CN115396154A - Access authentication method, device, electronic equipment and storage medium - Google Patents
Access authentication method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115396154A CN115396154A CN202210897432.1A CN202210897432A CN115396154A CN 115396154 A CN115396154 A CN 115396154A CN 202210897432 A CN202210897432 A CN 202210897432A CN 115396154 A CN115396154 A CN 115396154A
- Authority
- CN
- China
- Prior art keywords
- verification factor
- client
- workload
- server
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to an access authentication method, an access authentication device, electronic equipment and a storage medium, which are applied to the technical field of data processing, wherein the method comprises the following steps: acquiring an access request sent by a client; sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server; acquiring the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request. In order to solve the problem that in the prior art, when the interface is maliciously called, a mechanism of limiting the current or blocking an access list is adopted, a malicious user can carry out distributed attack, so that the occurrence of the condition can not be completely prevented; meanwhile, the current limiting mode may also bring inconvenience to the access of normal users.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to an access authentication method and apparatus, an electronic device, and a storage medium.
Background
In the existing authentication methods for various information systems, an account password mode is generally adopted, and after an authentication token is obtained, a user can smoothly access various information systems. Under the condition that all users have no malice, the information system can normally provide service to the outside. However, in a malicious user, the system may be damaged. For example, malicious calls to the same interface at high speed repeatedly consume valuable bandwidth and computing resources of the information system.
In the related art, when an interface is maliciously called, a mechanism of limiting current or blocking an access list is often adopted, but a malicious user in the manner can carry out distributed attack, so that the situation cannot be completely prevented; meanwhile, the current limiting method may also cause inconvenience to the access of normal users.
Disclosure of Invention
The application provides an access authentication method, an access authentication device, electronic equipment and a storage medium, which are used for solving the problem that in the prior art, when an interface is maliciously called, only a mechanism of limiting current or blocking an access list is often adopted, but a malicious user can carry out distributed attack in such a way, so that the situation cannot be completely prevented; meanwhile, the current limiting method may also bring inconvenience to the access of the normal user.
In a first aspect, an embodiment of the present application provides an access authentication method, including:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
Optionally, the verifying the verification factor and the workload certification parameter includes:
judging whether the verification factor exists locally;
if yes, judging whether the verification factor and the workload proof parameter are correct or not;
and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass verification.
Optionally, before sending the verification factor to the client, the method further includes:
and generating the verification factor, or acquiring the verification factor generated in advance.
Optionally, the generating the verification factor includes:
acquiring a workload difficulty coefficient and working parameters of the server;
generating a workload certification parameter based on the workload difficulty coefficient and the working parameter;
and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
Optionally, the method further includes:
determining a first access frequency based on the obtained access request;
and when the first access frequency is monitored to exceed a preset frequency threshold, increasing the workload difficulty coefficient and regenerating the verification factor.
Optionally, the method further includes:
determining a second access frequency of each client based on the access request of each client;
and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
Optionally, the server is a blockchain server, and the method further includes:
and cleaning the stored blocks at intervals of preset duration so as to enable the number of the blocks not to exceed a preset block threshold.
In a second aspect, an embodiment of the present application provides an access authentication method, which is applied to a client, and includes:
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
Optionally, the server is a blockchain server, and before sending the access request to the server, the method further includes:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
In a third aspect, an embodiment of the present application provides an access authentication system, including: a client and a server;
the client is used for sending an access request to the server;
the server is used for acquiring an access request sent by the client; sending a verification factor to the client;
the client is further used for obtaining a workload certification parameter based on the verification factor; sending the verification factor and the workload certification parameter to the server;
the server is further configured to obtain the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In a fourth aspect, an embodiment of the present application provides an access authentication apparatus, including:
the first acquisition module is used for acquiring an access request sent by a client;
the first sending module is used for sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
a second obtaining module, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module is used for verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In a fifth aspect, an embodiment of the present application provides an access authentication apparatus, including:
the second sending module is used for sending an access request to a server so that the server sends a verification factor to the client;
the calculation module is used for calculating to obtain a workload proving parameter based on the verification factor;
and the third sending module is used for sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
In a sixth aspect, an embodiment of the present application provides an electronic device, including: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory for storing a computer program;
the processor is configured to execute the program stored in the memory to implement the access authentication method according to the first aspect or the second aspect.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the access authentication method according to the first aspect or the second aspect is implemented.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages: according to the method provided by the embodiment of the application, the access request sent by the client is obtained; sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server; acquiring the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request. Therefore, after the client initiates an access request, the client is authenticated based on the verification factor, the verification factor is calculated through the client, and the access request is accepted after the calculation result passes the verification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a block diagram of an access authentication system according to an embodiment of the present application;
fig. 2 is a flowchart of an access authentication method according to an embodiment of the present application;
fig. 3 is a flowchart of an access authentication method according to another embodiment of the present application;
fig. 4 is a block diagram of an access authentication apparatus according to an embodiment of the present application;
fig. 5 is a block diagram of an access authentication apparatus according to another embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
An access authentication system is provided according to an embodiment of the present application. Alternatively, in the embodiment of the present application, the access authentication system may be applied to a hardware environment formed by the client 101 and the server 102 as shown in fig. 1. As shown in fig. 1, a server is connected to a client through a network, and may be configured to provide services (such as video services, application services, and the like) for the client, and a database may be configured at the server and configured to provide data storage services for the server, where the network includes, but is not limited to: wide area network, metropolitan area network or local area network, and the client is not limited to PC, mobile phone, tablet computer, etc.
