CN112398792A - Login protection method, client, central control management equipment and storage medium - Google Patents

Login protection method, client, central control management equipment and storage medium Download PDF

Info

Publication number
CN112398792A
CN112398792A CN201910755858.1A CN201910755858A CN112398792A CN 112398792 A CN112398792 A CN 112398792A CN 201910755858 A CN201910755858 A CN 201910755858A CN 112398792 A CN112398792 A CN 112398792A
Authority
CN
China
Prior art keywords
data synchronous
login
identification information
client
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910755858.1A
Other languages
Chinese (zh)
Other versions
CN112398792B (en
Inventor
李博
付旻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Qianxin Safety Technology Zhuhai Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Qianxin Safety Technology Zhuhai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Qianxin Safety Technology Zhuhai Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN201910755858.1A priority Critical patent/CN112398792B/en
Publication of CN112398792A publication Critical patent/CN112398792A/en
Application granted granted Critical
Publication of CN112398792B publication Critical patent/CN112398792B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a login protection method, a client, a central control management device and a storage medium, wherein the method comprises the following steps: acquiring a data synchronous login rule from central control management equipment; monitoring data synchronous login request behaviors initiated to a target server by a client conforming to the data synchronous login rules according to the data synchronous login rules; when the data synchronous login request behavior is monitored, the identification information of the client is sent to the central control management equipment, so that the identification information of the client with the data synchronous login behavior is recorded by the central control management equipment, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.

Description

Login protection method, client, central control management equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a login protection method, a client, a central control management device, and a storage medium.
Background
In the present day, the number of enterprise internal network services of companies is increasing, such as OA management system, work order system, internal consulting platform, etc. Since these services are in a corporate intranet environment, these services often involve the privacy of the company, but companies often ignore this portion of the security protection.
Generally, data synchronization between the intranet client and the server is mostly controlled through account passwords. However, this security protection method does not provide any protection for the attacker once the user's password and environment are broken.
Disclosure of Invention
In view of this, the present application provides a login protection method, a client, a central control management device, and a storage medium, so that a server only responds to a secure data synchronization login request, so as to prevent the server from losing protection capability when a login password is stolen, greatly improve data synchronization protection capability, and effectively avoid the occurrence of stealing behavior of intranet data.
According to a first aspect of the present application, there is provided a login protection method for a client, including:
acquiring a data synchronous login rule from central control management equipment;
monitoring data synchronous login request behaviors which are initiated to a server by the client side and accord with the data synchronous login rules according to the data synchronous login rules;
when the data synchronous login request behavior is monitored, the identification information of the client is sent to the central control management equipment, so that the identification information of the client with the data synchronous login behavior is recorded by the central control management equipment, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
According to a second aspect of the present application, there is provided a login protection method for a central control management device, the method including:
receiving a data synchronous login query request from a server, wherein the server generates the data synchronous login query request according to identification information of a client contained in the received data synchronous login request, and the data login query request comprises the identification information of the client;
if the preset data synchronous login equipment list comprises the identification information included in the data synchronous login query request, querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management equipment or not;
if the data synchronous login request belongs to the data synchronous login request, sending a data synchronous login request releasing instruction to the server so that the server releases the data synchronous login request according to the data synchronous login request releasing instruction;
if not, sending a data synchronous login request intercepting instruction to the server so that the server intercepts the data synchronous login request according to the data synchronous login request intercepting instruction.
According to a third aspect of the present application, there is provided a client comprising:
the rule acquisition module is used for acquiring a data synchronous login rule from the central control management equipment;
the login behavior monitoring module is used for monitoring a data synchronous login request behavior which is initiated from the client to the server and accords with the data synchronous login rule according to the data synchronous login rule;
and the identification information sending module is used for sending the identification information of the client to the central control management equipment when the data synchronous login request behavior is monitored, so that the central control management equipment is used for recording the identification information of the client with the data synchronous login behavior, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
According to a fourth aspect of the present application, there is provided a central control management apparatus, including:
the system comprises a query request receiving module, a data synchronization login query module and a data synchronization login query module, wherein the query request receiving module is used for receiving a data synchronization login query request from a server, the server generates the data synchronization login query request according to identification information of a client side, and the identification information of the client side is contained in the received data synchronization login request;
the query module is configured to query whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management device, if the preset data synchronous login device list includes the identification information included in the data synchronous login query request;
the release feedback module is used for sending a data synchronous login request release instruction to the server if the data synchronous login request belongs to the server, so that the server releases the data synchronous login request according to the data synchronous login request release instruction;
and the interception feedback module is used for sending a data synchronous login request interception instruction to the server if the data synchronous login request does not belong to the server, so that the server intercepts the data synchronous login request according to the data synchronous login request interception instruction.
According to a sixth aspect of the present application, there is provided a storage medium having stored thereon a computer program, characterized in that the program, when executed by a processor, implements the above-described method of safeguarding against login and the above-described method of safeguarding against login.
According to a seventh aspect of the present application, there is provided a computer device comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the protection method for login and the protection method for login when executing the program.
By means of the technical scheme, the login protection method, the client, the central control management device and the storage medium provided by the application monitor the process creation behavior in the data synchronization login rule, so that when the data synchronization login request behavior corresponding to the process in the monitoring rule is monitored, the unique identification information of the client is sent to the central control management device to be stored, the safe data synchronization login request behavior is ensured to be recorded, the central control management device feeds back the processing mode of the data synchronization login request to the server according to the recorded identification information, and the response of the safe data synchronization login request is realized. According to the method and the system, the data synchronous login request behavior created by the credit granting process is monitored, and the client terminal identification initiating the safety behavior is recorded, so that the server only responds to the safe data synchronous login request, the server loses the protection capability when the login password is stolen, the data synchronous protection capability is greatly improved, and the stealing behavior of intranet data is effectively avoided.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart illustrating a protection method for login of a client according to an embodiment of the present application;
fig. 2 is a flowchart illustrating another protection method for login of a client according to an embodiment of the present application;
fig. 3 is a flowchart illustrating a protection method for logging in a central management device according to an embodiment of the present application;
fig. 4 is a flowchart illustrating another protection method for logging in a central management device according to an embodiment of the present application;
fig. 5 shows a schematic structural diagram of a client provided in an embodiment of the present application;
fig. 6 shows a schematic structural diagram of another client provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram illustrating a central management device according to an embodiment of the present application;
fig. 8 shows a schematic structural diagram of another central management device provided in an embodiment of the present application.
Detailed Description
The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In a first aspect of this embodiment, a login protection method is provided, and is used for a client, as shown in fig. 1, the method includes:
step 101, acquiring a data synchronous login rule from a central management device;
102, monitoring data synchronous login request behaviors initiated to a server by a client conforming to a data synchronous login rule according to the data synchronous login rule;
step 103, when the data synchronous login request behavior is monitored, sending the identification information of the client to the central control management equipment, so as to record the identification information of the client with the data synchronous login behavior by using the central control management equipment, and determining a processing mode of the data synchronous login request behavior according to the stored identification information.
In this embodiment of the present application, first, when software related to a data synchronization function in a client is started, the client may obtain a pre-constructed data synchronization login rule from a central control management device (that is, a web management device of an F & C system, which includes functions of user management, terminal policy, and the like, and the F & C system is an attack discovery and risk control system) in real time, where the data synchronization login rule specifies which processes are trusted and may be used to create a data synchronization login process.
Secondly, after the data synchronization login rule is acquired, the rule is issued to a kernel driver of the client, so that the kernel driver is used for monitoring the process creation behavior in the rule, namely, only the data synchronization login request created by the credit process is monitored.
In addition, it should be noted that the central control management device generally does not record permanently after receiving the identification information, and only needs to record for a period of time.
Finally, when the data synchronous login request behavior in the rule is monitored, the client side sends the terminal identification information of the client side to the central control management equipment for storage, and for the data synchronous login request behavior initiated by the process which is not in the appointed rule, the client side does not send the identification information of the client side to the central control management equipment for dotting.
Therefore, after receiving the data synchronous login request from the client, the server may initiate an inquiry request to the central management device, so that the central management device may inquire whether a request main body of the data synchronous login request received by the server is the client corresponding to the recorded identification information, that is, the central management device may determine and feed back a processing mode of the data synchronous login request received by the central management device to the server according to the recorded terminal identification, so as to implement a response only to the request initiated by the credit granting process, and enhance the protection capability of the server.
By applying the technical scheme of the embodiment, the process creation behavior in the data synchronization login rule is monitored, so that when the data synchronization login request behavior corresponding to the process in the rule is monitored, the unique identification information of the client is sent to the central control management equipment for storage, the safe data synchronization login request behavior is ensured to be recorded, the central control management equipment feeds back the processing mode of the data synchronization login request to the server according to the recorded identification information, and the response to the safe data synchronization login request is realized. According to the method and the system, the data synchronous login request behavior created by the credit granting process is monitored, and the client terminal identification initiating the safety behavior is recorded, so that the server only responds to the safe data synchronous login request, the server loses the protection capability when the login password is stolen, the data synchronous protection capability is greatly improved, and the stealing behavior of intranet data is effectively avoided.
Further, as a refinement and an extension of the specific implementation of the foregoing embodiment, in order to fully describe the specific implementation process of the present embodiment, another protection method for login is provided, as shown in fig. 2, where the method includes:
step 201, obtaining a data synchronization login rule from a central management device;
step 202, monitoring a data synchronization login request behavior initiated from a client to a server in a process to be monitored through a kernel driver of the client.
Step 203, when the data synchronous login request behavior is monitored, judging whether the data synchronous login request behavior belongs to a preset active operation behavior;
and step 204, if the data synchronous login request behavior belongs to a preset active operation behavior, executing to send the identification information of the client to the central control management equipment.
In the above embodiment, before dotting the central control management device, in order to ensure that the data synchronous login request behavior is not a behavior initiated by invoking a corresponding process by a trapped program, a port, or the like, the security of the behavior should be determined first, and specifically, whether the data synchronous login request behavior belongs to a preset active operation behavior may be determined, where the detailed determination method may be: and analyzing whether the function call stack corresponding to the data synchronous login request behavior is the same as a pre-agreed standard function call stack or not. The above method is only an example, and a method for determining whether the data synchronous login request behavior belongs to the preset active operation behavior is not limited herein, and a person skilled in the art can select a suitable method by himself.
In addition, in step 204 of the embodiment of the present application, specifically, after the identification information of the client is encrypted according to a preset encryption algorithm, the encrypted identification information is sent to the central control management device.
In the above embodiment, in order to further enhance the data transmission security, the indication information may be encrypted and then sent to the central control management device.
In a second aspect of this embodiment, a login protection method is provided, and is used for a central control management device, as shown in fig. 3, the method includes:
step 301, receiving a data synchronous login query request from a server, wherein the server generates the data synchronous login query request according to identification information of a client included in the received data synchronous login request, and the data login query request includes the identification information of the client;
step 302, if the preset data synchronous login equipment list includes the identification information included in the data synchronous login query request, querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management equipment;
step 303, if the request belongs to the data synchronization login request, sending a data synchronization login request release instruction to the server so that the server releases the data synchronization login request according to the data synchronization login request release instruction;
and step 304, if the data synchronization login request does not belong to the group, sending a data synchronization login request intercepting instruction to the server so that the server intercepts the data synchronization login request according to the data synchronization login request intercepting instruction.
In the above embodiment, first, the server receives a data synchronous login request, and generates a query request for data synchronous login according to the client identification information in the login request, so as to query the central control management device whether to pass or intercept the login request;
secondly, after receiving the query request, the central control management device judges whether the client corresponding to the query request has data synchronous login authority or not according to a preset data synchronous login device list, wherein all identification information of terminals allowed to perform data synchronous login on the server is stored in the list, if the identification information in the query request is in the list, whether the identification information in the query request belongs to the recorded identification information or not can be judged according to the recorded identification information, and the safe data synchronous login behavior initiated by the credit granting process should exist in the client corresponding to the identification information recorded by the central control management device according to the description.
Finally, if the identification information in the query request belongs to the recorded identification information, it indicates that the data synchronization login request is initiated by the recorded credit granting process of the client, and the request can be responded. If the identification information in the query request does not belong to the recorded identification information, the data synchronous login request is not initiated by the recorded credit granting process of the client, and the request is intercepted.
Further, as a refinement and an extension of the specific implementation of the foregoing embodiment, in order to fully describe the specific implementation process of the present embodiment, another protection method for login is provided, as shown in fig. 4, where the method includes:
step 401, receiving a data synchronous login query request from a server, wherein the server generates the data synchronous login query request according to identification information of a client included in the received data synchronous login request, and the data login query request includes the identification information of the client;
and step 402, decrypting the recorded identification information according to a preset decryption algorithm.
Step 403, if the preset data synchronous login device list includes the identification information included in the data synchronous login query request, querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management device;
step 404, if yes, sending a data synchronous login request release instruction to the server, so that the server releases the data synchronous login request according to the data synchronous login request release instruction;
step 405, if not, reporting a data synchronous login request, and receiving a corresponding reporting feedback instruction;
step 406, if the reported feedback instruction is a release instruction, sending a data synchronous login request release instruction to the server;
step 407, if the reported feedback instruction is an interception instruction, sending a data synchronization login request interception instruction to the server.
In the above embodiment, if the preset data synchronous login device list does not include the received identification information, it is indicated that the device initiating the data synchronous login request does not belong to the known trusted device, at this time, in order to avoid the influence of the excessive protection on the normal data synchronization, the received data synchronous login request may be reported, the F & C system or a human may determine whether the request belongs to the secure login request, if the request belongs to the secure login request, a release instruction is returned, and if the request does not belong to the secure login request, an intercept instruction is returned. Therefore, the server can select to pass or intercept the data synchronous login request according to the received feedback execution.
In the above embodiment, if the identification information sent by the client to the central management device is encrypted, the identification information may be decrypted by using a decryption algorithm that is agreed in advance and is matched with the encryption algorithm.
As a specific implementation of the method in fig. 1, a third aspect of the present application embodiment provides a client, as shown in fig. 5, including: a rule obtaining module 51, a login behavior monitoring module 52 and an identification information sending module 53.
A rule obtaining module 51, configured to obtain a data synchronization login rule from a central management device;
the login behavior monitoring module 52 is configured to monitor a data synchronization login request behavior initiated from a client to a server according to the data synchronization login rule;
and the identification information sending module 53 is configured to send the identification information of the client to the central control management device when the data synchronous login request behavior is monitored, so as to record the identification information of the client having the data synchronous login behavior by using the central control management device, and determine a processing mode of the data synchronous login request behavior according to the stored identification information.
In a specific application scenario, as shown in fig. 6, the client further includes: an active behavior determination module 54.
The active behavior judgment module 54 is configured to judge whether the data synchronous login request behavior belongs to a preset active operation behavior before sending the identification information of the client to the central control management device;
the identification information sending module 52 is further configured to send the identification information of the client to the central control management device if the data synchronization login request behavior belongs to the preset active operation behavior.
Specifically, the data synchronization login rule comprises a process to be monitored;
the login behavior monitoring module 52 is specifically configured to monitor, through a kernel driver of the client, a data synchronization login request behavior initiated by the client to the server in the process to be monitored.
The identification information sending module 53 is specifically configured to send the encrypted identification information to the central control management device after encrypting the identification information of the client according to a preset encryption algorithm.
As a specific implementation of the method in fig. 3, a fourth aspect of the embodiments of the present application provides a central control management device, as shown in fig. 7, including:
the query request receiving module 61 is configured to receive a data synchronous login query request from a server, where the server generates the query request according to identification information of a client included in the received data synchronous login request, and the data login query request includes the identification information of the client;
the query module 62 is configured to query whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management device, if the preset data synchronous login device list includes the identification information included in the data synchronous login query request;
the release feedback module 63 is configured to send a data synchronous login request release instruction to the server if the data synchronous login request belongs to the group, so that the server releases the data synchronous login request according to the data synchronous login request release instruction;
and the interception feedback module 64 is configured to send a data synchronous login request interception instruction to the server if the data synchronous login request does not belong to the group, so that the server intercepts the data synchronous login request according to the data synchronous login request interception instruction.
In a specific application scenario, as shown in fig. 8, the intercepting feedback module 64 specifically includes:
a reporting unit 641, configured to report a data synchronous login request and receive a corresponding reporting feedback instruction;
the release feedback unit 642 is configured to send a data synchronization login request release instruction to the server if the reported feedback instruction is a release instruction;
the interception feedback unit 643, configured to send a data synchronization login request interception instruction to the server if the reported feedback instruction is an interception instruction.
Specifically, the central control management device further includes: a decryption module 65.
And the decryption module 65 is configured to decrypt the identification information according to a preset decryption algorithm after receiving the recorded identification information returned by the central control management device.
In a fifth aspect of the embodiments of the present application, a protection system for login is provided, including: a client as in fig. 5 and 6 and a central management device as in fig. 7 and 8.
It should be noted that, other corresponding descriptions of the functional units related to the logged-in protection device provided in the embodiment of the present application may refer to the corresponding descriptions in fig. 1 to fig. 4, and are not described again here.
Based on the method shown in fig. 1 to 4, correspondingly, the present application further provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the protection method for login shown in fig. 1 to 4 is implemented.
Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the implementation scenarios of the present application.
Based on the method shown in fig. 1 to 4 and the virtual device embodiment shown in fig. 5 to 8, in order to achieve the above object, the present application further provides a computer device, which may specifically be a personal computer, a server, a network device, and the like, where the computer device includes a storage medium and a processor; a storage medium for storing a computer program; a processor for executing a computer program to implement the above-described method of safeguarding a login as shown in fig. 1-4.
Optionally, the computer device may also include a user interface, a network interface, a camera, Radio Frequency (RF) circuitry, sensors, audio circuitry, a WI-FI module, and so forth. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., a bluetooth interface, WI-FI interface), etc.
It will be appreciated by those skilled in the art that the present embodiment provides a computer device architecture that is not limiting of the computer device, and that may include more or fewer components, or some components in combination, or a different arrangement of components.
The storage medium may further include an operating system and a network communication module. An operating system is a program that manages and maintains the hardware and software resources of a computer device, supporting the operation of information handling programs, as well as other software and/or programs. The network communication module is used for realizing communication among components in the storage medium and other hardware and software in the entity device.
Through the description of the above embodiment, those skilled in the art can clearly understand that the present application can be implemented by means of software and a necessary universal hardware platform, and monitors the process creation behavior in the data synchronization login rule, so that when monitoring the data synchronization login request behavior corresponding to the process in the rule, the unique identification information of the client itself is sent to the central control management device for storage, and it is ensured that the safe data synchronization login request behavior is recorded, so that the central control management device feeds back the processing mode of the data synchronization login request to the server according to the recorded identification information, and the response to the safe data synchronization login request is implemented. According to the method and the system, the data synchronous login request behavior created by the credit granting process is monitored, and the client terminal identification initiating the safety behavior is recorded, so that the server only responds to the safe data synchronous login request, the server loses the protection capability when the login password is stolen, the data synchronous protection capability is greatly improved, and the stealing behavior of intranet data is effectively avoided.
The embodiment of the invention provides the following technical scheme:
1. a login protection method is used for a client and comprises the following steps:
acquiring a data synchronous login rule from central control management equipment;
monitoring data synchronous login request behaviors which are initiated to a server by the client side and accord with the data synchronous login rules according to the data synchronous login rules;
when the data synchronous login request behavior is monitored, the identification information of the client is sent to the central control management equipment, so that the identification information of the client with the data synchronous login behavior is recorded by the central control management equipment, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
2. Before the sending the identification information of the client to the central control management device according to the method of 1, the method further includes:
judging whether the data synchronous login request behavior belongs to a preset active operation behavior or not;
and if the data synchronous login request behavior belongs to a preset active operation behavior, executing the step of sending the identification information of the client to the central control management equipment.
3. According to the method 1 or 2, the data synchronization login rule comprises a process to be monitored;
the monitoring, according to the data synchronization login rule, a data synchronization login request behavior initiated by the client to the server according to the data synchronization login rule specifically includes:
and monitoring the data synchronous login request behavior initiated by the client to the server in the process to be monitored through the kernel driver of the client.
4. According to the method of 3, the sending the identification information of the client to the central control management device specifically includes:
and after the identification information of the client is encrypted according to a preset encryption algorithm, sending the encrypted identification information to the central control management equipment.
5. A protection method for login is used for a central control management device, and the method comprises the following steps:
receiving a data synchronous login query request from a server, wherein the server generates the data synchronous login query request according to identification information of a client contained in the received data synchronous login request, and the data login query request comprises the identification information of the client;
if the preset data synchronous login equipment list comprises the identification information included in the data synchronous login query request, querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management equipment or not;
if the data synchronous login request belongs to the data synchronous login request, sending a data synchronous login request releasing instruction to the server so that the server releases the data synchronous login request according to the data synchronous login request releasing instruction;
if not, sending a data synchronous login request intercepting instruction to the server so that the server intercepts the data synchronous login request according to the data synchronous login request intercepting instruction.
6. According to the method of 5, the sending of the data synchronization login request interception instruction to the server specifically includes:
reporting the data synchronous login request, and receiving a corresponding reporting feedback instruction;
if the reporting feedback instruction is a release instruction, sending a data synchronous login request release instruction to the server;
and if the reported feedback instruction is an interception instruction, sending a data synchronous login request interception instruction to the server.
7. Before the querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central management device, the method according to 5 or 6 further includes:
and decrypting the recorded identification information according to a preset decryption algorithm.
8. A client, comprising:
the rule acquisition module is used for acquiring a data synchronous login rule from the central control management equipment;
the login behavior monitoring module is used for monitoring a data synchronous login request behavior which is initiated from the client to the server and accords with the data synchronous login rule according to the data synchronous login rule;
and the identification information sending module is used for sending the identification information of the client to the central control management equipment when the data synchronous login request behavior is monitored, so that the central control management equipment is used for recording the identification information of the client with the data synchronous login behavior, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
9. The client according to 8, further comprising:
the active behavior judgment module is used for judging whether the data synchronous login request behavior belongs to a preset active operation behavior before sending the identification information of the client to the central control management equipment;
the identification information sending module is further configured to execute the sending of the identification information of the client to the central control management device if the data synchronous login request behavior belongs to a preset active operation behavior.
10. According to the client-side of 8 or 9, the data synchronization login rule comprises a process to be monitored;
the login behavior monitoring module is specifically configured to monitor, through a kernel driver of the client, the data synchronization login request behavior initiated by the client to the server in the process to be monitored.
11. The client according to 10, wherein the identification information sending module is specifically configured to:
and after the identification information of the client is encrypted according to a preset encryption algorithm, sending the encrypted identification information to the central control management equipment.
12. A central management device, comprising:
the system comprises a query request receiving module, a data synchronization login query module and a data synchronization login query module, wherein the query request receiving module is used for receiving a data synchronization login query request from a server, the server generates the data synchronization login query request according to identification information of a client side, and the identification information of the client side is contained in the received data synchronization login request;
the query module is configured to query whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management device, if the preset data synchronous login device list includes the identification information included in the data synchronous login query request;
the release feedback module is used for sending a data synchronous login request release instruction to the server if the data synchronous login request belongs to the server, so that the server releases the data synchronous login request according to the data synchronous login request release instruction;
and the interception feedback module is used for sending a data synchronous login request interception instruction to the server if the data synchronous login request does not belong to the server, so that the server intercepts the data synchronous login request according to the data synchronous login request interception instruction.
13. The central control management device according to 12, wherein the interception feedback module specifically includes:
the reporting unit is used for reporting the data synchronous login request and receiving a corresponding reporting feedback instruction;
the release feedback unit is used for sending a data synchronous login request release instruction to the server if the reporting feedback instruction is a release instruction;
and the interception feedback unit is used for sending a data synchronous login request interception instruction to the server if the reported feedback instruction is an interception instruction.
14. The central management device according to 12 or 13, further comprising:
and the decryption module is used for decrypting the recorded identification information according to a preset decryption algorithm before inquiring whether the identification information included in the data synchronous login inquiry request belongs to the recorded identification information in the central control management equipment.
15. A login protection system, comprising: the client according to any one of claims 8 to 11 and the central management device according to any one of claims 12 to 14.
16. A storage medium having stored thereon a computer program which, when executed by a processor, implements the method of safeguarding a login of any one of claims 1 to 4 and the method of safeguarding a login of any one of claims 5 to 7.
17. A computer device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, the processor implementing a protection method for a login as described in any one of 1 to 4 and a protection method for a login as described in any one of 5 to 7 when executing the program.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims (10)

1. A login protection method is used for a client, and is characterized by comprising the following steps:
acquiring a data synchronous login rule from central control management equipment;
monitoring data synchronous login request behaviors which are initiated to a server by the client side and accord with the data synchronous login rules according to the data synchronous login rules;
when the data synchronous login request behavior is monitored, the identification information of the client is sent to the central control management equipment, so that the identification information of the client with the data synchronous login behavior is recorded by the central control management equipment, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
2. The method of claim 1, wherein before sending the identification information of the client to the central management device, the method further comprises:
judging whether the data synchronous login request behavior belongs to a preset active operation behavior or not;
and if the data synchronous login request behavior belongs to a preset active operation behavior, executing the step of sending the identification information of the client to the central control management equipment.
3. The method according to claim 1 or 2, wherein the data synchronization login rule comprises a process to be monitored;
the monitoring, according to the data synchronization login rule, a data synchronization login request behavior initiated by the client to the server according to the data synchronization login rule specifically includes:
and monitoring the data synchronous login request behavior initiated by the client to the server in the process to be monitored through the kernel driver of the client.
4. The method according to claim 3, wherein the sending the identification information of the client to the central control management device specifically includes:
and after the identification information of the client is encrypted according to a preset encryption algorithm, sending the encrypted identification information to the central control management equipment.
5. A login protection method is used for a central control management device, and is characterized by comprising the following steps:
receiving a data synchronous login query request from a server, wherein the server generates the data synchronous login query request according to identification information of a client contained in the received data synchronous login request, and the data login query request comprises the identification information of the client;
if the preset data synchronous login equipment list comprises the identification information included in the data synchronous login query request, querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management equipment or not;
if the data synchronous login request belongs to the data synchronous login request, sending a data synchronous login request releasing instruction to the server so that the server releases the data synchronous login request according to the data synchronous login request releasing instruction;
if not, sending a data synchronous login request intercepting instruction to the server so that the server intercepts the data synchronous login request according to the data synchronous login request intercepting instruction.
6. The method according to claim 5, wherein the sending of the data synchronization login request interception instruction to the server specifically includes:
reporting the data synchronous login request, and receiving a corresponding reporting feedback instruction;
if the reporting feedback instruction is a release instruction, sending a data synchronous login request release instruction to the server;
and if the reported feedback instruction is an interception instruction, sending a data synchronous login request interception instruction to the server.
7. The method according to claim 5 or 6, wherein before the querying whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central management device, the method further comprises:
and decrypting the recorded identification information according to a preset decryption algorithm.
8. A client, comprising:
the rule acquisition module is used for acquiring a data synchronous login rule from the central control management equipment;
the login behavior monitoring module is used for monitoring a data synchronous login request behavior which is initiated from the client to the server and accords with the data synchronous login rule according to the data synchronous login rule;
and the identification information sending module is used for sending the identification information of the client to the central control management equipment when the data synchronous login request behavior is monitored, so that the central control management equipment is used for recording the identification information of the client with the data synchronous login behavior, and the processing mode of the data synchronous login request behavior is determined according to the stored identification information.
9. A central management device, comprising:
the system comprises a query request receiving module, a data synchronization login query module and a data synchronization login query module, wherein the query request receiving module is used for receiving a data synchronization login query request from a server, the server generates the data synchronization login query request according to identification information of a client side, and the identification information of the client side is contained in the received data synchronization login request;
the query module is configured to query whether the identification information included in the data synchronous login query request belongs to the identification information recorded in the central control management device, if the preset data synchronous login device list includes the identification information included in the data synchronous login query request;
the release feedback module is used for sending a data synchronous login request release instruction to the server if the data synchronous login request belongs to the server, so that the server releases the data synchronous login request according to the data synchronous login request release instruction;
and the interception feedback module is used for sending a data synchronous login request interception instruction to the server if the data synchronous login request does not belong to the server, so that the server intercepts the data synchronous login request according to the data synchronous login request interception instruction.
10. A login protection system, comprising: the client of claim 8 and the central management device of claim 9.
CN201910755858.1A 2019-08-15 2019-08-15 Login protection method, client, central control management equipment and storage medium Active CN112398792B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910755858.1A CN112398792B (en) 2019-08-15 2019-08-15 Login protection method, client, central control management equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910755858.1A CN112398792B (en) 2019-08-15 2019-08-15 Login protection method, client, central control management equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112398792A true CN112398792A (en) 2021-02-23
CN112398792B CN112398792B (en) 2022-07-05

Family

ID=74601798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910755858.1A Active CN112398792B (en) 2019-08-15 2019-08-15 Login protection method, client, central control management equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112398792B (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100154061A1 (en) * 2008-12-16 2010-06-17 International Business Machines Corporation System and method for identifying malicious activities through non-logged-in host usage
CN102801717A (en) * 2012-08-03 2012-11-28 苏州迈科网络安全技术股份有限公司 Login verifying method and system
CN103249045A (en) * 2013-05-13 2013-08-14 华为技术有限公司 Identification method, device and system
CN103516704A (en) * 2012-06-30 2014-01-15 北京神州泰岳软件股份有限公司 Method and system for managing access of IMS client
CN104301316A (en) * 2014-10-13 2015-01-21 中国电子科技集团公司第二十八研究所 Single sign-on system and implementation method thereof
CN105306204A (en) * 2014-07-04 2016-02-03 腾讯科技(深圳)有限公司 Security verification method, device and system
CN106302453A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 The processing method of data, Apparatus and system
CN106874739A (en) * 2016-08-23 2017-06-20 阿里巴巴集团控股有限公司 A kind of recognition methods of terminal iidentification and device
CN107833166A (en) * 2017-10-27 2018-03-23 广东小天才科技有限公司 Login method, date storage method, learning terminal, server and storage medium
CN108076056A (en) * 2017-12-12 2018-05-25 北京小米移动软件有限公司 Cloud server login method and device
US10097538B1 (en) * 2017-08-12 2018-10-09 Growpath, Inc. User authentication systems and methods
CN108712376A (en) * 2018-04-04 2018-10-26 北京奇虎科技有限公司 A kind of verification method and device for server log
CN109150852A (en) * 2018-07-31 2019-01-04 海南新软软件有限公司 A kind of account number safe login method, apparatus and system
CN109446030A (en) * 2018-11-12 2019-03-08 北京芯盾时代科技有限公司 A kind of behavior monitoring method and device
CN109492378A (en) * 2018-11-26 2019-03-19 平安科技(深圳)有限公司 A kind of auth method based on EIC equipment identification code, server and medium
CN109660502A (en) * 2018-09-28 2019-04-19 平安科技(深圳)有限公司 Detection method, device, equipment and the storage medium of abnormal behaviour
CN110007950A (en) * 2019-04-10 2019-07-12 优信拍(北京)信息科技有限公司 A kind of management method of application programming interfaces, device and server

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100154061A1 (en) * 2008-12-16 2010-06-17 International Business Machines Corporation System and method for identifying malicious activities through non-logged-in host usage
CN103516704A (en) * 2012-06-30 2014-01-15 北京神州泰岳软件股份有限公司 Method and system for managing access of IMS client
CN102801717A (en) * 2012-08-03 2012-11-28 苏州迈科网络安全技术股份有限公司 Login verifying method and system
CN103249045A (en) * 2013-05-13 2013-08-14 华为技术有限公司 Identification method, device and system
CN105306204A (en) * 2014-07-04 2016-02-03 腾讯科技(深圳)有限公司 Security verification method, device and system
CN104301316A (en) * 2014-10-13 2015-01-21 中国电子科技集团公司第二十八研究所 Single sign-on system and implementation method thereof
CN106302453A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 The processing method of data, Apparatus and system
CN106874739A (en) * 2016-08-23 2017-06-20 阿里巴巴集团控股有限公司 A kind of recognition methods of terminal iidentification and device
US10097538B1 (en) * 2017-08-12 2018-10-09 Growpath, Inc. User authentication systems and methods
CN107833166A (en) * 2017-10-27 2018-03-23 广东小天才科技有限公司 Login method, date storage method, learning terminal, server and storage medium
CN108076056A (en) * 2017-12-12 2018-05-25 北京小米移动软件有限公司 Cloud server login method and device
CN108712376A (en) * 2018-04-04 2018-10-26 北京奇虎科技有限公司 A kind of verification method and device for server log
CN109150852A (en) * 2018-07-31 2019-01-04 海南新软软件有限公司 A kind of account number safe login method, apparatus and system
CN109660502A (en) * 2018-09-28 2019-04-19 平安科技(深圳)有限公司 Detection method, device, equipment and the storage medium of abnormal behaviour
CN109446030A (en) * 2018-11-12 2019-03-08 北京芯盾时代科技有限公司 A kind of behavior monitoring method and device
CN109492378A (en) * 2018-11-26 2019-03-19 平安科技(深圳)有限公司 A kind of auth method based on EIC equipment identification code, server and medium
CN110007950A (en) * 2019-04-10 2019-07-12 优信拍(北京)信息科技有限公司 A kind of management method of application programming interfaces, device and server

Also Published As

Publication number Publication date
CN112398792B (en) 2022-07-05

Similar Documents

Publication Publication Date Title
US11720678B2 (en) Systems and methods for ransomware detection and mitigation
Indu et al. Identity and access management in cloud environment: Mechanisms and challenges
US10375116B2 (en) System and method to provide server control for access to mobile client data
US20200045039A1 (en) Hardware-based device authentication
RU2620998C2 (en) Method and authentication device for unlocking administrative rights
EP3198397B1 (en) Transaction verification through enhanced authentication
KR101681504B1 (en) Hardware-based device authentication
KR101701216B1 (en) Trusted container
US9699261B2 (en) Monitoring sessions with a session-specific transient agent
US9800560B1 (en) Systems and methods for monitoring encrypted data transmission
US11595426B2 (en) Risk based virtual workspace delivery
CN111447220B (en) Authentication information management method, server of application system and computer storage medium
Kravets et al. Mobile security solution for enterprise network
CN112351022B (en) Security protection method and device for trust zone
JP4860779B1 (en) Distributed data storage system
WO2014130479A1 (en) Protecting data in a mobile environment
CN112398792B (en) Login protection method, client, central control management equipment and storage medium
CN111181831B (en) Communication data processing method and device, storage medium and electronic device
US10116438B1 (en) Managing use of security keys
CN112395604B (en) System monitoring login protection method, client, server and storage medium
CN115543663B (en) Data processing method, device, electronic equipment and storage medium
US20200244646A1 (en) Remote access computer security
CN112395585B (en) Database service login method, device, equipment and readable storage medium
US12028367B2 (en) Risk based virtual workspace delivery
CN110417638B (en) Communication data processing method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant