CN109561093A - Ultra vires act detection method, device, computer equipment and storage medium - Google Patents
Ultra vires act detection method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN109561093A CN109561093A CN201811486387.0A CN201811486387A CN109561093A CN 109561093 A CN109561093 A CN 109561093A CN 201811486387 A CN201811486387 A CN 201811486387A CN 109561093 A CN109561093 A CN 109561093A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- token
- registration
- request
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application involves ultra vires act detection method, device, computer equipment and the storage mediums of a kind of technical field of safety protection.The described method includes: detect user to be verified apply in pre-set sensitive kind request when, checking request is sent to the corresponding user terminal of user to be verified, receive the verifying token that user terminal is sent according to checking request, the facility information and temporal information of user terminal are contained in verifying token, the registration verifying token for verifying token and pre-stored user terminal is matched, when matching inconsistent, it is determined that the sensitive kind request of user to be verified is ultra vires act.It can prevent from falsely using using being held as a hostage using this method.
Description
Technical field
This application involves field of computer technology, set more particularly to a kind of ultra vires act detection method, device, computer
Standby and storage medium.
Background technique
With the development of computer technology, application program has also obtained greatly developing.Application program is a kind of based on shifting
The program of dynamic equipment, nowadays, application program greatly participates in daily life, such as: payment, shopping, amusement etc.,
But there is also the risks that user identity is falsely used for application program.By taking mobile payment program as an example, once user identity is falsely used,
There may be user's properties to usurp, steals the behaviors such as brush, the property safety of strong influence user.In traditional technology, user is being moved
When carrying out delivery operation behavior in dynamic payment program, the server of mobile payment program sends short message verification code to user, passes through
Short message verification code verifies whether to operate for user, however, the short message verification code that the server of mobile payment program is sent, holds
It is easily intercepted, cause application program to there is the risk falsely used in use.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide one kind and be able to solve application program and be easy intercepted falsely use
Ultra vires act detection method, device, computer equipment and the storage medium of problem.
A kind of ultra vires act detection method, which comprises
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong
Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token
State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
In one of the embodiments, further include: when detecting that the user terminal registers the account of the application, to institute
It states user terminal and sends information acquisition request;The user terminal is received to be believed according to the equipment that the information acquisition request is sent
Breath;Pre-set time tag is obtained, is generated according to the time tag, the facility information and pre-set token
Algorithm generates the registration verifying token of the user terminal.
In one of the embodiments, further include: the time tag and the facility information are combined, group is obtained
Close sequence;The composite sequence is encoded to binary sequence, according to pre-set hash algorithm, by the binary sequence
It carries out encryption and generates the registration verifying token.
In one of the embodiments, further include: obtain the corresponding communication number of the user terminal;By the communication number
Code is corresponding with registration verifying token to be saved.
In one of the embodiments, further include: accidental validation is sent to the user terminal by the communication number
Code;Receive the random verification code to be verified that the user terminal uploads in the application;When the random verification code to be verified
When being matched with the random verification code, the corresponding registration verifying of the communication number is inquired according to the communication number and is enabled
Board.
In one of the embodiments, further include: generate the Information Authentication page;The Information Authentication page is sent to institute
User terminal is stated, so that the user terminal shows the Information Authentication page in display interface;The user terminal is received to exist
Account information is applied in the Information Authentication page input;The account information and pre-stored login account information are carried out
Matching determines that the sensitive kind request of the user to be verified is ultra vires act when matching inconsistent.
The time tag is current time in one of the embodiments,;The facility information is international mobile device
Identification code;Further include: the current time and the international mobile equipment identification number are spliced, described combined is obtained
Sequence;The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by the binary sequence
It carries out encryption and generates the registration verifying token.
