configured to acquire a first account name of a historical user registered at a target website within a preset time period and user information corresponding to the first account name; a determining subunit (not shown) configured to determine a risk level corresponding to the first account name according to the first account name and the user information; a list establishing subunit (not shown) configured to establish a list based on the first account name and the determined risk level.
In some optional implementation manners of this embodiment, the risk level includes a first risk level, the user information includes a second account name registered by the user in a historical risk website, and the historical risk website and the current website are different websites; and the determining subunit (not shown) is further configured to determine whether the second account name is the same as the first account name; and determining the risk level corresponding to the first account name as a first risk level in response to the second account name being the same as the first account name.
In some optional implementations of this embodiment, the risk level includes a second risk level, and the user information further includes behavior data information of the user; and the determining subunit (not shown) is further configured to determine, based on the behavior data information, a behavior value corresponding to the behavior data information; determining whether the behavior value is smaller than a preset threshold value or not in response to the fact that the second account name is different from the first account name; and if the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is a second risk level.
In some optional implementation manners of this embodiment, the second determining unit 503 is further configured to, in response to that the risk level corresponding to the account name is the first risk level, send an instruction to reset the account password to the terminal; receiving an account password reset by a user, and determining whether the reset account password is the same as the account password; and determining that the terminal is a safe terminal in response to the fact that the reset account password is different from the account password.
In some optional implementation manners of this embodiment, the second determining unit 503 is further configured to, in response to that the risk level corresponding to the account name is a second risk level, obtain, according to the account name, communication information corresponding to the account name; responding to the success of obtaining the communication information, and sending first login verification information to the terminal; receiving second login authentication information input by a user, comparing the first login authentication information with the second login authentication information, and determining whether the first login authentication information is the same as the second login authentication information; and determining that the terminal is a safe terminal in response to the first login authentication information being the same as the second login authentication information.
In some optional implementation manners of this embodiment, the login request further includes a login address of the user, and before the communication information corresponding to the account name is acquired according to the account name, the second determining unit 503 is further configured to determine whether the login address of the user is a historical login address; and responding to the fact that the login address of the user is not the historical login address, and acquiring communication information corresponding to the account name.
Referring now to FIG. 6, shown is a block diagram of a computer system 600 suitable for use in implementing a server according to embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, the processes described above with reference to the flowcharts may be implemented as a computer application according to an embodiment of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes a receiving unit, a first determining unit, a second determining unit, and a returning unit. The names of these units do not in some cases constitute a limitation to the unit itself, and for example, the receiving unit may also be described as a "unit that receives a login request sent by a user through a terminal".
As another aspect, the present application also provides a non-volatile computer storage medium, which may be the non-volatile computer storage medium included in the apparatus in the above-described embodiments; or it may be a non-volatile computer storage medium that exists separately and is not incorporated into the terminal. The non-volatile computer storage medium stores one or more programs that, when executed by a device, cause the device to: receiving a login request sent by a user through a terminal, wherein the login request comprises an account name and an account password of the user; responding to the matching of the account name and the account password, inquiring a preset list, and determining a risk level corresponding to the account name, wherein the list is used for indicating the corresponding relation between the account name and the risk level; responding to the fact that the risk level corresponding to the account name is a preset risk level, performing safe login authentication on the terminal, and determining whether the terminal is a safe terminal; and responding to the fact that the terminal is a safe terminal, and returning a login success page to the terminal.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by a person skilled in the art that the scope of the invention as referred to in the present application is not limited to the embodiments with a specific combination of the above-mentioned features, but also covers other embodiments with any combination of the above-mentioned features or their equivalents without departing from the inventive concept. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (10)

1. A secure login method, the method comprising:
receiving a login request sent by a user through a terminal, wherein the login request comprises an account name and an account password of the user;
responding to the account name and the account password matching, inquiring a preset list, and determining the risk level corresponding to the account name, wherein the method comprises the following steps: acquiring a first account name of a historical user registered in a target website and user information corresponding to the first account name within a preset time period, wherein the user information comprises behavior data information of the user, the risk level comprises a second risk level, the user information comprises a second account name registered in a historical risk website by the user, and the historical risk website and the current website are different websites; determining a behavior value corresponding to the behavior data information according to the behavior data information, wherein the behavior data information comprises information that a user publishes an article on a website, and if the user publishes the article which does not relate to a sensitive word and is referred for multiple times, the behavior value is increased; determining whether the behavior value is smaller than a preset threshold value in response to the second account name being different from the first account name; if the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is the second risk level; the list is used for indicating the corresponding relation between account names and risk levels;
responding to the fact that the risk level corresponding to the account name is a preset risk level, performing safe login authentication on the terminal, and determining whether the terminal is a safe terminal;
and responding to the fact that the terminal is a safe terminal, and returning a login success page to the terminal.
2. The method according to claim 1, characterized in that it further comprises a step of establishing said list, said step of establishing comprising:
determining a risk level corresponding to the first account name according to the first account name and the user information;
and establishing the list according to the first account name and the determined risk level.
3. The method of claim 2, wherein the risk level comprises a first risk level; and
determining a risk level corresponding to the first account name according to the first account name and the user information, wherein the risk level comprises:
determining whether the second account name is the same as the first account name;
and determining that the risk level corresponding to the first account name is the first risk level in response to the second account name being the same as the first account name.
4. The method according to claim 3, wherein the performing secure login authentication on the terminal and determining whether the terminal is a secure terminal comprises:
responding to the first risk level of the risk level corresponding to the account name, and sending an instruction for resetting the account password to the terminal;
receiving the account password reset by the user, and determining whether the reset account password is the same as the account password;
and determining that the terminal is a safe terminal in response to the fact that the reset account password is different from the account password.
5. The method according to claim 1, wherein the performing secure login authentication on the terminal and determining whether the terminal is a secure terminal comprises:
responding to the second risk level of the risk level corresponding to the account name, and acquiring communication information corresponding to the account name according to the account name;
responding to the success of obtaining the communication information, and sending first login verification information to the terminal;
receiving second login authentication information input by the user, comparing the first login authentication information with the second login authentication information, and determining whether the first login authentication information is the same as the second login authentication information;
and determining that the terminal is a safe terminal in response to the first login authentication information being the same as the second login authentication information.
6. The method of claim 5, wherein the login request further comprises a login address of the user; and
before the obtaining of the communication information corresponding to the account name according to the account name, the method further includes:
determining whether the login address of the user is a historical login address;
and responding to the fact that the login address of the user is not the historical login address, and acquiring communication information corresponding to the account name.
7. A secure login apparatus, the apparatus comprising:
the terminal comprises a receiving unit, a sending unit and a processing unit, wherein the receiving unit is configured to receive a login request sent by a user through a terminal, and the login request comprises an account name and an account password of the user;
the first determining unit is configured to query a preset list in response to the account name being matched with the account password, and determine a risk level corresponding to the account name, and includes: acquiring a first account name of a historical user registered in a target website and user information corresponding to the first account name within a preset time period, wherein the user information comprises behavior data information of the user, the risk level comprises a second risk level, the user information comprises a second account name registered in a historical risk website by the user, and the historical risk website and the current website are different websites; determining a behavior value corresponding to the behavior data information according to the behavior data information, wherein the behavior data information comprises information that a user publishes an article on a website, and if the user publishes the article which does not relate to a sensitive word and is referred for multiple times, the behavior value is increased; determining whether the behavior value is smaller than a preset threshold value in response to the second account name being different from the first account name; if the behavior value is smaller than a preset threshold value, determining that the risk level corresponding to the first account name is the second risk level; the list is used for indicating the corresponding relation between account names and risk levels;
the second determining unit is configured to perform secure login authentication on the terminal in response to the fact that the risk level corresponding to the account name is a preset risk level, and determine whether the terminal is a secure terminal;
and the returning unit is configured to respond to that the terminal is a safe terminal and return a login success page to the terminal.
8. The apparatus of claim 7, further comprising a list establishing unit, wherein the list establishing unit comprises:
the acquisition subunit is configured to acquire a first account name of a historical user registered in a target website within a preset time period and user information corresponding to the first account name;
the determining subunit is configured to determine, according to the first account name and the user information, a risk level corresponding to the first account name;
and the list establishing subunit is configured to establish the list according to the first account name and the determined risk level.
9. A server, characterized in that the server comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-6.
CN201710569411.6A 2017-07-13 2017-07-13 Secure login method and device Active CN109257321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710569411.6A CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710569411.6A CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Publications (2)

Publication Number Publication Date
CN109257321A CN109257321A (en) 2019-01-22
CN109257321B true CN109257321B (en) 2021-12-03

Family

ID=65051670

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710569411.6A Active CN109257321B (en) 2017-07-13 2017-07-13 Secure login method and device

Country Status (1)

Country Link
CN (1) CN109257321B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN111447221B (en) * 2020-03-26 2022-07-19 支付宝(杭州)信息技术有限公司 Method and system for verifying identity using biometrics
CN113709082B (en) * 2020-05-20 2023-07-21 腾讯科技(深圳)有限公司 Application login method and device and account login mode setting method
CN112073404B (en) * 2020-09-03 2023-09-29 中国平安财产保险股份有限公司 Account login method and device based on browser
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device
WO2023032045A1 (en) * 2021-08-31 2023-03-09 楽天グループ株式会社 Fraud detection system, fraud detection method, and program
CN115065512B (en) * 2022-05-31 2024-03-15 北京奇艺世纪科技有限公司 Account login method, system, device, electronic equipment and storage medium
CN116760646B (en) * 2023-08-22 2023-10-31 中信消费金融有限公司 Login processing method, login processing device, server and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852888A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Method and device for setting static authentication information
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
US9628491B1 (en) * 2016-01-25 2017-04-18 International Business Machines Corporation Secure assertion attribute for a federated log in
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852883A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Method and system for protecting safety of account information
CN105654303B (en) * 2015-12-31 2022-02-11 拉扎斯网络科技(上海)有限公司 High-risk user identification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852888A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Method and device for setting static authentication information
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL
US9628491B1 (en) * 2016-01-25 2017-04-18 International Business Machines Corporation Secure assertion attribute for a federated log in

Also Published As

Publication number Publication date
CN109257321A (en) 2019-01-22

Similar Documents

Publication Publication Date Title
CN109257321B (en) Secure login method and device
US11276048B2 (en) Online payment processing method apparatus and system
US10554655B2 (en) Method and system for verifying an account operation
US11074576B2 (en) Electronic certificate processing method and electronic certificate processing apparatus
KR102141836B1 (en) Two factor authentication
US9491155B1 (en) Account generation based on external credentials
US9251327B2 (en) Method and system for providing behavioral bi-directional authentication
US20210049579A1 (en) Multi-factor identity authentication
CN108683667B (en) Account protection method, device, system and storage medium
US9544317B2 (en) Identification of potential fraudulent website activity
CN106452774B (en) Method and device for controlling access authority based on single sign-on protocol
JP2018502410A (en) Common identification data replacement system and method
US9384330B2 (en) Providing user attributes to complete an online transaction
KR102055897B1 (en) Authentication Method and System for Service Connection of Internet Site using Phone Number
CN110266686B (en) Data sharing method, device, equipment and computer readable storage medium
US20230155999A1 (en) Method and System for Detecting Two-Factor Authentication
US20210306330A1 (en) Authentication server, and non-transitory storage medium
CN112749408A (en) Data acquisition method, data acquisition device, electronic equipment, storage medium and program product
KR102221827B1 (en) Mobile cross-authentication system and method
KR20150102292A (en) System and method for providing location authentication service using message
KR20180048464A (en) Method and system for providing simple user individual information input cloud service
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
CN113132925B (en) Short message authentication method, system, short message gateway equipment and terminal equipment
WO2023062823A1 (en) Digital asset management device, digital asset management system, digital asset management method, and non-transitory computer-readable medium
CN109493189B (en) Method, terminal and storage medium for tracking user guarantee data by third party

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant