CN112532655A - Login method and system - Google Patents

Login method and system Download PDF

Info

Publication number
CN112532655A
CN112532655A CN202110174402.3A CN202110174402A CN112532655A CN 112532655 A CN112532655 A CN 112532655A CN 202110174402 A CN202110174402 A CN 202110174402A CN 112532655 A CN112532655 A CN 112532655A
Authority
CN
China
Prior art keywords
login
verification
information
result
analysis result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110174402.3A
Other languages
Chinese (zh)
Inventor
徐小君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yingmaiqi Technology Co ltd
Original Assignee
Beijing Yingmaiqi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yingmaiqi Technology Co ltd filed Critical Beijing Yingmaiqi Technology Co ltd
Priority to CN202110174402.3A priority Critical patent/CN112532655A/en
Publication of CN112532655A publication Critical patent/CN112532655A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a login method and a system thereof, wherein the login system comprises: at least one client and server; wherein at least one client: for sending login information; receiving and executing a verification data acquisition instruction, and sending the acquired verification data to a server; a server: for performing the steps of: receiving login information, wherein the login information at least comprises: basic information and real-time information; determining an authentication mode according to the login information; calling at least one verification model according to the verification mode, and processing the obtained verification data through the verification model to generate a verification result; and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds. The method and the device have the advantages that the login risk is dynamically identified, and further management and control measures are realized according to the login risk, so that the login safety is improved.

Description

Login method and system
Technical Field
The present application relates to the field of computer technologies, and in particular, to a login method and a login system.
Background
With the development of the technology of the internet of things, various internet of things are more and more widely applied. When a user uses various types of network applications, an application provider typically requires the user to register for the application using a username and password. However, the user name and the password are very easy to leak, and other people may log in the application after obtaining the user name and the password of the user, and may perform various illegal operations.
In addition, in order to ensure the security of identity authentication, various authentication modes such as user names/passwords, digital certificates, biological characteristics, dynamic passwords and the like are provided in different identity authentication systems. However, the current authentication mode always has the security threat that an attacker forges or steals the identity credential of the user to carry out login.
Disclosure of Invention
The application aims to provide a login method and a login system, which have the technical effects of dynamically identifying login risks, realizing further management and control measures according to the login risks and improving login safety.
To achieve the above object, the present application provides a login system, comprising: at least one client and server; wherein at least one client: for sending login information; receiving and executing a verification data acquisition instruction, and sending the acquired verification data to a server; a server: for performing the steps of: receiving login information, wherein the login information at least comprises: basic information and real-time information; determining an authentication mode according to the login information; calling at least one verification model according to the verification mode, and processing the obtained verification data through the verification model to generate a verification result; and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
As above, wherein the server comprises: the device comprises a preprocessing unit, a verification unit and a storage unit; wherein the preprocessing unit: the system comprises a server, a server and a verification module, wherein the server is used for receiving login information, analyzing the login information and determining a verification mode; a verification unit: the verification data acquisition device is used for issuing a verification data acquisition instruction according to a verification mode and receiving feedback verification data; issuing a verification model calling instruction to obtain a verification model; verifying the verification data by using a verification model to generate a verification result; generating a login result according to the verification result; a storage unit: the system comprises a client terminal, a server and a server, wherein the client terminal is used for storing historical client terminal information, historical login positions, historical login time and a preset verification model; receiving a first query instruction, and feeding back corresponding historical client information to the preprocessing unit according to the first query instruction; receiving a second query instruction, and feeding back a corresponding historical login position to the preprocessing unit according to the second query instruction; receiving a third query instruction, and feeding back corresponding historical login time to the preprocessing unit according to the third query instruction; and receiving a verification model calling instruction, and feeding back a corresponding verification model to the verification unit.