The client is used for sending an access request to the server;
the server is used for acquiring an access request sent by the client; sending a verification factor to the client;
the client is further used for obtaining a workload certification parameter based on the verification factor; sending the verification factor and the workload certification parameter to the server;
the server is further configured to obtain the verification factor and the workload certification parameter sent by the client; and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
The embodiment of the application also provides an access authentication method, which can be executed by a server side or a client side.
Taking the access authentication method of the embodiment of the present application executed by the server as an example, fig. 2 is a schematic flowchart of an optional access authentication method according to the embodiment of the present application, and as shown in fig. 2, the flow of the method may include the following steps:
In some embodiments, the access request sent by the client may be an access request to a certain interface, a certain video, or to a certain information system, etc.
In some embodiments, the verification factor may be generated in advance and stored in the database, or may be generated after the server receives the access request. The verification factor may be generated according to a preset generation rule, so that after being sent to the client, the client may perform inverse operation based on the generation rule, thereby obtaining the workload certification parameter.
Generally, after the authentication factor is generated at the server, at least one standby authentication factor is generated based on the above manner. If the number of the standby verification factors exceeds the preset threshold value, the standby verification factors are not generated any more, so that the expansion speed of the verification factors can be limited, and the storage space is prevented from being excessively occupied.
In an optional embodiment, the generating the verification factor comprises:
acquiring a workload difficulty coefficient and working parameters of the server; generating a workload proof parameter based on the workload difficulty coefficient and the working parameter; and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
In some embodiments, the workload difficulty factor is used to characterize the difficulty of the computation of the workload proof parameter, and the greater the workload difficulty factor, the more difficult the computation of the workload proof parameter. The workload difficulty coefficient may be an initial value, and is increased subsequently according to the access behavior of the client. The initial value may be, but is not limited to, set to 1. Furthermore, the maximum value of the workload difficulty coefficient can be set, so that the common client is prevented from being too difficult to calculate.
In this embodiment, taking the server as the Block chain server as an example, the working parameter may be any Block in the Block chain i The transaction duration of (1) includes a longest transaction duration and a shortest transaction duration.
Illustratively, the workload certification parameter is z, the workload difficulty coefficient is P, and the operating parameter is the longest transaction duration R i And a minimum transaction duration L i For example, the generated verification factor may be a character string J generated based on the above parameters, J = z + Str + L i +R i + P, namely the character string J is obtained by splicing the parameters.
Str is random character generated by server, i is serial number of block in block chain, z is integer interval [ L i ×P,R i ×P]An internal random number.
Further, after performing hash operation based on the character string J, generating a verification factor H with the parameters, where H = hash (J) + Str + L i +R i +P。
The hash function may be any hash function, such as md 5.
Correspondingly, after the verification factor is sent to the client, the client performs inverse operation on the verification factor. Based on the above-described related examples, the validation factor H = hash (J) + Str + L i +R i + P when it is operatedDecomposing the verification factor according to the digit of the character occupied by each parameter to obtain hash (J), str, li, ri and P, and enabling the user side to determine that z in the hash (J) is [ L ] i ×P,R i ×P]Enumerating in the interval, and determining finally obtained z, namely the workload proving parameter. Enumerating z, substituting z into a calculation formula of J to perform hash operation, comparing the obtained hash result with hash (J), and determining corresponding z as a workload certification parameter calculated by the client when the two are consistent.
It is understood that, in the above-mentioned expressions of J and H, the order of the characters may be set based on actual conditions, or new characters may be set based on actual conditions. After the expressions of J and H are set, the position relation of the characters is stored, so that corresponding characters can be obtained through analysis based on the position relation in the subsequent operation.
In some embodiments, after the client calculates the workload certification parameter, both the workload certification parameter and the verification factor are sent to the server, so that the server verifies the workload certification parameter and the verification factor.
And 204, verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
In some embodiments, the security of the authentication process can be improved by verifying the verification factor and the workload proof parameter, and the situation that the client randomly generates the verification factor and the workload proof parameter and can also realize access is avoided. And after the verification is passed, the client side can access the server side, the access request is accepted, if the verification is not passed, the server side sends the verification factor to the client side again, and prompt information can be sent to the client side to give an alarm to the client side.
In an optional embodiment, the verifying the verification factor and the workload attestation parameters includes:
judging whether the verification factor exists locally; if yes, judging whether the verification factor and the workload proving parameter are correct or not; and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass the verification.
In some embodiments, it may be determined, but not limited to, whether the verification factor sent by the client exists in the server through the bloom filter. The bloom filter has the characteristics of high space efficiency and short query time, and can quickly judge the existence of the verification factor based on the bloom filter, so that a large amount of calculation of a system is avoided.
When the verification factor exists in the server, the correctness of the verification factor and the workload proof parameter can be further verified, whether the workload proof parameter corresponding to the verification factor sent by the client is consistent with the verification factor and the workload proof parameter stored in the server or not is judged, and when the workload proof parameter and the verification factor are consistent, the verification is determined to be passed.
In an optional embodiment, the parameter for generating the verification factor includes a workload difficulty coefficient, and the access authentication method further includes:
determining a first access frequency based on the obtained access request; and when the first access frequency is monitored to exceed a preset frequency threshold, increasing the workload difficulty coefficient and regenerating the verification factor.
When the access frequency is detected to be fast, the access quantity of the current server access interface is represented to be large, the verification factor is regenerated by improving the workload difficulty coefficient, so that the calculation quantity of the workload proving parameter calculated by the user side based on the verification factor is improved, and the purpose of increasing the cost of an attacker is achieved.
In an optional embodiment, the parameter for generating the verification factor includes a workload difficulty coefficient, and the access authentication method of the present application further includes:
determining a second access frequency of each client based on the access request of each client; and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
In some embodiments, when it is monitored that the access frequency of a certain client is high, the calculated amount of the client can be increased by increasing the workload difficulty coefficient of the client, so as to isolate a suspicious attacker, set a specific workload difficulty coefficient for the suspicious attacker, and increase the attack cost of the suspicious attacker.
In an optional embodiment, the server is a blockchain server, and the method further includes:
and cleaning the stored blocks at intervals of preset duration so as to enable the number of the blocks not to exceed a preset block threshold.
In some embodiments, many transactions occur in the blockchain server, and by cleaning the stored blocks, the storage pressure of the blockchain can be reduced, and at the same time, the randomness of the information on the blockchain is improved, so that the information is prevented from being predicted.
The access authentication method provides a new workload proving mode based on the block chain, and by increasing the calculation cost of an attacker or a malicious user, malicious access born by an information system is greatly relieved, and meanwhile, normal users are hardly influenced. Also, the blockchain based system can mark visitors for tracking processing. The access difficulty can be automatically or manually adjusted, the difficulty can be flexibly controlled, and the convenience of the authentication process is improved. The hash calculation causes the attack cost of the distributed attacker to be greatly increased, or even the distributed attacker cannot attack.
Based on the same concept, another access authentication method is provided in the embodiment of the present application, taking the case that the client executes the access authentication method in the embodiment of the present application as an example, the specific implementation of the method may refer to the description of the method embodiment, and repeated parts are not described again, as shown in fig. 3, the method mainly includes:
And step 302, calculating to obtain a workload certification parameter based on the verification factor.
