CN112235306B - E-commerce account verification method based on cloud security - Google Patents

E-commerce account verification method based on cloud security Download PDF

Info

Publication number
CN112235306B
CN112235306B CN202011105599.7A CN202011105599A CN112235306B CN 112235306 B CN112235306 B CN 112235306B CN 202011105599 A CN202011105599 A CN 202011105599A CN 112235306 B CN112235306 B CN 112235306B
Authority
CN
China
Prior art keywords
login
user
access
information
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011105599.7A
Other languages
Chinese (zh)
Other versions
CN112235306A (en
Inventor
王明泽
毕明曼
杨萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANGHAI HAOYUN INFORMATION TECHNOLOGY CO LTD
Original Assignee
Shanghai Xingyun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Xingyun Information Technology Co ltd filed Critical Shanghai Xingyun Information Technology Co ltd
Priority to CN202011105599.7A priority Critical patent/CN112235306B/en
Publication of CN112235306A publication Critical patent/CN112235306A/en
Application granted granted Critical
Publication of CN112235306B publication Critical patent/CN112235306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Power Engineering (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明公开了一种基于云安全的电子商务账户验证方法,包括:生成电子商务账户网络访问白名单;获取电子商务账户网络访问恶意IP组库;服务器接收移动终端发送的进入电子商务账户的请求,同时服务器对申请访问电子商务账户的IP进行拦截和白名单验证;服务器根据请求向移动终端提供电子商务账户的登录界面,服务器查询用户在服务器的缓存中是否存在登录失败的历史数据;采集用户的脸部图像及对应的体征参数信息,将采集的体征参数信息分别与对应的预定体征参数范围进行比较,并根据比较结果确定采集到的脸部图像是否有效,若有效,则将脸部图像信息与云存储中的相应的标准用户脸部图像进行匹配验证,验证成功,则成功登录电子商务账户。

Figure 202011105599

The invention discloses a cloud security-based e-commerce account verification method, comprising: generating an e-commerce account network access whitelist; acquiring a malicious IP group database for e-commerce account network access; and a server receiving a request sent by a mobile terminal to enter the e-commerce account At the same time, the server intercepts and whitelists the IP that applies for accessing the e-commerce account; the server provides the mobile terminal with the login interface of the e-commerce account according to the request, and the server queries whether the user has historical data of login failure in the cache of the server; collects the user The collected face image and the corresponding sign parameter information are compared, respectively, and the collected sign parameter information is compared with the corresponding predetermined sign parameter range, and according to the comparison result, it is determined whether the collected face image is valid. The information is matched and verified with the corresponding standard user face image in the cloud storage. If the verification is successful, the e-commerce account is successfully logged in.

Figure 202011105599

Description

E-commerce account verification method based on cloud security
Technical Field
The invention relates to the technical field of internet, in particular to an electronic commerce account verification method based on cloud security.
Background
Electronic commerce accounts typically have some funds in them, and thus, are associated with financial security. How to determine that an account is secure in the virtual environment of the internet is a major issue. Most e-commerce accounts adopt an identity authentication mode to prevent the account from being stolen; some current authentication modes include account number and password authentication, address authentication, problem authentication and the like, but authentication data of the authentication modes are preset when a user registers an account and are fixed, and once the authentication data are leaked, the account of the user is exposed to the risk of being stolen.
The website login is a crucial step of the website safety operation, wherein a mode of attacking the website which is commonly used by many lawbreakers is login attack, and the lawbreakers send invalid login information to the website server through multiple times of failed login, so that the website server continuously checks the invalid login information of the website, thereby occupying a large amount of resources of the website server, slowing down the response speed of the website and even causing the website to crash in severe cases. Therefore, how to prevent invalid login clicks and website login attacks and ensure the safe operation of the website and the account security of the user is a difficult problem that website technicians must solve.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an e-commerce account verification method based on cloud security. The method comprises the steps that firstly, the server intercepts and verifies a white list of an IP applying for accessing an e-commerce account; then, the user inputs login information through a login interface, and the server inquires whether the user has history data of login failure in the cache of the server; after the login information is successfully matched, the face image of the user and the corresponding sign parameter information are collected, so that the legal validity of the collected face image information is ensured, and the safety of face image identification is improved; the invention can realize multiple login protection operations and protect the login safety of the user.
The purpose of the invention can be realized by the following technical scheme: an e-commerce account verification method based on cloud security comprises the following steps:
the method comprises the following steps: generating an e-commerce account network access white list; according to the specific environment of the electronic commerce account login, setting a network IP allowing the electronic commerce account to be accessed and an access authority owned by the network IP, and generating a network access white list specific to the electronic commerce account;
step two: acquiring an e-commerce account network access malicious IP group library; analyzing time, space characteristics and maliciousness of the existing network access IP of the e-commerce account, and finally generating a malicious IP group library;
step three: the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account;
step four: the server provides a login interface of the e-commerce account for the mobile terminal according to the request; a user inputs login information through a login interface, wherein the login information comprises a login account and a login password;
step five: the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; the specific treatment process is as follows:
s51: if the historical data is empty, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal; executing the step six;
if the matching is unsuccessful, storing the current login failure time and the login failure times with the value of 1 time into a cache as new data; repeating the step five;
s52: if the historical data is not empty, dividing the historical data into a plurality of arrays according to login failure times, wherein each array comprises respective login failure time;
s53: comparing the corresponding login failure time in each array with the current login time to obtain interval time, counting the number of all arrays with the interval time being less than the specified time to determine the historical login failure times, and adding 1 to the historical login failure times to determine the new login times;
s54: comparing the new login times with the specified login times within the specified time; if the new login times exceed the specified login times, locking the user and prompting the user to login later;
if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal, and the sixth step is executed;
if the matching is unsuccessful, the current login failure time and the historical login failure times are added by 1 and stored in a cache as new data; repeating the step five;
step six: acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the collected physical sign parameter information is one, comparing the physical sign parameter information with a preset physical sign parameter range, judging whether the physical sign parameter information is in the range, and if the physical sign parameter information is in the range, proving that the face image information is valid; when a plurality of pieces of acquired physical sign parameter information exist, each piece of physical sign parameter information is compared with a corresponding preset physical sign parameter range, and the face image information is proved to be effective in the preset range;
step seven: if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, wherein the specific processing steps are as follows:
s71: carrying out line drawing processing on the collected face image to obtain a contour line of the face image; marking the face image transformed into the contour lines as a verification line graph;
s72: performing line drawing processing on the standard user face image to obtain a contour line of the standard user face image; marking the standard user face image transformed into the contour line as a reference line graph;
s73: blurring the reference line drawing picture, only reserving the line contour therein and using the line contour as a reference grating, then blurring the verification line drawing picture to reserve the line contour and mark the line contour as verification information, and overlapping the verification information with the reference grating;
s74: establishing a two-dimensional coordinate system by taking a certain point in the picture as an origin of coordinates;
s75: acquiring verification information and a plurality of reference points corresponding to each other in a reference grating; the reference point obtaining criterion is that a plurality of lines at non-coincident positions in the picture are obtained, the distance of corresponding points in the lines is calculated, and the corresponding point with the farthest distance is marked as a reference point;
s76: marking reference points in the verification information as (Xr, Yr), marking reference points in the reference raster as (Gr, Kr), r =1,. once, p;
s77: using formulas
Figure DEST_PATH_IMAGE001
Calculating to obtain a misalignment value Q; and when the misalignment value Q is smaller than a preset value, judging that the face image is successfully verified, and successfully logging in the e-commerce account.
Further, the server in step three intercepts and verifies the white list of the IP applying for accessing the e-commerce account, and the specific steps are as follows:
s31: when the external IP tries to access the e-commerce account, the white list verification is firstly carried out on the access IP, if the access IP is in the range of the white list and the authority is allowed, the access IP is allowed to access the e-commerce account, and the step four is executed; otherwise, executing S32;
s32: performing malicious analysis on the access IP which is not in the white list; the specific analysis method is as follows:
s321: marking the access IP as Aj, marking the connectivity as m, marking the domain name connected with the access IP as Dji, and marking the length corresponding to the domain name as dji, wherein the maliciousness M (Aj) of the access IP is as follows:
Figure 80388DEST_PATH_IMAGE002
(ii) a When Dji is a non-malicious domain name, s (dji) = 0; when Dji is a malicious domain name, s (dji) = 1; i =1, … …, m;
s322: and marking the IP group as B, wherein the IP group contains n access IPs, and the maliciousness of the IP group is as follows:
Figure DEST_PATH_IMAGE003
;j=1,……,n;
s323: finding out a corresponding IP group in a malicious IP group library according to the access IP, and calculating a malicious expected value E (M (B)) = of the malicious IP in the IP group
Figure 85385DEST_PATH_IMAGE004
(ii) a If M (Aj)>E (M (B)), judging the access IP as a malicious IP, and performing security early warning and access control on the malicious IP; otherwise, judging the IP as a suspicious IP and carrying out access control on the suspicious IP;
s324: storing the access IP which cannot be determined into a suspicious IP library; storing the access IP which is not in the existing white list and is not judged to be malicious into a suspicious IP library; repeated verifications are also performed when the white list and the malicious IP group library are updated.
Further, the method further comprises the steps that the user sends forgotten password information to the server through a login interface, wherein the forgotten password information comprises a login account; the specific process is as follows:
s11: the mobile terminal displays an interface which is provided by the server and used for inputting the balance value of the money of the login account;
s12: the server searches for a money balance value corresponding to the login account in the forgotten password information in the cloud storage, sends the money balance value to the third-party system, and simultaneously stores the money balance value;
s13: the server receives the money balance value input by the user, compares the money balance value input by the user with the stored money balance value, if the money balance value is the same as the stored money balance value, the server passes the authentication, the mobile terminal displays an acquisition interface provided by the server and used for acquiring the face image of the user, and the sixth step and the seventh step are continuously executed; otherwise it does not pass.
Further, the method comprises the following steps:
s21: setting a failure number value of continuously verifying the face image;
s22: when the failure times of continuously verifying the face image by the user exceed the set failure time value, locking the login interface;
s23: setting a time value for locking a login interface;
s24: and when the locking time of the login interface exceeds the set time value, unlocking the login interface and receiving the verification request of the user.
The invention has the beneficial effects that:
(1) firstly, generating an e-commerce account network access white list and an e-commerce account network access malicious IP group library; the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; if the access IP is in the white list range and the authority permits, the access IP is permitted to access the e-commerce account; safety early warning and access control are carried out on the malicious IP, and the access safety is improved;
(2) the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; if the new login times exceed the specified login times, locking the user and prompting the user to login later; if the new login times are less than or equal to the specified login times, the user state is normal, the login information of the user is matched, and frequent login attacks of illegal users on the website are effectively prevented;
(3) the face image of the user and the corresponding sign parameter information are collected, the legal validity of the collected face image information is guaranteed through the sign parameter information, the safety of face image identification is improved, and the safety of user data is guaranteed.
(4) If the password is forgotten, the user sends forgotten password information to the server through the login interface, the mobile terminal displays an interface which is provided by the server and used for inputting the money balance value of the login account, verifies the money balance value of the login account, and if the verification is successful, the mobile terminal displays an acquisition interface which is provided by the server and used for acquiring the face image of the user.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating an e-commerce account verification method based on cloud security according to the present invention.
Detailed Description
As shown in fig. 1, an e-commerce account verification method based on cloud security includes the following steps:
the method comprises the following steps: generating an e-commerce account network access white list; according to the specific environment of the electronic commerce account login, setting a network IP allowing the electronic commerce account to be accessed and an access authority owned by the network IP, and generating a network access white list specific to the electronic commerce account;
step two: acquiring an e-commerce account network access malicious IP group library; analyzing time, space characteristics and maliciousness of the existing network access IP of the e-commerce account, and finally generating a malicious IP group library;
step three: the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; the method comprises the following specific steps:
s31: when the external IP tries to access the e-commerce account, the white list verification is firstly carried out on the access IP, if the access IP is in the range of the white list and the authority is allowed, the access IP is allowed to access the e-commerce account, and the step four is executed; otherwise, executing S32;
s32: performing malicious analysis on the access IP which is not in the white list; the specific analysis method is as follows:
s321: marking the access IP as Aj, marking the connectivity as m, marking the domain name connected with the access IP as Dji, and marking the length corresponding to the domain name as dji, wherein the maliciousness M (Aj) of the access IP is as follows:
Figure DEST_PATH_IMAGE005
(ii) a When Dji is a non-malicious domain name, s (dji) = 0; when Dji is a malicious domain name, s (dji) = 1; i =1, … …, m;
s322: and marking the IP group as B, wherein the IP group contains n access IPs, and the maliciousness of the IP group is as follows:
Figure 40702DEST_PATH_IMAGE006
;j=1,……,n;
s323: finding out corresponding IP group in the malicious IP group library according to the access IP, and calculating the malicious expected value E (M) (M: (M) (M)) of the malicious IP in the IP groupB))=
Figure 269689DEST_PATH_IMAGE004
(ii) a If M (Aj)>E (M (B)), judging the access IP as a malicious IP, and performing security early warning and access control on the malicious IP; otherwise, judging the IP as a suspicious IP and carrying out access control on the suspicious IP;
s324: storing the access IP which cannot be determined into a suspicious IP library; storing the access IP which is not in the existing white list and is not judged to be malicious into a suspicious IP library; when the white list and the malicious IP group library are updated, repeated verification is carried out;
step four: the server provides a login interface of the e-commerce account for the mobile terminal according to the request; a user inputs login information through a login interface, wherein the login information comprises a login account and a login password;
step five: the server matches a login account and a login password input by a user with a login account and a login password when the corresponding user registers, and queries whether historical data of login failure exists in a cache of the server by the user when the login account and the login password are matched; the specific treatment process is as follows:
s51: if the historical data is empty, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal; executing the step six;
if the matching is unsuccessful, storing the current login failure time and the login failure times with the value of 1 time into a cache as new data; repeating the step five;
s52: if the historical data is not empty, dividing the historical data into a plurality of arrays according to login failure times, wherein each array comprises respective login failure time;
s53: comparing the corresponding login failure time in each array with the current login time to obtain interval time, counting the number of all arrays with the interval time being less than the specified time to determine the historical login failure times, and adding 1 to the historical login failure times to determine the new login times;
s54: comparing the new login times with the specified login times within the specified time; if the new login times exceed the specified login times, locking the user and prompting the user to login later;
if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal, and the sixth step is executed;
if the matching is unsuccessful, the current login failure time and the historical login failure times are added by 1 and stored in a cache as new data; repeating the step five;
step six: acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the collected physical sign parameter information is one, comparing the physical sign parameter information with a preset physical sign parameter range, judging whether the physical sign parameter information is in the range, and if the physical sign parameter information is in the range, proving that the face image information is valid; when a plurality of pieces of acquired physical sign parameter information exist, each piece of physical sign parameter information is compared with a corresponding preset physical sign parameter range, and the face image information is proved to be effective in the preset range;
however, the rules of the effective judgment can be determined according to the requirements of the user; for example, the safety factor required by the user is higher, if the collected sign parameter information is 4, it can be specified that the 4 sign parameter information are all in a predetermined range, the face image information is valid, and if one sign parameter information is not in the predetermined range, the face image information is invalid; if the safety factor required by the user is not high, if the sign parameter information collected by the user is still 4, it can be specified that 3 sign parameter information of the 4 kinds are in a preset range, the face image information is valid, and if 2 or more than 2 sign parameter information are not in the preset range, the face image information is invalid and the like; the specific decision rule can be determined by the user according to the actual situation;
step seven: if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, wherein the specific processing steps are as follows:
s71: carrying out line drawing processing on the collected face image to obtain a contour line of the face image; marking the face image transformed into the contour lines as a verification line graph;
s72: performing line drawing processing on the standard user face image to obtain a contour line of the standard user face image; marking the standard user face image transformed into the contour line as a reference line graph;
s73: blurring the reference line drawing picture, only reserving the line contour therein and using the line contour as a reference grating, then blurring the verification line drawing picture to reserve the line contour and mark the line contour as verification information, and overlapping the verification information with the reference grating;
s74: establishing a two-dimensional coordinate system by taking a certain point in the picture as an origin of coordinates;
s75: acquiring verification information and a plurality of reference points corresponding to each other in a reference grating; the reference point obtaining criterion is that a plurality of lines at non-coincident positions in the picture are obtained, the distance of corresponding points in the lines is calculated, and the corresponding point with the farthest distance is marked as a reference point;
s76: marking reference points in the verification information as (Xr, Yr), marking reference points in the reference raster as (Gr, Kr), r =1,. once, p;
s77: using formulas
Figure 802302DEST_PATH_IMAGE001
Calculating to obtain a misalignment value Q; and when the misalignment value Q is smaller than a preset value, judging that the face image is successfully verified, and successfully logging in the e-commerce account.
The method further comprises the steps that a user sends forgotten password information to the server through a login interface, wherein the forgotten password information comprises a login account; the specific process is as follows:
s11: the mobile terminal displays an interface which is provided by the server and used for inputting the balance value of the money of the login account;
s12: the server searches for a money balance value corresponding to the login account in the forgotten password information in the cloud storage, sends the money balance value to the third-party system, and simultaneously stores the money balance value;
s13: the server receives the money balance value input by the user, compares the money balance value input by the user with the stored money balance value, if the money balance value is the same as the stored money balance value, the server passes the authentication, the mobile terminal displays an acquisition interface provided by the server and used for acquiring the face image of the user, and the sixth step and the seventh step are continuously executed; otherwise it does not pass.
And the third-party system is a mobile terminal pre-bound for the login account by the user.
The method further comprises the steps of:
s21: setting a failure number value of continuously verifying the face image;
s22: when the failure times of continuously verifying the face image by the user exceed the set failure time value, locking the login interface;
s23: setting a time value for locking a login interface;
s24: and when the locking time of the login interface exceeds the set time value, unlocking the login interface and receiving the verification request of the user.
The invention is implemented as follows: firstly, generating an e-commerce account network access white list and an e-commerce account network access malicious IP group library; the server receives a request for entering the e-commerce account sent by the mobile terminal, and simultaneously intercepts and verifies a white list of an IP (Internet protocol) applying for accessing the e-commerce account; if the access IP is in the white list range and the authority permits, the access IP is permitted to access the e-commerce account;
the server provides a login interface of the e-commerce account for the mobile terminal according to the request; the method comprises the steps that a user inputs login information through a login interface, a server matches a login account and a login password input by the user with a login account and a login password when the corresponding user registers, and the server inquires whether historical data of login failure exists in a cache of the server or not when the login account and the login password are matched; if the new login times exceed the specified login times, locking the user and prompting the user to login later; if the new login times are less than or equal to the specified login times, the user state is normal, and the login information of the user is matched; if the matching is successful, the server provides a collection interface for collecting the face image of the user for the mobile terminal;
acquiring a face image of a user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
if the face image information is valid, matching and verifying the face image information and a corresponding standard user face image in cloud storage, and if verification is successful, successfully logging in an e-commerce account;
if the password is forgotten, the user sends forgotten password information to the server through a login interface, the forgotten password information comprises a login account number, the mobile terminal displays an interface which is provided by the server and used for inputting the money balance value of the login account number, the money balance value of the login account number is verified, and the verification is successful, the mobile terminal displays an acquisition interface which is provided by the server and used for acquiring a face image of the user, and acquires the face image of the user and corresponding sign parameter information; the physical sign parameter information comprises body temperature information, pulse information and heart rate information; respectively comparing the acquired physical sign parameter information with corresponding predetermined physical sign parameter ranges, and determining whether the acquired face image is valid according to a comparison result;
and if the face image information is valid, matching and verifying the face image information and the corresponding standard user face image in the cloud storage, and if the verification is successful, successfully logging in the e-commerce account.
The above formulas are all obtained by collecting a large amount of data to perform software simulation and performing parameter setting processing by corresponding experts, and the formulas are in accordance with real results.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.

Claims (4)

1.一种基于云安全的电子商务账户验证方法,其特征在于,包括如下步骤:1. a cloud-based e-commerce account verification method, is characterized in that, comprises the steps: 步骤一:生成电子商务账户网络访问白名单;根据电子商务账户登录的具体环境,设定允许访问该电子商务账户的网络IP及其拥有的访问权限,生成该电子商务账户特有的网络访问白名单;Step 1: Generate an e-commerce account network access whitelist; according to the specific environment of the e-commerce account login, set the network IP that is allowed to access the e-commerce account and the access rights it has, and generate a network access whitelist unique to the e-commerce account ; 步骤二:获取电子商务账户网络访问恶意IP组库;对已有的电子商务账户网络访问IP进行时间、空间特性和恶意性分析,并最终生成恶意IP组库;Step 2: Obtain the malicious IP group library for network access of the e-commerce account; analyze the time, space characteristics and maliciousness of the existing e-commerce account network access IP, and finally generate the malicious IP group library; 步骤三:服务器接收移动终端发送的进入电子商务账户的请求,同时服务器对申请访问电子商务账户的IP进行拦截和白名单验证;Step 3: the server receives the request to enter the e-commerce account sent by the mobile terminal, and at the same time, the server intercepts and whitelists the IP that applies for accessing the e-commerce account; 步骤四:服务器根据请求向移动终端提供电子商务账户的登录界面;用户通过登录界面输入登录信息,所述登录信息包括登录账号和登录密码;Step 4: the server provides a login interface of an e-commerce account to the mobile terminal according to the request; the user inputs login information through the login interface, and the login information includes a login account and a login password; 步骤五:服务器将用户输入的登录账号和登录密码与相应用户注册时的登录账号和登录密码进行匹配,匹配时服务器查询用户在服务器的缓存中是否存在登录失败的历史数据;具体处理过程如下:Step 5: The server matches the login account and login password entered by the user with the login account and login password of the corresponding user during registration. When matching, the server queries whether the user has historical data of login failure in the server's cache; the specific processing process is as follows: S51:若历史数据为空,则表示用户状态正常,对用户的登录信息进行匹配;若匹配成功,所述服务器向移动终端提供用于采集用户脸部图像的采集界面;执行步骤六;S51: if the historical data is empty, it means that the user status is normal, and the user's login information is matched; if the matching is successful, the server provides the mobile terminal with a collection interface for collecting the user's face image; execute step 6; 若匹配不成功,则将当前的登录失败时间与值为1的登录失败次数存储到缓存中作为新数据;重复步骤五;If the match is unsuccessful, the current login failure time and the number of login failures with a value of 1 are stored in the cache as new data; repeat step 5; S52:若历史数据不为空,则将历史数据按照登录失败次数分为多个数组,其中每个数组包含有各自的登录失败时间;S52: If the historical data is not empty, divide the historical data into multiple arrays according to the number of login failures, and each array contains its own login failure time; S53:将每个数组中的所对应的登录失败时间与当前登录时间进行比较得到间隔时间,统计间隔时间小于规定时间的所有数组的个数以确定历史登录失败次数,并根据历史登录失败次数加1确定新登录次数;S53: Compare the corresponding login failure time in each array with the current login time to obtain the interval time, count the number of all arrays whose interval time is less than the specified time to determine the number of historical login failures, and add the number of historical login failures according to the number of historical login failures. 1 Determine the number of new logins; S54:比较新登录次数与规定时间内的规定登录次数;若新登录次数超过了规定登录次数,则锁定用户,并提示稍后登录;S54: Compare the number of new logins with the specified number of logins within the specified time; if the number of new logins exceeds the specified number of logins, lock the user and prompt to log in later; 若新登录次数小于或等于规定登录次数,则表示用户状态正常,对用户的登录信息进行匹配;若匹配成功,所述服务器向移动终端提供用于采集用户脸部图像的采集界面,执行步骤六;If the number of new logins is less than or equal to the specified number of logins, it means that the user status is normal, and the user's login information is matched; if the matching is successful, the server provides the mobile terminal with a collection interface for collecting the user's face image, and executes step 6 ; 若匹配不成功,则将当前的登录失败时间、历史登录失败次数加1存储到缓存中作为新数据;重复步骤五;If the match is unsuccessful, add 1 to the current login failure time and the number of historical login failures and store them in the cache as new data; repeat step 5; 步骤六:采集用户的脸部图像及对应的体征参数信息;所述体征参数信息包括体温信息、脉搏信息和心率信息;将采集的体征参数信息分别与对应的预定体征参数范围进行比较,并根据比较结果确定采集到的脸部图像是否有效;Step 6: Collect the face image of the user and the corresponding sign parameter information; the sign parameter information includes body temperature information, pulse information and heart rate information; The comparison result determines whether the collected face image is valid; 步骤七:若脸部图像信息有效,则将脸部图像信息与云存储中的相应的标准用户脸部图像进行匹配验证,具体处理步骤如下:Step 7: If the facial image information is valid, the facial image information is matched and verified with the corresponding standard user facial image in the cloud storage, and the specific processing steps are as follows: S71:将采集的脸部图像进行线条画处理,得到脸部图像的轮廓线条;将变换为轮廓线条的脸部图像标记为验证线条图;S71: Perform line drawing processing on the collected face image to obtain contour lines of the face image; mark the face image transformed into contour lines as a verification line drawing; S72:将标准用户脸部图像进行线条画处理,得到标准用户脸部图像的轮廓线条;将变换为轮廓线条的标准用户脸部图像标记为参照线条图;S72: performing line drawing processing on the standard user face image to obtain contour lines of the standard user face image; marking the standard user face image transformed into contour lines as a reference line drawing; S73:将参照线条图图片虚化,仅保留其中的线条轮廓并将其作为参考光栅,之后将验证线条图同样进行图片虚化保留其线条轮廓并将其标记为验证信息,将验证信息与参考光栅重叠;S73: Blur the reference line drawing picture, retain only the line outline in it and use it as a reference raster, then perform the same image blurring on the verification line drawing to retain its line outline and mark it as verification information, and combine the verification information with the reference grating overlap; S74:将图片中某一点作为坐标原点,建立二维坐标系; S74: Use a certain point in the picture as the coordinate origin to establish a two-dimensional coordinate system; S75:获取验证信息与参考光栅中若干相互对应的参考点;参考点的获取准则为,获取图片中若干不重合地方的线条,计算线条中的对应点的距离,将最远距离的对应点标记为参考点; S75: Acquire a number of reference points corresponding to each other in the verification information and the reference grating; the reference point acquisition criterion is to acquire lines in several non-overlapping places in the picture, calculate the distance of the corresponding points in the lines, and mark the corresponding point with the farthest distance is the reference point; S76:将验证信息中参考点标记为(Xr,Yr),将参考光栅中的参考点标记为(Gr,Kr),r=1,...,p;S76: mark the reference point in the verification information as (Xr, Yr), mark the reference point in the reference grating as (Gr, Kr), r=1,...,p; S77:利用公式
Figure DEST_PATH_IMAGE002
计算得到不重合值Q;其中Gr 与Xr越接近,Kr与Yr越接近,则不重合值Q越小,当不重合值Q小于预设值时,判定脸部图像 验证成功,成功登录电子商务账户。 S77: Utilize formulas
Figure DEST_PATH_IMAGE002
Calculate the mismatch value Q; the closer Gr and Xr are, and the closer Kr is to Yr, the smaller the mismatch value Q is. When the mismatch value Q is less than the preset value, it is determined that the face image verification is successful, and the e-commerce is successfully logged in account. 2.根据权利要求1所述的一种基于云安全的电子商务账户验证方法,其特征在于,步骤三中所述服务器对申请访问电子商务账户的IP进行拦截和白名单验证,具体步骤如下:2. a kind of e-commerce account verification method based on cloud security according to claim 1, is characterized in that, the server described in step 3 carries out interception and whitelist verification to the IP that applies to visit e-commerce account, and concrete steps are as follows: S31:当外部IP试图访问电子商务账户时,首先对访问IP进行白名单验证,若该访问IP在白名单范围内,且权限允许,则允许其访问电子商务账户,执行步骤四;否则执行S32;S31: When the external IP tries to access the e-commerce account, first perform whitelist verification on the access IP. If the access IP is within the scope of the whitelist and the permission is allowed, it is allowed to access the e-commerce account, and step 4 is performed; otherwise, S32 is performed. ; S32:对不在白名单中的访问IP进行恶意性分析;具体分析方法如下:S32: Perform malicious analysis on the access IPs that are not in the whitelist; the specific analysis methods are as follows: S321:将该访问IP标记为Aj,其连通度为标记为m,将该访问IP相应连接的域名标记为 Dji,将域名对应的长度标记为dji,则访问IP的恶意性M(Aj)为:
Figure DEST_PATH_IMAGE004
;当Dji为非恶意域名,S(Dji)=0;当Dji为恶意域名,S (Dji)=1;i=1,……,m; S321: Mark the access IP as Aj, mark its connectivity as m, mark the domain name connected to the access IP as Dji, mark the length corresponding to the domain name as dji, then the maliciousness M(Aj) of the access IP is: :
Figure DEST_PATH_IMAGE004
; When Dji is a non-malicious domain name, S(Dji)=0; when Dji is a malicious domain name, S(Dji)=1; i=1,...,m; S322:将IP组标记为B,所述IP组共包含n个访问IP,则IP组的恶意性为:
Figure DEST_PATH_IMAGE006
;j=1,……,n; S322: Mark the IP group as B, the IP group contains n access IPs in total, and the maliciousness of the IP group is:
Figure DEST_PATH_IMAGE006
;j=1,...,n; S323:根据该访问IP在恶意IP组库中找到对应的IP组,计算出该IP组中恶意IP的恶意性期望值E(M(B))=1/n×M(B);若M(Aj)>E(M(B)),则将该访问IP判定为恶意IP,并对其进行安全预警和访问控制;否则将其判定为可疑IP,对其进行访问控制;S323: Find the corresponding IP group in the malicious IP group library according to the access IP, and calculate the malicious IP expected value E(M(B))=1/n×M(B) of the malicious IP in the IP group; if M( Aj)>E(M(B)), then the access IP is determined as malicious IP, and security warning and access control are performed on it; otherwise, it is determined as suspicious IP, and access control is performed on it; S324:对无法确定的访问IP将其保存到可疑IP库中;对于既不在已有白名单列表中,也未被判定为恶意的访问IP,将其保存到可疑IP库中;当白名单和恶意IP组库更新时还要进行重复验证。S324: Save the access IP that cannot be determined in the suspicious IP database; for the access IP that is neither in the existing whitelist nor judged to be malicious, save it in the suspicious IP database; when the whitelist and Repeated verification is also required when the malicious IP group database is updated. 3.根据权利要求1所述的一种基于云安全的电子商务账户验证方法,其特征在于,所述方法还包括用户通过登录界面向服务器发送忘记密码信息,所述忘记密码信息包括登录账号;具体过程如下:3. A cloud-based security-based e-commerce account verification method according to claim 1, wherein the method further comprises that the user sends forgotten password information to the server through a login interface, and the forgotten password information includes a login account; The specific process is as follows: S11:移动终端显示服务器提供的用于输入该登录账号钱款余额值的界面;S11: The mobile terminal displays an interface provided by the server for inputting the money balance value of the login account; S12:服务器在云储存中查找与忘记密码信息中的登录账号对应的的钱款余额值,并向第三方系统发送钱款余额值,同时保存钱款余额值;S12: The server searches the cloud storage for the money balance value corresponding to the login account in the forgotten password information, sends the money balance value to the third-party system, and saves the money balance value at the same time; S13:服务器接收用户输入的钱款余额值,并将用户输入的钱款余额值与保存的钱款余额值比较,如果相同,则服务器通过认证,移动终端显示服务器提供的用于采集用户脸部图像的采集界面,继续执行步骤六和步骤七;否则不通过。S13: The server receives the money balance value input by the user, and compares the money balance value input by the user with the stored money balance value. If they are the same, the server passes the authentication, and the mobile terminal displays the information provided by the server for collecting the user's face. On the image acquisition interface, continue to step 6 and step 7; otherwise, it will not pass. 4.根据权利要求1所述的一种基于云安全的电子商务账户验证方法,其特征在于,所述方法还包括如下步骤:4. a kind of e-commerce account verification method based on cloud security according to claim 1, is characterized in that, described method also comprises the steps: S21:设置连续验证脸部图像的失败次数值;S21: Set the value of the number of times of failure to continuously verify the face image; S22:当用户连续验证脸部图像的失败次数超过设置的失败次数值时,将登录界面锁定;S22: when the number of failures of the user to continuously verify the face image exceeds the set value of the number of failures, the login interface is locked; S23:设置登录界面锁定的时间值;S23: Set the time value of the login interface locking; S24:当登录界面锁定的时间超过设置的时间值,则登录界面解锁,接收用户的验证请求。S24: When the login interface is locked for longer than the set time value, the login interface is unlocked and a verification request from the user is received.
CN202011105599.7A 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security Active CN112235306B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011105599.7A CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011105599.7A CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Publications (2)

Publication Number Publication Date
CN112235306A CN112235306A (en) 2021-01-15
CN112235306B true CN112235306B (en) 2021-10-26

Family

ID=74117986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011105599.7A Active CN112235306B (en) 2020-10-15 2020-10-15 E-commerce account verification method based on cloud security

Country Status (1)

Country Link
CN (1) CN112235306B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556318B (en) * 2021-06-07 2023-07-07 广西叫酒网络科技有限公司 Electronic commerce verification method based on cloud security
CN113515575A (en) * 2021-06-16 2021-10-19 北京格灵深瞳信息技术股份有限公司 Associated data processing method and device, electronic equipment and storage medium
CN115037733A (en) * 2022-06-24 2022-09-09 明峰医疗系统股份有限公司 Remote control system and method of CT (computed tomography) equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107800672A (en) * 2016-09-06 2018-03-13 腾讯科技(深圳)有限公司 A kind of Information Authentication method, electronic equipment, server and information authentication system
US10091221B1 (en) * 2015-03-13 2018-10-02 Snap Inc. Systems and methods for IP-based intrusion detection
CN110647729A (en) * 2018-06-27 2020-01-03 深圳联友科技有限公司 Login verification method and system
CN111666553A (en) * 2020-07-17 2020-09-15 江苏荣泽信息科技股份有限公司 Block chain identity authority management method based on distributed PKI

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140341444A1 (en) * 2013-05-14 2014-11-20 Tencent Technology (Shenzhen) Company Limited Systems and Methods for User Login
CN105897670A (en) * 2015-11-13 2016-08-24 乐视云计算有限公司 Website user login authentication method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10091221B1 (en) * 2015-03-13 2018-10-02 Snap Inc. Systems and methods for IP-based intrusion detection
CN107800672A (en) * 2016-09-06 2018-03-13 腾讯科技(深圳)有限公司 A kind of Information Authentication method, electronic equipment, server and information authentication system
CN110647729A (en) * 2018-06-27 2020-01-03 深圳联友科技有限公司 Login verification method and system
CN111666553A (en) * 2020-07-17 2020-09-15 江苏荣泽信息科技股份有限公司 Block chain identity authority management method based on distributed PKI

Also Published As

Publication number Publication date
CN112235306A (en) 2021-01-15

Similar Documents

Publication Publication Date Title
US11290464B2 (en) Systems and methods for adaptive step-up authentication
CN112424775B (en) Method and system for blockchain-based cyber protection of network entities
US8214892B2 (en) Password authentication system and methods
CN112235306B (en) E-commerce account verification method based on cloud security
US9363286B2 (en) System and methods for detection of fraudulent online transactions
RU2536663C2 (en) System and method of protecting cloud infrastructure from illegal use
US20200402046A1 (en) Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website
CN103944722B (en) Identification method for user trusted behaviors under internet environment
JP6438534B2 (en) System and method for performing secure online banking transactions
CN103310161A (en) Protection method and system for database system
JPH09128337A (en) Method and apparatus for protection of masquerade attack in computer network
WO2019095856A1 (en) Network identity authentication method and system, and user agent device used thereby
RU2724713C1 (en) System and method of changing account password in case of threatening unauthorized access to user data
EP4170965A1 (en) Application security through global lockout and capture
WO2015062441A1 (en) Cgi web interface multi-session verification code generation and verification method
US11177958B2 (en) Protection of authentication tokens
CN112765588A (en) Identity recognition method and device, electronic equipment and storage medium
CN117201060A (en) Method and related device for authorizing access to resources by zero-trust access subject identity authentication
CN116915456A (en) Authentication method, device, system, terminal equipment and medium
CN111064731B (en) Identification method and identification device for access authority of browser request and terminal
EP4485241A1 (en) Method and apparatus for verifying applications
Ayyub et al. An analysis of security attacks on cloud wrt saas
CN119299237B (en) A cloud platform-based authentication system and method
Alalayah Pattern Image based Dynamic Framework for Security in Web Application
Purohit et al. Tracing the root of" rootable" processes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TA01 Transfer of patent application right

Effective date of registration: 20211012

Address after: Room 202, 2f, No. 11, Lane 1500, Kongjiang Road, Yangpu District, Shanghai 200093

Applicant after: Shanghai Xingyun Information Technology Co.,Ltd.

Address before: 518110 2105-2106 Shangyousong village Shangyou mansion, Yousong community, Longhua street, Longhua District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen Xingyi Technology Service Co.,Ltd.

TA01 Transfer of patent application right
TR01 Transfer of patent right

Effective date of registration: 20241202

Address after: 200000 Room 173, 1150 Xuchang Road, Yangpu District, Shanghai

Patentee after: Shanghai Haoyun Information Technology Co.,Ltd.

Country or region after: China

Address before: Room 202, 2f, No. 11, Lane 1500, Kongjiang Road, Yangpu District, Shanghai 200093

Patentee before: Shanghai Xingyun Information Technology Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right