The application also provides a login method, which comprises the following steps: receiving login information, wherein the login information at least comprises: basic information and real-time information; determining an authentication mode according to the login information; calling at least one verification model according to the verification mode, and processing the obtained verification data through the verification model to generate a verification result; and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
As above, the sub-step of determining the authentication manner according to the login information is as follows: analyzing the login information and determining an authentication type, wherein the authentication type comprises: monomer verification and composite verification; determining a verification mode according to the verification type and the client model in the real-time information; the sub-steps of analyzing the login information and determining the authentication type are as follows: analyzing client information in the real-time information to obtain a first analysis result, wherein the first analysis result is AQ and CY; analyzing the login position in the real-time information to obtain a second analysis result, wherein the second analysis result is AQ and CY; analyzing the login time in the real-time information to obtain a third analysis result, wherein the third analysis result is AQ and CY; and determining the verification type according to the first analysis result, the second analysis result and the third analysis result.
As above, the sub-step of analyzing the client information in the real-time information to obtain the first analysis result is as follows: generating a first query instruction according to the basic information and the client information; sending a first query instruction, and receiving historical client information fed back according to the first query instruction; and analyzing the client information in the real-time information by using the historical client information to obtain a first analysis result.
As above, the sub-step of analyzing the login position in the real-time information and obtaining the second analysis result is as follows: generating a second query instruction according to the basic information and the login position; sending a second query instruction, and receiving a historical login position fed back according to the second query instruction; and analyzing the login position in the real-time information by using the historical login position to obtain a second analysis result.
As above, the sub-step of analyzing the log-in position in the real-time information by using the historical log-in position to obtain the second analysis result is as follows: analyzing the historical login position to obtain a prediction safety range; analyzing the login position in the real-time information by utilizing the predicted safety range; if the login position falls within the prediction safety range, generating a second analysis result of AQ; and if the login position falls out of the prediction safety range, generating a second analysis result as CY.
As above, wherein the calculation formula of the predicted safety range is as follows:
Figure 141938DEST_PATH_IMAGE001
(ii) a Wherein:
Figure 134165DEST_PATH_IMAGE002
(ii) a Wherein the content of the first and second substances,
Figure 32851DEST_PATH_IMAGE003
to predict the safe range;
Figure 540055DEST_PATH_IMAGE004
to be under the first
Figure 533288DEST_PATH_IMAGE005
The historical login position is used as the predicted safety area of the circle center;
Figure 380021DEST_PATH_IMAGE006
in order to be a preset safe radius,
Figure 184029DEST_PATH_IMAGE007
is as follows
Figure 178530DEST_PATH_IMAGE005
Coordinates of each historical login location;
Figure 726186DEST_PATH_IMAGE008
Figure 443737DEST_PATH_IMAGE009
the total number of the historical login positions;
Figure 418647DEST_PATH_IMAGE010
as above, the sub-step of analyzing the login time in the real-time information to obtain the third analysis result is as follows: generating a third query instruction according to the basic information and the login time; sending a third query instruction, and receiving historical login time fed back according to the third query instruction; and analyzing the login time in the real-time information by using the historical login time to obtain a third analysis result.
As above, the sub-step of invoking at least one verification model according to the verification mode, processing the obtained verification data through the verification model, and generating the verification result is as follows: issuing a verification data acquisition instruction according to a verification mode, and receiving feedback verification data; calling at least one verification model according to a verification mode; and processing the acquired verification data through the verification model to generate a verification result, wherein the verification result is verification success or verification failure.
The method and the device have the advantages that the login risk is dynamically identified, and further management and control measures are realized according to the login risk, so that the login safety is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of an embodiment of a login system;
FIG. 2 is a flowchart of an embodiment of a login method.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the present application provides a login system, comprising: at least one client and a server.
Wherein the at least one client 110: for sending login information; and receiving and executing a verification data acquisition instruction, and sending the acquired verification data to a server.
The server 120: for performing the steps of:
receiving login information, wherein the login information at least comprises: basic information and real-time information;
determining an authentication mode according to the login information;
calling at least one verification model according to a verification mode;
acquiring verification data, and processing the acquired verification data through a verification model to generate a verification result;
and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
Further, the server 120 includes: the device comprises a preprocessing unit, a verification unit and a storage unit.
Wherein the preprocessing unit: and the authentication module is used for receiving the login information, analyzing the login information and determining the authentication mode.
A verification unit: the verification data acquisition device is used for issuing a verification data acquisition instruction according to a verification mode and receiving feedback verification data; issuing a verification model calling instruction to obtain a verification model; verifying the verification data by using a verification model to generate a verification result; and generating a login result according to the verification result.
A storage unit: the system comprises a client terminal, a server and a server, wherein the client terminal is used for storing historical client terminal information, historical login positions, historical login time and a preset verification model; receiving a first query instruction, and feeding back corresponding historical client information to the preprocessing unit according to the first query instruction; receiving a second query instruction, and feeding back a corresponding historical login position to the preprocessing unit according to the second query instruction; receiving a third query instruction, and feeding back corresponding historical login time to the preprocessing unit according to the third query instruction; and receiving a verification model calling instruction, and feeding back a corresponding verification model to the verification unit.
As shown in fig. 2, the present application provides a login method, which includes the following steps:
s210: receiving login information, wherein the login information at least comprises: basic information and real-time information.
Specifically, the server receives the login information sent by the client through the preprocessing unit, and executes S220.
Wherein the basic information at least comprises: the name of the login. Specifically, the login name refers to the name of the account that the client logs in.
Wherein the real-time information at least comprises: client information, login location, and login time. Wherein, the client information at least comprises: a client ID and a client model number.
Specifically, the login location is a real-time location of the client currently sending the login information. The login time is the time when the client sends the login information.
S220: and determining an authentication mode according to the login information.
Further, the sub-step of determining the authentication mode according to the login information is as follows:
s2201: analyzing the login information and determining an authentication type, wherein the authentication type comprises: monomer verification and composite verification.
Further, the sub-steps of analyzing the login information and determining the authentication type are as follows:
s22011: and analyzing the client information in the real-time information to obtain a first analysis result, wherein the first analysis result is AQ and CY.
Specifically, the sub-step of analyzing the client information in the real-time information to obtain the first analysis result is as follows:
s220111: and generating a first query instruction according to the basic information and the client information.
Specifically, the preprocessing unit generates a first query instruction according to the basic information and the client information, and executes S220112.
S220112: and sending a first query instruction, and receiving historical client information fed back according to the first query instruction.
Specifically, after the preprocessing unit generates the first query instruction, the first query instruction is sent to the storage unit, the storage unit queries the stored historical client information according to the first query instruction, feeds back all the historical client information corresponding to the login name to the preprocessing unit, and executes S220113.
The historical client information is all the clients which have been used by the login name except the client used for the login.
S220113: and analyzing the client information in the real-time information by using the historical client information to obtain a first analysis result.
Specifically, after receiving all the historical client information, the preprocessing unit compares all the historical client information with the current client information one by one, and if the current client information is different from all the historical client information, the preprocessing unit indicates that the currently used client is a login client used for the first time, the login risk exists, and a generated first analysis result is CY; if the current client information is the same as one of the historical client information, the currently used client is a used login client, no login risk exists, and a generated first analysis result is AQ.
S22012: and analyzing the login position in the real-time information to obtain a second analysis result, wherein the second analysis result is AQ and CY.
Further, the sub-step of analyzing the login position in the real-time information to obtain a second analysis result is as follows:
s220121: and generating a second query instruction according to the basic information and the login position.
Specifically, the preprocessing unit generates a second query instruction according to the basic information and the login location, and executes S220122.
S220122: and sending a second query instruction, and receiving the historical login position fed back according to the second query instruction.
Specifically, after generating the second query instruction, the preprocessing unit sends the second query instruction to the storage unit, the storage unit queries the stored historical login location according to the second query instruction, feeds back all the historical login locations corresponding to the login name to the preprocessing unit, and executes S220123.
The historical login position is the login position of the login name when the user logs in, except the position where the user logs in this time.
S220123: and analyzing the login position in the real-time information by using the historical login position to obtain a second analysis result.
Further, the sub-step of analyzing the log-in position in the real-time information by using the historical log-in position to obtain a second analysis result is as follows:
s2201231: and analyzing the historical login position to obtain a predicted safety range.
Further, the calculation formula of the predicted safety range is as follows:
Figure 838127DEST_PATH_IMAGE011
wherein:
Figure 986211DEST_PATH_IMAGE012
wherein:
Figure 807537DEST_PATH_IMAGE013
wherein the content of the first and second substances,
Figure 468194DEST_PATH_IMAGE014
to predict the safe range;
Figure 109391DEST_PATH_IMAGE015
to be under the first
Figure 998850DEST_PATH_IMAGE016
The historical login position is used as the predicted safety area of the circle center;
Figure 940261DEST_PATH_IMAGE017
in order to be a preset safe radius,
Figure 319290DEST_PATH_IMAGE018
is as follows
Figure 461165DEST_PATH_IMAGE016
Coordinates of each historical login location;
Figure 154314DEST_PATH_IMAGE019
Figure 684653DEST_PATH_IMAGE020
the total number of the historical login positions;
Figure 437845DEST_PATH_IMAGE021
to be under the first
Figure 302902DEST_PATH_IMAGE022
The historical login position is used as the predicted safety area of the circle center;
Figure 799742DEST_PATH_IMAGE023
to be under the first
Figure 450166DEST_PATH_IMAGE024
The historical login position is used as the predicted safety area of the circle center;
Figure 905418DEST_PATH_IMAGE025
to be under the first
Figure 274083DEST_PATH_IMAGE020
Individual history registration positionSetting the predicted safety area as the center of a circle;
Figure 59767DEST_PATH_IMAGE026
s2201232: analyzing the login position in the real-time information by utilizing the predicted safety range; if the login position falls within the prediction safety range, generating a second analysis result of AQ; and if the login position falls out of the prediction safety range, generating a second analysis result as CY.
Specifically, after the preprocessing unit obtains the predicted safety range, the login position in the real-time information is analyzed by using the predicted safety range, and if the login position falls into the predicted safety range and indicates that the login position is safe, a second analysis result is generated to be AQ; and if the login position falls outside the prediction safety range and indicates that the login position has risk, generating a second analysis result as CY.
S22013: and analyzing the login time in the real-time information to obtain a third analysis result, wherein the third analysis result is AQ and CY.
Further, the sub-step of analyzing the login time in the real-time information to obtain a third analysis result is as follows:
s220131: and generating a third query instruction according to the basic information and the login time.
Specifically, the preprocessing unit generates a third query instruction according to the basic information and the login time, and executes S220132.
S220132: and sending a third query instruction, and receiving the historical login time fed back according to the third query instruction.
Specifically, after generating the third query instruction, the preprocessing unit sends the third query instruction to the storage unit, the storage unit queries the stored historical login time according to the third query instruction, feeds back all the historical login times corresponding to the login name to the preprocessing unit, and executes S220123.
The historical login time is all login time of the login name except the current login when the login name is logged in once.
S220133: and analyzing the login time in the real-time information by using the historical login time to obtain a third analysis result.
Further, the sub-step of analyzing the login time in the real-time information by using the historical login time to obtain a third analysis result is as follows:
s2201331: and analyzing the historical login time to obtain a predicted safety time period.
Figure 564698DEST_PATH_IMAGE027
Wherein the content of the first and second substances,
Figure 394114DEST_PATH_IMAGE028
to predict a safe time period;
Figure 250074DEST_PATH_IMAGE029
is as follows
Figure 885455DEST_PATH_IMAGE030
The time of the historical login is,
Figure 494160DEST_PATH_IMAGE031
Figure 760056DEST_PATH_IMAGE032
is the total number of historical login times;
Figure 572154DEST_PATH_IMAGE033
is a preset safety deviation time period.
S2201332: analyzing the login time in the real-time information by using the predicted safety time period, wherein if the login time falls into the predicted safety time period, a generated third analysis result is AQ; and if the login time falls out of the predicted safety time period, generating a third analysis result as CY.
S22014: and determining the verification type according to the first analysis result, the second analysis result and the third analysis result.
Specifically, when at least one CY exists in the first analysis result, the second analysis result and the third analysis result, it indicates that there is a risk in login, and determines that the authentication type is composite authentication. And when the first analysis result, the second analysis result and the third analysis result are all AQ, the login is free from risk, and the authentication type is determined to be single authentication.
Wherein the monomer verification comprises: video verification, image verification, audio verification, iris verification, strength verification, password verification and signature verification.
Specifically, the strength verification is a verification mode that when the client inputs a verification instruction through a keyboard, the input strength of the input verification instruction is collected, and the input strength is analyzed. The verification instruction is a segment of characters or a segment of letters.
The composite verification comprises the following steps: video verification, image verification, audio verification, iris verification and strength verification.
S2202: and determining a verification mode according to the verification type and the client model in the real-time information.
Specifically, the authentication mode is determined according to the authentication type and the client model, and the client model is different, and the available authentication functions may also be different.
The verification method comprises the following steps: one or more of video verification, image verification, audio verification, iris verification, force verification, password verification, signature verification, video verification, image verification, audio verification, iris verification, and force verification.
S230: and calling at least one verification model according to the verification mode, and processing the acquired verification data through the verification model to generate a verification result.
Furthermore, at least one verification model is called according to the verification mode, the obtained verification data is processed through the verification model, and the sub-step of generating the verification result is as follows:
s2301: and issuing a verification data acquisition instruction according to the verification mode, and receiving the feedback verification data.
Specifically, the verification unit generates a verification data acquisition instruction according to the verification mode, sends the verification data acquisition instruction to the client, and the client receives and executes the verification data acquisition instruction and feeds the acquired verification data back to the verification unit.
S2302: and calling at least one verification model according to the verification mode.
Specifically, the verification unit generates a verification model calling instruction according to the verification mode, the verification model calling instruction is sent to the storage unit, and the storage unit receives and executes the verification model calling instruction and feeds back the called verification model to the verification unit.
Wherein the verification model comprises at least: the system comprises a video verification model, an image verification model, an audio verification model, an iris verification model, a force verification model, a password verification model, a signature verification model, a video verification model, an image verification model, an audio verification model, an iris verification model and a force verification model.
S2303: and processing the acquired verification data through the verification model to generate a verification result.
Specifically, the verification data is input into the verification model, the verification model processes the verification data, and a verification result is generated.
As an embodiment, when the verification type is composite verification and the verification data and the verification model are both multiple, the sub-step of processing the obtained verification data through the verification model to generate the verification result is as follows:
s23031: and inputting the verification data into a corresponding verification model to obtain a plurality of sub-verification values.
Specifically, the verification unit inputs verification data into a corresponding verification model, the verification model processes the verification data to obtain a sub-verification result, and when the sub-verification result is greater than or equal to a sub-verification safety threshold, a sub-verification value is generated
Figure 214488DEST_PATH_IMAGE034
When the sub-verification result is less than the sub-verification safety threshold, the sub-verification value is generated
Figure 490749DEST_PATH_IMAGE035
Further, when the verification data is signature data and the verification model is a signature verification model, the signature verification model processes the signature data to obtain a sub-verification value as follows:
s230311: and preprocessing the signature data to obtain the signature to be identified.
Specifically, the expression of the signature to be identified is as follows:
Figure 698786DEST_PATH_IMAGE036
wherein the content of the first and second substances,
Figure 998181DEST_PATH_IMAGE037
a signature to be identified;
Figure 178626DEST_PATH_IMAGE038
an N-dimensional vector of the signature data;
Figure 309393DEST_PATH_IMAGE039
is as follows
Figure 917092DEST_PATH_IMAGE040
An N-dimensional vector of pre-collected and stored signature samples,
Figure 953050DEST_PATH_IMAGE041
Figure 671607DEST_PATH_IMAGE042
is the total number of the signature samples collected and stored in advance.
S230312: and extracting the characteristics of the signature to be identified to obtain the signature to be judged.
Specifically, the expression of the signature to be determined is as follows:
Figure 922460DEST_PATH_IMAGE043
wherein the content of the first and second substances,
Figure 701060DEST_PATH_IMAGE044
is a signature to be judged;
Figure 975047DEST_PATH_IMAGE045
projecting a matrix for the features;
Figure 248028DEST_PATH_IMAGE046
is transposed;
Figure 353387DEST_PATH_IMAGE047
is the signature to be identified.
The feature projection matrix is
Figure 302888DEST_PATH_IMAGE042
Covariance matrices of pre-collected and stored signature samples.
S230313: and judging the signature to be identified by utilizing a preset sub-verification safety threshold value to obtain a sub-verification value.
Specifically, the expression of the discrimination value of the signature to be recognized is as follows:
Figure 798592DEST_PATH_IMAGE048
wherein the content of the first and second substances,
Figure 124531DEST_PATH_IMAGE049
is as follows
Figure 84397DEST_PATH_IMAGE050
A feature matrix of pre-collected and stored signature samples;
Figure 454067DEST_PATH_IMAGE051
representation matrix
Figure 968225DEST_PATH_IMAGE052
Frobenious norm of (a).
The sub-verification safety threshold expression of the signature verification model is as follows:
Figure 566696DEST_PATH_IMAGE053
when in use
Figure 584331DEST_PATH_IMAGE054
Generating a sub-verification value
Figure 937952DEST_PATH_IMAGE055
(ii) a When in use
Figure 421629DEST_PATH_IMAGE056
Generating a sub-verification value
Figure 823792DEST_PATH_IMAGE057
S23032: and comprehensively analyzing the plurality of sub-verification values to obtain a comprehensive verification value, and obtaining a verification result according to the comprehensive verification value.
Specifically, the verification unit comprehensively analyzes the plurality of sub-verification values to obtain a comprehensive verification value, and when the comprehensive verification value is greater than or equal to a comprehensive verification safety threshold value, the verification result is obtained as the verification success; and when the comprehensive verification value is smaller than the comprehensive verification safety threshold value, obtaining a verification result as verification failure.
Further, the calculation formula of the integrated verification value is as follows:
Figure 695933DEST_PATH_IMAGE058
wherein the content of the first and second substances,
Figure 220455DEST_PATH_IMAGE059
is a comprehensive verification value;
Figure 443626DEST_PATH_IMAGE060
is as follows
Figure 633168DEST_PATH_IMAGE061
The sub-verification value is a value of,
Figure 625395DEST_PATH_IMAGE062
Figure 524081DEST_PATH_IMAGE063
is the total number of sub-verification values.
S240: and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
Specifically, when the verification result is that the verification fails, the generated login result is that the login fails; and when the verification result is successful verification, the generated login result is successful login.
The method and the device have the advantages that the login risk is dynamically identified, and further management and control measures are realized according to the login risk, so that the login safety is improved.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, the scope of protection of the present application is intended to be interpreted to include the preferred embodiments and all variations and modifications that fall within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A login system, comprising: at least one client and server;
wherein at least one client: for sending login information; receiving and executing a verification data acquisition instruction, and sending the acquired verification data to a server;
a server: for performing the steps of:
receiving login information, wherein the login information at least comprises: basic information and real-time information;
determining an authentication mode according to the login information;
calling at least one verification model according to the verification mode, and processing the obtained verification data through the verification model to generate a verification result;
and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
2. The login system according to claim 1, wherein the server comprises: the device comprises a preprocessing unit, a verification unit and a storage unit;
wherein the preprocessing unit: the system comprises a server, a server and a verification module, wherein the server is used for receiving login information, analyzing the login information and determining a verification mode;
a verification unit: the verification data acquisition device is used for issuing a verification data acquisition instruction according to a verification mode and receiving feedback verification data; issuing a verification model calling instruction to obtain a verification model; verifying the verification data by using a verification model to generate a verification result; generating a login result according to the verification result;
a storage unit: the system comprises a client terminal, a server and a server, wherein the client terminal is used for storing historical client terminal information, historical login positions, historical login time and a preset verification model; receiving a first query instruction, and feeding back corresponding historical client information to the preprocessing unit according to the first query instruction; receiving a second query instruction, and feeding back a corresponding historical login position to the preprocessing unit according to the second query instruction; receiving a third query instruction, and feeding back corresponding historical login time to the preprocessing unit according to the third query instruction; and receiving a verification model calling instruction, and feeding back a corresponding verification model to the verification unit.
3. A login method, comprising the steps of:
receiving login information, wherein the login information at least comprises: basic information and real-time information;
determining an authentication mode according to the login information;
calling at least one verification model according to the verification mode, and processing the obtained verification data through the verification model to generate a verification result;
and generating a login result according to the verification result, wherein the login result is as follows: login fails or login succeeds.
4. A login method according to claim 3, wherein the sub-step of determining the authentication means based on the login information is as follows:
analyzing the login information and determining an authentication type, wherein the authentication type comprises: monomer verification and composite verification;
determining a verification mode according to the verification type and the client model in the real-time information;
the sub-steps of analyzing the login information and determining the authentication type are as follows:
analyzing client information in the real-time information to obtain a first analysis result, wherein the first analysis result is AQ and CY;
analyzing the login position in the real-time information to obtain a second analysis result, wherein the second analysis result is AQ and CY;
analyzing the login time in the real-time information to obtain a third analysis result, wherein the third analysis result is AQ and CY;
and determining the verification type according to the first analysis result, the second analysis result and the third analysis result.
5. The login method according to claim 4, wherein the sub-step of analyzing the client information in the real-time information to obtain the first analysis result is as follows:
generating a first query instruction according to the basic information and the client information;
sending a first query instruction, and receiving historical client information fed back according to the first query instruction;
and analyzing the client information in the real-time information by using the historical client information to obtain a first analysis result.
6. The login method according to claim 4, wherein the sub-step of analyzing the login location in the real-time information to obtain the second analysis result is as follows:
generating a second query instruction according to the basic information and the login position;
sending a second query instruction, and receiving a historical login position fed back according to the second query instruction;
and analyzing the login position in the real-time information by using the historical login position to obtain a second analysis result.
7. The login method according to claim 6, wherein the sub-step of analyzing the login location in the real-time information using the historical login location to obtain the second analysis result is as follows:
analyzing the historical login position to obtain a prediction safety range;
analyzing the login position in the real-time information by utilizing the predicted safety range; if the login position falls within the prediction safety range, generating a second analysis result of AQ; and if the login position falls out of the prediction safety range, generating a second analysis result as CY.
8. The login method according to claim 7, wherein the calculation formula of the predicted security range is as follows:
Figure 240597DEST_PATH_IMAGE001
wherein:
Figure 626579DEST_PATH_IMAGE002
wherein the content of the first and second substances,
Figure 875158DEST_PATH_IMAGE003
to predict the safe range;
Figure 487011DEST_PATH_IMAGE004
to be under the first
Figure 504646DEST_PATH_IMAGE005
The historical login position is used as the predicted safety area of the circle center;
Figure 592687DEST_PATH_IMAGE006
in order to be a preset safe radius,
Figure 328562DEST_PATH_IMAGE007
is as follows
Figure 730725DEST_PATH_IMAGE005
Coordinates of each historical login location;
Figure 117713DEST_PATH_IMAGE008
Figure 376656DEST_PATH_IMAGE009
the total number of the historical login positions;
Figure 599827DEST_PATH_IMAGE010
9. the login method of claim 4, wherein the sub-step of analyzing the login time in the real-time information to obtain the third analysis result is as follows:
generating a third query instruction according to the basic information and the login time;
sending a third query instruction, and receiving historical login time fed back according to the third query instruction;
and analyzing the login time in the real-time information by using the historical login time to obtain a third analysis result.
10. The login method according to claim 3, wherein at least one verification model is called according to a verification mode, and the sub-step of generating the verification result by processing the obtained verification data through the verification model is as follows:
issuing a verification data acquisition instruction according to a verification mode, and receiving feedback verification data;
calling at least one verification model according to a verification mode;
and processing the acquired verification data through the verification model to generate a verification result, wherein the verification result is verification success or verification failure.
CN202110174402.3A 2021-02-07 2021-02-07 Login method and system Withdrawn CN112532655A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110174402.3A CN112532655A (en) 2021-02-07 2021-02-07 Login method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110174402.3A CN112532655A (en) 2021-02-07 2021-02-07 Login method and system

Publications (1)

Publication Number Publication Date
CN112532655A true CN112532655A (en) 2021-03-19

Family

ID=74975543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110174402.3A Withdrawn CN112532655A (en) 2021-02-07 2021-02-07 Login method and system

Country Status (1)

Country Link
CN (1) CN112532655A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114245385A (en) * 2021-12-07 2022-03-25 中信银行股份有限公司 Short message anti-explosion login method and system based on time sequence analysis
CN115033763A (en) * 2022-08-15 2022-09-09 北京宏数科技有限公司 Big data based storage method and system thereof
CN115643067A (en) * 2022-10-13 2023-01-24 成都信息工程大学 Lightweight Internet of things identity authentication and key agreement method based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580075A (en) * 2013-10-14 2015-04-29 深圳市腾讯计算机系统有限公司 User login validation method, device and system
CN105119722A (en) * 2015-08-07 2015-12-02 杭州朗和科技有限公司 Identity verification method, equipment and system
CN105893952A (en) * 2015-12-03 2016-08-24 无锡度维智慧城市科技股份有限公司 Hand-written signature identifying method based on PCA method
CN107395562A (en) * 2017-06-14 2017-11-24 广东网金控股股份有限公司 A kind of financial terminal security protection method and system based on clustering algorithm
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium
CN110335045A (en) * 2019-07-01 2019-10-15 阿里巴巴集团控股有限公司 Strange land risk determination method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580075A (en) * 2013-10-14 2015-04-29 深圳市腾讯计算机系统有限公司 User login validation method, device and system
CN105119722A (en) * 2015-08-07 2015-12-02 杭州朗和科技有限公司 Identity verification method, equipment and system
CN105893952A (en) * 2015-12-03 2016-08-24 无锡度维智慧城市科技股份有限公司 Hand-written signature identifying method based on PCA method
CN107395562A (en) * 2017-06-14 2017-11-24 广东网金控股股份有限公司 A kind of financial terminal security protection method and system based on clustering algorithm
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium
CN110335045A (en) * 2019-07-01 2019-10-15 阿里巴巴集团控股有限公司 Strange land risk determination method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114245385A (en) * 2021-12-07 2022-03-25 中信银行股份有限公司 Short message anti-explosion login method and system based on time sequence analysis
CN114245385B (en) * 2021-12-07 2024-01-30 中信银行股份有限公司 Short message explosion-proof login method and system based on time sequence analysis
CN115033763A (en) * 2022-08-15 2022-09-09 北京宏数科技有限公司 Big data based storage method and system thereof
CN115033763B (en) * 2022-08-15 2022-11-18 北京宏数科技有限公司 Big data based storage method and system thereof
CN115643067A (en) * 2022-10-13 2023-01-24 成都信息工程大学 Lightweight Internet of things identity authentication and key agreement method based on block chain
CN115643067B (en) * 2022-10-13 2023-09-29 成都信息工程大学 Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment

Similar Documents

Publication Publication Date Title
US20220358242A1 (en) Data security hub
CN112532655A (en) Login method and system
Leggett et al. Dynamic identity verification via keystroke characteristics
WO2019228004A1 (en) Identity verification method and apparatus
CN106330850B (en) Security verification method based on biological characteristics, client and server
CN110569658B (en) User information processing method and device based on blockchain network, electronic equipment and storage medium
US20170180384A1 (en) Controlling access to online resources using device validations
CN112464200B (en) Authentication risk detection method and system
WO2014186255A1 (en) Systems, computer medium and computer-implemented methods for authenticating users using voice streams
CN111654468A (en) Secret-free login method, device, equipment and storage medium
US11431719B2 (en) Dynamic access evaluation and control system
US10108849B2 (en) Biometric facial recognition for accessing device and authorizing event processing
US20070198712A1 (en) Method and apparatus for biometric security over a distributed network
CN112287320A (en) Identity verification method and device based on biological characteristics and client
CN113826095A (en) Single click login process
CN112653679A (en) Dynamic identity authentication method, device, server and storage medium
CN114218561A (en) Weak password detection method, terminal equipment and storage medium
CN112287319A (en) Identity verification method, client, server and system based on biological characteristics
Neha et al. Biometric re-authentication: An approach towards achieving transparency in user authentication
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
EP4123483A1 (en) Method for confirming the identity of a user in a browsing session of an online service
CN111711523A (en) Item handling authority authorization method and device, computer equipment and storage medium
CN110738499A (en) User identity authentication method and device, computer equipment and storage medium
US9998495B2 (en) Apparatus and method for verifying detection rule
CN108241803B (en) A kind of access control method of heterogeneous system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210319