In an optional embodiment, the server is a blockchain server, and before sending the access request to the server, the method further includes:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
In some embodiments, before accessing the server, the client needs to send a common transaction on the blockchain, the transaction content may be random, and after obtaining the transaction hash, the client needs to attach the transaction hash before initiating an access message each time. In this manner, random information may be provided for the blockchain. Further, the existence of the transaction hash is verified by the server side, so that the safety of the authentication process is improved.
Based on the same concept, an access authentication apparatus is provided in the embodiments of the present application, and specific implementation of the apparatus may refer to the description of the method embodiment, and repeated details are not repeated, as shown in fig. 4, the apparatus mainly includes:
a first obtaining module 401, configured to obtain an access request sent by a client;
a first sending module 402, configured to send a verification factor to the client, so that the client obtains a workload certification parameter based on the verification factor, and sends the verification factor and the workload certification parameter to the server;
a second obtaining module 403, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module 404 is configured to verify the verification factor and the workload certification parameter, and if the verification passes, accept the access request.
Based on the same concept, an access authentication apparatus is provided in the embodiments of the present application, and specific implementation of the apparatus may refer to the description of the method embodiment, and repeated details are not repeated, as shown in fig. 5, the apparatus mainly includes:
a second sending module 501, configured to send an access request to a server, so that the server sends a verification factor to the client;
a calculation module 502, configured to calculate a workload certification parameter based on the verification factor;
a third sending module 503, configured to send the verification factor and the workload certification parameter to the server, so that the server verifies the verification factor and the workload certification parameter, and accepts the access request after the verification is passed.
Based on the same concept, an embodiment of the present application further provides an electronic device, as shown in fig. 6, the electronic device mainly includes: a processor 601, a memory 602, and a communication bus 603, wherein the processor 601 and the memory 602 communicate with each other via the communication bus 603. Wherein, the memory 602 stores programs executable by the processor 601, and the processor 601 executes the programs stored in the memory 602 to realize the following steps:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed. Or the like, or, alternatively,
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server so that the server verifies the verification factor and the workload certification parameter and accepts the access request after the verification is passed.
The communication bus 603 mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus 603 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The Memory 602 may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Alternatively, the memory may be at least one storage device located remotely from the processor 601.
The Processor 601 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like, and may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic devices, discrete gates or transistor logic devices, and discrete hardware components.
In yet another embodiment of the present application, there is also provided a computer-readable storage medium having stored therein a computer program which, when run on a computer, causes the computer to execute the access authentication method described in the above embodiment.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The available media may be magnetic media (e.g., floppy disks, hard disks, tapes, etc.), optical media (e.g., DVDs), or semiconductor media (e.g., solid state drives), among others.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (12)
1. An access authentication method, applied to a server, includes:
acquiring an access request sent by a client;
sending a verification factor to the client so that the client calculates a workload certification parameter based on the verification factor and sends the verification factor and the workload certification parameter to the server;
acquiring the verification factor and the workload certification parameter sent by the client;
and verifying the verification factor and the workload certification parameter, and if the verification is passed, accepting the access request.
2. The access authentication method of claim 1, wherein said verifying the verification factor and the workload proof parameter comprises:
judging whether the verification factor exists locally;
if yes, judging whether the verification factor and the workload proof parameter are correct or not;
and if the verification factor is correct, determining that the verification factor and the workload proving parameter pass verification.
3. The access authentication method according to claim 1, wherein before sending the verification factor to the client, the method further comprises:
and generating the verification factor, or acquiring the verification factor generated in advance.
4. The access authentication method of claim 3, wherein the generating the verification factor comprises:
acquiring a workload difficulty coefficient and working parameters of the server;
generating a workload proof parameter based on the workload difficulty coefficient and the working parameter;
and calculating to obtain the verification factor based on the workload proving parameter, the workload difficulty coefficient and the working parameter.
5. The access authentication method of claim 4, wherein the method further comprises:
determining a first access frequency based on the obtained access request;
and when the first access frequency exceeds a preset frequency threshold value, increasing the workload difficulty coefficient and regenerating the verification factor.
6. The access authentication method of claim 4, further comprising:
determining a second access frequency of each client based on the access request of each client;
and when the second access frequency of the target client is higher than the access frequencies of other clients, increasing the workload difficulty coefficient, and generating a verification factor sent to the target client based on the increased workload difficulty coefficient.
7. The access authentication method of claim 1, wherein the server is a blockchain server, the method further comprising:
and cleaning the stored blocks at preset time intervals so that the number of the blocks does not exceed a preset block threshold value.
8. An access authentication method applied to a client includes:
sending an access request to a server so that the server sends a verification factor to the client;
calculating to obtain a workload proving parameter based on the verification factor;
and sending the verification factor and the workload certification parameter to the server, so that the server verifies the verification factor and the workload certification parameter, and accepts the access request after the verification is passed.
9. The access authentication method of claim 8, wherein the server is a blockchain server, and before sending the access request to the server, the method further comprises:
sending transaction information to a blockchain so that the blockchain generates a transaction hash and sends the transaction hash to the client;
the sending of the access request to the server includes:
and adding the transaction hash in the access request and then sending the transaction hash to the server so that the server verifies whether the transaction hash exists or not.
10. An access authentication apparatus, comprising:
the first acquisition module is used for acquiring an access request sent by a client;
the first sending module is used for sending a verification factor to the client so that the client can obtain a workload certification parameter based on the verification factor, and sending the verification factor and the workload certification parameter to the server;
a second obtaining module, configured to obtain the verification factor and the workload certification parameter sent by the client;
and the verification module is used for verifying the verification factor and the workload certification parameter, and accepting the access request if the verification is passed.
11. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory for storing a computer program;
the processor, executing a program stored in the memory, implements the access authentication method of any one of claims 1-7 or 8-9.
12. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the access authentication method according to any one of claims 1 to 7 or 8 to 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210897432.1A CN115396154A (en) | 2022-07-26 | 2022-07-26 | Access authentication method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210897432.1A CN115396154A (en) | 2022-07-26 | 2022-07-26 | Access authentication method, device, electronic equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115396154A true CN115396154A (en) | 2022-11-25 |
Family
ID=84116130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210897432.1A Pending CN115396154A (en) | 2022-07-26 | 2022-07-26 | Access authentication method, device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396154A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116389143A (en) * | 2023-04-20 | 2023-07-04 | 北京聚信得仁科技有限公司 | Method for relieving CC attack based on workload demonstration mechanism |
-
2022
- 2022-07-26 CN CN202210897432.1A patent/CN115396154A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116389143A (en) * | 2023-04-20 | 2023-07-04 | 北京聚信得仁科技有限公司 | Method for relieving CC attack based on workload demonstration mechanism |
CN116389143B (en) * | 2023-04-20 | 2024-01-30 | 北京聚信得仁科技有限公司 | Method for relieving CC attack based on workload demonstration mechanism |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2595511C2 (en) | System and method of trusted applications operation in the presence of suspicious applications | |
US8219496B2 (en) | Method of and apparatus for ascertaining the status of a data processing environment | |
US9531749B2 (en) | Prevention of query overloading in a server application | |
US20090031405A1 (en) | Authentication system and authentication method | |
CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
CN113841145A (en) | Lexus software in inhibit integration, isolation applications | |
CN112181541A (en) | Data processing method and device, electronic equipment and storage medium | |
CN110061987B (en) | Access access control method and device based on role and terminal credibility | |
CN110908786A (en) | Intelligent contract calling method, device and medium | |
RU2634174C1 (en) | System and method of bank transaction execution | |
CN102110200A (en) | Authentication method capable of being executed by computer | |
GB2511054A (en) | Protecting multi-factor authentication | |
US20220255926A1 (en) | Event-triggered reauthentication of at-risk and compromised systems and accounts | |
US20200084632A1 (en) | System and method for determining dangerousness of devices for a banking service | |
US20190325134A1 (en) | Neural network detection of malicious activity | |
CN110704820A (en) | Login processing method and device, electronic equipment and computer readable storage medium | |
CN114065162A (en) | Risk control method and device of business system and computer readable storage medium | |
CN113672897A (en) | Data communication method, device, electronic equipment and storage medium | |
CN110943840A (en) | Signature verification method and system | |
CN115396154A (en) | Access authentication method, device, electronic equipment and storage medium | |
CN111586013B (en) | Network intrusion detection method, device, node terminal and storage medium | |
CN110381114B (en) | Interface request parameter processing method and device, terminal equipment and medium | |
US11128639B2 (en) | Dynamic injection or modification of headers to provide intelligence | |
CN112434301A (en) | Risk assessment method and device | |
US8112639B2 (en) | Methods, systems and computer program products for detecting tampering of electronic equipment based on constrained time to obtain computational result |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |