CN112235306B - E-commerce account verification method based on cloud security - Google Patents

E-commerce account verification method based on cloud security Download PDF

Info

Publication number
CN112235306B
CN112235306B CN202011105599.7A CN202011105599A CN112235306B CN 112235306 B CN112235306 B CN 112235306B CN 202011105599 A CN202011105599 A CN 202011105599A CN 112235306 B CN112235306 B CN 112235306B
Authority
CN
China
Prior art keywords
login
user
face image
access
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011105599.7A
Other languages
Chinese (zh)
Other versions
CN112235306A (en
Inventor
王明泽
毕明曼
杨萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Xingyun Information Technology Co.,Ltd.
Original Assignee
Shanghai Xingyun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Xingyun Information Technology Co ltd filed Critical Shanghai Xingyun Information Technology Co ltd
Priority to CN202011105599.7A priority Critical patent/CN112235306B/en
Publication of CN112235306A publication Critical patent/CN112235306A/en
Application granted granted Critical
Publication of CN112235306B publication Critical patent/CN112235306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Power Engineering (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses an electronic commerce account verification method based on cloud security, which comprises the following steps: generating an e-commerce account network access white list; acquiring an e-commerce account network access malicious IP group library; the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; the server provides a login interface of the e-commerce account for the mobile terminal according to the request, and queries whether the user has historical data of login failure in a cache of the server; the method comprises the steps of collecting face images of users and corresponding sign parameter information, comparing the collected sign parameter information with corresponding preset sign parameter ranges respectively, determining whether the collected face images are valid or not according to comparison results, if yes, matching and verifying the face image information with corresponding standard user face images in cloud storage, and if yes, logging in an e-commerce account successfully.

Description

E-commerce account verification method based on cloud security
Technical Field
The invention relates to the technical field of internet, in particular to an electronic commerce account verification method based on cloud security.
Background
Electronic commerce accounts typically have some funds in them, and thus, are associated with financial security. How to determine that an account is secure in the virtual environment of the internet is a major issue. Most e-commerce accounts adopt an identity authentication mode to prevent the account from being stolen; some current authentication modes include account number and password authentication, address authentication, problem authentication and the like, but authentication data of the authentication modes are preset when a user registers an account and are fixed, and once the authentication data are leaked, the account of the user is exposed to the risk of being stolen.
The website login is a crucial step of the website safety operation, wherein a mode of attacking the website which is commonly used by many lawbreakers is login attack, and the lawbreakers send invalid login information to the website server through multiple times of failed login, so that the website server continuously checks the invalid login information of the website, thereby occupying a large amount of resources of the website server, slowing down the response speed of the website and even causing the website to crash in severe cases. Therefore, how to prevent invalid login clicks and website login attacks and ensure the safe operation of the website and the account security of the user is a difficult problem that website technicians must solve.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an e-commerce account verification method based on cloud security. The method comprises the steps that firstly, the server intercepts and verifies a white list of an IP applying for accessing an e-commerce account; then, the user inputs login information through a login interface, and the server inquires whether the user has history data of login failure in the cache of the server; after the login information is successfully matched, the face image of the user and the corresponding sign parameter information are collected, so that the legal validity of the collected face image information is ensured, and the safety of face image identification is improved; the invention can realize multiple login protection operations and protect the login safety of the user.
The purpose of the invention can be realized by the following technical scheme: an e-commerce account verification method based on cloud security comprises the following steps:
the method comprises the following steps: generating an e-commerce account network access white list; according to the specific environment of the electronic commerce account login, setting a network IP allowing the electronic commerce account to be accessed and an access authority owned by the network IP, and generating a network access white list specific to the electronic commerce account;
step two: acquiring an e-commerce account network access malicious IP group library; analyzing time, space characteristics and maliciousness of the existing network access IP of the e-commerce account, and finally generating a malicious IP group library;
step three: the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account;
step four: the server provides a login interface of the e-commerce account for the mobile terminal according to the request; a user inputs login information through a login interface, wherein the login information comprises a login account and a login password;
step five: the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; the specific treatment process is as follows:
s51: if the historical data is empty, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal; executing the step six;
if the matching is unsuccessful, storing the current login failure time and the login failure times with the value of 1 time into a cache as new data; repeating the step five;
s52: if the historical data is not empty, dividing the historical data into a plurality of arrays according to login failure times, wherein each array comprises respective login failure time;
s53: comparing the corresponding login failure time in each array with the current login time to obtain interval time, counting the number of all arrays with the interval time being less than the specified time to determine the historical login failure times, and adding 1 to the historical login failure times to determine the new login times;
s54: comparing the new login times with the specified login times within the specified time; if the new login times exceed the specified login times, locking the user and prompting the user to login later;
if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal, and the sixth step is executed;
if the matching is unsuccessful, the current login failure time and the historical login failure times are added by 1 and stored in a cache as new data; repeating the step five;
step six: acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the collected physical sign parameter information is one, comparing the physical sign parameter information with a preset physical sign parameter range, judging whether the physical sign parameter information is in the range, and if the physical sign parameter information is in the range, proving that the face image information is valid; when a plurality of pieces of acquired physical sign parameter information exist, each piece of physical sign parameter information is compared with a corresponding preset physical sign parameter range, and the face image information is proved to be effective in the preset range;
step seven: if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, wherein the specific processing steps are as follows:
s71: carrying out line drawing processing on the collected face image to obtain a contour line of the face image; marking the face image transformed into the contour lines as a verification line graph;
s72: performing line drawing processing on the standard user face image to obtain a contour line of the standard user face image; marking the standard user face image transformed into the contour line as a reference line graph;
s73: blurring the reference line drawing picture, only reserving the line contour therein and using the line contour as a reference grating, then blurring the verification line drawing picture to reserve the line contour and mark the line contour as verification information, and overlapping the verification information with the reference grating;
s74: establishing a two-dimensional coordinate system by taking a certain point in the picture as an origin of coordinates;
s75: acquiring verification information and a plurality of reference points corresponding to each other in a reference grating; the reference point obtaining criterion is that a plurality of lines at non-coincident positions in the picture are obtained, the distance of corresponding points in the lines is calculated, and the corresponding point with the farthest distance is marked as a reference point;
s76: marking reference points in the verification information as (Xr, Yr), marking reference points in the reference raster as (Gr, Kr), r =1,. once, p;
s77: using formulas
Figure DEST_PATH_IMAGE001
Calculating to obtain a misalignment value Q; and when the misalignment value Q is smaller than a preset value, judging that the face image is successfully verified, and successfully logging in the e-commerce account.
Further, the server in step three intercepts and verifies the white list of the IP applying for accessing the e-commerce account, and the specific steps are as follows:
s31: when the external IP tries to access the e-commerce account, the white list verification is firstly carried out on the access IP, if the access IP is in the range of the white list and the authority is allowed, the access IP is allowed to access the e-commerce account, and the step four is executed; otherwise, executing S32;
s32: performing malicious analysis on the access IP which is not in the white list; the specific analysis method is as follows:
s321: marking the access IP as Aj, marking the connectivity as m, marking the domain name connected with the access IP as Dji, and marking the length corresponding to the domain name as dji, wherein the maliciousness M (Aj) of the access IP is as follows:
Figure 80388DEST_PATH_IMAGE002
(ii) a When Dji is a non-malicious domain name, s (dji) = 0; when Dji is a malicious domain name, s (dji) = 1; i =1, … …, m;
s322: and marking the IP group as B, wherein the IP group contains n access IPs, and the maliciousness of the IP group is as follows:
Figure DEST_PATH_IMAGE003
;j=1,……,n;
s323: finding out a corresponding IP group in a malicious IP group library according to the access IP, and calculating a malicious expected value E (M (B)) = of the malicious IP in the IP group
Figure 85385DEST_PATH_IMAGE004
(ii) a If M (Aj)>E (M (B)), judging the access IP as a malicious IP, and performing security early warning and access control on the malicious IP; otherwise, judging the IP as a suspicious IP and carrying out access control on the suspicious IP;
s324: storing the access IP which cannot be determined into a suspicious IP library; storing the access IP which is not in the existing white list and is not judged to be malicious into a suspicious IP library; repeated verifications are also performed when the white list and the malicious IP group library are updated.
Further, the method further comprises the steps that the user sends forgotten password information to the server through a login interface, wherein the forgotten password information comprises a login account; the specific process is as follows:
s11: the mobile terminal displays an interface which is provided by the server and used for inputting the balance value of the money of the login account;
s12: the server searches for a money balance value corresponding to the login account in the forgotten password information in the cloud storage, sends the money balance value to the third-party system, and simultaneously stores the money balance value;
s13: the server receives the money balance value input by the user, compares the money balance value input by the user with the stored money balance value, if the money balance value is the same as the stored money balance value, the server passes the authentication, the mobile terminal displays an acquisition interface provided by the server and used for acquiring the face image of the user, and the sixth step and the seventh step are continuously executed; otherwise it does not pass.
Further, the method comprises the following steps:
s21: setting a failure number value of continuously verifying the face image;
s22: when the failure times of continuously verifying the face image by the user exceed the set failure time value, locking the login interface;
s23: setting a time value for locking a login interface;
s24: and when the locking time of the login interface exceeds the set time value, unlocking the login interface and receiving the verification request of the user.
The invention has the beneficial effects that:
(1) firstly, generating an e-commerce account network access white list and an e-commerce account network access malicious IP group library; the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; if the access IP is in the white list range and the authority permits, the access IP is permitted to access the e-commerce account; safety early warning and access control are carried out on the malicious IP, and the access safety is improved;
(2) the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; if the new login times exceed the specified login times, locking the user and prompting the user to login later; if the new login times are less than or equal to the specified login times, the user state is normal, the login information of the user is matched, and frequent login attacks of illegal users on the website are effectively prevented;
(3) the face image of the user and the corresponding sign parameter information are collected, the legal validity of the collected face image information is guaranteed through the sign parameter information, the safety of face image identification is improved, and the safety of user data is guaranteed.
(4) If the password is forgotten, the user sends forgotten password information to the server through the login interface, the mobile terminal displays an interface which is provided by the server and used for inputting the money balance value of the login account, verifies the money balance value of the login account, and if the verification is successful, the mobile terminal displays an acquisition interface which is provided by the server and used for acquiring the face image of the user.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating an e-commerce account verification method based on cloud security according to the present invention.
Detailed Description
As shown in fig. 1, an e-commerce account verification method based on cloud security includes the following steps:
the method comprises the following steps: generating an e-commerce account network access white list; according to the specific environment of the electronic commerce account login, setting a network IP allowing the electronic commerce account to be accessed and an access authority owned by the network IP, and generating a network access white list specific to the electronic commerce account;
step two: acquiring an e-commerce account network access malicious IP group library; analyzing time, space characteristics and maliciousness of the existing network access IP of the e-commerce account, and finally generating a malicious IP group library;
step three: the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; the method comprises the following specific steps:
s31: when the external IP tries to access the e-commerce account, the white list verification is firstly carried out on the access IP, if the access IP is in the range of the white list and the authority is allowed, the access IP is allowed to access the e-commerce account, and the step four is executed; otherwise, executing S32;
s32: performing malicious analysis on the access IP which is not in the white list; the specific analysis method is as follows:
s321: marking the access IP as Aj, marking the connectivity as m, marking the domain name connected with the access IP as Dji, and marking the length corresponding to the domain name as dji, wherein the maliciousness M (Aj) of the access IP is as follows:
Figure DEST_PATH_IMAGE005
(ii) a When Dji is a non-malicious domain name, s (dji) = 0; when Dji is a malicious domain name, s (dji) = 1; i =1, … …, m;
s322: and marking the IP group as B, wherein the IP group contains n access IPs, and the maliciousness of the IP group is as follows:
Figure 40702DEST_PATH_IMAGE006
;j=1,……,n;
s323: finding out corresponding IP group in the malicious IP group library according to the access IP, and calculating the malicious expected value E (M) (M: (M) (M)) of the malicious IP in the IP groupB))=
Figure 269689DEST_PATH_IMAGE004
(ii) a If M (Aj)>E (M (B)), judging the access IP as a malicious IP, and performing security early warning and access control on the malicious IP; otherwise, judging the IP as a suspicious IP and carrying out access control on the suspicious IP;
s324: storing the access IP which cannot be determined into a suspicious IP library; storing the access IP which is not in the existing white list and is not judged to be malicious into a suspicious IP library; when the white list and the malicious IP group library are updated, repeated verification is carried out;
step four: the server provides a login interface of the e-commerce account for the mobile terminal according to the request; a user inputs login information through a login interface, wherein the login information comprises a login account and a login password;
step five: the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; the specific treatment process is as follows:
s51: if the historical data is empty, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal; executing the step six;
if the matching is unsuccessful, storing the current login failure time and the login failure times with the value of 1 time into a cache as new data; repeating the step five;
s52: if the historical data is not empty, dividing the historical data into a plurality of arrays according to login failure times, wherein each array comprises respective login failure time;
s53: comparing the corresponding login failure time in each array with the current login time to obtain interval time, counting the number of all arrays with the interval time being less than the specified time to determine the historical login failure times, and adding 1 to the historical login failure times to determine the new login times;
s54: comparing the new login times with the specified login times within the specified time; if the new login times exceed the specified login times, locking the user and prompting the user to login later;
if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal, and the sixth step is executed;
if the matching is unsuccessful, the current login failure time and the historical login failure times are added by 1 and stored in a cache as new data; repeating the step five;
step six: acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the collected physical sign parameter information is one, comparing the physical sign parameter information with a preset physical sign parameter range, judging whether the physical sign parameter information is in the range, and if the physical sign parameter information is in the range, proving that the face image information is valid; when a plurality of pieces of acquired physical sign parameter information exist, each piece of physical sign parameter information is compared with a corresponding preset physical sign parameter range, and the face image information is proved to be effective in the preset range;
however, the rules of the effective judgment can be determined according to the requirements of the user; for example, the safety factor required by the user is higher, if the collected sign parameter information is 4, it can be specified that the 4 sign parameter information are all in a predetermined range, the face image information is valid, and if one sign parameter information is not in the predetermined range, the face image information is invalid; if the safety factor required by the user is not high, if the sign parameter information collected by the user is still 4, it can be specified that 3 sign parameter information of the 4 kinds are in a preset range, the face image information is valid, and if 2 or more than 2 sign parameter information are not in the preset range, the face image information is invalid and the like; the specific decision rule can be determined by the user according to the actual situation;
step seven: if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, wherein the specific processing steps are as follows:
s71: carrying out line drawing processing on the collected face image to obtain a contour line of the face image; marking the face image transformed into the contour lines as a verification line graph;
s72: performing line drawing processing on the standard user face image to obtain a contour line of the standard user face image; marking the standard user face image transformed into the contour line as a reference line graph;
s73: blurring the reference line drawing picture, only reserving the line contour therein and using the line contour as a reference grating, then blurring the verification line drawing picture to reserve the line contour and mark the line contour as verification information, and overlapping the verification information with the reference grating;
s74: establishing a two-dimensional coordinate system by taking a certain point in the picture as an origin of coordinates;
s75: acquiring verification information and a plurality of reference points corresponding to each other in a reference grating; the reference point obtaining criterion is that a plurality of lines at non-coincident positions in the picture are obtained, the distance of corresponding points in the lines is calculated, and the corresponding point with the farthest distance is marked as a reference point;
s76: marking reference points in the verification information as (Xr, Yr), marking reference points in the reference raster as (Gr, Kr), r =1,. once, p;
s77: using formulas
Figure 802302DEST_PATH_IMAGE001
Calculating to obtain a misalignment value Q; and when the misalignment value Q is smaller than a preset value, judging that the face image is successfully verified, and successfully logging in the e-commerce account.
The method further comprises the steps that a user sends forgotten password information to the server through a login interface, wherein the forgotten password information comprises a login account; the specific process is as follows:
s11: the mobile terminal displays an interface which is provided by the server and used for inputting the balance value of the money of the login account;
s12: the server searches for a money balance value corresponding to the login account in the forgotten password information in the cloud storage, sends the money balance value to the third-party system, and simultaneously stores the money balance value;
s13: the server receives the money balance value input by the user, compares the money balance value input by the user with the stored money balance value, if the money balance value is the same as the stored money balance value, the server passes the authentication, the mobile terminal displays an acquisition interface provided by the server and used for acquiring the face image of the user, and the sixth step and the seventh step are continuously executed; otherwise it does not pass.
And the third-party system is a mobile terminal pre-bound for the login account by the user.
The method further comprises the steps of:
s21: setting a failure number value of continuously verifying the face image;
s22: when the failure times of continuously verifying the face image by the user exceed the set failure time value, locking the login interface;
s23: setting a time value for locking a login interface;
s24: and when the locking time of the login interface exceeds the set time value, unlocking the login interface and receiving the verification request of the user.
The invention is implemented as follows: firstly, generating an e-commerce account network access white list and an e-commerce account network access malicious IP group library; the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; if the access IP is in the white list range and the authority permits, the access IP is permitted to access the e-commerce account;
the server provides a login interface of the e-commerce account for the mobile terminal according to the request; the method comprises the steps that a user inputs login information through a login interface, a server matches a login account and a login password input by the user with a login account and a login password when the corresponding user registers, and the server inquires whether historical data of login failure exists in a cache of the server or not when the login account and the login password are matched; if the new login times exceed the specified login times, locking the user and prompting the user to login later; if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal;
acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, and if verification is successful, successfully logging in an e-commerce account;
if the password is forgotten, the user sends forgotten password information to the server through a login interface, the forgotten password information comprises a login account number, the mobile terminal displays an interface which is provided by the server and used for inputting the money balance value of the login account number, the money balance value of the login account number is verified, and the verification is successful, the mobile terminal displays an acquisition interface which is provided by the server and used for acquiring a face image of the user, and acquires the face image of the user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
and if the face image information is valid, matching and verifying the face image information and the corresponding standard user face image in the cloud storage, and if the verification is successful, successfully logging in the e-commerce account.
The above formulas are all obtained by collecting a large amount of data to perform software simulation and performing parameter setting processing by corresponding experts, and the formulas are in accordance with real results.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.

Claims (4)

1. An e-commerce account verification method based on cloud security is characterized by comprising the following steps:
the method comprises the following steps: generating an e-commerce account network access white list; according to the specific environment of the electronic commerce account login, setting a network IP allowing the electronic commerce account to be accessed and an access authority owned by the network IP, and generating a network access white list specific to the electronic commerce account;
step two: acquiring an e-commerce account network access malicious IP group library; analyzing time, space characteristics and maliciousness of the existing network access IP of the e-commerce account, and finally generating a malicious IP group library;
step three: the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account;
step four: the server provides a login interface of the e-commerce account for the mobile terminal according to the request; a user inputs login information through a login interface, wherein the login information comprises a login account and a login password;
step five: the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; the specific treatment process is as follows:
s51: if the historical data is empty, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal; executing the step six;
if the matching is unsuccessful, storing the current login failure time and the login failure times with the value of 1 into a cache as new data; repeating the step five;
s52: if the historical data is not empty, dividing the historical data into a plurality of arrays according to login failure times, wherein each array comprises respective login failure time;
s53: comparing the corresponding login failure time in each array with the current login time to obtain interval time, counting the number of all arrays with the interval time being less than the specified time to determine the historical login failure times, and adding 1 to the historical login failure times to determine the new login times;
s54: comparing the new login times with the specified login times within the specified time; if the new login times exceed the specified login times, locking the user and prompting the user to login later;
if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal, and the sixth step is executed;
if the matching is unsuccessful, the current login failure time and the historical login failure times are added by 1 and stored in a cache as new data; repeating the step five;
step six: acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
step seven: if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, wherein the specific processing steps are as follows:
s71: carrying out line drawing processing on the collected face image to obtain a contour line of the face image; marking the face image transformed into the contour lines as a verification line graph;
s72: performing line drawing processing on the standard user face image to obtain a contour line of the standard user face image; marking the standard user face image transformed into the contour line as a reference line graph;
s73: blurring the reference line drawing picture, only reserving the line contour therein and using the line contour as a reference grating, then blurring the verification line drawing picture to reserve the line contour and mark the line contour as verification information, and overlapping the verification information with the reference grating;
s74: establishing a two-dimensional coordinate system by taking a certain point in the picture as an origin of coordinates;
s75: acquiring verification information and a plurality of reference points corresponding to each other in a reference grating; the reference point obtaining criterion is that a plurality of lines at non-coincident positions in the picture are obtained, the distance of corresponding points in the lines is calculated, and the corresponding point with the farthest distance is marked as a reference point;
s76: marking reference points in the verification information as (Xr, Yr), marking reference points in the reference raster as (Gr, Kr), r =1,. once, p;
s77: using formulas
Figure DEST_PATH_IMAGE002
Calculating to obtain a misalignment value Q; and when the misalignment value Q is smaller than a preset value, judging that the face image is successfully verified, and successfully logging in the e-commerce account.
2. The method for verifying the e-commerce account based on the cloud security as claimed in claim 1, wherein the server intercepts and verifies the white list of the IP applying for accessing the e-commerce account in step three, and the specific steps are as follows:
s31: when the external IP tries to access the e-commerce account, performing white list verification on the access IP, if the access IP is in the range of the white list and the authority permits, allowing the access IP to access the e-commerce account, and executing a fourth step; otherwise, executing S32;
s32: performing malicious analysis on the access IP which is not in the white list; the specific analysis method is as follows:
s321: marking the access IP as Aj, marking the connectivity as m, marking the domain name connected with the access IP as Dji, and marking the length corresponding to the domain name as dji, wherein the maliciousness M (Aj) of the access IP is as follows:
Figure DEST_PATH_IMAGE004
(ii) a When Dji is a non-malicious domain name, s (dji) = 0; when Dji is a malicious domain name, s (dji) = 1; i =1, … …, m;
s322: and marking the IP group as B, wherein the IP group contains n access IPs, and the maliciousness of the IP group is as follows:
Figure DEST_PATH_IMAGE006
;j=1,……,n;
s323: finding a corresponding IP group in a malicious IP group library according to the access IP, and calculating a malicious expected value E (M (B)) =1/n multiplied by M (B)) of the malicious IP in the IP group; if M (aj) > E (M (B)), the access IP is judged to be a malicious IP, and security early warning and access control are carried out on the malicious IP; otherwise, judging the IP as a suspicious IP and carrying out access control on the suspicious IP;
s324: storing the access IP which cannot be determined into a suspicious IP library; storing the access IP which is not in the existing white list and is not judged to be malicious into a suspicious IP library; repeated verifications are also performed when the white list and the malicious IP group library are updated.
3. The cloud security-based e-commerce account verification method of claim 1, further comprising the steps of sending forgotten password information to the server through a login interface by the user, wherein the forgotten password information comprises a login account number; the specific process is as follows:
s11: the mobile terminal displays an interface which is provided by the server and used for inputting the balance value of the money of the login account;
s12: the server searches for a money balance value corresponding to the login account in the forgotten password information in the cloud storage, sends the money balance value to the third-party system, and simultaneously stores the money balance value;
s13: the server receives the money balance value input by the user, compares the money balance value input by the user with the stored money balance value, if the money balance value is the same as the stored money balance value, the server passes the authentication, the mobile terminal displays an acquisition interface provided by the server and used for acquiring the face image of the user, and the sixth step and the seventh step are continuously executed; otherwise it does not pass.
4. The method for verifying the e-commerce account based on the cloud security as claimed in claim 1, wherein the method further comprises the following steps:
s21: setting a failure number value of continuously verifying the face image;
s22: when the failure times of continuously verifying the face image by the user exceed the set failure time value, locking the login interface;
s23: setting a time value for locking a login interface;
s24: and when the locking time of the login interface exceeds the set time value, unlocking the login interface and receiving the verification request of the user.
CN202011105599.7A 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security Active CN112235306B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011105599.7A CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011105599.7A CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Publications (2)

Publication Number Publication Date
CN112235306A CN112235306A (en) 2021-01-15
CN112235306B true CN112235306B (en) 2021-10-26

Family

ID=74117986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011105599.7A Active CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Country Status (1)

Country Link
CN (1) CN112235306B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556318B (en) * 2021-06-07 2023-07-07 广西叫酒网络科技有限公司 Electronic commerce verification method based on cloud security
CN113515575A (en) * 2021-06-16 2021-10-19 北京格灵深瞳信息技术股份有限公司 Associated data processing method and device, electronic equipment and storage medium
CN115037733A (en) * 2022-06-24 2022-09-09 明峰医疗系统股份有限公司 Remote control system and method of CT (computed tomography) equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107800672A (en) * 2016-09-06 2018-03-13 腾讯科技(深圳)有限公司 A kind of Information Authentication method, electronic equipment, server and information authentication system
US10091221B1 (en) * 2015-03-13 2018-10-02 Snap Inc. Systems and methods for IP-based intrusion detection
CN110647729A (en) * 2018-06-27 2020-01-03 深圳联友科技有限公司 Login verification method and system
CN111666553A (en) * 2020-07-17 2020-09-15 江苏荣泽信息科技股份有限公司 Block chain identity authority management method based on distributed PKI

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140341444A1 (en) * 2013-05-14 2014-11-20 Tencent Technology (Shenzhen) Company Limited Systems and Methods for User Login
CN105897670A (en) * 2015-11-13 2016-08-24 乐视云计算有限公司 Website user login authentication method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10091221B1 (en) * 2015-03-13 2018-10-02 Snap Inc. Systems and methods for IP-based intrusion detection
CN107800672A (en) * 2016-09-06 2018-03-13 腾讯科技(深圳)有限公司 A kind of Information Authentication method, electronic equipment, server and information authentication system
CN110647729A (en) * 2018-06-27 2020-01-03 深圳联友科技有限公司 Login verification method and system
CN111666553A (en) * 2020-07-17 2020-09-15 江苏荣泽信息科技股份有限公司 Block chain identity authority management method based on distributed PKI

Also Published As

Publication number Publication date
CN112235306A (en) 2021-01-15

Similar Documents

Publication Publication Date Title
CN112235306B (en) E-commerce account verification method based on cloud security
CN107426181B (en) The hold-up interception method and device of malice web access request
US8214892B2 (en) Password authentication system and methods
US8843516B2 (en) Internet security
US8171287B2 (en) Access control system for information services based on a hardware and software signature of a requesting device
US10373135B2 (en) System and method for performing secure online banking transactions
CN111083165B (en) Login interception method and system based on combined anti-collision library platform
EP3011721B1 (en) System and method for filtering electronic messages
CN116938590A (en) Cloud security management method and system based on virtualization technology
EP4068125B1 (en) Method of monitoring and protecting access to an online service
CN113938312B (en) Method and device for detecting violent cracking flow
CN112822176B (en) Remote APP identity authentication method
CN111949952B (en) Method for processing verification code request and computer-readable storage medium
CN117201060A (en) Method and related device for authorizing access to resources by zero-trust access subject identity authentication
CN116915456A (en) Authentication method, device, system, terminal equipment and medium
CN109981611A (en) A kind of safety defense method and device of multi-platform account
CN111064731B (en) Identification method and identification device for access authority of browser request and terminal
Nokovic et al. API security risk assessment based on dynamic ML models
CN109743303B (en) Application protection method, device, system and storage medium
Knickerbocker et al. Humboldt: A distributed phishing disruption system
CN112765588A (en) Identity recognition method and device, electronic equipment and storage medium
Patel Biometrics based access framework for secure cloud computing
Alalayah Pattern Image based Dynamic Framework for Security in Web Application
EP3306508A1 (en) System and method for performing secure online banking transactions
CN117939464A (en) Override handling system and method based on white list

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211012

Address after: Room 202, 2f, No. 11, Lane 1500, Kongjiang Road, Yangpu District, Shanghai 200093

Applicant after: Shanghai Xingyun Information Technology Co.,Ltd.

Address before: 518110 2105-2106 Shangyousong village Shangyou mansion, Yousong community, Longhua street, Longhua District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen Xingyi Technology Service Co.,Ltd.