CN111581616B - Multi-terminal login control method and device - Google Patents
Multi-terminal login control method and device Download PDFInfo
- Publication number
- CN111581616B CN111581616B CN202010393755.8A CN202010393755A CN111581616B CN 111581616 B CN111581616 B CN 111581616B CN 202010393755 A CN202010393755 A CN 202010393755A CN 111581616 B CN111581616 B CN 111581616B
- Authority
- CN
- China
- Prior art keywords
- login
- application program
- terminal equipment
- trust value
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The invention discloses a method and a device for multi-terminal login control, comprising the following steps: the login information sent by the application program is obtained, wherein the login information comprises identification information and login verification information of terminal equipment which the application program logs in, the login verification information comprises a login mode and verification information, if the login mode is a low-credibility login mode, whether the terminal equipment is credible equipment is determined according to the identification information of the terminal equipment so as to judge whether the application program is allowed to log in, the safety of the application program login is improved, if the application program is allowed to log in, after the verification information is verified to pass, the success of the application program login is confirmed, the trust value of the terminal equipment is increased, the safety of the application program when the application program logs in on the terminal equipment is improved, and the user experience is improved.
Description
Technical Field
The invention relates to the field of Internet, in particular to a method and a device for multi-terminal login control.
Background
With the development and popularization of the internet and cloud services, various APP and website services are endless, and meanwhile, the development of social economy also enables networking terminal equipment of users to be continuously increased, such as mobile phones, computers, tablets and the like, so that the method is particularly important for login control of the APP or website end.
In the prior art, common modes of login control of an APP or a website end are as follows: single sign-on control and multi-point sign-on control refer to that one terminal device or one type of terminal device is logged in, and then the other terminal device or the other type of terminal device is squeezed out, for example, a user logs in a payment device on one mobile phone, a payment device which is logged in on the other mobile phone before the user is disconnected, a user logs in a WeChat on one computer, and a WeChat which is logged in on the other computer before the user is disconnected. Multipoint login refers to that a user can log in on a plurality of terminal devices in the same class at the same time, for example, the user can log in the same account on a plurality of computers.
The single sign-on is complex in operation when the multi-terminal equipment logs in, the account needs to be switched back and forth and the login is repeated, but the multi-point login has potential safety hazards, password leakage is easy to occur, and the safety problem of user privacy leakage is caused.
Disclosure of Invention
The embodiment of the invention provides a method and a device for controlling multi-terminal login, which are used for realizing dynamic multi-terminal login control, improving the login safety of an application program and improving the user experience.
In a first aspect, an embodiment of the present invention provides a method for multi-port login control, including:
acquiring login information sent by an application program, wherein the login information comprises identification information and login verification information of terminal equipment which the application program logs in; the login verification information comprises a login mode and verification information;
if the login mode is a low-credibility login mode, determining whether the terminal equipment is credible equipment according to the identification information of the terminal equipment;
if yes, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
In the technical scheme, when the application program logs in, the login mode is a low-credibility login mode, the terminal equipment is determined to be credible equipment according to the acquired identification information of the terminal equipment for logging in the application program, so that the application program is allowed to log in, the safety of the application program logging in is improved, the trust value of the terminal equipment is increased after the application program is successfully logged in, the safety of the application program logging in the terminal equipment is improved, the user can use the terminal equipment to log in the application program next time, and the use experience of the user is improved.
Optionally, the method further comprises:
and if the terminal equipment is determined to be the non-trusted equipment, determining that the application program is not allowed to log in.
In the technical scheme, if the terminal equipment is determined to be the non-trusted equipment according to the acquired identification information of the terminal equipment for logging in the application program, the application program is not allowed to log in, so that security problems such as privacy leakage and the like caused by logging in the application program on the non-trusted equipment are avoided, and the security of application program logging in is improved.
Optionally, if the login mode is a high-reliability login mode, determining whether the application program is logged in for the first time at the terminal device, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal device as a reliable device, and increasing the trust value of the terminal device;
otherwise, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
According to the technical scheme, the application program login is performed according to the high-reliability login mode, and the terminal equipment which is logged in for the first time can be set to be the reliable equipment, so that a user can use the terminal equipment to perform the application program login in the low-reliability login mode, user experience is improved, the trust value of the terminal equipment is increased after the login is successful, and the security of the application program login on the equipment is improved.
Optionally, after confirming that the application program login is successful, the method further includes:
acquiring login modification information of a user;
and modifying the credibility authority and the login state of the application program logged on other terminal equipment according to the login modification information.
According to the technical scheme, the login modification information can be set for the terminal equipment logged in the high-reliability login mode to modify the credibility authority of other terminal equipment and the login state of the application program, so that the terminal equipment logged in by the application program can be controlled by a user, and potential safety hazards such as user privacy leakage and the like existing in multi-point login are prevented.
Optionally, the method further comprises:
and if the verification information is not verified, confirming that the login of the application program fails, and reducing the trust value.
In the technical scheme, if the login of the application program fails, the trust value of the terminal equipment is reduced, so that malicious login in a manner of violently cracking passwords and the like is prevented when the terminal equipment is lost, and privacy leakage caused by the loss of the terminal equipment is prevented.
Optionally, after confirming that the application login fails and reducing the trust value, the method further includes:
counting the continuous login failure times of the application program, and if the continuous login failure times are larger than a first threshold value, limiting that the application program cannot be logged on the terminal equipment within a set time period;
and if the trust value is smaller than a second threshold value, prohibiting the application program from logging on the terminal equipment by using a low-trust logging mode.
According to the technical scheme, the application program cannot be logged in the terminal equipment by limiting the application program, and the application program is forbidden to log in the terminal equipment in a low-trust login mode by the trust value, so that malicious login of the application program by a hacker through library collision attack and the like is prevented, and the login safety of the application program is improved.
In a second aspect, an embodiment of the present invention provides an apparatus for multi-port login control, including:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring login information sent by an application program, and the login information comprises identification information and login verification information of terminal equipment which the application program logs in; the login verification information comprises a login mode and verification information;
the processing module is used for determining whether the terminal equipment is a trusted equipment according to the identification information of the terminal equipment if the login mode is a low trusted login mode; if yes, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
Optionally, the processing module is further configured to:
and if the terminal equipment is determined to be the non-trusted equipment, determining that the application program is not allowed to log in.
Optionally, the processing module is specifically configured to:
if the login mode is a high-reliability login mode, determining whether the application program is logged in the terminal equipment for the first time, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal equipment as the reliable equipment, and increasing the trust value of the terminal equipment;
otherwise, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
Optionally, the processing module is further configured to:
after confirming that the application program is successfully logged in, controlling an acquisition module to acquire login modification information of a user;
and modifying the credibility authority and the login state of the application program logged on other terminal equipment according to the login modification information.
Optionally, the processing module is further configured to:
and if the verification information is not verified, confirming that the login of the application program fails, and reducing the trust value.
Optionally, the processing module is further configured to:
after confirming that the login of the application program fails and reducing the trust value, counting the continuous login failure times of the application program, and if the continuous login failure times are greater than a first threshold value, limiting that the application program cannot login on the terminal equipment within a set time period;
and if the trust value is smaller than a second threshold value, prohibiting the application program from logging on the terminal equipment by using a low-trust logging mode.
In a third aspect, embodiments of the present invention also provide a computing device, comprising:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the multi-terminal login control method according to the obtained program.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the above-described method of multi-port login control.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for multi-port login control according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for multi-port login control according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a device for multi-port login control according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 illustrates a system architecture to which embodiments of the present invention are applicable, the system architecture including a server 100, the server 100 may include a processor 110, a communication interface 120, and a memory 130.
Wherein the communication interface 120 is used for transmitting data.
The processor 110 is a control center of the server 100, connects various parts of the entire server 100 using various interfaces and routes, and performs various functions of the server 100 and processes data by running or executing software programs and/or modules stored in the memory 130, and calling data stored in the memory 130. Optionally, the processor 110 may include one or more processing units.
The memory 130 may be used to store software programs and modules, and the processor 110 performs various functional applications and data processing by executing the software programs and modules stored in the memory 130. The memory 130 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function, and the like; the storage data area may store data created according to business processes, etc. In addition, memory 130 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
It should be noted that the structure shown in fig. 1 is merely an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 illustrates a flow of a method for multi-port login control according to an embodiment of the present invention, where the flow may be performed by a device for multi-port login control.
As shown in fig. 2, the process specifically includes:
In the embodiment of the invention, the login information comprises identification information and login verification information of the terminal equipment logged in by the application program, wherein the identification information of the terminal equipment logged in by the application program comprises but is not limited to MAC address (Media Access Control Address, physical address) of the terminal equipment, MEID (Mobile Equipment Identifier, mobile terminal identification code) and the like, and the login verification information comprises a login mode and verification information.
Further, the login modes include a high-reliability login mode and a low-reliability login mode, for example, the high-reliability login mode can be an authentication code sent through a mobile phone number, face authentication information of a user, fingerprint authentication information of the user and the like, and the low-reliability login mode can be an account password of an application program, such as an account password of a QQ.
In the embodiment of the invention, when an application program is logged in a terminal device, if a user uses a low-reliability login mode, whether the terminal device is a trusted device is determined according to the identification information of the terminal device, for example, the trust value of the terminal device is determined to be 2, and the second threshold value is 1, if the terminal device is the trusted device, wherein the trust value is the number of successful login times of the application program logged in the terminal device, and the security of the application program login is improved by verifying whether the terminal device is the trusted device.
And 203, if yes, after the verification information is verified, confirming that the application program is successfully logged in, and increasing the trust value of the terminal equipment.
In the embodiment of the invention, when an application program is logged in a terminal device, if a user uses a low-trust login mode, then the terminal device is determined to be a trusted device according to the identification information of the terminal device, and if the application program is logged in successfully, the trust value of the terminal device is increased, for example, a user A uses the low-trust login mode to log in the application program on the terminal device, and determines that the terminal device is the trusted device according to the identification information of the terminal device, and if the user A successfully logs in through a correct application program account password, the trust value of the terminal device is increased by 1.
For example, if it is determined that the terminal device is an untrusted device, it is determined that the application is not allowed to log in.
If the user uses the low-trusted login mode to login the application program on the terminal device, then it is determined that the terminal device is the non-trusted device according to the identification information of the terminal device, the user is not allowed to login the application program using the low-trusted login mode, for example, when the user B uses the low-trusted login mode to login the application program on the terminal device, the second threshold of the terminal device is 1, and the current trust value of the terminal device is 0, it is determined that the terminal device is the non-trusted device, and the user is not allowed to login by using the account password of the application program.
If the login mode is a high-reliability login mode, determining whether the application program is logged in the terminal equipment for the first time, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal equipment as a reliable equipment, and increasing the trust value of the terminal equipment;
otherwise, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
When the login mode used by the login application program on the terminal equipment is the high-reliability login mode, if the application program is the first login on the terminal equipment, after the login application program in the high-reliability login mode succeeds, setting the terminal equipment as the reliability equipment, and increasing the trust value of the terminal equipment, if the application program is not the first login on the terminal equipment, directly increasing the trust value of the terminal equipment after the login application program in the high-reliability login mode succeeds, for example, a user C logs in a WeChat on a brand-new mobile terminal, the brand-new mobile terminal does not log in the WeChat, when the login of the user is performed by using a mobile phone verification code in the high-reliability login mode, and when the verification passes, setting the brand-new mobile terminal as the reliability equipment (if a preset trust value threshold is 3, the trust value of the mobile terminal is 3), and increasing the trust value of the brand-new terminal equipment (if the trust value of the mobile terminal is 1 and the trust value of the mobile terminal is changed to 4), and if the trust value of the user C is the old mobile terminal, the old mobile terminal is increased by the second trust value of the mobile terminal, and the mobile terminal is determined to be the old after the two trust value is increased, if the trust value is increased by the mobile terminal 2.
Illustratively, after the application program is confirmed to be successfully logged in by using a high-credibility login mode, login modification information of a user is obtained;
and modifying the credibility authority and the login state of the application program logged on other terminal equipment according to the login modification information.
Acquiring modification information of the application program which is successfully logged in by the user on the terminal equipment of the application program through a high-reliability login mode and logging in other terminal equipment, modifying the trust value of the application program on other terminal equipment and the login state of the current application program on other terminal equipment according to the modification information, for example, after the user D logs in the application program on the terminal equipment D through the high-reliability login mode, the user D reduces the trust value of the terminal equipment c to 0 (namely, cancels the credibility authority of the application program on the terminal equipment c), and sets the login state of the current application program on the terminal equipment c to be offline, wherein the login mode of the application program on the terminal equipment c can be the high-reliability login mode and the low-reliability login mode, so that the user can mutually set the login modification information of the application program on the terminal equipment with high-reliability login, thereby avoiding authority from being abused and leading to privacy loss.
If the verification information is not verified, confirming that the login of the application program fails, and reducing the trust value.
When an application program is logged in, no matter whether the login mode is a high-reliability login mode and/or a low-reliability login mode, if verification during login is not passed, the application program is failed to log in, and the trust value of a terminal device is reduced, for example, a user E logs in the application program on the terminal device, logs in the application program through a mobile phone verification code, and the trust value of the terminal device is reduced because the application program is failed to log in due to the error input of the mobile phone verification code.
The trust value may be reduced by 1 for each time the application fails to log in, or may be reduced according to the form of the evolution, for example, the program: and (3) square [ sqrt (n-1) ], wherein the operation result after square is an integer, until the trust value is reduced to 0 or lower than a second threshold value, and the terminal equipment is set as an untrusted equipment.
The method includes the steps that after the login failure of the application program is confirmed and the trust value is reduced, the continuous login failure times of the application program are counted, and if the continuous login failure times are larger than a first threshold value, the application program is limited to be unable to login on the terminal equipment within a set time period;
and if the trust value is smaller than a second threshold value, prohibiting the application program from logging in the terminal equipment in a low-trust logging mode.
After the trust value of the terminal equipment is reduced, determining that the login of the application program fails, then starting counting the number of continuous login failures of the application program on the non-trusted equipment, when the number of continuous login failures of the application program is larger than a first threshold value, not allowing the user to login the application program on the terminal equipment again in a preset time period, for example, if the user F logs in the application program on the terminal equipment through a high-trusted login mode of face recognition, however, if the application program login fails, directly reducing the trust value of the terminal equipment to 0 (a second threshold value), then starting recording the number of continuous failures of the terminal equipment to login the application program through the high-trusted login mode (because the trust value of the terminal equipment is 0, the terminal equipment is set as the non-trusted equipment, and the low-trusted login mode is not allowed), and if the number of continuous failures is 5, is larger than the first threshold value (such as 4), limiting the login behavior of the terminal equipment in 24 hours (preset time period), not allowing the user to login the application program on the terminal equipment in any login mode.
Or if the trust value of the terminal equipment is smaller than the second threshold value, the terminal equipment is set to be non-trusted equipment, and the user is forbidden to log in the application program on the terminal equipment in a low-trusted login mode, so that the hacker is prevented from maliciously logging in the application program of the user in a mode of library collision attack or brute force cracking and the like, privacy exposure of the user is prevented, and safety of the user is improved.
The library collision attack is an attack technology of a network hacker, and a corresponding dictionary table is generated by collecting user account numbers and password information revealed by the Internet, and a series of user information which can be logged in is obtained after the network hacker tries to log in other websites in batches. Brute force cracking refers to an attack that utilizes a large number of guesses and exhaustive ways to attempt to obtain a user's login password.
In the embodiment of the invention, different terminal devices of the same class (such as the same class of mobile phones and different classes of mobile phones and PCs) are trusted and authorized according to the high-credibility login mode of mobile phone verification codes, biological information and the like, and after authorization, multiple logins of the same account number of multiple trusted devices can be realized, for example, multiple mobile phones can simultaneously use one account number to log in, the trusted device can log in a low-credibility mode such as account number and password, thereby improving the use freedom, and when the high-credibility logging mode such as mobile phone verification codes and biological information is not required forcedly, the use convenience of a user is improved, for the security problems of equipment loss, trust authority flooding, password leakage and the like, a user can log in any terminal equipment by using a high-trust login mode, then the credibility authority authorization and the login state of other equipment are released, thereby realizing the credibility authority modification and the privacy protection, improving the safety of a user account, protecting the privacy of the user, the user can log in by using an account password after authorizing the terminal equipment to be the credibility equipment, keeping the last login state as a low credibility login mode, when the demand exists, any device is used for logging in a high-credibility logging mode, so that the logging state and trust value of all other devices can be modified, the account safety of the application program is improved, because of the protection of the trust value of the terminal equipment, a hacker cannot directly acquire the account password verification result, and at the same time, even if the correct account number and password of the user are obtained, the terminal equipment which logs in through a high-credibility login mode does not carry out authorization trust values on equipment of a hacker, the equipment of the hacker cannot realize login operation, and the login security of an application program on the terminal equipment is improved.
In order to better explain the above technical solution, fig. 3 schematically shows a flow of a method for multi-port login control according to an embodiment of the present invention.
As shown in fig. 3, the specific flow includes:
The user logs in the application program on the terminal equipment through a high-credibility login mode or a low-credibility login mode.
And judging the login mode used when the user logs in the application program on the terminal equipment, for example, determining that the login mode used by the user in the login application program is a high-credibility login mode if the login mode used by the user in the login application program is verification fingerprint information, and determining that the login mode of the user is a low-credibility login mode if the login mode used by the user in the login application program is an account password of the application program.
Whether the application program is successfully logged in on the terminal device through a high-reliability login mode is judged, for example, whether the application program is successfully logged in through verification of fingerprint information of a user.
And determining the trust value of the terminal equipment according to the identification information of the terminal equipment, and judging whether the terminal equipment is a trusted equipment according to the trust value and a second threshold value.
And the verification information passes, the application program is successfully logged in the terminal equipment, and the trust value of the terminal equipment is increased.
In step 306, the login fails and the trust value is reduced to 0.
After the application program is failed to be logged in on the terminal equipment through the high-reliability login mode, the trust value of the terminal equipment is directly reduced to 0, for example, a user logs in the application program through fingerprint information on the terminal equipment, but if the fingerprint information is failed to be verified, the login is failed, and the trust value of the terminal equipment is directly reduced to 0 and is set to be an untrusted equipment.
And determining that the terminal equipment is an untrusted equipment, namely, if the trust value of the terminal equipment is lower than a second threshold value, not allowing the user to log in an application program on the terminal equipment in a low-trusted login mode.
And judging whether the login of the application program on the terminal equipment is successful or not through a low-credibility login mode, for example, whether the application program is successfully logged in through the account password of the verification application program or not.
And after the application program is failed to be logged in on the terminal equipment in a low-credibility login mode, the trust value of the terminal equipment is reduced according to a preset reduction mode, or the trust value is directly reduced to a second threshold value (0).
In the embodiment of the invention, whether the terminal equipment is a trusted device is determined according to the acquired identification information of the terminal equipment which is logged in by the application program, so as to determine whether the application program is allowed to log in the terminal equipment, the security of the application program login is improved, then after the login is successful, the security of the application program login on the terminal equipment is improved by setting the trust value of the terminal equipment, and the terminal equipment for controlling the application program login is realized by a high-trusted login mode and a low-trusted login mode, so that potential safety hazards such as privacy leakage of users and the like existing in multi-point login are prevented.
Based on the same technical concept, fig. 4 illustrates an exemplary structure of multi-terminal login control according to an embodiment of the present invention, and the apparatus may perform a flow of a method of multi-terminal login control.
As shown in fig. 4, the apparatus specifically includes:
an obtaining module 401, configured to obtain login information sent by an application, where the login information includes identification information and login verification information of a terminal device that the application logs in; the login verification information comprises a login mode and verification information;
a processing module 402, configured to determine, if the login mode is a low trusted login mode, whether the terminal device is a trusted device according to the identification information of the terminal device; if yes, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
Optionally, the processing module 402 is further configured to:
and if the terminal equipment is determined to be the non-trusted equipment, determining that the application program is not allowed to log in.
Optionally, the processing module 402 is specifically configured to:
if the login mode is a high-reliability login mode, determining whether the application program is logged in the terminal equipment for the first time, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal equipment as the reliable equipment, and increasing the trust value of the terminal equipment;
otherwise, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased.
Optionally, the processing module 402 is further configured to:
after confirming that the application program is successfully logged in, controlling an acquisition module to acquire login modification information of a user;
and modifying the credibility authority and the login state of the application program logged on other terminal equipment according to the login modification information.
Optionally, the processing module 402 is further configured to:
and if the verification information is not verified, confirming that the login of the application program fails, and reducing the trust value.
Optionally, the processing module 402 is further configured to:
after confirming that the login of the application program fails and reducing the trust value, counting the continuous login failure times of the application program, and if the continuous login failure times are greater than a first threshold value, limiting that the application program cannot login on the terminal equipment within a set time period;
and if the trust value is smaller than a second threshold value, prohibiting the application program from logging on the terminal equipment by using a low-trust logging mode.
Based on the same technical concept, the embodiment of the invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the multi-terminal login control method according to the obtained program.
Based on the same technical concept, the embodiment of the invention also provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method of multi-port login control described above.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (9)
1. A method of multi-port login control, comprising:
acquiring login information sent by an application program, wherein the login information comprises a trust value and login verification information of terminal equipment logged in by the application program; the login verification information comprises a login mode and verification information; the trust value is the number of successful login times of logging in the application program on the terminal equipment;
if the login mode is a low-credibility login mode, determining whether the terminal equipment is credible equipment or not according to the trust value of the terminal equipment and a second threshold value; if yes, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased;
if the login mode is a high-reliability login mode, determining whether the application program is logged in the terminal equipment for the first time, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal equipment as the reliable equipment, and increasing the trust value of the terminal equipment; otherwise, skipping the step of determining whether the terminal equipment is a trusted equipment according to the trust value of the terminal equipment and a second threshold value; and verifying the verification information, and after the verification is passed, confirming that the application program is successfully logged in, and increasing the trust value of the terminal equipment.
2. The method of claim 1, wherein the method further comprises:
and if the terminal equipment is determined to be the non-trusted equipment, determining that the application program is not allowed to log in.
3. The method of claim 2, further comprising, after confirming that the application login was successful:
acquiring login modification information of a user;
and modifying the credibility authority and the login state of the application program logged on other terminal equipment according to the login modification information.
4. A method according to any one of claims 1 to 3, wherein the method further comprises:
and if the verification information is not verified, confirming that the login of the application program fails, and reducing the trust value.
5. The method of claim 4, further comprising, after confirming the application login failure and lowering the trust value:
counting the continuous login failure times of the application program, and if the continuous login failure times are larger than a first threshold value, limiting that the application program cannot be logged on the terminal equipment within a set time period;
and if the trust value is smaller than a second threshold value, prohibiting the application program from logging on the terminal equipment by using a low-trust logging mode.
6. An apparatus for multi-port login control, comprising:
the acquisition module is used for acquiring login information sent by an application program, wherein the login information comprises a trust value and login verification information of terminal equipment which the application program logs in; the login verification information comprises a login mode and verification information; the trust value is the number of successful login times of logging in the application program on the terminal equipment;
the processing module is used for determining whether the terminal equipment is a trusted equipment according to the trust value of the terminal equipment and a second threshold value if the login mode is a low trusted login mode; if yes, after the verification information is verified, the application program is confirmed to be successfully logged in, and the trust value of the terminal equipment is increased;
if the login mode is a high-reliability login mode, determining whether the application program is logged in the terminal equipment for the first time, if so, after the verification information is verified, confirming that the application program is logged in successfully, setting the terminal equipment as the reliable equipment, and increasing the trust value of the terminal equipment; otherwise, skipping the step of determining whether the terminal equipment is a trusted equipment according to the trust value of the terminal equipment and a second threshold value; and verifying the verification information, and after the verification is passed, confirming that the application program is successfully logged in, and increasing the trust value of the terminal equipment.
7. The apparatus of claim 6, wherein the processing module is further to:
and if the terminal equipment is determined to be the non-trusted equipment, determining that the application program is not allowed to log in.
8. A computing device, comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in said memory to perform the method of any of claims 1-5 in accordance with the obtained program.
9. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010393755.8A CN111581616B (en) | 2020-05-11 | 2020-05-11 | Multi-terminal login control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010393755.8A CN111581616B (en) | 2020-05-11 | 2020-05-11 | Multi-terminal login control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111581616A CN111581616A (en) | 2020-08-25 |
| CN111581616B true CN111581616B (en) | 2023-05-12 |
Family
ID=72118804
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010393755.8A Active CN111581616B (en) | 2020-05-11 | 2020-05-11 | Multi-terminal login control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111581616B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116962998A (en) * | 2022-04-15 | 2023-10-27 | 华为技术有限公司 | Verification information sending method, electronic equipment and medium |
| CN115065510A (en) * | 2022-05-30 | 2022-09-16 | 中国电信股份有限公司 | Login method, device, system, electronic equipment and readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957103B (en) * | 2014-04-17 | 2017-07-04 | 小米科技有限责任公司 | The method of safety verification, device and mobile terminal |
| CN106612180B (en) * | 2015-10-26 | 2020-06-09 | 阿里巴巴集团控股有限公司 | Method and device for realizing session identification synchronization |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
| CN106453514B (en) * | 2016-09-14 | 2020-01-10 | 广东欧珀移动通信有限公司 | Method and device for distinguishing and synchronizing chat information |
| CN110830985B (en) * | 2019-11-11 | 2022-04-29 | 重庆邮电大学 | 5G lightweight terminal access authentication method based on trust mechanism |
-
2020
- 2020-05-11 CN CN202010393755.8A patent/CN111581616B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111581616A (en) | 2020-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3607720B1 (en) | Password state machine for accessing protected resources | |
| CN107665301B (en) | Verification method and device | |
| US10110585B2 (en) | Multi-party authentication in a zero-trust distributed system | |
| KR101904338B1 (en) | Method and apparatus for user authentication and human intention verification in a mobile device | |
| US9525972B2 (en) | Systems and methods for location-based authentication | |
| US9386011B2 (en) | Systems and methods for managing resetting of user online identities or accounts | |
| US20160173485A1 (en) | System and method for recognizing malicious credential guessing attacks | |
| US11290443B2 (en) | Multi-layer authentication | |
| US8590017B2 (en) | Partial authentication for access to incremental data | |
| US9485255B1 (en) | Authentication using remote device locking | |
| US10867048B2 (en) | Dynamic security module server device and method of operating same | |
| CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
| US9237143B1 (en) | User authentication avoiding exposure of information about enumerable system resources | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| EP3687139B1 (en) | Secure provisioning and validation of access tokens in network environments | |
| US10735398B1 (en) | Rolling code authentication techniques | |
| CN110430167B (en) | Temporary account management method, electronic device, management terminal and storage medium | |
| CN111581616B (en) | Multi-terminal login control method and device | |
| CN106878335A (en) | A kind of method and system for login authentication | |
| CN112464213A (en) | Operating system access control method, device, equipment and storage medium | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| US11461744B2 (en) | Introducing variance to online system access procedures | |
| CN116707844A (en) | Behavior tracking method and device based on public account number, electronic equipment and medium | |
| CN111859362A (en) | Multi-stage identity authentication method in mobile environment and electronic device | |
| US9253174B1 (en) | Providing a second factor authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |