CN115396154A - Access authentication method, device, electronic equipment and storage medium - Google Patents

Access authentication method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115396154A
CN115396154A CN202210897432.1A CN202210897432A CN115396154A CN 115396154 A CN115396154 A CN 115396154A CN 202210897432 A CN202210897432 A CN 202210897432A CN 115396154 A CN115396154 A CN 115396154A
Authority
CN
China
Prior art keywords
verification factor
client
workload
server
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210897432.1A
Other languages
Chinese (zh)
Inventor
匡立中
詹士潇
曾磊
邵羽
叶哲暠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Qulian Technology Co Ltd
Original Assignee
Hangzhou Qulian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Qulian Technology Co Ltd filed Critical Hangzhou Qulian Technology Co Ltd
Priority to CN202210897432.1A priority Critical patent/CN115396154A/en
Publication of CN115396154A publication Critical patent/CN115396154A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to an access authentication method, an access authentication device, electronic equipment and a storage medium, which are applied to the technical field of data processing, wherein the method comprises the following steps: acquiring an access request sent by a client; sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server; acquiring the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request. In order to solve the problem that in the prior art, when the interface is maliciously called, a mechanism of limiting the current or blocking an access list is adopted, a malicious user can carry out distributed attack, so that the occurrence of the condition can not be completely prevented; meanwhile, the current limiting mode may also bring inconvenience to the access of normal users.

Description

Access authentication method, device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data processing technologies, and in particular, to an access authentication method and apparatus, an electronic device, and a storage medium.
Background
In the existing authentication methods for various information systems, an account password mode is generally adopted, and after an authentication token is obtained, a user can smoothly access various information systems. Under the condition that all users have no malice, the information system can normally provide service to the outside. However, in a malicious user, the system may be damaged. For example, malicious calls to the same interface at high speed repeatedly consume valuable bandwidth and computing resources of the information system.
In the related art, when an interface is maliciously called, a mechanism of limiting current or blocking an access list is often adopted, but a malicious user in the manner can carry out distributed attack, so that the situation cannot be completely prevented; meanwhile, the current limiting method may also cause inconvenience to the access of normal users.
Disclosure of Invention
The application provides an access authentication method, an access authentication device, electronic equipment and a storage medium, which are used for solving the problem that in the prior art, when an interface is maliciously called, only a mechanism of limiting current or blocking an access list is often adopted, but a malicious user can carry out distributed attack in such a way, so that the situation cannot be completely prevented; meanwhile, the current limiting method may also bring inconvenience to the access of the normal user.
In a first aspect, an embodiment of the present application provides an access authentication method, including:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
Optionally, the verifying the verification factor and the workload certification parameter includes:
judging whether the verification factor exists locally;
if yes, judging whether the verification factor and the workload proof parameter are correct or not;
and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass verification.
Optionally, before sending the verification factor to the client, the method further includes:
and generating the verification factor, or acquiring the verification factor generated in advance.
Optionally, the generating the verification factor includes:
acquiring a workload difficulty coefficient and working parameters of the server;
generating a workload certification parameter based on the workload difficulty coefficient and the working parameter;
and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
Optionally, the method further includes:
determining a first access frequency based on the obtained access request;
and when the first access frequency is monitored to exceed a preset frequency threshold, increasing the workload difficulty coefficient and regenerating the verification factor.
Optionally, the method further includes:
determining a second access frequency of each client based on the access request of each client;
and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
Optionally, the server is a blockchain server, and the method further includes:
and cleaning the stored blocks at intervals of preset duration so as to enable the number of the blocks not to exceed a preset block threshold.
In a second aspect, an embodiment of the present application provides an access authentication method, which is applied to a client, and includes:
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
Optionally, the server is a blockchain server, and before sending the access request to the server, the method further includes:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
In a third aspect, an embodiment of the present application provides an access authentication system, including: a client and a server;
the client is used for sending an access request to the server;
the server is used for acquiring an access request sent by the client; sending a verification factor to the client;
the client is further used for obtaining a workload certification parameter based on the verification factor; sending the verification factor and the workload certification parameter to the server;
the server is further configured to obtain the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In a fourth aspect, an embodiment of the present application provides an access authentication apparatus, including:
the first acquisition module is used for acquiring an access request sent by a client;
the first sending module is used for sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
a second obtaining module, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module is used for verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In a fifth aspect, an embodiment of the present application provides an access authentication apparatus, including:
the second sending module is used for sending an access request to a server so that the server sends a verification factor to the client;
the calculation module is used for calculating to obtain a workload proving parameter based on the verification factor;
and the third sending module is used for sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
In a sixth aspect, an embodiment of the present application provides an electronic device, including: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory for storing a computer program;
the processor is configured to execute the program stored in the memory to implement the access authentication method according to the first aspect or the second aspect.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the access authentication method according to the first aspect or the second aspect is implemented.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages: according to the method provided by the embodiment of the application, the access request sent by the client is obtained; sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server; acquiring the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request. Therefore, after the client initiates an access request, the client is authenticated based on the verification factor, the verification factor is calculated through the client, and the access request is accepted after the calculation result passes the verification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a block diagram of an access authentication system according to an embodiment of the present application;
fig. 2 is a flowchart of an access authentication method according to an embodiment of the present application;
fig. 3 is a flowchart of an access authentication method according to another embodiment of the present application;
fig. 4 is a block diagram of an access authentication apparatus according to an embodiment of the present application;
fig. 5 is a block diagram of an access authentication apparatus according to another embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
An access authentication system is provided according to an embodiment of the present application. Alternatively, in the embodiment of the present application, the access authentication system may be applied to a hardware environment formed by the client 101 and the server 102 as shown in fig. 1. As shown in fig. 1, a server is connected to a client through a network, and may be configured to provide services (such as video services, application services, and the like) for the client, and a database may be configured at the server and configured to provide data storage services for the server, where the network includes, but is not limited to: wide area network, metropolitan area network or local area network, and the client is not limited to PC, mobile phone, tablet computer, etc.
The client is used for sending an access request to the server;
the server is used for acquiring an access request sent by the client; sending a verification factor to the client;
the client is further used for obtaining a workload certification parameter based on the verification factor; sending the verification factor and the workload certification parameter to the server;
the server is further configured to obtain the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
The embodiment of the application also provides an access authentication method, which can be executed by a server side or a client side.
Taking the access authentication method of the embodiment of the present application executed by the server as an example, fig. 2 is a schematic flowchart of an optional access authentication method according to the embodiment of the present application, and as shown in fig. 2, the flow of the method may include the following steps:
step 201, obtaining an access request sent by a client.
In some embodiments, the access request sent by the client may be an access request to a certain interface, a certain video, or to a certain information system, etc.
Step 202, sending a verification factor to the client, so that the client calculates to obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server.
In some embodiments, the verification factor may be generated in advance and stored in the database, or may be generated after the server receives the access request. The verification factor may be generated according to a preset generation rule, so that after being sent to the client, the client may perform inverse operation based on the generation rule, thereby obtaining the workload certification parameter.
Generally, after the authentication factor is generated at the server, at least one standby authentication factor is generated based on the above manner. If the number of the standby verification factors exceeds the preset threshold value, the standby verification factors are not generated any more, so that the expansion speed of the verification factors can be limited, and the storage space is prevented from being excessively occupied.
In an optional embodiment, the generating the verification factor comprises:
acquiring a workload difficulty coefficient and working parameters of the server; generating a workload proof parameter based on the workload difficulty coefficient and the working parameter; and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
In some embodiments, the workload difficulty factor is used to characterize the difficulty of the computation of the workload proof parameter, and the greater the workload difficulty factor, the more difficult the computation of the workload proof parameter. The workload difficulty coefficient may be an initial value, and is increased subsequently according to the access behavior of the client. The initial value may be, but is not limited to, set to 1. Furthermore, the maximum value of the workload difficulty coefficient can be set, so that the common client is prevented from being too difficult to calculate.
In this embodiment, taking the server as the Block chain server as an example, the working parameter may be any Block in the Block chain i The transaction duration of (1) includes a longest transaction duration and a shortest transaction duration.
Illustratively, the workload certification parameter is z, the workload difficulty coefficient is P, and the operating parameter is the longest transaction duration R i And a minimum transaction duration L i For example, the generated verification factor may be a character string J generated based on the above parameters, J = z + Str + L i +R i + P, namely the character string J is obtained by splicing the parameters.
Str is random character generated by server, i is serial number of block in block chain, z is integer interval [ L i ×P,R i ×P]An internal random number.
Further, after performing hash operation based on the character string J, generating a verification factor H with the parameters, where H = hash (J) + Str + L i +R i +P。
The hash function may be any hash function, such as md 5.
Correspondingly, after the verification factor is sent to the client, the client performs inverse operation on the verification factor. Based on the above-described related examples, the validation factor H = hash (J) + Str + L i +R i + P when it is operatedDecomposing the verification factor according to the digit of the character occupied by each parameter to obtain hash (J), str, li, ri and P, and enabling the user side to determine that z in the hash (J) is [ L ] i ×P,R i ×P]Enumerating in the interval, and determining finally obtained z, namely the workload proving parameter. Enumerating z, substituting z into a calculation formula of J to perform hash operation, comparing the obtained hash result with hash (J), and determining corresponding z as a workload certification parameter calculated by the client when the two are consistent.
It is understood that, in the above-mentioned expressions of J and H, the order of the characters may be set based on actual conditions, or new characters may be set based on actual conditions. After the expressions of J and H are set, the position relation of the characters is stored, so that corresponding characters can be obtained through analysis based on the position relation in the subsequent operation.
Step 203, obtaining the verification factor and the workload certification parameter sent by the client.
In some embodiments, after the client calculates the workload certification parameter, both the workload certification parameter and the verification factor are sent to the server, so that the server verifies the workload certification parameter and the verification factor.
And 204, verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In some embodiments, the security of the authentication process can be improved by verifying the verification factor and the workload proof parameter, and the situation that the client randomly generates the verification factor and the workload proof parameter and can also realize access is avoided. And after the verification is passed, the client side can access the server side, the access request is accepted, if the verification is not passed, the server side sends the verification factor to the client side again, and prompt information can be sent to the client side to give an alarm to the client side.
In an optional embodiment, the verifying the verification factor and the workload attestation parameters includes:
judging whether the verification factor exists locally; if yes, judging whether the verification factor and the workload proving parameter are correct or not; and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass the verification.
In some embodiments, it may be determined, but not limited to, whether the verification factor sent by the client exists in the server through the bloom filter. The bloom filter has the characteristics of high space efficiency and short query time, and can quickly judge the existence of the verification factor based on the bloom filter, so that a large amount of calculation of a system is avoided.
When the verification factor exists in the server, the correctness of the verification factor and the workload proof parameter can be further verified, whether the workload proof parameter corresponding to the verification factor sent by the client is consistent with the verification factor and the workload proof parameter stored in the server or not is judged, and when the workload proof parameter and the verification factor are consistent, the verification is determined to be passed.
In an optional embodiment, the parameter for generating the verification factor includes a workload difficulty coefficient, and the access authentication method further includes:
determining a first access frequency based on the obtained access request; and when the first access frequency is monitored to exceed a preset frequency threshold, increasing the workload difficulty coefficient and regenerating the verification factor.
When the access frequency is detected to be fast, the access quantity of the current server access interface is represented to be large, the verification factor is regenerated by improving the workload difficulty coefficient, so that the calculation quantity of the workload proving parameter calculated by the user side based on the verification factor is improved, and the purpose of increasing the cost of an attacker is achieved.
In an optional embodiment, the parameter for generating the verification factor includes a workload difficulty coefficient, and the access authentication method of the present application further includes:
determining a second access frequency of each client based on the access request of each client; and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
In some embodiments, when it is monitored that the access frequency of a certain client is high, the calculated amount of the client can be increased by increasing the workload difficulty coefficient of the client, so as to isolate a suspicious attacker, set a specific workload difficulty coefficient for the suspicious attacker, and increase the attack cost of the suspicious attacker.
In an optional embodiment, the server is a blockchain server, and the method further includes:
and cleaning the stored blocks at intervals of preset duration so as to enable the number of the blocks not to exceed a preset block threshold.
In some embodiments, many transactions occur in the blockchain server, and by cleaning the stored blocks, the storage pressure of the blockchain can be reduced, and at the same time, the randomness of the information on the blockchain is improved, so that the information is prevented from being predicted.
The access authentication method provides a new workload proving mode based on the block chain, and by increasing the calculation cost of an attacker or a malicious user, malicious access born by an information system is greatly relieved, and meanwhile, normal users are hardly influenced. Also, the blockchain based system can mark visitors for tracking processing. The access difficulty can be automatically or manually adjusted, the difficulty can be flexibly controlled, and the convenience of the authentication process is improved. The hash calculation causes the attack cost of the distributed attacker to be greatly increased, or even the distributed attacker cannot attack.
Based on the same concept, another access authentication method is provided in the embodiment of the present application, taking the case that the client executes the access authentication method in the embodiment of the present application as an example, the specific implementation of the method may refer to the description of the method embodiment, and repeated parts are not described again, as shown in fig. 3, the method mainly includes:
step 301, sending an access request to a server, so that the server sends a verification factor to the client.
And step 302, calculating to obtain a workload certification parameter based on the verification factor.
Step 303, sending the verification factor and the workload certification parameter to the server, so that the server verifies the verification factor and the workload certification parameter, and accepts the access request after the verification is passed.
In an optional embodiment, the server is a blockchain server, and before sending the access request to the server, the method further includes:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
In some embodiments, before accessing the server, the client needs to send a common transaction on the blockchain, the transaction content may be random, and after obtaining the transaction hash, the client needs to attach the transaction hash before initiating an access message each time. In this manner, random information may be provided for the blockchain. Further, the existence of the transaction hash is verified by the server side, so that the safety of the authentication process is improved.
Based on the same concept, an access authentication apparatus is provided in the embodiments of the present application, and specific implementation of the apparatus may refer to the description of the method embodiment, and repeated details are not repeated, as shown in fig. 4, the apparatus mainly includes:
a first obtaining module 401, configured to obtain an access request sent by a client;
a first sending module 402, configured to send a verification factor to the client, so that the client obtains a workload certification parameter based on the verification factor, and sends the verification factor and the workload certification parameter to the server;
a second obtaining module 403, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module 404 is configured to verify the verification factor and the workload certification parameter, and if the verification passes, accept the access request.
Based on the same concept, an access authentication apparatus is provided in the embodiments of the present application, and specific implementation of the apparatus may refer to the description of the method embodiment, and repeated details are not repeated, as shown in fig. 5, the apparatus mainly includes:
a second sending module 501, configured to send an access request to a server, so that the server sends a verification factor to the client;
a calculation module 502, configured to calculate a workload certification parameter based on the verification factor;
a third sending module 503, configured to send the verification factor and the workload certification parameter to the server, so that the server verifies the verification factor and the workload certification parameter, and accepts the access request after the verification is passed.
Based on the same concept, an embodiment of the present application further provides an electronic device, as shown in fig. 6, the electronic device mainly includes: a processor 601, a memory 602, and a communication bus 603, wherein the processor 601 and the memory 602 communicate with each other via the communication bus 603. Wherein, the memory 602 stores programs executable by the processor 601, and the processor 601 executes the programs stored in the memory 602 to realize the following steps:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed. Or the like, or, alternatively,
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
The communication bus 603 mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus 603 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The Memory 602 may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Alternatively, the memory may be at least one storage device located remotely from the processor 601.
The Processor 601 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like, and may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic devices, discrete gates or transistor logic devices, and discrete hardware components.
In yet another embodiment of the present application, there is also provided a computer-readable storage medium having stored therein a computer program which, when run on a computer, causes the computer to execute the access authentication method described in the above embodiment.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The available media may be magnetic media (e.g., floppy disks, hard disks, tapes, etc.), optical media (e.g., DVDs), or semiconductor media (e.g., solid state drives), among others.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (12)

1. An access authentication method, applied to a server, includes:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request.
2. The access authentication method of claim 1, wherein said verifying the verification factor and the workload proof parameter comprises:
judging whether the verification factor exists locally;
if yes, judging whether the verification factor and the workload proof parameter are correct or not;
and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass verification.
3. The access authentication method according to claim 1, wherein before sending the verification factor to the client, the method further comprises:
and generating the verification factor, or acquiring the verification factor generated in advance.
4. The access authentication method of claim 3, wherein the generating the verification factor comprises:
acquiring a workload difficulty coefficient and working parameters of the server;
generating a workload proof parameter based on the workload difficulty coefficient and the working parameter;
and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
5. The access authentication method of claim 4, wherein the method further comprises:
determining a first access frequency based on the obtained access request;
and when the first access frequency exceeds a preset frequency threshold value, increasing the workload difficulty coefficient and regenerating the verification factor.
6. The access authentication method of claim 4, further comprising:
determining a second access frequency of each client based on the access request of each client;
and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
7. The access authentication method of claim 1, wherein the server is a blockchain server, the method further comprising:
and cleaning the stored blocks at preset time intervals so that the number of the blocks does not exceed a preset block threshold value.
8. An access authentication method applied to a client includes:
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server, so that the server verifies the verification factor and the workload certification parameter, and accepts the access request after the verification is passed.
9. The access authentication method of claim 8, wherein the server is a blockchain server, and before sending the access request to the server, the method further comprises:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending of the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
10. An access authentication apparatus, comprising:
the first acquisition module is used for acquiring an access request sent by a client;
the first sending module is used for sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
a second obtaining module, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module is used for verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
11. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory for storing a computer program;
the processor, executing a program stored in the memory, implements the access authentication method of any one of claims 1-7 or 8-9.
12. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the access authentication method according to any one of claims 1 to 7 or 8 to 9.
CN202210897432.1A 2022-07-26 2022-07-26 Access authentication method, device, electronic equipment and storage medium Pending CN115396154A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210897432.1A CN115396154A (en) 2022-07-26 2022-07-26 Access authentication method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210897432.1A CN115396154A (en) 2022-07-26 2022-07-26 Access authentication method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115396154A true CN115396154A (en) 2022-11-25

Family

ID=84116130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210897432.1A Pending CN115396154A (en) 2022-07-26 2022-07-26 Access authentication method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115396154A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116389143A (en) * 2023-04-20 2023-07-04 北京聚信得仁科技有限公司 Method for relieving CC attack based on workload demonstration mechanism

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116389143A (en) * 2023-04-20 2023-07-04 北京聚信得仁科技有限公司 Method for relieving CC attack based on workload demonstration mechanism
CN116389143B (en) * 2023-04-20 2024-01-30 北京聚信得仁科技有限公司 Method for relieving CC attack based on workload demonstration mechanism

Similar Documents

Publication Publication Date Title
RU2595511C2 (en) System and method of trusted applications operation in the presence of suspicious applications
US8219496B2 (en) Method of and apparatus for ascertaining the status of a data processing environment
US9531749B2 (en) Prevention of query overloading in a server application
US20090031405A1 (en) Authentication system and authentication method
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
CN113841145A (en) Lexus software in inhibit integration, isolation applications
CN112181541A (en) Data processing method and device, electronic equipment and storage medium
CN110061987B (en) Access access control method and device based on role and terminal credibility
CN110908786A (en) Intelligent contract calling method, device and medium
RU2634174C1 (en) System and method of bank transaction execution
CN102110200A (en) Authentication method capable of being executed by computer
GB2511054A (en) Protecting multi-factor authentication
US20220255926A1 (en) Event-triggered reauthentication of at-risk and compromised systems and accounts
US20200084632A1 (en) System and method for determining dangerousness of devices for a banking service
US20190325134A1 (en) Neural network detection of malicious activity
CN110704820A (en) Login processing method and device, electronic equipment and computer readable storage medium
CN114065162A (en) Risk control method and device of business system and computer readable storage medium
CN113672897A (en) Data communication method, device, electronic equipment and storage medium
CN110943840A (en) Signature verification method and system
CN115396154A (en) Access authentication method, device, electronic equipment and storage medium
CN111586013B (en) Network intrusion detection method, device, node terminal and storage medium
CN110381114B (en) Interface request parameter processing method and device, terminal equipment and medium
US11128639B2 (en) Dynamic injection or modification of headers to provide intelligence
CN112434301A (en) Risk assessment method and device
US8112639B2 (en) Methods, systems and computer program products for detecting tampering of electronic equipment based on constrained time to obtain computational result

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination