CN110474911B - Terminal credibility identification method, device, equipment and computer readable storage medium - Google Patents
Terminal credibility identification method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110474911B CN110474911B CN201910762819.4A CN201910762819A CN110474911B CN 110474911 B CN110474911 B CN 110474911B CN 201910762819 A CN201910762819 A CN 201910762819A CN 110474911 B CN110474911 B CN 110474911B
- Authority
- CN
- China
- Prior art keywords
- parameter
- target terminal
- terminal
- credibility
- cache
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention discloses a terminal credibility identification method, which comprises the following steps: acquiring a first parameter of a target terminal, and acquiring a second parameter of the target terminal based on the current login state of the target terminal; determining a first credibility of the first parameter and a second credibility of the second parameter; determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal; and determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible. The invention also discloses a terminal credibility identification device, equipment and a computer readable storage medium. The invention adopts a plurality of parameters to identify the credibility of the terminal through the login state of the terminal, avoids the result error caused by a single parameter and ensures that the identification result is more accurate.
Description
Technical Field
The present invention relates to the technical field of financial technology (Fintech), and in particular, to a terminal credibility identification method, apparatus, device, and computer readable storage medium.
Background
In recent years, with the development of financial technology (Fintech), particularly internet finance, a terminal detection technology is introduced into daily services of financial institutions such as banks. In the daily service process of financial institutions such as banks, fraud events are often encountered, in order to prevent such events, the safe operation of the business process is ensured, the financial institutions such as banks can perform risk monitoring on the terminal performing the current business operation, and the risk monitoring mode is mostly prone to enhancing the credibility of the terminal.
However, in the prior art, the reliability identification is often performed only through single hardware device information of the terminal, the identification accuracy is poor, the device environment is easily affected, for example, a mac address (Media Access Control, physical address) is taken as an example, although the mac address generally has uniqueness, but cannot be denied, a situation that a plurality of terminals are the same mac address can occur, for example, a production line fails, so that factory terminals are all the same mac address, and the uniqueness of the terminal cannot be obtained by taking the mac of the terminal as an identification parameter, and therefore, the identification result obtained by taking the single hardware device information as the identification parameter of the terminal is inaccurate.
Disclosure of Invention
The invention mainly aims to provide a terminal credibility identification method, device, equipment and computer readable storage medium, aiming at improving the identification precision of terminal credibility.
In order to achieve the above object, the present invention provides a terminal credibility identification method, which includes the following steps:
acquiring a first parameter of a target terminal, and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
determining a first credibility of the first parameter and a second credibility of the second parameter;
determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal;
and determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible.
Preferably, the step of acquiring the first parameter of the target terminal and acquiring the second parameter of the target terminal based on the login state of the target terminal includes:
acquiring hardware information of a target terminal, and generating a first parameter of the target terminal based on the hardware information;
And acquiring user information and a current login state of the target terminal in a server corresponding to the target terminal, and generating a second parameter based on the user information and the login state.
Preferably, the step of obtaining the hardware information of the target terminal and generating the first parameter of the target terminal based on the hardware information includes:
acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
if not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
if yes, acquiring second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
Preferably, the step of acquiring the first parameter of the target terminal and acquiring the second parameter of the target terminal based on the login state of the target terminal includes:
detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
And if the first parameter and the second parameter exist, acquiring the first parameter and the second parameter.
Preferably, the first parameter is obtained by the target terminal, and is generated by the target terminal according to the hardware information and a preset algorithm; and the second parameter is determined by the server to be in a current login state of the target terminal, the server acquires the user information of the target terminal, and the server generates and transmits the user information to the target terminal according to the login state, the user information and the preset algorithm.
Preferably, after the step of detecting whether the first parameter exists in the target terminal and detecting whether the second parameter exists in the target terminal based on the login status, the method further includes:
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
and if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
Preferably, the step of determining the first confidence level of the first parameter and the second confidence level of the second parameter comprises:
acquiring a first historical parameter of the target terminal and a second historical parameter issued by the server based on the target terminal;
comparing the first parameter with the first historical parameter, and determining a first credibility of the first parameter according to a comparison result;
and comparing the second parameter with the second historical parameter, and determining second credibility of the second parameter according to a comparison result.
In addition, to achieve the above object, the present invention also provides a terminal credibility identifying apparatus, including:
the acquisition module is used for acquiring a first parameter of a target terminal and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
a determining module, configured to determine a first reliability of the first parameter and a second reliability of the second parameter;
the computing module is used for determining the weight value of the first credibility and the weight value of the second credibility based on the login state, and computing the credibility of the target terminal;
And the identification module is used for determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible.
Preferably, the acquiring module is further configured to:
acquiring hardware information of a target terminal, and generating a first parameter of the target terminal based on the hardware information;
and acquiring user information and a current login state of the target terminal in a server corresponding to the target terminal, and generating a second parameter based on the user information and the login state.
Preferably, the acquiring module is further configured to:
acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
if not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
if yes, acquiring second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
Preferably, the acquiring module is further configured to:
detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
And if the first parameter and the second parameter exist, acquiring the first parameter and the second parameter.
Preferably, the first parameter is obtained by the target terminal, and is generated by the target terminal according to the hardware information and a preset algorithm; and the second parameter is determined by the server to be in a current login state of the target terminal, the server acquires the user information of the target terminal, and the server generates and transmits the user information to the target terminal according to the login state, the user information and the preset algorithm.
Preferably, the terminal credibility identifying device further comprises a reading module, wherein the reading module is used for:
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
and if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
Preferably, the determining module is configured to:
acquiring a first historical parameter of the target terminal and a second historical parameter issued by the server based on the target terminal;
comparing the first parameter with the first historical parameter, and determining a first credibility of the first parameter according to a comparison result;
and comparing the second parameter with the second historical parameter, and determining second credibility of the second parameter according to a comparison result.
In addition, to achieve the above object, the present invention also provides a terminal reliability recognition apparatus including: the terminal credibility identification device comprises a memory, a processor and a terminal credibility identification program which is stored in the memory and can run on the processor, wherein the terminal credibility identification program realizes the steps of the terminal credibility identification method when being executed by the processor.
In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a terminal reliability recognition program which, when executed by a processor, implements the steps of the terminal reliability recognition method as described above.
The terminal credibility identification method provided by the invention is used for acquiring a first parameter of a target terminal and acquiring a second parameter of the target terminal based on the current login state of the target terminal; determining a first credibility of the first parameter and a second credibility of the second parameter; determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal; and determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible. The invention adopts a plurality of parameters to identify the credibility of the terminal through the login state of the terminal, avoids the result error caused by a single parameter and ensures that the identification result is more accurate.
Drawings
FIG. 1 is a schematic diagram of a device architecture of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a flowchart of a first embodiment of a terminal reliability recognition method according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic device structure of a hardware running environment according to an embodiment of the present invention.
The device of the embodiment of the invention can be a PC or a server device.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the device structure shown in fig. 1 is not limiting of the device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a terminal reliability recognition program may be included in the memory 1005 as one type of computer storage medium.
The operating system is a program for managing and controlling the terminal credibility identification equipment and software resources, and supports the operation of a network communication module, a user interface module, a terminal credibility identification program and other programs or software; the network communication module is used to manage and control the network interface 1002; the user interface module is used to manage and control the user interface 1003.
In the terminal reliability recognition device shown in fig. 1, the terminal reliability recognition device invokes a terminal reliability recognition program stored in a memory 1005 through a processor 1001 and performs operations in various embodiments of the terminal reliability recognition method described below.
Based on the hardware structure, the embodiment of the terminal credibility identification method is provided.
Referring to fig. 2, fig. 2 is a flowchart of a first embodiment of a terminal credibility identification method according to the present invention, where the method includes:
step S10, acquiring a first parameter of a target terminal, and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
Step S20, determining a first credibility of the first parameter and a second credibility of the second parameter;
step S30, determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal;
step S40, determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible.
The terminal credibility identification method is applied to terminal credibility identification equipment of financial institutions such as financial institutions or banking systems, the terminal credibility identification equipment can be a terminal or PC equipment, and for convenience in description, the terminal credibility identification equipment is described by taking identification equipment as an example. When a user carries out business transaction, such as transfer transaction, through a destination terminal, the identification equipment needs to identify the terminal which carries out the business transaction currently so as to determine the credibility of the current terminal, and if the terminal is not credible, the business transaction is prevented, and the money loss of the user is avoided; if the terminal is trusted, the business transaction is allowed to be carried out, and the target terminal can be a mobile terminal such as a mobile phone, a tablet personal computer and the like.
The identification device of the embodiment determines the credibility of the target terminal by acquiring the first parameter and the second parameter of the target terminal and the credibility of the first parameter and the second parameter, thereby improving the accuracy of identifying the credibility of the terminal.
The following will explain each step in detail:
step S10, acquiring a first parameter of a target terminal, and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
in this embodiment, when identifying the credibility of the target terminal, the identifying device obtains a first parameter of the target terminal, and obtains a second parameter of the target terminal based on the current login state of the target terminal, where the first parameter is identity information of the target terminal, such as information representing the identity of the target terminal, such as mac address of the target terminal; the second parameter is a unique value generated according to the login state of the target terminal, the login state comprises login and non-login, the first parameter and the second parameter can be reported to the identification equipment together by the target terminal when the target terminal initiates the service request, and the identification equipment can acquire the first parameter and the second parameter through the service request.
Further, step S10 includes:
step a, acquiring hardware information of a target terminal, and generating a first parameter of the target terminal based on the hardware information;
in this step, the identifying device firstly acquires hardware information of the target terminal, where the hardware information includes one or more of DeviceId (device id), mac address, serial number, etc., and then generates a first parameter of the target terminal according to the acquired hardware information and a preset Algorithm, where the preset Algorithm may be a HASH Algorithm, specifically, for example, MD5 Algorithm (Message-Digest Algorithm fifth edition), SHA-1 Algorithm (Secure Hash Algorithm ), etc., that is, a first parameter=hash (hardware device information), specifically, the hardware information of the target terminal is generated into a HASH value of 32 bits or 64 bits, and since the above HASH Algorithm is a mature Algorithm in the prior art, it will not be described herein too much.
It can be appreciated that, in order to ensure that the generated first parameter has the effect of uniquely identifying the target terminal, a random value may be added in the process of generating the first parameter from the hardware information. If the hardware information of the target terminal a and the target terminal B are mac addresses, and the mac addresses of the target terminal a and the target terminal B are the same (possibly produced by the same production line fault, so that the mac addresses of the obtained terminals are the same), a random value may be added in the process of generating the first parameter according to the mac addresses, so as to distinguish the first parameters of the target terminal a and the target terminal B.
And b, acquiring user information and a current login state of the target terminal in a server corresponding to the target terminal, and generating a second parameter based on the user information and the login state.
In this step, the user information and the current login state of the target terminal may be stored in a corresponding server, the identifying device may obtain, through a communication protocol, the user information and the login state of the target terminal in the server corresponding to the target terminal, and generate a second parameter according to the user information and the login state, and a preset algorithm, where the login state may be known through cookies generated by the server, the preset algorithm is convenient to describe, and herein, the MD5 algorithm is uniformly used as an example to describe the second parameter=hash (login/non-login), where user may be social information id and other user information that has user correlation and is unique; and random is a random number generated by the server. Therefore, the second parameter of the target terminal has two values in practice, and the second parameter acquired by the identifying device is specifically determined by the login status of the target terminal.
Step S20, determining a first reliability of the first parameter and a second reliability of the second parameter.
In this embodiment, after the first parameter and the second parameter of the target terminal are obtained, the first reliability of the first parameter and the second reliability of the second parameter are calculated respectively, so that the target terminal is identified in a subsequent manner according to the first reliability and the second reliability.
Specifically, step S20 includes:
step c, acquiring a first historical parameter of the target terminal and a second historical parameter issued by the server based on the target terminal;
in the step, after the identification device acquires the first parameter and the second parameter of the target terminal, the identification device further acquires the first historical parameter of the target terminal and the second historical parameter issued by the server corresponding to the target terminal based on the target terminal, namely, when the target terminal initiates a service request last time, the corresponding historical parameter is acquired by the identification device and is used as a judgment parameter of the first credibility of the current first parameter and the second credibility of the second parameter.
Step d, comparing the first parameter with the first historical parameter, and determining the first credibility of the first parameter according to a comparison result;
And e, comparing the second parameter with the second historical parameter, and determining the second credibility of the second parameter according to a comparison result.
In the step, the identification equipment specifically compares the first parameter with the first historical parameter, judges whether the first parameter is consistent with the first historical parameter, and if so, determines that the first credibility of the first parameter is credible and is represented by a value of 1; if the first parameter is inconsistent, determining that the first credibility of the first parameter is unreliable, wherein the first credibility is represented by a value of 0. Similarly, the second parameter is compared with the second historical parameter, whether the second parameter is consistent with the second historical parameter is judged, and the value 1 or 0 is used for representing that the second parameter is trusted or untrusted.
Step S30, determining the weight value of the first credibility and the weight value of the second credibility based on the login state, and calculating the credibility of the target terminal.
In this embodiment, the identifying device determines a weight value of the first reliability and a weight value of the second reliability, specifically, a login state-weight value mapping table is preset in the identifying device, and the corresponding weight value can be determined by determining the login state of the target terminal, when the login state of the target terminal is not logged in, in implementation, the weight ratio of the first reliability is 0.5, the weight ratio of the second reliability is 0.5, and at this time, the reliability of the target terminal=the first reliability×0.5+the second reliability×0.5; when the login state of the target terminal is login, further judging whether the login state of the target terminal is first login, specifically, determining whether the login state of the current target terminal is first login by reading historical login information, if no corresponding historical login information exists, determining that the login state of the current target terminal is first login, wherein when the login state of the target terminal is first login, the weight ratio of the first reliability is 0.5, the weight ratio of the second reliability is 0.5, and at the moment, the reliability of the target terminal is=the first reliability×0.5+the second reliability×0.5; if the corresponding historical login information exists, it can be determined that the login state of the current target terminal is not first login, namely the login times are more than or equal to 2, at the moment, the weight ratio of the first credibility is 0.3, the weight ratio of the second credibility is 0.7, and at the moment, the credibility of the target terminal=the first credibility×0.3+the second credibility×0.7. Substituting the calculated first credibility and second credibility into a formula to obtain the credibility of the target terminal of one of 0.3, 0.5, 0.7 and 1.
It should be noted that, in the above preferred embodiments in practical implementation, the specific mapping table of login status and weight value may be set according to practical situations.
Step S40, determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible.
In this embodiment, after obtaining the reliability value of the target terminal, determining whether the reliability of the target terminal is lower than a preset threshold, where the preset threshold is set to 0.5 in the specific implementation, if not, determining that the target terminal is reliable, and allowing the corresponding service to proceed when the target terminal initiates the service request; if yes, the target terminal is determined to be not trusted, and when the target terminal initiates a service request, the corresponding service is prevented from being carried out.
The method comprises the steps of obtaining a first parameter of a target terminal, and obtaining a second parameter of the target terminal based on the current login state of the target terminal; determining a first credibility of the first parameter and a second credibility of the second parameter; determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal; and determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible. The invention adopts a plurality of parameters to identify the credibility of the terminal through the login state of the terminal, avoids the result error caused by a single parameter and ensures that the identification result is more accurate.
Further, based on the first embodiment of the terminal credibility identification method of the present invention, a second embodiment of the terminal credibility identification method of the present invention is provided.
The second embodiment of the terminal reliability recognition method differs from the first embodiment of the terminal reliability recognition method in that step a comprises:
step a1, acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
step a2, if not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
step a3, if yes, obtaining second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
and a4, if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
In this embodiment, when acquiring the hardware information of the target terminal, there may be a case where the hardware information of the target terminal is not acquired, or the dirty data is acquired, so that the dirty data needs to be filtered to acquire accurate hardware information, so that the generated first parameter is reliable.
Specific:
Step a1, acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
in this embodiment, the identifying device acquires the first hardware information of the target terminal, and determines whether the first hardware information is dirty data, and the specific criterion is a preset dirty data rule, so long as the first hardware information is in accordance with the dirty data rule, the first hardware information is regarded as dirty data. The specific dirty data rule can be set according to actual conditions, such as data format unpaired, data discontinuous, data error and the like, for example, the mac address of the target terminal, in the actual implementation process, the mac address of a part of terminals cannot be directly obtained, and at this time, the return value of the terminal is FF: FF: FF: FF: FF, or 0000000000, which is dirty data.
Step a2, if not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
if it is determined that the first hardware information is not dirty data, generating the first parameter of the target terminal based on the first hardware information and the preset algorithm, and the specific generating manner may refer to the above embodiment, which is not described herein again.
Step a3, if yes, obtaining second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
And if the first hardware information is determined to be dirty data, filtering the dirty data, re-acquiring the second hardware information of the target terminal, and then verifying whether the second hardware information is dirty data. It may be appreciated that there are a plurality of pieces of hardware information, such as mac address, serial number, etc., in the target terminal, after determining that the first piece of hardware information is dirty data, if the mac address is dirty data, the second piece of hardware information, such as serial number, is obtained, and whether the serial number is dirty data is verified again.
And a4, if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
If the second hardware information is not dirty data, generating a first parameter of the target terminal based on the second hardware information and a preset algorithm; if the second hardware information is dirty data, continuing to acquire the third hardware information, and verifying whether the third hardware information is dirty data. The specific determination manner and the manner of generating the first parameter are not described herein.
Further, in another embodiment, if the first hardware information is determined to be dirty data, a dirty data type of the first hardware information is further determined, where the dirty data type includes data missing, data error, data format unequal.
If the dirty data type of the first hardware information is data missing, the number of missing characters is further determined, namely the number of characters missing in the first hardware information is determined, if the number of missing characters is smaller than a preset value, the first hardware information is complemented, and the first parameters are generated by the complemented first hardware information.
The specific complement mode is as follows: the missing character is replaced by a unicode, and if the first hardware information is currently missing three characters, the missing character is replaced by the unicode.
It should be noted that, in order to ensure that the first hardware information is reliable, the preset value is 3.
When the first parameter is generated, the collected hardware information needs to be filtered, so that the collected hardware information is reliable, the generated first parameter is reliable, the parameter which is used for judging the credibility of the target terminal later is reliable, and the accuracy of identifying the credibility of the terminal is improved.
Further, based on the first and second embodiments of the terminal credibility identification method of the present invention, a third embodiment of the terminal credibility identification method of the present invention is provided.
The third embodiment of the terminal reliability recognition method is different from the first and second embodiments of the terminal reliability recognition method in that step S10 includes:
F, detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
and g, if the first parameter and the second parameter exist, acquiring the first parameter and the second parameter.
In this embodiment, before the first parameter and the second parameter of the target terminal are acquired, whether the first parameter and the second parameter exist in the target terminal is determined, so as to ensure that the first parameter and the second parameter can be acquired.
Specific:
f, detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
in this embodiment, the first parameter and the second parameter are stored in the target terminal, so as to avoid that the user performs operations such as deletion through the target terminal, so that the first parameter and the second parameter in the target terminal are lost, the identifying device needs to detect whether the first parameter exists in the target terminal, and detect whether the second parameter exists in the target terminal based on the login state of the target terminal, that is, whether the second parameter is related to the login state.
And g, if the first parameter and the second parameter exist, acquiring the first parameter and the second parameter.
If the first parameter and the second parameter exist, the user is not required to delete the first parameter and the second parameter, and the first parameter and the second parameter of the target terminal are acquired if the first parameter and the second parameter are not lost.
In this embodiment, the first parameter is obtained by the target terminal, and is generated by the target terminal according to the hardware information and the preset algorithm, and a specific generating manner may refer to the above embodiment, which is not described herein again, and the identifying device may directly obtain the generated first parameter, without obtaining the hardware information first and then generating the first parameter; the second parameter is generated by a server corresponding to the target terminal, specifically, the server determines the login state of the target terminal, then the server obtains the user information of the target terminal, the server generates the second parameter according to a preset algorithm, the login state and the user information, and the second parameter is issued to the target terminal for storage, and the specific generation mode is not described herein again.
In this embodiment, the generation of the first parameter is responsible for the target terminal, and the generation of the second parameter is responsible for the server, so that all the parameters are prevented from being generated by the target terminal, and the behavior that the user modifies the parameters through the target terminal is avoided. In addition, the two parameters are generated by different subjects, so that the generation speed can be increased, and the identification equipment can acquire the first parameter and the second parameter more quickly.
Further, after step f, the method further comprises:
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
if it is determined that the first parameter and/or the second parameter do not exist in the target terminal, that is, the lack of the parameter identifies the reliability of the target terminal, the first cache parameter and the second cache parameter corresponding to the target terminal are read in at least two preset cache areas, that is, in this embodiment, in order to prevent the user from deleting the first parameter and/or the second parameter stored in the target terminal, or other reasons from causing the first parameter and/or the second parameter to be lost, at least two preset cache areas are preset, and the parameters are stored in the cache areas, for example, in the positions of an APP cache file, an equipment cache file, an SD card and the like, so as to establish multi-layer data cross verification. Specifically, after the first cache parameter and the second cache parameter are obtained in each cache region, whether the first cache parameter in each cache region is consistent or not is respectively judged, and whether the second cache parameter in each cache region is consistent or not is judged.
And if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
If the first cache parameters in each cache region are consistent and the second cache parameters in each cache region are consistent, the first cache parameters and the second cache parameters are respectively set as the first parameters and the second parameters of the target terminal. Namely, a multi-layer data cross-validation mode is adopted to determine the first parameter and the second parameter of the target terminal, so that the problem of data deviation caused by a single factor is avoided.
It can be understood that if the cache parameters are inconsistent, the target terminal is determined to be not trusted.
The first parameter and the second parameter of the target terminal are acquired, and the first parameter and the second parameter are verified in a multi-layer data cross verification mode, so that the first parameter and the second parameter are reliable, the accuracy of identifying the terminal credibility is improved, and the speed of identifying the terminal credibility is improved to a certain extent because the first parameter and the second parameter are respectively generated by the target terminal and the server.
The invention also provides a terminal credibility identification device. The terminal credibility identification device of the invention comprises:
The acquisition module is used for acquiring a first parameter of a target terminal and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
a determining module, configured to determine a first reliability of the first parameter and a second reliability of the second parameter;
the computing module is used for determining the weight value of the first credibility and the weight value of the second credibility based on the login state, and computing the credibility of the target terminal;
and the identification module is used for determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible.
Further, the acquisition module is further configured to:
acquiring hardware information of a target terminal, and generating a first parameter of the target terminal based on the hardware information;
and acquiring user information and a current login state of the target terminal in a server corresponding to the target terminal, and generating a second parameter based on the user information and the login state.
Further, the acquisition module is further configured to:
acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
If not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
if yes, acquiring second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
Further, the acquisition module is further configured to:
detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
and if the first parameter and the second parameter exist, acquiring the first parameter and the second parameter.
Further, the first parameter is obtained by the target terminal, and is generated by the target terminal according to the hardware information and a preset algorithm; and the second parameter is determined by the server to be in a current login state of the target terminal, the server acquires the user information of the target terminal, and the server generates and transmits the user information to the target terminal according to the login state, the user information and the preset algorithm.
Further, the terminal credibility identifying device further comprises a reading module, wherein the reading module is used for:
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
and if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
Further, the determining module is configured to:
acquiring a first historical parameter of the target terminal and a second historical parameter issued by the server based on the target terminal;
comparing the first parameter with the first historical parameter, and determining a first credibility of the first parameter according to a comparison result;
and comparing the second parameter with the second historical parameter, and determining second credibility of the second parameter according to a comparison result.
The invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention stores a terminal credibility identification program which, when executed by a processor, implements the steps of the terminal credibility identification method as described above.
The method implemented when the terminal reliability recognition program running on the processor is executed may refer to various embodiments of the terminal reliability recognition method of the present invention, which are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein, or any application, directly or indirectly, in the field of other related technology.
Claims (8)
1. The terminal credibility identification method is characterized by comprising the following steps of:
acquiring a first parameter of a target terminal, and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
determining a first credibility of the first parameter and a second credibility of the second parameter;
determining a weight value of the first credibility and a weight value of the second credibility based on the login state, and calculating the credibility of the target terminal;
determining whether the credibility is lower than a preset threshold value, if not, determining that the target terminal is credible;
the step of obtaining the first parameter of the target terminal and obtaining the second parameter of the target terminal based on the login state of the target terminal includes:
detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
If the first parameter and the second parameter exist, the first parameter and the second parameter are obtained, the first parameter is generated by the target terminal, and the second parameter is generated by a server corresponding to the target terminal;
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
and if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
2. The terminal reliability recognition method of claim 1, wherein the step of acquiring the first parameter of the target terminal and acquiring the second parameter of the target terminal based on the login state of the target terminal comprises:
acquiring hardware information of a target terminal, and generating a first parameter of the target terminal based on the hardware information;
and acquiring user information and a current login state of the target terminal in a server corresponding to the target terminal, and generating a second parameter based on the user information and the login state.
3. The terminal reliability recognition method of claim 2, wherein the step of acquiring hardware information of the target terminal and generating the first parameter of the target terminal based on the hardware information comprises:
acquiring first hardware information of a target terminal, and determining whether the first hardware information is dirty data or not based on a preset dirty data rule;
if not, generating a first parameter of the target terminal based on the first hardware information and a preset algorithm;
if yes, acquiring second hardware information of the target terminal, and determining whether the second hardware information is dirty data or not based on the dirty data rule;
if not, generating a first parameter of the target terminal based on the second hardware information and the preset algorithm.
4. The terminal reliability recognition method of claim 1, wherein,
the first parameter is generated by the target terminal, and includes:
the first parameter is obtained by the target terminal, hardware information of the target terminal is obtained by the target terminal, and the first parameter is generated by the target terminal according to the hardware information and a preset algorithm;
the second parameter is generated by a server corresponding to the target terminal, and comprises the following steps:
And the second parameter is determined by the server to be in a current login state of the target terminal, the server acquires the user information of the target terminal, and the server generates and transmits the user information to the target terminal according to the login state, the user information and the preset algorithm.
5. The terminal reliability identification method according to any one of claims 1 to 4, wherein the step of determining the first reliability of the first parameter and the second reliability of the second parameter comprises:
acquiring a first historical parameter of the target terminal and a second historical parameter issued by the server based on the target terminal;
comparing the first parameter with the first historical parameter, and determining a first credibility of the first parameter according to a comparison result;
and comparing the second parameter with the second historical parameter, and determining second credibility of the second parameter according to a comparison result.
6. A terminal reliability recognition device, characterized in that the terminal reliability recognition device comprises:
the acquisition module is used for acquiring a first parameter of a target terminal and acquiring a second parameter of the target terminal based on the current login state of the target terminal;
A determining module, configured to determine a first reliability of the first parameter and a second reliability of the second parameter;
the computing module is used for determining the weight value of the first credibility and the weight value of the second credibility based on the login state, and computing the credibility of the target terminal;
the identification module is used for determining whether the credibility is lower than a preset threshold value, and if not, determining that the target terminal is credible;
the acquisition module is further configured to:
detecting whether the first parameter exists in the target terminal or not, and detecting whether the second parameter exists in the target terminal or not based on the login state;
if the first parameter and the second parameter exist, the first parameter and the second parameter are obtained, the first parameter is generated by the target terminal, and the second parameter is generated by a server corresponding to the target terminal;
the terminal credibility identification device further comprises a reading module, wherein the reading module is used for:
if the first parameter and/or the second parameter do not exist, reading the first cache parameter and the second cache parameter corresponding to the target terminal in at least two preset cache areas, and determining whether the first cache parameter in each cache area is consistent with the second cache parameter in each cache area;
And if the first cache parameter and the second cache parameter are consistent, setting the first cache parameter and the second cache parameter as the first parameter and the second parameter of the target terminal respectively.
7. A terminal reliability recognition device, characterized in that the terminal reliability recognition device comprises: a memory, a processor and a terminal reliability recognition program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the terminal reliability recognition method according to any one of claims 1 to 5.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a terminal reliability recognition program, which when executed by a processor, implements the steps of the terminal reliability recognition method according to any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910762819.4A CN110474911B (en) | 2019-08-14 | 2019-08-14 | Terminal credibility identification method, device, equipment and computer readable storage medium |
| PCT/CN2020/108190 WO2021027777A1 (en) | 2019-08-14 | 2020-08-10 | Terminal credibility identification method, apparatus and device, and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910762819.4A CN110474911B (en) | 2019-08-14 | 2019-08-14 | Terminal credibility identification method, device, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110474911A CN110474911A (en) | 2019-11-19 |
| CN110474911B true CN110474911B (en) | 2023-05-23 |
Family
ID=68511885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910762819.4A Active CN110474911B (en) | 2019-08-14 | 2019-08-14 | Terminal credibility identification method, device, equipment and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110474911B (en) |
| WO (1) | WO2021027777A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474911B (en) * | 2019-08-14 | 2023-05-23 | 深圳前海微众银行股份有限公司 | Terminal credibility identification method, device, equipment and computer readable storage medium |
| CN111107064B (en) * | 2019-12-04 | 2022-07-12 | 北京奇虎科技有限公司 | Terminal equipment identification method, device, equipment and readable storage medium |
| CN111753329A (en) * | 2020-06-05 | 2020-10-09 | 江苏任务网络科技有限公司 | Automatic early warning method for locking remote login of user |
| CN111756716A (en) * | 2020-06-15 | 2020-10-09 | 深信服科技股份有限公司 | Flow detection method and device and computer readable storage medium |
| CN111708354B (en) * | 2020-07-06 | 2021-11-05 | 四川创客知佳科技有限公司 | Smart hotel terminal fault detection method based on big data |
| CN112311760B (en) * | 2020-09-17 | 2023-04-07 | 广西电网有限责任公司电力科学研究院 | Terminal credibility analysis method and device for one-end multi-network environment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104966002A (en) * | 2015-07-03 | 2015-10-07 | 北京数字联盟网络科技有限公司 | False mobile terminal identification method and apparatus |
| CN105426734A (en) * | 2015-11-12 | 2016-03-23 | 山东超越数控电子有限公司 | Identity authentication method and device based on trusted computing |
| CN109002733A (en) * | 2018-06-20 | 2018-12-14 | 阿里巴巴集团控股有限公司 | A kind of pair of equipment carries out the method and device of reliability evaluation |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI113569B (en) * | 2001-11-02 | 2004-05-14 | Nokia Corp | A method for processing data, a data processing system, and a mobile terminal |
| US8635662B2 (en) * | 2008-01-31 | 2014-01-21 | Intuit Inc. | Dynamic trust model for authenticating a user |
| CN104954350B (en) * | 2014-03-31 | 2020-06-23 | 腾讯科技(深圳)有限公司 | Account information protection method and system |
| CN104135494B (en) * | 2014-08-22 | 2017-09-22 | 北京京东尚科信息技术有限公司 | A kind of same account untrusted terminal logs in method and system based on trusted terminal |
| CN105635084B (en) * | 2014-11-17 | 2018-12-14 | 华为技术有限公司 | Terminal authentication apparatus and method |
| CN106936761A (en) * | 2015-12-29 | 2017-07-07 | 株式会社日立制作所 | A kind of secure log authentication method and system based on Quick Response Code and hardware information |
| CN107071772B (en) * | 2016-07-29 | 2020-07-07 | 腾讯科技(深圳)有限公司 | Wireless local area network connection method and mobile terminal |
| CN106453372B (en) * | 2016-11-03 | 2019-10-25 | 努比亚技术有限公司 | A kind of terminal, server and account logon method |
| CN106778023A (en) * | 2017-01-03 | 2017-05-31 | 武汉大学 | A kind of Postural Evaluations of Electric Equipments credible result evaluation method |
| CN109309652B (en) * | 2017-07-28 | 2020-06-09 | 创新先进技术有限公司 | Method and device for training model |
| CN108011936B (en) * | 2017-11-28 | 2021-06-04 | 百度在线网络技术(北京)有限公司 | Method and device for pushing information |
| CN110061987B (en) * | 2019-04-19 | 2021-03-16 | 武汉大学 | Access access control method and device based on role and terminal credibility |
| CN110069360B (en) * | 2019-04-22 | 2023-03-21 | 重庆长安新能源汽车科技有限公司 | Motor controller data storage and reading method and device |
| CN110474911B (en) * | 2019-08-14 | 2023-05-23 | 深圳前海微众银行股份有限公司 | Terminal credibility identification method, device, equipment and computer readable storage medium |
-
2019
- 2019-08-14 CN CN201910762819.4A patent/CN110474911B/en active Active
-
2020
- 2020-08-10 WO PCT/CN2020/108190 patent/WO2021027777A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104966002A (en) * | 2015-07-03 | 2015-10-07 | 北京数字联盟网络科技有限公司 | False mobile terminal identification method and apparatus |
| CN105426734A (en) * | 2015-11-12 | 2016-03-23 | 山东超越数控电子有限公司 | Identity authentication method and device based on trusted computing |
| CN109002733A (en) * | 2018-06-20 | 2018-12-14 | 阿里巴巴集团控股有限公司 | A kind of pair of equipment carries out the method and device of reliability evaluation |
Non-Patent Citations (1)
| Title |
|---|
| 杨蕊岚.基于定序回归的云终端用户行为可信性评估方法的研究.中国优秀硕士学位论文全文数据库信息科技辑.2018,(第07期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110474911A (en) | 2019-11-19 |
| WO2021027777A1 (en) | 2021-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110474911B (en) | Terminal credibility identification method, device, equipment and computer readable storage medium | |
| US10826684B1 (en) | System and method of validating Internet of Things (IOT) devices | |
| US9491182B2 (en) | Methods and systems for secure internet access and services | |
| EP3178011B1 (en) | Method and system for facilitating terminal identifiers | |
| US9230066B1 (en) | Assessing risk for third-party data collectors | |
| US10630676B2 (en) | Protecting against malicious discovery of account existence | |
| WO2019200799A1 (en) | Short message verification code pushing method, electronic device and readable storage medium | |
| CN110061987B (en) | Access access control method and device based on role and terminal credibility | |
| US11855976B2 (en) | Utilizing behavioral features to authenticate a user entering login credentials | |
| WO2019114246A1 (en) | Identity authentication method, server and client device | |
| CN107426136B (en) | Network attack identification method and device | |
| CN109547427B (en) | Blacklist user identification method and device, computer equipment and storage medium | |
| CN111294337A (en) | Token-based authentication method and device | |
| CN113259429B (en) | Session maintenance management and control method, device, computer equipment and medium | |
| CN107995167B (en) | Equipment identification method and server | |
| KR101563628B1 (en) | Error detection method, error detection apparatus and error detection system for bibliographic data of books | |
| CN112765588A (en) | Identity recognition method and device, electronic equipment and storage medium | |
| CN113849802A (en) | Equipment authentication method and device, electronic equipment and storage medium | |
| CN111949363A (en) | Service access management method, computer equipment, storage medium and system | |
| CN108875349B (en) | Verification code generation method and device based on pinyin | |
| CN113836509B (en) | Information acquisition method, device, electronic equipment and storage medium | |
| CN114817868B (en) | License verification method, device, equipment and storage medium | |
| JP2019144693A (en) | Access analysis system and access analysis method | |
| CN112637110B (en) | Method for detecting password, password detection device and storage medium | |
| US20220035914A1 (en) | Information processing device, control method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |