CN114462019A - Application login control method and device, computer equipment and storage medium - Google Patents
Application login control method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114462019A CN114462019A CN202210139111.5A CN202210139111A CN114462019A CN 114462019 A CN114462019 A CN 114462019A CN 202210139111 A CN202210139111 A CN 202210139111A CN 114462019 A CN114462019 A CN 114462019A
- Authority
- CN
- China
- Prior art keywords
- risk
- application
- terminal equipment
- list
- login request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/67—Risk-dependent, e.g. selecting a security level depending on risk profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides an application login control method, a device, computer equipment and a storage medium, which relate to the technical field of computer networks, in a certain system needing to access an internal network through an external network, when a user logs in an application at a user terminal, the user needs to pass through gateway equipment, when a gateway receives a login request for logging in a target application for the first time, the terminal equipment information carried in the login request is stored into a preset visual menu list according to a preset table structure design strategy to generate a visual restriction list, when a new login request is received, the visual restriction list is updated based on the preset table structure design strategy and the new login request, then the updated visual restriction list is sent to a pneumatic control management system for risk detection, if the risk equipment information is detected, the risk equipment information is sent to the gateway, and the gateway performs login restriction operation on the received risk equipment information, user information leakage is effectively prevented.
Description
Technical Field
The present application relates to the field of computer network technologies, and in particular, to an application login control method, an application login control apparatus, a computer device, and a storage medium.
Background
In the field of mobile communication, a user can log in an application program through a mobile terminal such as a mobile phone to perform information interaction, wherein the login terminal is not limited to one terminal device, and the user can log in the application program on a plurality of terminal devices through account information.
Disclosure of Invention
Therefore, it is necessary to provide an application login control method for solving the problem that the existing application login control scheme has poor security and is prone to cause user information leakage.
A first aspect of an embodiment of the present application provides an application login control method, including:
when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list;
when a new login request is received, updating the visual restriction list based on the preset table structure design strategy and the new login request to obtain an updated visual restriction list;
sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
A second aspect of the embodiments of the present application provides an application login control apparatus, including:
a table building module: the method comprises the steps that when a login request for logging in a target application is received for the first time, terminal equipment information carried by the login request is stored to a preset visual menu list according to a preset list structure design strategy, and a visual restriction list is obtained;
an update module: the visual restriction list is updated based on the preset list structure design strategy and the new login request when a new login request is received, so that an updated visual restriction list is obtained;
a detection module: the system is used for sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
a control module: and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
A third aspect of the embodiments of the present application provides a computer device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor implements the above application login control method when executing the computer readable instructions.
A fourth aspect of embodiments of the present application provides one or more readable storage media storing computer-readable instructions which, when executed by one or more processors, cause the one or more processors to perform the application login control method as described above.
The application login control method, the application login control device, the computer equipment and the storage medium have the following beneficial effects that:
the embodiment of the application login control method is applied to a gateway, and when network interconnection of different network operating systems is needed, or a local area network is connected with a mainframe, and the local area network is connected with a wide area network, the gateway needs to be configured for conversion. In a certain system needing to access an intranet through an extranet, when a user logs in an application at a user terminal, the user needs to pass through gateway equipment, when a gateway receives a login request for logging in a target application for the first time, the gateway stores terminal equipment information carried in the login request into a preset visual menu list according to a preset list structure design strategy to generate a visual limit list, when a new login request is received, the visual limit list is updated based on the preset list structure design strategy and the new login request, then the updated visual limit list is sent to a wind control management system for risk detection, the wind control management system carries out risk detection on risk operation of the user terminal equipment according to a preset risk monitoring strategy, if the risk equipment information is detected, the risk equipment information is sent to the gateway, and the gateway carries out login limit operation on the received risk equipment information, through configuring the visual login limiting list on the gateway and connecting the wind control system, when the gateway receives the risk equipment information, the user is prohibited from logging in through the equipment in time, and the user information is effectively prevented from being leaked.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a diagram of an application environment of an application login control method in an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating an implementation of an application login control method in an embodiment of the present application;
FIG. 3 is a schematic structural diagram of an application login control device in an embodiment of the present application;
fig. 4 is a schematic diagram of a computer device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 shows an application environment schematic diagram of an application login control method in an embodiment of the present application, taking an application of the implementation scheme to a server as an example, as shown in fig. 1, the application login control method provided in the embodiment of the present application can be applied to an application environment as shown in fig. 1, in a system that needs to access an intranet through an extranet, when a user logs in an application program through a user terminal, the applicable state of a device is controlled through a gateway, for example, when a risk of a certain terminal device is received, the user is controlled to log in the application program through the terminal device by adjusting the application control state of the terminal device. The user terminal includes, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The gateway device may be a network switch with three-layer switching function, a router, a firewall, a host with a routing function started by software, or the like, and the gateway may be an independent gateway or a gateway cluster.
In a specific implementation, in a system which needs to access an intranet through an extranet, when a gateway receives a login request sent by a user terminal for logging in a target application for the first time, firstly, terminal equipment information carried in the login request is stored into a preset visual menu list according to a preset table structure design strategy, a visual restriction list is generated preliminarily, when the gateway receives a new login request, the visual restriction list is updated based on the pre-set table structure design policy and the new login request, then, the updated visual restriction list is sent to a wind control management system (not shown in fig. 1) for risk detection, the wind control management system performs risk detection on the risk operation of the user terminal device according to a preset risk monitoring policy, and if the risk device information is detected, the risk device information is sent to the gateway, and the gateway performs login limitation operation on the received risk device information.
Referring to fig. 2, fig. 2 is a flowchart illustrating an implementation of an application login control method in an embodiment of the present application, which is described by taking the application of the method to the gateway device in fig. 1 as an example, and includes the following steps:
s11: when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list.
In step S11, the gateway is also called an internetwork connector and a protocol converter. The gateway realizes network interconnection above a network layer, is a complex network interconnection device and is only used for interconnection of two networks with different high-level protocols. The gateway can be used for interconnection of both wide area networks and local area networks. A gateway is a computer system or device that acts as a switch-operative. The gateway is a translator used between two systems that differ in communication protocol, data format or language, or even in an entirely different architecture. Instead of the bridge simply communicating the information, the gateway repackages the received information to accommodate the needs of the destination system. Same layer-application layer. The user terminal includes several application programs, the target application refers to a certain application program that the user wants to log in, and the login request for logging in the target application includes an account name, an Identity document (Identity) and the like of the user. The visual menu list refers to a preset menu list for logging in terminal device information, application control state information and the like of the target application, and is an empty list including only menus. The preset table structure design strategy is used for representing the corresponding relation between the terminal equipment information and the application control state, so that the terminal equipment information and the application control state are stored in the visual menu list in a one-to-one correspondence manner to obtain a visual restriction list.
In this embodiment, based on a certain system that needs to access an intranet through an extranet, a corresponding gateway visualization platform already exists, the visualization platform is currently a corresponding ip (Internet Protocol Address) configuration item, a visualization menu list is newly created on the corresponding visualization platform, a user can pass through a gateway device when logging in a target application, and when the gateway device receives a login request for logging in the target application with a wedding dress for the first time, the gateway device can store terminal device information carried by the login request into a preset visualization menu list to obtain a visualization restriction list, and the application state of the terminal device can be recorded in a control table through the visualization restriction list, so that the terminal device that the user can log in can be controlled. The application and the equipment are limited and logged in by utilizing the visual interface of the gateway, so that interception control can be performed from the source, the equipment or user limitation of the previous application layer is replaced, user information leakage is prevented, information protection is safer, and for other applications, as long as the same gateway system is used, the set of visual menu can be easily copied as long as corresponding application ip and other information are configured, and therefore the one-to-many visual control effect is easily achieved. After the visual operation platform is built, for operation and maintenance personnel or test developers of some applications, the expected application limited login effect can be easily achieved by applying Structured Query Language (SQL) which is operated and used for a database on an interface. Especially for a system with a larger user magnitude, the management of the user on a visual interface of the gateway is easier.
As an embodiment of the present application, the visual menu list includes a terminal device menu list and an application state menu list; when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list, wherein the visual restriction list comprises: and correspondingly storing the terminal equipment information to the terminal equipment menu list according to a preset table structure design strategy, and storing the application control state information to the application state menu list corresponding to the terminal equipment information to obtain a visual application restriction list.
In this embodiment, the visual menu list terminal device menu list and the application state menu list may further include an account information list and the like in an actual application scenario. Since the preset table structure design strategy is used for representing the corresponding relation between the terminal device information and the application control state, the terminal device information and the application control state can be stored in the corresponding terminal device information list, the application control state list and the like in the visual menu list in a one-to-one correspondence manner according to the preset table structure design strategy, and the visual restriction list is obtained. In this embodiment, the terminal device ID list is used as the terminal device information list by recording the terminal device ID. Therefore, according to the corresponding relation between the terminal device information and the application control state, the user can be controlled to log in the target application through the corresponding terminal device information by controlling the application control state of the terminal device.
S12: and when a new login request is received, updating the visual restriction list based on the preset table structure design strategy and the new login request to obtain an updated visual restriction list.
In step S12, at least one piece of terminal device information and application control state information corresponding to the terminal device information in the updated visualization restriction list are updated.
In this embodiment, when the gateway receives a login request for logging in the target application for the first time, the visualization restriction list is preliminarily generated according to the preset table structure design policy, and when a login request for logging in the target application from the user terminal is received again, the terminal device information carried in the login request is correspondingly added to the visualization restriction list. The new login request may be from a terminal device already recorded in the visual restriction list, or may be a new terminal device.
As an embodiment of the present application, when a new login request is received, updating the visualization restriction list based on the preset table structure design policy and the new login request to obtain an updated visualization restriction list, where the updating includes: when a new login request is received, analyzing the new login request to obtain terminal equipment information; and storing the terminal equipment information to the visual restriction list according to a preset table structure design strategy to obtain an updated visual restriction list.
In this embodiment, a login request sent by a user terminal for logging in a target application includes user account information, terminal device information logged in by a user, and the like, and when receiving a new login request, a gateway first parses the login request, extracts the terminal device information from parsed data, stores the terminal device information in a visual restriction list according to a preset table structure design policy, and correspondingly sets an application control state, such as an activation/deactivation state and the like, to obtain an updated visual restriction list. As an embodiment, the new login request may be from the terminal device information already recorded in the visualization restriction list, and the terminal device information does not need to be stored repeatedly.
As an embodiment of the present application, when a new login request is received, parsing the new login request to obtain terminal device information includes: when a new login request is received, analyzing the login request to obtain an interface request entry parameter data; and extracting the terminal equipment information from the interface request parameter data.
In this embodiment, generally, a request header of the login request includes request entry data, the request entry parameter data includes some parameter information for logging in the target application, such as an account name, a password, terminal device information, and the like, and after the received login request is analyzed, the interface request entry parameter data is obtained, and the terminal device information can be extracted from the analyzed data. Currently, there are existing functions (encapsulated codes) that can obtain a Unique Identifier of a corresponding Device, and a Unique Device Identifier (UDID) is a Device Identifier that is relatively most registered by a mobile terminal, regardless of android or IOS (apple operating system).
S13: and sending the updated visual restriction list to a wind control management system for risk detection.
In step S13, the wind control management system is configured to perform risk detection on the risk operation of the terminal device information according to a preset risk detection policy. The preset risk detection policy may be some preset wind control rules, security policies, and the like, for example, a bank wind control system, and the like, and may also be a risk operation for detecting the terminal device through user habits and the like.
In this embodiment, since one application program in the existing application market may be associated with a plurality of applications, and only one login account is needed to log in all the associated applications, if the wind control management is performed through the server, corresponding wind control systems need to be configured in the servers corresponding to the plurality of associated applications, and in consideration of cost and efficiency problems, the scheme configures one wind control management system to interface the gateway and the terminal device so as to perform unified wind control management on the terminal device. After the visual restriction list is updated every time, the gateway sends the updated visual restriction list to the wind control management system, and the wind control management system performs risk detection on the terminal device information of the logged target application in the visual restriction list in real time, specifically, whether the operation behavior of the logged target application of the user meets the pre-stored conventional operation of the user or not is detected. If the wind control management system detects that the terminal equipment logged in by the user has abnormal login or the user is used to have abnormal habit, the terminal equipment is judged to be risk terminal equipment, the terminal equipment information corresponding to the terminal equipment is used as risk terminal equipment information and sent to the gateway, the gateway carries out forced offline operation on the account of the logged target application in the risk terminal equipment information, and the target application is forbidden to be logged in through the risk terminal equipment corresponding to the risk terminal equipment information.
S14: and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
In step S14, the risk terminal device information may be a device ID, such as device UDID, or the like.
In this embodiment, if the wind control management system detects risk terminal device information, for example, abnormal login, or detects a change in use habit of a terminal device, the risk terminal device information with a risk is sent to the gateway, after the gateway receives the risk terminal device information sent by the wind control management system, the gateway queries corresponding device information by looking up a table, and restricts a user from logging in a target application through the risk terminal device corresponding to the risk terminal device information by changing an application state corresponding to the device information, so as to prevent user information from being leaked.
As an embodiment of the present application, if risk terminal device information sent by a wind control management system is received, performing a forced offline operation on an account of a logged-in target application in a risk terminal device corresponding to the risk terminal device information, and prohibiting the logged-in target application through the risk terminal device includes: matching risk terminal equipment from the updated visual restriction list according to the risk terminal equipment information; and performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information by adjusting the application control state information corresponding to the risk terminal equipment information in the updated visual restriction list, and forbidding the target application to be logged in through the risk terminal equipment.
In this embodiment, the wind control management system interfaces the gateway and the terminal device in the visual restriction list sent by the gateway, and after detecting that there is possible risk terminal device information in the visual restriction list, the terminal device information is sent to the gateway, the gateway matches the corresponding risk terminal device from the visual restriction list according to the received risk terminal device information, and the user is prohibited from logging in the target application through the risk terminal device corresponding to the risk terminal device information by adjusting the application control state information corresponding to the risk terminal device information in the visual restriction list, so as to protect the user information security.
As an embodiment of the present application, the adjusting the application control state information corresponding to the risk terminal device information in the updated visual restriction list to perform a forced offline operation on an account of a logged-in target application in the risk terminal device corresponding to the risk terminal device information, and prohibit logging in the target application through the risk terminal device includes: adjusting application control state information corresponding to the risk terminal equipment information in the updated visual restriction list to obtain adjusted application control state information; and responding to the adjusted application control state information, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the user to log in the target application through the risk terminal equipment.
In this embodiment, after matching the received risk terminal device information from the visual restriction list to the corresponding risk terminal device, the gateway adjusts the application control state corresponding to the terminal device information to a disabled state, so as to prohibit the user from logging in the target application through the risk terminal device. In an implementation manner, if the application control state corresponding to the detected risk device information is found to be disabled, the application control state is not processed. As an implementation manner, if it is detected that the detected risk terminal device information is continuously in the security state at present, the security terminal device information may be sent to the gateway, and the gateway readjusts the application control state corresponding to the terminal device information in the visual restriction list to be enabled, so that the terminal device can log in again when in use. Whether the terminal equipment can be used for logging in the application program can be controlled by manually modifying the enabling/disabling state of the terminal equipment information in the actual application scene.
In an actual application scenario, a list including account information and application control state information may also be configured in advance at the gateway to control a user to log in a target application, for example, to control a risk user to log in a bank system, or to prevent an addiction setting in a scenario such as a game. The user account information may be obtained from a token (token flag) generated after login is successful.
The embodiment of the application provides an application login control method, which is applied to a gateway, when a user logs in an application at a user terminal, the user can pass through the gateway, when the gateway receives a login request for logging in a target application for the first time, the gateway stores terminal equipment information carried in the login request into a preset visual menu list according to a preset table structure design strategy to generate a visual limit list, when a new login request is received, the visual limit list is updated based on the preset table structure design strategy and the new login request, then the updated visual limit list is sent to a wind control management system for risk detection, the wind control management system can carry out risk detection on risk operation of the user terminal equipment according to a preset risk monitoring strategy, if the risk equipment information is detected, the risk equipment information is sent to the gateway, and the gateway carries out login limit operation on the received risk equipment information, through configuring the visual login limiting list on the gateway and connecting the wind control system, when the gateway receives the risk equipment information, the user is prohibited from logging in through the equipment in time, and the user information is effectively prevented from being leaked.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In one embodiment, an application login control apparatus 300 is provided, which corresponds to the application login control method in the above-described embodiments one to one. As shown in fig. 3, the application login control device includes a table creation module 301, an update module 302, a detection module 303, and a control module 304. The functional modules are explained in detail as follows:
the table building module 301: the method comprises the steps that when a login request for logging in a target application is received for the first time, terminal equipment information carried by the login request is stored to a preset visual menu list according to a preset list structure design strategy, and a visual restriction list is obtained;
the update module 302: the visual restriction list is updated based on the preset list structure design strategy and the new login request when a new login request is received, so that an updated visual restriction list is obtained;
the detection module 303: the system is used for sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
the control module 304: and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
Wherein, the update module 302 includes:
and (5) analyzing a submodule: the terminal equipment is used for analyzing a new login request to obtain terminal equipment information when the new login request is received;
updating the submodule: and the terminal equipment information is stored in the visual restriction list according to a preset list structure design strategy to obtain an updated visual restriction list.
For specific limitations of the application login control device, reference may be made to the above limitations of the application login control method, which are not described herein again. The modules in the application login control device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a readable storage medium and an internal memory. The readable storage medium stores an operating system, computer readable instructions, and a database. The internal memory provides an environment for the operating system and execution of computer-readable instructions in the readable storage medium. The database of the computer device is used for storing data related to the application login control method. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer readable instructions, when executed by a processor, implement an application login control method. The readable storage media provided by the present embodiments include non-volatile readable storage media and volatile readable storage media.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer device comprises a processor, a memory, a network interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a readable storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer readable instructions. The internal memory provides an environment for the operating system and execution of computer-readable instructions in the readable storage medium. The network interface of the computer device is used for communicating with an external server through a network connection. The computer readable instructions, when executed by a processor, implement an application login control method. The readable storage media provided by the present embodiments include non-volatile readable storage media and volatile readable storage media.
In one embodiment, a computer device is provided, comprising a memory, a processor, and computer readable instructions stored on the memory and executable on the processor, the processor when executing the computer readable instructions implementing the steps of:
when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list;
when a new login request is received, updating the visual restriction list based on the preset table structure design strategy and the new login request to obtain an updated visual restriction list;
sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
In one embodiment, one or more computer-readable storage media having computer-readable instructions stored thereon are provided, the readable storage media provided by the present embodiments including non-volatile readable storage media and volatile readable storage media. The readable storage medium has stored thereon computer readable instructions which, when executed by one or more processors, perform the steps of:
when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual limit list;
when a new login request is received, updating the visual restriction list based on the preset list structure design strategy and the new login request to obtain an updated visual restriction list;
sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
It will be understood by those of ordinary skill in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware related to computer readable instructions, which may be stored in a non-volatile readable storage medium or a volatile readable storage medium, and when executed, the computer readable instructions may include processes of the above embodiments of the methods. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. An application login control method is applied to a gateway, and is characterized by comprising the following steps:
when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list;
when a new login request is received, updating the visual restriction list based on the preset table structure design strategy and the new login request to obtain an updated visual restriction list;
sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on an account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the logged target application from logging in through the risk terminal equipment.
2. The application login control method of claim 1, wherein the visual menu list comprises a terminal device menu list and an application state menu list;
when a login request for logging in a target application is received for the first time, storing terminal equipment information carried by the login request to a preset visual menu list according to a preset list structure design strategy to obtain a visual restriction list, wherein the visual restriction list comprises:
and correspondingly storing the terminal equipment information to the terminal equipment menu list according to a preset table structure design strategy, and storing the application control state information to the application state menu list corresponding to the terminal equipment information to obtain a visual application restriction list.
3. The application login control method according to claim 1, wherein when a new login request is received, updating the visualization restriction list based on the pre-set table structure design policy and the new login request to obtain an updated visualization restriction list, comprises:
when a new login request is received, analyzing the new login request to obtain terminal equipment information;
and storing the terminal equipment information to the visual restriction list according to a preset table structure design strategy to obtain an updated visual restriction list.
4. The application login control method of claim 3, wherein when receiving a new login request, parsing the new login request to obtain terminal device information comprises:
when a new login request is received, analyzing the login request to obtain an interface request entry parameter data;
and extracting the terminal equipment information from the interface request parameter data.
5. The application login control method according to claim 1, wherein if risk terminal device information sent by the wind control management system is received, performing a forced offline operation on an account of a logged-in target application in a risk terminal device corresponding to the risk terminal device information, and prohibiting the logging-in target application through the risk terminal device includes:
matching risk terminal equipment from the updated visual restriction list according to the risk terminal equipment information;
and performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information by adjusting the application control state information corresponding to the risk terminal equipment information in the updated visual restriction list, and forbidding the target application to be logged in through the risk terminal equipment.
6. The application login control method according to claim 5, wherein the step of performing a forced logoff operation on an account of a logged-in target application in a risk terminal device corresponding to the risk terminal device information by adjusting the application control state information corresponding to the risk terminal device information in the updated visual restriction list, and prohibiting the logging-in of the target application through the risk terminal device includes:
adjusting application control state information corresponding to the risk terminal equipment information in the updated visual restriction list to obtain adjusted application control state information;
and responding to the adjusted application control state information, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the user to log in the target application through the risk terminal equipment.
7. An application login control device, comprising:
a table building module: the method comprises the steps that when a login request for logging in a target application is received for the first time, terminal equipment information carried by the login request is stored to a preset visual menu list according to a preset list structure design strategy, and a visual restriction list is obtained;
an updating module: the visual restriction list is updated based on the preset list structure design strategy and the new login request when a new login request is received, so that an updated visual restriction list is obtained;
a detection module: the system is used for sending the updated visual restriction list to a wind control management system for risk detection; the wind control management system is used for carrying out risk detection on the risk operation of the user terminal according to a preset risk detection strategy;
a control module: and if the risk terminal equipment information sent by the wind control management system is received, performing forced offline operation on the account of the logged target application in the risk terminal equipment corresponding to the risk terminal equipment information, and forbidding the target application to be logged in through the risk terminal equipment.
8. The application login control device of claim 7, wherein the update module comprises:
and (5) analyzing a submodule: the terminal equipment is used for analyzing a new login request to obtain terminal equipment information when the new login request is received;
updating the submodule: and the terminal equipment information is stored in the visual restriction list according to a preset list structure design strategy to obtain an updated visual restriction list.
9. A computer device comprising a memory, a processor and computer readable instructions stored in the memory and executable on the processor, wherein the computer readable instructions when executed by the processor implement the application login control method of any one of claims 1-6.
10. One or more readable storage media storing computer readable instructions which, when executed by a processor, implement the application login control method of any one of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210139111.5A CN114462019A (en) | 2022-02-15 | 2022-02-15 | Application login control method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210139111.5A CN114462019A (en) | 2022-02-15 | 2022-02-15 | Application login control method and device, computer equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114462019A true CN114462019A (en) | 2022-05-10 |
Family
ID=81413791
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210139111.5A Pending CN114462019A (en) | 2022-02-15 | 2022-02-15 | Application login control method and device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114462019A (en) |
-
2022
- 2022-02-15 CN CN202210139111.5A patent/CN114462019A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7941838B2 (en) | Firewall control with multiple profiles | |
US10268474B2 (en) | Network slice selection in a mobile network | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
US11743296B2 (en) | Secure network device management in a telecommunications network | |
US9923924B2 (en) | Endpoint policy change | |
CN110377325B (en) | Interface configuration method, interface calling method, device, equipment and storage medium | |
US11163584B2 (en) | User device compliance-profile-based access to virtual sessions and select virtual session capabilities | |
CN115174269B (en) | Linux host network communication security protection method and device | |
US20200267146A1 (en) | Network analytics for network security enforcement | |
CN111464528A (en) | Network security protection method, system, computing device and storage medium | |
CN112016122A (en) | Webpage data processing method and device, computer equipment and storage medium | |
CN108494749B (en) | Method, device and equipment for disabling IP address and computer readable storage medium | |
CN109669785A (en) | Page sharing method, device, server and the storage medium of terminal applies | |
WO2023241366A1 (en) | Data processing method and system, and electronic device and computer-readable storage medium | |
CN107818260B (en) | Method and device for guaranteeing system safety | |
CN114462019A (en) | Application login control method and device, computer equipment and storage medium | |
CN108664805B (en) | Application program safety verification method and system | |
CN114244555B (en) | Security policy adjusting method | |
CN116049822A (en) | Application program supervision method, system, electronic device and storage medium | |
US20100146120A1 (en) | Caller-specific visibility masks for networking objects | |
WO2022243956A1 (en) | Method, mobile equipment, and system for vulnerability detection in a sim | |
US11757976B2 (en) | Unified application management for heterogeneous application delivery | |
CN109088854B (en) | Access method and device of shared application and readable storage medium | |
CN102156646B (en) | Feature library upgrading method and device thereof | |
KR101854996B1 (en) | SDN for preventing malicious application and Determination apparatus comprising the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |