CN114095936A - Short message verification code request method, attack defense method, device, medium and equipment - Google Patents
Short message verification code request method, attack defense method, device, medium and equipment Download PDFInfo
- Publication number
- CN114095936A CN114095936A CN202010752387.1A CN202010752387A CN114095936A CN 114095936 A CN114095936 A CN 114095936A CN 202010752387 A CN202010752387 A CN 202010752387A CN 114095936 A CN114095936 A CN 114095936A
- Authority
- CN
- China
- Prior art keywords
- user
- short message
- verification code
- message verification
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 88
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000007123 defense Effects 0.000 title claims abstract description 19
- 230000004044 response Effects 0.000 claims abstract description 12
- 230000006399 behavior Effects 0.000 claims description 35
- 238000004590 computer program Methods 0.000 claims description 12
- 238000005070 sampling Methods 0.000 claims description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000001815 facial effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Technology Law (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a short message verification code request method, an attack defense method, a device, a medium and equipment. The attack defense method is applied to a server and comprises the following steps: inquiring the identification mark of the user in response to receiving the mobile phone number and the biological characteristic information sent from the mobile terminal; counting the user behavior of the user based on the identification mark of the user; determining whether the statistical result of the user behavior meets a preset interception condition; and in response to the statistical result of the user behavior meeting the preset interception condition, intercepting a request of the user for sending a short message verification code. The invention can more accurately identify the short message identifying code sending requests of normal users and illegal users, and effectively prevent the illegal users from carrying out the short message identifying code sending attack.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a short message authentication code request method, an attack defense method, an apparatus, a medium, and a device.
Background
At present, the authenticity of the user identity needs to be verified in application scenarios such as user registration, user login and the like of websites and APPs. The user needs to input a mobile phone number to the website or the APP to obtain a short message verification code sent by the website or the APP to the mobile phone number, and then the short message verification code is input to the website or the APP to complete verification.
The short message verification code interface is very easy to suffer from internet malicious attack- 'short message bombing', the attack can continuously send a large number of verification short messages to a plurality of mobile phone numbers at the same time, not only causes trouble to users, but also causes loss to providers of websites or APPs, such as: additional cost is added by sending a large number of short messages; when the concurrency of short message sending is provided with an upper limit, the normal short message cannot be sent due to the blockage generated by the sending of the malicious short message; the server is therefore stressed, unable to respond to normal requests, etc.
In the prior art, the solution to 'short message bombing' can classify the identity of the user by means of an IP address or a graphic verification code. For the former, if the IP address of the normal user and the IP address of the illegal user are the same, performing illegal user identification through the IP address may identify the normal user as the illegal user, causing misjudgment, thereby intercepting the request of the normal user, and further causing user loss. For the latter, when registering or logging in the website and APP, the user fills in the graphical verification code, and after the graphical verification code is verified, the website or APP sends the short message verification code to the user for registration or logging in, which undoubtedly causes burden on the user and affects user experience.
Disclosure of Invention
In view of the above disadvantages of the prior art, an object of the present invention is to provide a short message verification code request method, an attack defense device, a medium and a device, which are used to solve the technical problems that the defense scheme of the short message verification code attack in the prior art is not efficient enough and affects the user experience.
In order to achieve the above and other related objects, the present invention provides a method for defending against short message verification code attack, which is applied to a server, and the method includes: inquiring the identification mark of the user in response to receiving the mobile phone number and the biological characteristic information sent from the mobile terminal; counting the user behavior of the user based on the identification mark of the user; determining whether the statistical result of the user behavior meets a preset interception condition; and in response to the statistical result of the user behavior meeting the preset interception condition, intercepting a request of the user for sending a short message verification code.
In an embodiment of the present invention, an implementation manner of the query of the identification of the user includes: judging whether pre-stored biological characteristic information matched with the received biological characteristic information exists or not; if yes, taking the identification mark corresponding to the pre-stored biological characteristic information as a query result; if not, generating the identification mark of the user according to the received mobile phone number and the received biological characteristic information, and storing the mobile phone number, the biological characteristic information and the identification mark in an associated manner.
In an embodiment of the present invention, the user behavior includes: requesting to send a short message verification code; the preset interception conditions include: the number of times of requesting to send the short message verification code in a certain time reaches a preset threshold value.
In an embodiment of the present invention, if the statistical result of the user behavior satisfies the preset interception condition, the method further includes: marking the current user as an illegal user, and storing the related data of the current user into a cache; wherein, the storage time is determined by a preset caching rule; judging whether the illegal user meets a preset passing condition or not; and if so, marking the illegal user as a normal user.
In an embodiment of the present invention, the identification mark is generated by calculating the number of the mobile phone number and the sampling point array of the biometric information through a preset encryption algorithm.
In order to achieve the above and other related objects, the present invention provides a short message verification code request method applied to a mobile terminal, the method comprising: in response to receiving an instruction for acquiring a short message verification code from a user, starting a biological characteristic information acquisition module to acquire biological characteristic information of the user; and sending the mobile phone number of the mobile terminal, the biological characteristic information and a request for sending a short message verification code to a server.
In order to achieve the above and other related objects, the present invention provides a device for defending against short message verification code attack, which is applied to a server, and comprises: the identification mark query module is used for responding to the received mobile phone number and the biological characteristic information sent from the mobile terminal and querying the identification mark of the user; the user behavior counting module is used for counting the user behavior of the user based on the identification mark of the user; the interception condition judgment module is used for determining whether the statistical result of the user behavior meets a preset interception condition; and the short message verification code intercepting module is used for responding to the statistical result of the user behavior meeting the preset intercepting condition and intercepting the request of the user for sending the short message verification code.
In order to achieve the above and other related objects, the present invention provides a short message authentication code request device applied to a mobile terminal, the device comprising: the biological characteristic information acquisition module is used for responding to a received instruction for acquiring the short message verification code from the user and starting the biological characteristic information acquisition module to acquire the biological characteristic information of the user; and the short message verification code request module is used for sending the mobile phone number of the mobile terminal, the biological characteristic information and a request for sending the short message verification code to a server.
To achieve the above and other related objects, the present invention provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, the computer program implements the method for defending against an attack by a short message authentication code or implements the method for requesting a short message authentication code.
To achieve the above and other related objects, the present invention provides an electronic device, comprising: a processor and a memory; wherein the memory is for storing a computer program; the processor is used for loading and executing the computer program so as to enable the electronic equipment to execute the short message verification code attack defense method or execute the short message verification code request method.
As described above, according to the short message authentication code request method, the attack defense method, the apparatus, the medium and the device of the present invention, the server side queries the identification of the user in response to receiving the mobile phone number and the biometric information sent from the mobile terminal before sending the short message authentication code to the mobile terminal; counting the user behavior of the user based on the identification mark of the user; determining whether the statistical result of the user behavior meets a preset interception condition; responding to the statistical result of the user behavior to meet the preset interception condition, and intercepting a request of the user for sending a short message verification code; therefore, the short message identifying code sending requests of normal users and illegal users can be identified more accurately under the condition of not influencing user experience, and the short message identifying code sending attack of the illegal users is effectively prevented.
Drawings
Fig. 1 is a schematic view of an application scenario in an embodiment of the invention.
Fig. 2 is a flowchart illustrating a short message verification code requesting method and an attack defense method according to an embodiment of the present invention.
Fig. 3 is a schematic block diagram of a short message authentication code attack defense apparatus according to an embodiment of the present invention.
Fig. 4 is a schematic block diagram of a short message verification code request device according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
As shown in fig. 1, an application scenario diagram of the short message verification code request method and the attack defense method in an embodiment of the present invention is shown. At present, when a user registers a web application or an APP application through a mobile terminal (such as a desktop, a laptop, a tablet computer, a smart phone, etc.), a mobile phone number needs to be input in an interactive interface displayed by the mobile terminal, then "acquire a verification code" is clicked to acquire a verification code sent by a background (a server formed by a single server or a server group) of the web application or the APP application to the mobile terminal in a short message form, and then the verification code is filled in the interactive interface, so that the web application or the APP application can be allowed to be registered after the background verification passes.
In order to illegally acquire information of other people for the reasons of profit making and the like, an attacker can attack the short message verification code, and one person uses a plurality of different mobile phone numbers for multiple registrations, so that a background sends a large number of verification codes according to different mobile phone numbers, and the system not only causes troubles for users, but also causes loss to the background.
As shown in fig. 2, in order to provide a more accurate and efficient solution without affecting user experience, so as to effectively prevent an illegal user from performing a short message verification code attack, the present embodiment provides a short message verification code request method and an attack defense method, where the request method is executed by a mobile terminal in fig. 1, and the attack defense method is executed by a background (i.e., a server) in fig. 1, and includes the following steps:
s21: the mobile terminal responds to a received instruction for acquiring the short message verification code from the user, and starts the biological characteristic information acquisition module to acquire the biological characteristic information of the user.
Specifically, a user inputs a mobile phone number in a registration interface displayed by the mobile terminal, and clicks a control for acquiring the short message verification code in the registration interface, so that an instruction for acquiring the short message verification code is issued to the mobile terminal. And the mobile terminal responds to the instruction and calls corresponding equipment to acquire the biological characteristic information of the current user. Biometric information includes, but is not limited to, facial images, voice, fingerprints, iris, retina, etc. Taking the biological characteristic information as a face image as an example, when the mobile terminal responds to the instruction, calling a camera to acquire the face image of the current user; taking the biological characteristic information as the voice as an example, when the mobile terminal responds to the instruction, calling a microphone to collect voice data of the current user; taking the biometric information as the fingerprint as an example, when the mobile terminal responds to the instruction, the fingerprint identification module on the front side or the back side is called to collect the fingerprint data of the current user.
S22: and the mobile terminal sends the mobile phone number of the mobile terminal, the biological characteristic information and a request for sending the short message verification code to a server.
Specifically, the mobile terminal acquires the mobile phone number input by the user and then acquires the biometric information, so that the mobile terminal can firstly send the mobile phone number to the server, and then sends the biometric information and a request for sending the short message verification code to the server. Of course, the mobile terminal may also send the mobile phone number input by the user, the collected biometric information, and the generated request for sending the short message verification code to the server at the same time, which is not limited in the present invention.
S23: and the server side responds to the received mobile phone number and the received biological characteristic information sent from the mobile terminal to inquire the identification mark of the user.
Specifically, the server receives a request sent by the mobile terminal for sending the short message verification code, does not directly send the short message verification code to the mobile terminal, but searches the identification mark of the corresponding user in a database (local or external) according to the biological characteristic information sent by the mobile terminal. The step of querying the identification identifier specifically includes: judging whether pre-stored biological characteristic information matched with the received biological characteristic information exists in a database or not; if yes, taking the identification mark corresponding to the pre-stored biological characteristic information as a query result; if not, generating the identification mark of the user according to the received mobile phone number and the received biological characteristic information, and storing the mobile phone number, the biological characteristic information and the identification mark in an associated manner.
Since the identification technology of the biometric information is not the innovation of the present invention, the person skilled in the art can identify the biometric information by the existing technology. Taking the biological feature information as a face image as an example, the server side respectively extracts the facial feature key points of the stored face image and the facial feature key points of the received face image, and compares the facial feature key points of the stored face image and the received face image, so as to judge whether the biological feature information is matched with each other.
It should be noted that, if the server does not find the corresponding identification identifier, it indicates that the user is the first registered user. For each user registered for the first time, after the mobile terminal sends the mobile phone number and the biological characteristic information to the server, the server generates the identification of the user according to the information, namely generates the identification of the user based on the biological characteristic information, and stores the mobile phone number, the biological characteristic information and the identification in an associated manner. And if the server side finds the corresponding identification mark, the user is not the first registered user. When the user registers through other mobile phone numbers, the server only searches whether the matched user identification mark exists in the database according to the biological characteristic information acquired by the registration operation.
Preferably, the identification mark is generated by calculating the number of the mobile phone number and the sampling point array of the biological characteristic information through a preset encryption algorithm. For example, let the key be a mobile phone number, the biometric sampling point be a one-dimensional array [102, 112, 114 … … ] table representing face sampling point feature values [ feature values on the left and right of the nose, and feature values of the mouth corner … … ], and then perform encryption calculation through SHA256 encryption algorithm, so that the obtained character string is the identification of the user. And the server side encrypts and sends the generated identification to the mobile terminal of the user.
S24: and the server side counts the user behavior of the user based on the identification mark of the user.
Specifically, the user behavior includes: and requesting to send a short message verification code. The statistical content comprises the following steps: the number of times of requesting to send the short message verification code within a certain time, for example, the total number of times of requesting to send the short message verification code to the service end within minutes, hours or days.
S25: and the server determines whether the statistical result of the user behavior meets a preset interception condition.
Specifically, the preset interception condition includes: the number of times of requesting to send the short message verification code within a certain time reaches a preset threshold, such as 10 times within 5 minutes, 100 times within 1 hour, 1000 times within 1 day, and the like.
It should be noted that, the background manager sets a preset interception condition for the server in advance, and when the preset interception condition is met, the server intercepts the request for sending the short message verification code and does not respond to the request for sending the short message verification code of the mobile terminal.
S26: and the server side responds to the statistical result of the user behavior to meet the preset interception condition, and intercepts the request of the user for sending the short message verification code.
In one embodiment, the background manager sets a preset caching rule for the background in advance, such as a storage time (e.g., several days or several hours). If the statistical result of the user behavior meets the preset interception condition, the background can mark the current user as an illegal user besides intercepting the request of the mobile terminal for sending the short message verification code, and store the related data (the mobile phone number, the biological characteristic information and the like sent by the mobile terminal) of the current user into a cache. Background service requests can be effectively reduced through a cache technology, and the response speed of normal requests is improved.
In an embodiment, the backstage manager sets a preset passing condition for the backstage in advance, for example, the time marked as an illegal user reaches a preset threshold. And judging whether the marked illegal user meets the preset passing condition or not by the background, and if so, marking the illegal user as a normal user again. In this way, the background will release the request interception for the user, and certainly, if the user again meets the preset interception condition, the user will be marked as an illegal user again by the background, so as to circulate. For example, the face information of the user is transmitted to the background, the background first reads and analyzes the check rule configured in advance by the administrator, including but not limited to that the normal user requests to send the short message verification code for a preset number of times within a certain time and then marks the short message verification code as an illegal user, the number of days or hours of storing the face feature data of the user in the cache, the user is marked as the normal user again after being identified as the illegal user for the preset number of days, and the like.
For example, if the number of times that a user requests to send a short message verification code within 5 seconds reaches 10 times, the user is marked as an illegal user, user data is put into a cache, and when the user initiates a request to send the verification code again, a background intercepts the request and does not respond to the request. After ten days, the user is modified from the illegal user to the normal user, thereby releasing the limitation on the user.
For another example, the number of times of the user requesting the short message verification code in 5 seconds reaches 10, the user enters a suspected attacking user list of the service end, the service end refuses to send the short message verification code to the user within 30 minutes after entering the suspected list when the user sends the request of the short message verification code again, the number of times of sending the short message verification code request by the suspected user within 30 minutes is counted, if the number of times reaches 100, the user is marked as an attacking user, and the user is added into a blacklist. The user entering the blacklist will be automatically pulled out of the blacklist by the timing task after 2 days, and becomes a normal user again. When the user has the above attack behavior again, the time limit for the server to pull the user into the blacklist becomes longer, for example, 7 days, and then the user is marked as a normal user again. If the user has attack behavior for the third time, the server side pulls the user into the permanent blacklist list and does not recover the identification of the normal user. It should be noted that, the server synchronously writes the blacklist users to the database and the cache, which is beneficial to accelerating the query efficiency of the blacklist users.
Therefore, before the short message verification code is sent to the user, the biological characteristic information of the user is collected to verify the identity, the user behavior is counted, the user is marked as an illegal user if the condition configured by background management personnel is met, and the request of the user for sending the short message verification code is intercepted, so that the behavior of preventing harassment of the background and the user is achieved, meanwhile, the safety of the background is improved, and unnecessary short message cost expenditure is avoided.
All or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. Based upon such an understanding, the present invention also provides a computer program product comprising one or more computer instructions. The computer instructions may be stored in a computer readable storage medium. The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
As shown in fig. 3, the principle similar to that of the foregoing method embodiment is that the defense apparatus 30 for short message authentication code attack provided by this embodiment is applied to a server, and includes the following components:
an identification query module 31, configured to query an identification of a user in response to receiving the mobile phone number and the biometric information sent from the mobile terminal;
a user behavior counting module 32, configured to count user behaviors of the user based on the identification of the user;
the interception condition judgment module 33 is configured to determine whether the statistical result of the user behavior meets a preset interception condition;
and a short message verification code intercepting module 34, configured to respond that the statistical result of the user behavior meets the preset intercepting condition, and intercept a request of the user for sending a short message verification code.
In an embodiment, the short message verification code intercepting module 34 is further configured to: if the statistical result of the user behavior by the interception condition judgment module 33 meets the preset interception condition, marking the current user as an illegal user, and storing the related data of the current user into a cache; wherein, the storage time is determined by a preset caching rule; judging whether the illegal user meets a preset passing condition or not; and if so, marking the illegal user as a normal user.
As shown in fig. 4, the principle of the embodiment is similar to that of the foregoing method, and the embodiment provides a short message authentication code request device 40, which is applied to a mobile terminal and includes the following components:
the biometric information acquisition module 41 is configured to, in response to receiving an instruction from the user to acquire the short message verification code, start the biometric information acquisition module to acquire biometric information of the user;
and a short message verification code request module 42, configured to send the mobile phone number of the mobile terminal, the biometric information, and a request for sending a short message verification code to a server.
Those skilled in the art should understand that the division of the modules in the embodiments of fig. 3 and 4 is only a logical division, and the actual implementation can be wholly or partially integrated into one or more physical entities. And the modules can be realized in a form that all software is called by the processing element, or in a form that all the modules are realized in a form that all the modules are called by the processing element, or in a form that part of the modules are called by the hardware.
Referring to fig. 5, the embodiment provides an electronic device, which may be a desktop computer, a laptop computer, a tablet computer, a smart phone, and the like. In detail, the electronic device comprises at least, connected by a bus: the device comprises a memory and a processor, wherein the memory is used for storing a computer program, and the processor is used for executing the computer program stored by the memory so as to execute all or part of the steps of the short message authentication code attack defense method or all or part of the steps of the short message authentication code request method.
The above-mentioned system bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The system bus may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus. The communication interface is used for realizing communication between the database access device and other equipment (such as a client, a read-write library and a read-only library). The Memory may include a Random Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In summary, the short message authentication code request method, the attack defense method, the device, the medium and the equipment of the invention can more accurately identify the short message authentication code sending requests of normal users and illegal users under the condition of not influencing user experience, effectively prevent the illegal users from carrying out the short message authentication code sending attack, effectively overcome various defects in the prior art and have high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A method for defending short message verification code attack is applied to a server side, and comprises the following steps:
inquiring the identification mark of the user in response to receiving the mobile phone number and the biological characteristic information sent from the mobile terminal;
counting the user behavior of the user based on the identification mark of the user;
determining whether the statistical result of the user behavior meets a preset interception condition;
and in response to the statistical result of the user behavior meeting the preset interception condition, intercepting a request of the user for sending a short message verification code.
2. The method of claim 1, wherein the querying the identifying of the user comprises:
judging whether pre-stored biological characteristic information matched with the received biological characteristic information exists or not;
if yes, taking the identification mark corresponding to the pre-stored biological characteristic information as a query result;
if not, generating the identification mark of the user according to the received mobile phone number and the received biological characteristic information, and storing the mobile phone number, the biological characteristic information and the identification mark in an associated manner.
3. The method of claim 1, wherein the user behavior comprises: requesting to send a short message verification code; the preset interception conditions include: the number of times of requesting to send the short message verification code in a certain time reaches a preset threshold value.
4. The method of claim 1, wherein if the statistical result of the user behavior satisfies the preset interception condition, the method further comprises:
marking the current user as an illegal user, and storing the related data of the current user into a cache; wherein, the storage time is determined by a preset caching rule;
judging whether the illegal user meets a preset passing condition or not; and if so, marking the illegal user as a normal user.
5. The method according to claim 1, wherein the identification mark is generated by calculation of the number of the mobile phone number and the sampling point array of the biometric information through a preset encryption algorithm.
6. A short message verification code request method is applied to a mobile terminal, and comprises the following steps:
in response to receiving an instruction for acquiring a short message verification code from a user, starting a biological characteristic information acquisition module to acquire biological characteristic information of the user;
and sending the mobile phone number of the mobile terminal, the biological characteristic information and a request for sending a short message verification code to a server.
7. A defense device for short message verification code attack is applied to a server side, and the device comprises:
the identification mark query module is used for responding to the received mobile phone number and the biological characteristic information sent from the mobile terminal and querying the identification mark of the user;
the user behavior counting module is used for counting the user behavior of the user based on the identification mark of the user;
the interception condition judgment module is used for determining whether the statistical result of the user behavior meets a preset interception condition;
and the short message verification code intercepting module is used for responding to the statistical result of the user behavior meeting the preset intercepting condition and intercepting the request of the user for sending the short message verification code.
8. A short message verification code request device is applied to a mobile terminal, and the device comprises:
the biological characteristic information acquisition module is used for responding to a received instruction for acquiring the short message verification code from the user and starting the biological characteristic information acquisition module to acquire the biological characteristic information of the user;
and the short message verification code request module is used for sending the mobile phone number of the mobile terminal, the biological characteristic information and a request for sending the short message verification code to a server.
9. A computer-readable storage medium, in which a computer program is stored, which, when loaded and executed by a processor, implements the method for defending against short message authentication code attacks as claimed in any one of claims 1 to 5, or implements the method for requesting short message authentication code as claimed in claim 6.
10. An electronic device, comprising: a processor and a memory; wherein,
the memory is used for storing a computer program;
the processor is used for loading and executing the computer program to enable the electronic device to execute the short message authentication code attack defense method of any one of claims 1 to 5 or the short message authentication code request method of claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010752387.1A CN114095936A (en) | 2020-07-30 | 2020-07-30 | Short message verification code request method, attack defense method, device, medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010752387.1A CN114095936A (en) | 2020-07-30 | 2020-07-30 | Short message verification code request method, attack defense method, device, medium and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114095936A true CN114095936A (en) | 2022-02-25 |
Family
ID=80295027
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010752387.1A Pending CN114095936A (en) | 2020-07-30 | 2020-07-30 | Short message verification code request method, attack defense method, device, medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095936A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598550A (en) * | 2022-03-28 | 2022-06-07 | 中国银行股份有限公司 | Short message verification code attack protection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107147629A (en) * | 2017-04-27 | 2017-09-08 | 宇龙计算机通信科技(深圳)有限公司 | A kind of short-message verification method, equipment and storage medium |
| CN108989263A (en) * | 2017-05-31 | 2018-12-11 | 中国移动通信集团公司 | Short message verification code attack guarding method, server and computer readable storage medium |
| CN109743696A (en) * | 2018-12-29 | 2019-05-10 | 努比亚技术有限公司 | Identifying code encryption method, system and readable storage medium storing program for executing |
| CN111092899A (en) * | 2019-12-24 | 2020-05-01 | 中国移动通信集团江苏有限公司 | Information acquisition method, device, equipment and medium |
-
2020
- 2020-07-30 CN CN202010752387.1A patent/CN114095936A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107147629A (en) * | 2017-04-27 | 2017-09-08 | 宇龙计算机通信科技(深圳)有限公司 | A kind of short-message verification method, equipment and storage medium |
| CN108989263A (en) * | 2017-05-31 | 2018-12-11 | 中国移动通信集团公司 | Short message verification code attack guarding method, server and computer readable storage medium |
| CN109743696A (en) * | 2018-12-29 | 2019-05-10 | 努比亚技术有限公司 | Identifying code encryption method, system and readable storage medium storing program for executing |
| CN111092899A (en) * | 2019-12-24 | 2020-05-01 | 中国移动通信集团江苏有限公司 | Information acquisition method, device, equipment and medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598550A (en) * | 2022-03-28 | 2022-06-07 | 中国银行股份有限公司 | Short message verification code attack protection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11270306B2 (en) | Asset management method and apparatus, and electronic device | |
| CN110517097B (en) | Method, device, equipment and storage medium for identifying abnormal users | |
| US10356099B2 (en) | Systems and methods to authenticate users and/or control access made by users on a computer network using identity services | |
| US20130054433A1 (en) | Multi-Factor Identity Fingerprinting with User Behavior | |
| US9792374B2 (en) | Method and system for facilitating terminal identifiers | |
| CN107800678B (en) | Method and device for detecting abnormal registration of terminal | |
| CN106470204A (en) | User identification method based on request behavior characteristicss, device, equipment and system | |
| CN110035075A (en) | Detection method, device, computer equipment and the storage medium of fishing website | |
| CN104980402B (en) | Method and device for identifying malicious operation | |
| US20130179421A1 (en) | System and Method for Collecting URL Information Using Retrieval Service of Social Network Service | |
| US20210203668A1 (en) | Systems and methods for malicious client detection through property analysis | |
| TW201928750A (en) | Collation server, collation method, and computer program | |
| CN111274563A (en) | Security authentication method and related device | |
| CN113949579B (en) | Website attack defense method and device, computer equipment and storage medium | |
| CN110727934A (en) | Anti-crawler method and device | |
| CN114218577A (en) | API risk determination method, device, equipment and medium | |
| CN114095936A (en) | Short message verification code request method, attack defense method, device, medium and equipment | |
| CN113709136B (en) | Access request verification method and device | |
| JP5743822B2 (en) | Information leakage prevention device and restriction information generation device | |
| CN111770093A (en) | Transaction monitoring decision method, device, equipment and computer readable storage medium | |
| CN114186141B (en) | Illegal client detection method, device, equipment and medium | |
| CN117040929B (en) | Access processing method, device, equipment, medium and program product | |
| CN114567451B (en) | Identity verification method, identity verification device, computer equipment and storage medium | |
| CN110032843B (en) | Account registration method and device, electronic equipment and storage medium | |
| CN105847219A (en) | Processing method and device of user information and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: Room 3701, No. 866 East Changzhi Road, Hongkou District, Shanghai, 200080 Applicant after: Botai vehicle networking technology (Shanghai) Co.,Ltd. Address before: 201822 No.208, building 4, no.1411, Yecheng Road, Jiading Industrial Zone, Jiading District, Shanghai Applicant before: Botai vehicle networking technology (Shanghai) Co.,Ltd. Country or region before: China |