A kind of ultra vires act detection device, described device include:
Detection module, the request sent for receiving user by application program, and determining that the request is sensitive kinds
When type is requested, checking request is sent to user terminal;
Receiving module, the verifying token sent for receiving the user terminal according to checking request;The verifying token
In contain the facility information and temporal information of the user terminal;
Matching module, for carrying out the registration verifying token of the verifying token and the pre-stored user terminal
Matching;
Judgment module, for when match it is inconsistent when, it is determined that the user to be verified the sensitive kind request be
Ultra vires act.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
Device performs the steps of when executing the computer program
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong
Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token
State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
It is performed the steps of when row
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong
Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token
State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
Above-mentioned ultra vires act detection method, device, computer equipment and storage medium, by being carried out to application service condition
Detection, to need to send checking request to user terminal, so as to get user when detecting sensitive kind request
The verifying token that terminal is sent according to checking request, verifying token contains facility information and temporal information, in addition, in server
The registration verifying token of user terminal has been stored in advance, if application exists more temporary, due to that can not know consistent temporal information, from
And consistent verifying token can not be provided, therefore, the technical solution of the embodiment of the present invention can prevent from being held as a hostage falsely using.
Detailed description of the invention
Fig. 1 is the application scenario diagram of ultra vires act detection method in one embodiment;
Fig. 2 is the flow diagram of ultra vires act detection method in one embodiment;
Fig. 3 is the flow diagram that the mode of registration verifying token is generated in one embodiment;
Fig. 4 is the flow diagram of ultra vires act detection method in another embodiment;
Fig. 5 is the structural block diagram of ultra vires act detection device in one embodiment;
Fig. 6 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Ultra vires act detection method provided by the present application, can be applied in application environment as shown in Figure 1.Wherein, eventually
End 102 is communicated with server 104 by network by network.Wherein, terminal 102 can be, but not limited to be various personal meters
Calculation machine, laptop, smart phone, tablet computer and portable wearable device, server 104 can use independent service
The server cluster of device either multiple servers composition is realized.
Application program can be run in terminal 102, can with access carrier network, terminal 102 can also and server
104 are attached by carrier network.
When operating in terminal 102 to the application program of operation, server 104 detects whether the operation is sensitive kinds
Type request when detecting that the operation is sensitive kind request, sends checking request to terminal 102, terminal 102 is according to checking request
It being verified token and is uploaded to server 104, server 104 takes out the corresponding registration of terminal 102 in database and verifies token,
Verifying token is matched with registration verifying token, can determine whether sensitive kind request goes beyond one's commission according to matching result.
In one embodiment, as shown in Fig. 2, providing a kind of ultra vires act detection method, it is applied to Fig. 1 in this way
In server for be illustrated, comprising the following steps:
Step 202, the request that user is sent by application program is received, and when determining request is sensitive kind request,
Checking request is sent to user terminal.
Using can be a kind of application program, application can be installed with user terminal, be answered when by user terminal operations
Used time sends operation requests to server by user terminal, and server provides corresponding service according to operation requests.
Sensitive kind request refers to the operation that the privacy to application user, property threaten, can be by servicing
White list is established in device to detect sensitive kind request, that is, the operation except white list is sensitive kind request.It is to be verified
User refers to carrying out the user of sensitive kind request, substantially, when carrying out application operating, using by carrying out using account
It logs in, but in practical operation, if using being held as a hostage, it is not corresponding using account and user to be verified.
Checking request be server in detecting user terminal there are being generated when sensitive kind request, and be sent to
User terminal.The mode that checking request is sent can be sent out by the way of interface transmission by user terminal by interface
Send feedback information to server.
Step 204, the verifying token that user terminal is sent according to checking request is received;User's end is contained in verifying token
The facility information and temporal information at end.
Verifying token refers to that special string, verifying token are saved in the user terminal, tested when user terminal receives
It is available to verifying token by checking request when card request, then verifying token is sent in such a way that interface accesses
To server.Facility information can be equipment unique identifier, and therefore, facility information can choose the IMEI of such as mobile phone terminal
(International Mobile Equipment Identity, international mobile equipment identification number), is also possible to computer terminal
MAC Address (Media Access Control, physical address), when temporal information can be according to system in user terminal
Between determine.
Specifically, including temporal information in verifying token, temporal information is obtained when generating and verifying token, therefore,
Temporal information has high concealment, it is difficult to be cracked, to improve the safety of verifying token.
In addition, after the sending method of verifying token may also is that user terminal receives checking request, in the aobvious of user terminal
Show that interface generates token and obtains the page, after token obtains and inputs verifying token in the page, the information that token obtains the page is passed
It returns in server.
Step 206, the registration verifying token for verifying token and pre-stored user terminal is matched.
Wherein, registration verifying token be stored in advance in the database of server, when receive user terminal transmission test
When demonstrate,proving token, the corresponding registration of user terminal is taken out from database and verifies token, then will verify token and registration verifying enables
Board is matched.
Matched by turn specifically, matching way can choose, i.e., according to preset sequence, contrast verification token each
Value whether with registration verifying token each value it is identical, matched if all the same consistent, one therein or more no if it exists
Meanwhile it then matching inconsistent.
It is worth noting that due to saving verifying token in user terminal, if ultra vires act is not present in user to be verified,
It is consistent with registration verifying token then to verify token, if user to be verified is ultra vires act, is not saved in user terminal
Corresponding verifying token, can not be by verifying, to guarantee that application can not be intercepted.
Step 208, when matching inconsistent, it is determined that the sensitive kind request of the user to be verified is row of going beyond one's commission
For.
In above-mentioned ultra vires act detection method, by being detected to using service condition, thus detecting sensitive kinds
When type is requested, needs to send checking request to user terminal, be sent according to checking request so as to getting user terminal
Token is verified, verifying token contains facility information and temporal information, in addition, the note of user terminal has been stored in advance in server
Volume verifying token, due to that can not know consistent temporal information, enables if application exists more temporary so that consistent verifying can not be provided
Board, therefore, the technical solution of the embodiment of the present invention can prevent from being held as a hostage falsely using.
In one embodiment, as shown in Fig. 2, providing a kind of schematic flow chart of mode for generating registration verifying token,
Specific step is as follows:
Step 302, when detecting the account of user terminal registration application, information acquisition request is sent to user terminal.
Step 304, the facility information that user terminal is sent according to information acquisition request is received.
Step 306, obtain pre-set time tag, according to time tag acquisition time information, according to temporal information,
Facility information and pre-set token generating algorithm generate the registration verifying token of user terminal.
In the present embodiment, through user terminal when registration is using account, information acquisition request is sent to user terminal, from
And the facility information of user terminal is got, pre-set token generating algorithm in server is then utilized and is pre-generated
Time tag acquisition time information, then by temporal information and facility information be converted into registration verifying token, due to registration
Therefore temporal information when the information for containing user equipment in verifying token and registration are using account possesses higher unique
Property, it is not easy to it is cracked, to improve the safety of application operating.
In one embodiment, after generating and registering verifying token, verifying token is also sent to user terminal, and with
Family terminal saves as verifying token using correspondence.When carrying out ultra vires act detection, obtained from application according to checking request
Verify token.
For step 306, in one embodiment, obtain pre-set time tag may is that detecting user end
When end registration is using account, current system time is obtained, time tag is generated according to current system time, thus when utilizing
Between label, available temporal information.
For step 302, in one embodiment, detect that the account of user terminal registration application is to detect user terminal
The account registration applied for the first time generates acquisition of information interface in application interface, then in information when carrying out account registration
Obtain interface insert registration information, registration information can be setting using account, the applied cryptography of setting, communication number, body
Part card information such as number, in addition, also by the facility information of application request acquisition user terminal, by by registration information and equipment
Information returns to server, i.e. the registration of completion account.
In another embodiment, after getting the communication number of user terminal, also communication number and registration are verified
Token carries out corresponding preservation, therefore from database when taking-up registration verifying token, can inquire database by communication number,
Obtain registration verifying token.
In another embodiment, it when detecting sensitive kind request, is sent at random by communication number to user terminal
Random verification code to be verified after user terminal receives random verification code, is inserted the Information Authentication page, works as accidental validation by identifying code
When code is matched with random verification code to be verified, the corresponding registration of communication number can be just inquired according to communication number and verifies token.
In another embodiment, to be tested in the Information Authentication page input of other users terminal if short breath is held as a hostage at this time
Card random verification code is inquired although random verification code to be verified is consistent with random verification code at this time according to communication number
When token is verified in the corresponding registration of communication number, the verifying token in acquired other users terminal is inevitable and order is verified in registration
Board is inconsistent, so that verifying does not pass through, that is, judges the operation of other users terminal for ultra vires act.
For step 306, in one embodiment, token generating algorithm can be hash algorithm, for the defeated of hash algorithm
Enter, time tag and facility information can be combined, obtain composite sequence, then to composite sequence be encoded to two into
Sequence processed generates registration verifying order by carrying out encryption to binary sequence using binary sequence as the input of hash algorithm
Board, due to facility information uniqueness and time tag be difficult to crack and the irreversible parsing of hash algorithm, thus
Guarantee the safety of registration verifying token, it is difficult to be copied.
In another embodiment, hash algorithm can choose SHA256 algorithm, and time tag selects current time, i.e. system
The current time of time, facility information selects international mobile equipment identification number, by current time and international mobile equipment identification number
Spliced, obtain composite sequence, composite sequence is then encoded to binary sequence, then according to SHA256 algorithm, by two
System sequential encryption generates registration verifying token.
In another embodiment, current time 201810311027, international mobile equipment identification number are
866700036035951, the composite sequence obtained after splicing is 201810311027866700036035951.
In one embodiment, detect user to be verified apply in the request of pre-set sensitive kind when, it is also raw
At the Information Authentication page, the Information Authentication page is sent to user terminal, after user terminal receives Information Authentication interface, with
The display page of family terminal shows the Information Authentication page, applies account information in the input of the Information Authentication page, and will apply account
Information is sent to server, and server matches account information with login account information, when match it is inconsistent when, determine to
The sensitive kind request for verifying user is ultra vires act.
In one embodiment, specific to walk as shown in figure 4, providing a kind of schematic flow chart of ultra vires act detection method
It is rapid as follows:
Step 402, detect user to be verified apply in sensitive kind request when, to the corresponding use of user to be verified
Family terminal sends checking request and according to the account information logged in application, sends to user terminal comprising random verification code
Short message.
Wherein, account information can be communication number.
Step 404, user terminal generates the Information Authentication page and running background according to checking request on application interface
It verifies token and obtains thread.
Step 406, user terminal inputs account information to be verified and random verification code to be verified in the Information Authentication page.
Step 408, server gets account information to be verified and random verification code to be verified according to the Information Authentication page,
And thread is obtained according to verifying token and gets the verifying token of storage in the application.
Step 410, server is according to account information, query service device, inquire respectively user to be verified account information,
Random verification code and registration verifying token.
Step 412, when account information to be verified and account information are inconsistent or random verification code to be verified with test at random
It is inconsistent to demonstrate,prove code, or when verifying token and inconsistent registration verifying token, judges that the sensitive kind request of user to be verified is
Ultra vires act.
In the present embodiment, by the way that three-layer protection, i.e. static password verifying, dynamic verification code verifying, device authentication is arranged, i.e.,
When static password be cracked, dynamic verification code it is intercepted, can not also crack device authentication, thus be further ensured that using
Safety is prevented from applying and be falsely used.
It should be understood that although each step in the flow chart of Fig. 2-4 is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in Fig. 2-4
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively
It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately
It executes.
In one embodiment, as shown in figure 5, providing a kind of ultra vires act detection device, comprising: detection module 502,
Receiving module 504, matching module 506 and judgment module 508, in which:
Detection module 502, the request sent for receiving user by application program, and determining the request for sensitivity
When type requests, checking request is sent to user terminal.
Receiving module 504, the verifying token sent for receiving user terminal according to checking request;In the verifying token
Contain the facility information and temporal information of the user terminal.
Matching module 506, the registration for that will verify token and the pre-stored user terminal are verified token and are carried out
Matching.
Judgment module 508, for when matching inconsistent, it is determined that the sensitive kind of the user to be verified is requested
It is ultra vires act.
It in one embodiment, further include registration verifying token generation module, for detecting the user terminal registration
When the account of the application, Xiang Suoshu user terminal sends information acquisition request;The user terminal is received according to the information
The facility information that acquisition request is sent;Pre-set time tag is obtained, the time letter is obtained according to the time tag
Breath;According to the temporal information, the facility information and pre-set token generating algorithm, the user terminal is generated
Token is verified in the registration.
In one embodiment, registration verifying token generation module is also used to believe the time tag and the equipment
Breath is combined, and obtains composite sequence;The composite sequence is encoded to binary sequence, is calculated according to pre-set Hash
The binary sequence is carried out encryption and generates the registration verifying token by method.
In one embodiment, detection module 502 is also used to obtain the corresponding communication number of the user terminal;It will be described
Communication number is corresponding with registration verifying token to be saved.
In one embodiment, matching module 506, be also used to by the communication number to the user terminal send with
Machine identifying code;Receive the random verification code to be verified that the user terminal uploads in the application;When described to be verified random
When identifying code is matched with the random verification code, the corresponding registration of the communication number is inquired according to the communication number
Verify token.
In one embodiment, judgment module 508 are also used to generate the Information Authentication page;By the Information Authentication page
It is sent to the user terminal, so that the user terminal shows the Information Authentication page in display interface;Receive the use
Family terminal applies account information what the Information Authentication page inputted;By the account information and pre-stored login account
Information is matched, and when matching inconsistent, determines that the sensitive kind request of the user to be verified is ultra vires act.
In one embodiment, time tag is current time;Facility information is international mobile equipment identification number, and registration is tested
Token generation module is demonstrate,proved, is also used to splice the current time and the international mobile equipment identification number, is obtained described
Obtain composite sequence;The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by described two
System sequence carries out encryption and generates the registration verifying token.
Specific about ultra vires act detection device limits the limit that may refer to above for ultra vires act detection method
Fixed, details are not described herein.Modules in above-mentioned ultra vires act detection device can fully or partially through software, hardware and its
Combination is to realize.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with
It is stored in the memory in computer equipment in a software form, in order to which processor calls the above modules of execution corresponding
Operation.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 6.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is for storing registration verifying token data.The network interface of the computer equipment is used for and external terminal
It is communicated by network connection.To realize a kind of ultra vires act detection method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 6, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, which is stored with
Computer program, the processor perform the steps of when executing computer program
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong
Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token
State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
In one embodiment, it is also performed the steps of when processor executes computer program and detects that the user is whole
When the account of the application is registered at end, Xiang Suoshu user terminal sends information acquisition request;The user terminal is received according to institute
State the facility information of information acquisition request transmission;Pre-set time tag is obtained, according to time tag acquisition
Temporal information;According to the temporal information, the facility information and pre-set token generating algorithm, the user is generated
Token is verified in the registration of terminal.
In one embodiment, also perform the steps of when processor executes computer program by the time tag and
The facility information is combined, and obtains composite sequence;The composite sequence is encoded to binary sequence, according to presetting
Hash algorithm, the binary sequence is subjected to encryption and generates registration verifying token.
In one embodiment, it is also performed the steps of when processor executes computer program and obtains the user terminal
Corresponding communication number;By communication number preservation corresponding with registration verifying token.
In one embodiment, it also performs the steps of when processor executes computer program through the communication number
Random verification code is sent to the user terminal;Receive the accidental validation to be verified that the user terminal uploads in the application
Code;When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described logical
Token is verified in the corresponding registration of signal code.
In one embodiment, it is also performed the steps of when processor executes computer program and generates the Information Authentication page;
The Information Authentication page is sent to the user terminal, so that the user terminal shows that the information is tested in display interface
Demonstrate,prove the page;It receives the user terminal and applies account information what the Information Authentication page inputted;By the account information with
Pre-stored login account information is matched, and when matching inconsistent, determines the sensitive kinds of the user to be verified
Type request is ultra vires act.
In one embodiment, the time tag is current time;The facility information is international mobile device identification
Code;Processor also performs the steps of when executing computer program identifies the current time and the international mobile device
Code is spliced, and obtains described obtaining composite sequence;The composite sequence is encoded to binary sequence, according to pre-set
The binary sequence is carried out encryption and generates the registration verifying token by SHA256 algorithm.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong
Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token
State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
In one embodiment, it is also performed the steps of when computer program is executed by processor and detects the user
When the account applied described in endpoint to register, Xiang Suoshu user terminal sends information acquisition request;Receive the user terminal according to
The facility information that the information acquisition request is sent;Pre-set time tag is obtained, institute is obtained according to the time tag
State temporal information;According to the temporal information, the facility information and pre-set token generating algorithm, the use is generated
Token is verified in the registration of family terminal.
In one embodiment, it is also performed the steps of when computer program is executed by processor by the time tag
It is combined with the facility information, obtains composite sequence;The composite sequence is encoded to binary sequence, according to setting in advance
The binary sequence is carried out encryption and generates the registration verifying token by the hash algorithm set.
In one embodiment, it is also performed the steps of when computer program is executed by processor and obtains user's end
Hold corresponding communication number;By communication number preservation corresponding with registration verifying token.
In one embodiment, it is also performed the steps of when computer program is executed by processor through the communication number
Code sends random verification code to the user terminal;Receive that the user terminal uploads in the application to be verified tests at random
Demonstrate,prove code;When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described
Token is verified in the corresponding registration of communication number.
In one embodiment, it is also performed the steps of when computer program is executed by processor and generates Information Authentication page
Face;The Information Authentication page is sent to the user terminal, so that the user terminal shows the letter in display interface
The breath verifying page;It receives the user terminal and applies account information what the Information Authentication page inputted;The account is believed
Breath is matched with pre-stored login account information, when matching inconsistent, determines that the user's to be verified is described quick
Feeling type requests is ultra vires act.
In one embodiment, the time tag is current time;The facility information is international mobile device identification
Code;It is also performed the steps of when computer program is executed by processor and knows the current time and the international mobile device
Other code is spliced, and obtains described obtaining composite sequence;The composite sequence is encoded to binary sequence, according to presetting
SHA256 algorithm, the binary sequence is subjected to encryption and generates registration verifying token.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of ultra vires act detection method, which comprises
The request that user is sent by application program is received, and when determining the request is sensitive kind request, to user's end
End sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;The use is contained in the verifying token
The facility information and temporal information of family terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
2. the method according to claim 1, wherein generating the mode of the registration verifying token, comprising:
When detecting that the user terminal registers the account of the application, Xiang Suoshu user terminal sends information acquisition request;
Receive the facility information that the user terminal is sent according to the information acquisition request;
Pre-set time tag is obtained, the temporal information is obtained according to the time tag;
According to the temporal information, the facility information and pre-set token generating algorithm, the user terminal is generated
The registration verify token.
3. according to the method described in claim 2, it is characterized in that, according to the time tag, the facility information and pre-
The token generating algorithm being first arranged generates the registration verifying token of the user terminal, comprising:
The time tag and the facility information are combined, composite sequence is obtained;
The composite sequence is encoded to binary sequence, according to pre-set hash algorithm, by the binary sequence into
Row encryption generates the registration and verifies token.
4. according to the method described in claim 2, it is characterized in that, described obtain pre-set time tag, according to described
Time tag, the facility information and pre-set token generating algorithm, the registration for generating the user terminal are tested
After card token, further includes:
Obtain the corresponding communication number of the user terminal;
By communication number preservation corresponding with registration verifying token.
5. according to the method described in claim 4, it is characterized in that, by the verifying token and the pre-stored user
Before the registration verifying token of terminal is matched, further includes:
Random verification code is sent to the user terminal by the communication number;
Receive the random verification code to be verified that the user terminal uploads in the application;
When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described logical
Token is verified in the corresponding registration of signal code.
6. method according to any one of claims 1 to 5, which is characterized in that in detecting that user to be verified applies
When pre-set sensitive kind is requested, further includes:
Generate the Information Authentication page;
The Information Authentication page is sent to the user terminal, so that the user terminal shows the letter in display interface
The breath verifying page;
It receives the user terminal and applies account information what the Information Authentication page inputted;
The account information is matched with pre-stored login account information, when matching inconsistent, determine it is described to
The sensitive kind request for verifying user is ultra vires act.
7. according to the method described in claim 3, it is characterized in that, the time tag is current time;The facility information
It is international mobile equipment identification number;
It is described according to the time tag, the facility information and pre-set token generating algorithm, it is whole to generate the user
Token is verified in the registration at end, comprising:
The current time and the international mobile equipment identification number are spliced, obtain described obtaining composite sequence;
The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by the binary sequence
It carries out encryption and generates the registration verifying token.
8. a kind of ultra vires act detection device, which is characterized in that described device includes:
Detection module, for detect user to be verified apply in pre-set sensitive kind request when, to it is described to
It verifies the corresponding user terminal of user and sends checking request;
Receiving module, the verifying token sent for receiving the user terminal according to checking request;It is wrapped in the verifying token
The facility information and temporal information of the user terminal are contained;
Matching module, for token progress to be verified in the registration of the verifying token and the pre-stored user terminal
Match;
Judgment module, for when matching inconsistent, it is determined that the sensitive kind request of the user to be verified is to go beyond one's commission
Behavior.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811486387.0A CN109561093B (en) | 2018-12-06 | 2018-12-06 | Unauthorized behavior detection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811486387.0A CN109561093B (en) | 2018-12-06 | 2018-12-06 | Unauthorized behavior detection method and device, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109561093A true CN109561093A (en) | 2019-04-02 |
CN109561093B CN109561093B (en) | 2022-06-03 |
Family
ID=65869312
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811486387.0A Active CN109561093B (en) | 2018-12-06 | 2018-12-06 | Unauthorized behavior detection method and device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109561093B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113923203A (en) * | 2021-10-29 | 2022-01-11 | 中国平安财产保险股份有限公司 | Network request checking method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050033703A1 (en) * | 2002-09-09 | 2005-02-10 | John Holdsworth | Systems and methods for enrolling a token in an online authentication program |
CN102487322A (en) * | 2010-12-03 | 2012-06-06 | 腾讯科技(深圳)有限公司 | Registering method, device and system for realizing dynamic password authentication |
CN104702415A (en) * | 2015-03-31 | 2015-06-10 | 北京奇艺世纪科技有限公司 | Account number permission control method and device |
-
2018
- 2018-12-06 CN CN201811486387.0A patent/CN109561093B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050033703A1 (en) * | 2002-09-09 | 2005-02-10 | John Holdsworth | Systems and methods for enrolling a token in an online authentication program |
CN102487322A (en) * | 2010-12-03 | 2012-06-06 | 腾讯科技(深圳)有限公司 | Registering method, device and system for realizing dynamic password authentication |
CN104702415A (en) * | 2015-03-31 | 2015-06-10 | 北京奇艺世纪科技有限公司 | Account number permission control method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113923203A (en) * | 2021-10-29 | 2022-01-11 | 中国平安财产保险股份有限公司 | Network request checking method, device, equipment and storage medium |
CN113923203B (en) * | 2021-10-29 | 2023-07-11 | 中国平安财产保险股份有限公司 | Network request verification method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109561093B (en) | 2022-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103051630A (en) | Method, device and system for implementing authorization of third-party application based on open platform | |
US10721076B2 (en) | Method, device, terminal, and server for a security check | |
US11218464B2 (en) | Information registration and authentication method and device | |
CN108400978B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
CN111191212B (en) | Block chain-based digital certificate processing method, device, equipment and storage medium | |
CN105637516A (en) | Method for verifying integrity of dynamic code using hash | |
WO2019140790A1 (en) | Service tracking method and apparatus, terminal device, and storage medium | |
CN105992204A (en) | Access authentication method of applications of mobile intelligent terminal and device | |
CN111241555A (en) | Access method and device for simulating user login, computer equipment and storage medium | |
CN104580112A (en) | Service authentication method and system, and server | |
CN110445768B (en) | Login method and device and electronic equipment | |
CN112165448A (en) | Service processing method, device, system, computer equipment and storage medium | |
CN109561093A (en) | Ultra vires act detection method, device, computer equipment and storage medium | |
CN111131208B (en) | Third-party service application login method and device, computer equipment and storage medium | |
CN108574658A (en) | A kind of application login method and its equipment | |
CN110752933A (en) | Verification code input method and device, electronic equipment and storage medium | |
CN106713257A (en) | Method and device for service processing based on mobile device | |
CN111199025B (en) | Information verification method and device, computer equipment and storage medium | |
CN106533685B (en) | Identity authentication method, device and system | |
CN114448722A (en) | Cross-browser login method and device, computer equipment and storage medium | |
CN111597573B (en) | Page embedding method and device, computer equipment and storage medium | |
CN110490005B (en) | Method, device and computer readable storage medium for processing resource transfer request | |
CN114584313A (en) | Equipment physical identity authentication method, system and device and first platform | |
CN116107781A (en) | Log tracking method, device, electronic equipment and computer program product | |
CN111988336A (en) | Access request processing method, device and system and computer equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |