CN109561093A - Ultra vires act detection method, device, computer equipment and storage medium - Google Patents

Ultra vires act detection method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN109561093A
CN109561093A CN201811486387.0A CN201811486387A CN109561093A CN 109561093 A CN109561093 A CN 109561093A CN 201811486387 A CN201811486387 A CN 201811486387A CN 109561093 A CN109561093 A CN 109561093A
Authority
CN
China
Prior art keywords
user terminal
token
registration
request
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811486387.0A
Other languages
Chinese (zh)
Other versions
CN109561093B (en
Inventor
谭杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811486387.0A priority Critical patent/CN109561093B/en
Publication of CN109561093A publication Critical patent/CN109561093A/en
Application granted granted Critical
Publication of CN109561093B publication Critical patent/CN109561093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This application involves ultra vires act detection method, device, computer equipment and the storage mediums of a kind of technical field of safety protection.The described method includes: detect user to be verified apply in pre-set sensitive kind request when, checking request is sent to the corresponding user terminal of user to be verified, receive the verifying token that user terminal is sent according to checking request, the facility information and temporal information of user terminal are contained in verifying token, the registration verifying token for verifying token and pre-stored user terminal is matched, when matching inconsistent, it is determined that the sensitive kind request of user to be verified is ultra vires act.It can prevent from falsely using using being held as a hostage using this method.

Description

Ultra vires act detection method, device, computer equipment and storage medium
Technical field
This application involves field of computer technology, set more particularly to a kind of ultra vires act detection method, device, computer Standby and storage medium.
Background technique
With the development of computer technology, application program has also obtained greatly developing.Application program is a kind of based on shifting The program of dynamic equipment, nowadays, application program greatly participates in daily life, such as: payment, shopping, amusement etc., But there is also the risks that user identity is falsely used for application program.By taking mobile payment program as an example, once user identity is falsely used, There may be user's properties to usurp, steals the behaviors such as brush, the property safety of strong influence user.In traditional technology, user is being moved When carrying out delivery operation behavior in dynamic payment program, the server of mobile payment program sends short message verification code to user, passes through Short message verification code verifies whether to operate for user, however, the short message verification code that the server of mobile payment program is sent, holds It is easily intercepted, cause application program to there is the risk falsely used in use.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide one kind and be able to solve application program and be easy intercepted falsely use Ultra vires act detection method, device, computer equipment and the storage medium of problem.
A kind of ultra vires act detection method, which comprises
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
In one of the embodiments, further include: when detecting that the user terminal registers the account of the application, to institute It states user terminal and sends information acquisition request;The user terminal is received to be believed according to the equipment that the information acquisition request is sent Breath;Pre-set time tag is obtained, is generated according to the time tag, the facility information and pre-set token Algorithm generates the registration verifying token of the user terminal.
In one of the embodiments, further include: the time tag and the facility information are combined, group is obtained Close sequence;The composite sequence is encoded to binary sequence, according to pre-set hash algorithm, by the binary sequence It carries out encryption and generates the registration verifying token.
In one of the embodiments, further include: obtain the corresponding communication number of the user terminal;By the communication number Code is corresponding with registration verifying token to be saved.
In one of the embodiments, further include: accidental validation is sent to the user terminal by the communication number Code;Receive the random verification code to be verified that the user terminal uploads in the application;When the random verification code to be verified When being matched with the random verification code, the corresponding registration verifying of the communication number is inquired according to the communication number and is enabled Board.
In one of the embodiments, further include: generate the Information Authentication page;The Information Authentication page is sent to institute User terminal is stated, so that the user terminal shows the Information Authentication page in display interface;The user terminal is received to exist Account information is applied in the Information Authentication page input;The account information and pre-stored login account information are carried out Matching determines that the sensitive kind request of the user to be verified is ultra vires act when matching inconsistent.
The time tag is current time in one of the embodiments,;The facility information is international mobile device Identification code;Further include: the current time and the international mobile equipment identification number are spliced, described combined is obtained Sequence;The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by the binary sequence It carries out encryption and generates the registration verifying token.
A kind of ultra vires act detection device, described device include:
Detection module, the request sent for receiving user by application program, and determining that the request is sensitive kinds When type is requested, checking request is sent to user terminal;
Receiving module, the verifying token sent for receiving the user terminal according to checking request;The verifying token In contain the facility information and temporal information of the user terminal;
Matching module, for carrying out the registration verifying token of the verifying token and the pre-stored user terminal Matching;
Judgment module, for when match it is inconsistent when, it is determined that the user to be verified the sensitive kind request be Ultra vires act.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing Device performs the steps of when executing the computer program
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor It is performed the steps of when row
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request of the user to be verified is ultra vires act.
Above-mentioned ultra vires act detection method, device, computer equipment and storage medium, by being carried out to application service condition Detection, to need to send checking request to user terminal, so as to get user when detecting sensitive kind request The verifying token that terminal is sent according to checking request, verifying token contains facility information and temporal information, in addition, in server The registration verifying token of user terminal has been stored in advance, if application exists more temporary, due to that can not know consistent temporal information, from And consistent verifying token can not be provided, therefore, the technical solution of the embodiment of the present invention can prevent from being held as a hostage falsely using.
Detailed description of the invention
Fig. 1 is the application scenario diagram of ultra vires act detection method in one embodiment;
Fig. 2 is the flow diagram of ultra vires act detection method in one embodiment;
Fig. 3 is the flow diagram that the mode of registration verifying token is generated in one embodiment;
Fig. 4 is the flow diagram of ultra vires act detection method in another embodiment;
Fig. 5 is the structural block diagram of ultra vires act detection device in one embodiment;
Fig. 6 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not For limiting the application.
Ultra vires act detection method provided by the present application, can be applied in application environment as shown in Figure 1.Wherein, eventually End 102 is communicated with server 104 by network by network.Wherein, terminal 102 can be, but not limited to be various personal meters Calculation machine, laptop, smart phone, tablet computer and portable wearable device, server 104 can use independent service The server cluster of device either multiple servers composition is realized.
Application program can be run in terminal 102, can with access carrier network, terminal 102 can also and server 104 are attached by carrier network.
When operating in terminal 102 to the application program of operation, server 104 detects whether the operation is sensitive kinds Type request when detecting that the operation is sensitive kind request, sends checking request to terminal 102, terminal 102 is according to checking request It being verified token and is uploaded to server 104, server 104 takes out the corresponding registration of terminal 102 in database and verifies token, Verifying token is matched with registration verifying token, can determine whether sensitive kind request goes beyond one's commission according to matching result.
In one embodiment, as shown in Fig. 2, providing a kind of ultra vires act detection method, it is applied to Fig. 1 in this way In server for be illustrated, comprising the following steps:
Step 202, the request that user is sent by application program is received, and when determining request is sensitive kind request, Checking request is sent to user terminal.
Using can be a kind of application program, application can be installed with user terminal, be answered when by user terminal operations Used time sends operation requests to server by user terminal, and server provides corresponding service according to operation requests.
Sensitive kind request refers to the operation that the privacy to application user, property threaten, can be by servicing White list is established in device to detect sensitive kind request, that is, the operation except white list is sensitive kind request.It is to be verified User refers to carrying out the user of sensitive kind request, substantially, when carrying out application operating, using by carrying out using account It logs in, but in practical operation, if using being held as a hostage, it is not corresponding using account and user to be verified.
Checking request be server in detecting user terminal there are being generated when sensitive kind request, and be sent to User terminal.The mode that checking request is sent can be sent out by the way of interface transmission by user terminal by interface Send feedback information to server.
Step 204, the verifying token that user terminal is sent according to checking request is received;User's end is contained in verifying token The facility information and temporal information at end.
Verifying token refers to that special string, verifying token are saved in the user terminal, tested when user terminal receives It is available to verifying token by checking request when card request, then verifying token is sent in such a way that interface accesses To server.Facility information can be equipment unique identifier, and therefore, facility information can choose the IMEI of such as mobile phone terminal (International Mobile Equipment Identity, international mobile equipment identification number), is also possible to computer terminal MAC Address (Media Access Control, physical address), when temporal information can be according to system in user terminal Between determine.
Specifically, including temporal information in verifying token, temporal information is obtained when generating and verifying token, therefore, Temporal information has high concealment, it is difficult to be cracked, to improve the safety of verifying token.
In addition, after the sending method of verifying token may also is that user terminal receives checking request, in the aobvious of user terminal Show that interface generates token and obtains the page, after token obtains and inputs verifying token in the page, the information that token obtains the page is passed It returns in server.
Step 206, the registration verifying token for verifying token and pre-stored user terminal is matched.
Wherein, registration verifying token be stored in advance in the database of server, when receive user terminal transmission test When demonstrate,proving token, the corresponding registration of user terminal is taken out from database and verifies token, then will verify token and registration verifying enables Board is matched.
Matched by turn specifically, matching way can choose, i.e., according to preset sequence, contrast verification token each Value whether with registration verifying token each value it is identical, matched if all the same consistent, one therein or more no if it exists Meanwhile it then matching inconsistent.
It is worth noting that due to saving verifying token in user terminal, if ultra vires act is not present in user to be verified, It is consistent with registration verifying token then to verify token, if user to be verified is ultra vires act, is not saved in user terminal Corresponding verifying token, can not be by verifying, to guarantee that application can not be intercepted.
Step 208, when matching inconsistent, it is determined that the sensitive kind request of the user to be verified is row of going beyond one's commission For.
In above-mentioned ultra vires act detection method, by being detected to using service condition, thus detecting sensitive kinds When type is requested, needs to send checking request to user terminal, be sent according to checking request so as to getting user terminal Token is verified, verifying token contains facility information and temporal information, in addition, the note of user terminal has been stored in advance in server Volume verifying token, due to that can not know consistent temporal information, enables if application exists more temporary so that consistent verifying can not be provided Board, therefore, the technical solution of the embodiment of the present invention can prevent from being held as a hostage falsely using.
In one embodiment, as shown in Fig. 2, providing a kind of schematic flow chart of mode for generating registration verifying token, Specific step is as follows:
Step 302, when detecting the account of user terminal registration application, information acquisition request is sent to user terminal.
Step 304, the facility information that user terminal is sent according to information acquisition request is received.
Step 306, obtain pre-set time tag, according to time tag acquisition time information, according to temporal information, Facility information and pre-set token generating algorithm generate the registration verifying token of user terminal.
In the present embodiment, through user terminal when registration is using account, information acquisition request is sent to user terminal, from And the facility information of user terminal is got, pre-set token generating algorithm in server is then utilized and is pre-generated Time tag acquisition time information, then by temporal information and facility information be converted into registration verifying token, due to registration Therefore temporal information when the information for containing user equipment in verifying token and registration are using account possesses higher unique Property, it is not easy to it is cracked, to improve the safety of application operating.
In one embodiment, after generating and registering verifying token, verifying token is also sent to user terminal, and with Family terminal saves as verifying token using correspondence.When carrying out ultra vires act detection, obtained from application according to checking request Verify token.
For step 306, in one embodiment, obtain pre-set time tag may is that detecting user end When end registration is using account, current system time is obtained, time tag is generated according to current system time, thus when utilizing Between label, available temporal information.
For step 302, in one embodiment, detect that the account of user terminal registration application is to detect user terminal The account registration applied for the first time generates acquisition of information interface in application interface, then in information when carrying out account registration Obtain interface insert registration information, registration information can be setting using account, the applied cryptography of setting, communication number, body Part card information such as number, in addition, also by the facility information of application request acquisition user terminal, by by registration information and equipment Information returns to server, i.e. the registration of completion account.
In another embodiment, after getting the communication number of user terminal, also communication number and registration are verified Token carries out corresponding preservation, therefore from database when taking-up registration verifying token, can inquire database by communication number, Obtain registration verifying token.
In another embodiment, it when detecting sensitive kind request, is sent at random by communication number to user terminal Random verification code to be verified after user terminal receives random verification code, is inserted the Information Authentication page, works as accidental validation by identifying code When code is matched with random verification code to be verified, the corresponding registration of communication number can be just inquired according to communication number and verifies token.
In another embodiment, to be tested in the Information Authentication page input of other users terminal if short breath is held as a hostage at this time Card random verification code is inquired although random verification code to be verified is consistent with random verification code at this time according to communication number When token is verified in the corresponding registration of communication number, the verifying token in acquired other users terminal is inevitable and order is verified in registration Board is inconsistent, so that verifying does not pass through, that is, judges the operation of other users terminal for ultra vires act.
For step 306, in one embodiment, token generating algorithm can be hash algorithm, for the defeated of hash algorithm Enter, time tag and facility information can be combined, obtain composite sequence, then to composite sequence be encoded to two into Sequence processed generates registration verifying order by carrying out encryption to binary sequence using binary sequence as the input of hash algorithm Board, due to facility information uniqueness and time tag be difficult to crack and the irreversible parsing of hash algorithm, thus Guarantee the safety of registration verifying token, it is difficult to be copied.
In another embodiment, hash algorithm can choose SHA256 algorithm, and time tag selects current time, i.e. system The current time of time, facility information selects international mobile equipment identification number, by current time and international mobile equipment identification number Spliced, obtain composite sequence, composite sequence is then encoded to binary sequence, then according to SHA256 algorithm, by two System sequential encryption generates registration verifying token.
In another embodiment, current time 201810311027, international mobile equipment identification number are 866700036035951, the composite sequence obtained after splicing is 201810311027866700036035951.
In one embodiment, detect user to be verified apply in the request of pre-set sensitive kind when, it is also raw At the Information Authentication page, the Information Authentication page is sent to user terminal, after user terminal receives Information Authentication interface, with The display page of family terminal shows the Information Authentication page, applies account information in the input of the Information Authentication page, and will apply account Information is sent to server, and server matches account information with login account information, when match it is inconsistent when, determine to The sensitive kind request for verifying user is ultra vires act.
In one embodiment, specific to walk as shown in figure 4, providing a kind of schematic flow chart of ultra vires act detection method It is rapid as follows:
Step 402, detect user to be verified apply in sensitive kind request when, to the corresponding use of user to be verified Family terminal sends checking request and according to the account information logged in application, sends to user terminal comprising random verification code Short message.
Wherein, account information can be communication number.
Step 404, user terminal generates the Information Authentication page and running background according to checking request on application interface It verifies token and obtains thread.
Step 406, user terminal inputs account information to be verified and random verification code to be verified in the Information Authentication page.
Step 408, server gets account information to be verified and random verification code to be verified according to the Information Authentication page, And thread is obtained according to verifying token and gets the verifying token of storage in the application.
Step 410, server is according to account information, query service device, inquire respectively user to be verified account information, Random verification code and registration verifying token.
Step 412, when account information to be verified and account information are inconsistent or random verification code to be verified with test at random It is inconsistent to demonstrate,prove code, or when verifying token and inconsistent registration verifying token, judges that the sensitive kind request of user to be verified is Ultra vires act.
In the present embodiment, by the way that three-layer protection, i.e. static password verifying, dynamic verification code verifying, device authentication is arranged, i.e., When static password be cracked, dynamic verification code it is intercepted, can not also crack device authentication, thus be further ensured that using Safety is prevented from applying and be falsely used.
It should be understood that although each step in the flow chart of Fig. 2-4 is successively shown according to the instruction of arrow, These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in Fig. 2-4 Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately It executes.
In one embodiment, as shown in figure 5, providing a kind of ultra vires act detection device, comprising: detection module 502, Receiving module 504, matching module 506 and judgment module 508, in which:
Detection module 502, the request sent for receiving user by application program, and determining the request for sensitivity When type requests, checking request is sent to user terminal.
Receiving module 504, the verifying token sent for receiving user terminal according to checking request;In the verifying token Contain the facility information and temporal information of the user terminal.
Matching module 506, the registration for that will verify token and the pre-stored user terminal are verified token and are carried out Matching.
Judgment module 508, for when matching inconsistent, it is determined that the sensitive kind of the user to be verified is requested It is ultra vires act.
It in one embodiment, further include registration verifying token generation module, for detecting the user terminal registration When the account of the application, Xiang Suoshu user terminal sends information acquisition request;The user terminal is received according to the information The facility information that acquisition request is sent;Pre-set time tag is obtained, the time letter is obtained according to the time tag Breath;According to the temporal information, the facility information and pre-set token generating algorithm, the user terminal is generated Token is verified in the registration.
In one embodiment, registration verifying token generation module is also used to believe the time tag and the equipment Breath is combined, and obtains composite sequence;The composite sequence is encoded to binary sequence, is calculated according to pre-set Hash The binary sequence is carried out encryption and generates the registration verifying token by method.
In one embodiment, detection module 502 is also used to obtain the corresponding communication number of the user terminal;It will be described Communication number is corresponding with registration verifying token to be saved.
In one embodiment, matching module 506, be also used to by the communication number to the user terminal send with Machine identifying code;Receive the random verification code to be verified that the user terminal uploads in the application;When described to be verified random When identifying code is matched with the random verification code, the corresponding registration of the communication number is inquired according to the communication number Verify token.
In one embodiment, judgment module 508 are also used to generate the Information Authentication page;By the Information Authentication page It is sent to the user terminal, so that the user terminal shows the Information Authentication page in display interface;Receive the use Family terminal applies account information what the Information Authentication page inputted;By the account information and pre-stored login account Information is matched, and when matching inconsistent, determines that the sensitive kind request of the user to be verified is ultra vires act.
In one embodiment, time tag is current time;Facility information is international mobile equipment identification number, and registration is tested Token generation module is demonstrate,proved, is also used to splice the current time and the international mobile equipment identification number, is obtained described Obtain composite sequence;The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by described two System sequence carries out encryption and generates the registration verifying token.
Specific about ultra vires act detection device limits the limit that may refer to above for ultra vires act detection method Fixed, details are not described herein.Modules in above-mentioned ultra vires act detection device can fully or partially through software, hardware and its Combination is to realize.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with It is stored in the memory in computer equipment in a software form, in order to which processor calls the above modules of execution corresponding Operation.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction Composition can be as shown in Figure 6.The computer equipment include by system bus connect processor, memory, network interface and Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating The database of machine equipment is for storing registration verifying token data.The network interface of the computer equipment is used for and external terminal It is communicated by network connection.To realize a kind of ultra vires act detection method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 6, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, which is stored with Computer program, the processor perform the steps of when executing computer program
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
In one embodiment, it is also performed the steps of when processor executes computer program and detects that the user is whole When the account of the application is registered at end, Xiang Suoshu user terminal sends information acquisition request;The user terminal is received according to institute State the facility information of information acquisition request transmission;Pre-set time tag is obtained, according to time tag acquisition Temporal information;According to the temporal information, the facility information and pre-set token generating algorithm, the user is generated Token is verified in the registration of terminal.
In one embodiment, also perform the steps of when processor executes computer program by the time tag and The facility information is combined, and obtains composite sequence;The composite sequence is encoded to binary sequence, according to presetting Hash algorithm, the binary sequence is subjected to encryption and generates registration verifying token.
In one embodiment, it is also performed the steps of when processor executes computer program and obtains the user terminal Corresponding communication number;By communication number preservation corresponding with registration verifying token.
In one embodiment, it also performs the steps of when processor executes computer program through the communication number Random verification code is sent to the user terminal;Receive the accidental validation to be verified that the user terminal uploads in the application Code;When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described logical Token is verified in the corresponding registration of signal code.
In one embodiment, it is also performed the steps of when processor executes computer program and generates the Information Authentication page; The Information Authentication page is sent to the user terminal, so that the user terminal shows that the information is tested in display interface Demonstrate,prove the page;It receives the user terminal and applies account information what the Information Authentication page inputted;By the account information with Pre-stored login account information is matched, and when matching inconsistent, determines the sensitive kinds of the user to be verified Type request is ultra vires act.
In one embodiment, the time tag is current time;The facility information is international mobile device identification Code;Processor also performs the steps of when executing computer program identifies the current time and the international mobile device Code is spliced, and obtains described obtaining composite sequence;The composite sequence is encoded to binary sequence, according to pre-set The binary sequence is carried out encryption and generates the registration verifying token by SHA256 algorithm.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program performs the steps of when being executed by processor
The request that user is sent by application program is received, and when determining the request is sensitive kind request, Xiang Yong Family terminal sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;Institute is contained in the verifying token State the facility information and temporal information of user terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
In one embodiment, it is also performed the steps of when computer program is executed by processor and detects the user When the account applied described in endpoint to register, Xiang Suoshu user terminal sends information acquisition request;Receive the user terminal according to The facility information that the information acquisition request is sent;Pre-set time tag is obtained, institute is obtained according to the time tag State temporal information;According to the temporal information, the facility information and pre-set token generating algorithm, the use is generated Token is verified in the registration of family terminal.
In one embodiment, it is also performed the steps of when computer program is executed by processor by the time tag It is combined with the facility information, obtains composite sequence;The composite sequence is encoded to binary sequence, according to setting in advance The binary sequence is carried out encryption and generates the registration verifying token by the hash algorithm set.
In one embodiment, it is also performed the steps of when computer program is executed by processor and obtains user's end Hold corresponding communication number;By communication number preservation corresponding with registration verifying token.
In one embodiment, it is also performed the steps of when computer program is executed by processor through the communication number Code sends random verification code to the user terminal;Receive that the user terminal uploads in the application to be verified tests at random Demonstrate,prove code;When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described Token is verified in the corresponding registration of communication number.
In one embodiment, it is also performed the steps of when computer program is executed by processor and generates Information Authentication page Face;The Information Authentication page is sent to the user terminal, so that the user terminal shows the letter in display interface The breath verifying page;It receives the user terminal and applies account information what the Information Authentication page inputted;The account is believed Breath is matched with pre-stored login account information, when matching inconsistent, determines that the user's to be verified is described quick Feeling type requests is ultra vires act.
In one embodiment, the time tag is current time;The facility information is international mobile device identification Code;It is also performed the steps of when computer program is executed by processor and knows the current time and the international mobile device Other code is spliced, and obtains described obtaining composite sequence;The composite sequence is encoded to binary sequence, according to presetting SHA256 algorithm, the binary sequence is subjected to encryption and generates registration verifying token.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, To any reference of memory, storage, database or other media used in each embodiment provided herein, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.

Claims (10)

1. a kind of ultra vires act detection method, which comprises
The request that user is sent by application program is received, and when determining the request is sensitive kind request, to user's end End sends checking request;
Receive the verifying token that the user terminal is sent according to the checking request;The use is contained in the verifying token The facility information and temporal information of family terminal;
The registration verifying token of the verifying token and the pre-stored user terminal is matched;
When matching inconsistent, it is determined that the sensitive kind request is ultra vires act.
2. the method according to claim 1, wherein generating the mode of the registration verifying token, comprising:
When detecting that the user terminal registers the account of the application, Xiang Suoshu user terminal sends information acquisition request;
Receive the facility information that the user terminal is sent according to the information acquisition request;
Pre-set time tag is obtained, the temporal information is obtained according to the time tag;
According to the temporal information, the facility information and pre-set token generating algorithm, the user terminal is generated The registration verify token.
3. according to the method described in claim 2, it is characterized in that, according to the time tag, the facility information and pre- The token generating algorithm being first arranged generates the registration verifying token of the user terminal, comprising:
The time tag and the facility information are combined, composite sequence is obtained;
The composite sequence is encoded to binary sequence, according to pre-set hash algorithm, by the binary sequence into Row encryption generates the registration and verifies token.
4. according to the method described in claim 2, it is characterized in that, described obtain pre-set time tag, according to described Time tag, the facility information and pre-set token generating algorithm, the registration for generating the user terminal are tested After card token, further includes:
Obtain the corresponding communication number of the user terminal;
By communication number preservation corresponding with registration verifying token.
5. according to the method described in claim 4, it is characterized in that, by the verifying token and the pre-stored user Before the registration verifying token of terminal is matched, further includes:
Random verification code is sent to the user terminal by the communication number;
Receive the random verification code to be verified that the user terminal uploads in the application;
When the random verification code to be verified is matched with the random verification code, inquired according to the communication number described logical Token is verified in the corresponding registration of signal code.
6. method according to any one of claims 1 to 5, which is characterized in that in detecting that user to be verified applies When pre-set sensitive kind is requested, further includes:
Generate the Information Authentication page;
The Information Authentication page is sent to the user terminal, so that the user terminal shows the letter in display interface The breath verifying page;
It receives the user terminal and applies account information what the Information Authentication page inputted;
The account information is matched with pre-stored login account information, when matching inconsistent, determine it is described to The sensitive kind request for verifying user is ultra vires act.
7. according to the method described in claim 3, it is characterized in that, the time tag is current time;The facility information It is international mobile equipment identification number;
It is described according to the time tag, the facility information and pre-set token generating algorithm, it is whole to generate the user Token is verified in the registration at end, comprising:
The current time and the international mobile equipment identification number are spliced, obtain described obtaining composite sequence;
The composite sequence is encoded to binary sequence, according to pre-set SHA256 algorithm, by the binary sequence It carries out encryption and generates the registration verifying token.
8. a kind of ultra vires act detection device, which is characterized in that described device includes:
Detection module, for detect user to be verified apply in pre-set sensitive kind request when, to it is described to It verifies the corresponding user terminal of user and sends checking request;
Receiving module, the verifying token sent for receiving the user terminal according to checking request;It is wrapped in the verifying token The facility information and temporal information of the user terminal are contained;
Matching module, for token progress to be verified in the registration of the verifying token and the pre-stored user terminal Match;
Judgment module, for when matching inconsistent, it is determined that the sensitive kind request of the user to be verified is to go beyond one's commission Behavior.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
CN201811486387.0A 2018-12-06 2018-12-06 Unauthorized behavior detection method and device, computer equipment and storage medium Active CN109561093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811486387.0A CN109561093B (en) 2018-12-06 2018-12-06 Unauthorized behavior detection method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811486387.0A CN109561093B (en) 2018-12-06 2018-12-06 Unauthorized behavior detection method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109561093A true CN109561093A (en) 2019-04-02
CN109561093B CN109561093B (en) 2022-06-03

Family

ID=65869312

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811486387.0A Active CN109561093B (en) 2018-12-06 2018-12-06 Unauthorized behavior detection method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109561093B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923203A (en) * 2021-10-29 2022-01-11 中国平安财产保险股份有限公司 Network request checking method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050033703A1 (en) * 2002-09-09 2005-02-10 John Holdsworth Systems and methods for enrolling a token in an online authentication program
CN102487322A (en) * 2010-12-03 2012-06-06 腾讯科技(深圳)有限公司 Registering method, device and system for realizing dynamic password authentication
CN104702415A (en) * 2015-03-31 2015-06-10 北京奇艺世纪科技有限公司 Account number permission control method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050033703A1 (en) * 2002-09-09 2005-02-10 John Holdsworth Systems and methods for enrolling a token in an online authentication program
CN102487322A (en) * 2010-12-03 2012-06-06 腾讯科技(深圳)有限公司 Registering method, device and system for realizing dynamic password authentication
CN104702415A (en) * 2015-03-31 2015-06-10 北京奇艺世纪科技有限公司 Account number permission control method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923203A (en) * 2021-10-29 2022-01-11 中国平安财产保险股份有限公司 Network request checking method, device, equipment and storage medium
CN113923203B (en) * 2021-10-29 2023-07-11 中国平安财产保险股份有限公司 Network request verification method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN109561093B (en) 2022-06-03

Similar Documents

Publication Publication Date Title
CN103051630A (en) Method, device and system for implementing authorization of third-party application based on open platform
US10721076B2 (en) Method, device, terminal, and server for a security check
US11218464B2 (en) Information registration and authentication method and device
CN108400978B (en) Vulnerability detection method and device, computer equipment and storage medium
CN111191212B (en) Block chain-based digital certificate processing method, device, equipment and storage medium
CN105637516A (en) Method for verifying integrity of dynamic code using hash
WO2019140790A1 (en) Service tracking method and apparatus, terminal device, and storage medium
CN105992204A (en) Access authentication method of applications of mobile intelligent terminal and device
CN111241555A (en) Access method and device for simulating user login, computer equipment and storage medium
CN104580112A (en) Service authentication method and system, and server
CN110445768B (en) Login method and device and electronic equipment
CN112165448A (en) Service processing method, device, system, computer equipment and storage medium
CN109561093A (en) Ultra vires act detection method, device, computer equipment and storage medium
CN111131208B (en) Third-party service application login method and device, computer equipment and storage medium
CN108574658A (en) A kind of application login method and its equipment
CN110752933A (en) Verification code input method and device, electronic equipment and storage medium
CN106713257A (en) Method and device for service processing based on mobile device
CN111199025B (en) Information verification method and device, computer equipment and storage medium
CN106533685B (en) Identity authentication method, device and system
CN114448722A (en) Cross-browser login method and device, computer equipment and storage medium
CN111597573B (en) Page embedding method and device, computer equipment and storage medium
CN110490005B (en) Method, device and computer readable storage medium for processing resource transfer request
CN114584313A (en) Equipment physical identity authentication method, system and device and first platform
CN116107781A (en) Log tracking method, device, electronic equipment and computer program product
CN111988336A (en) Access request processing method, device and system and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant