CN116760646B

CN116760646B - Login processing method, login processing device, server and readable storage medium

Info

Publication number: CN116760646B
Application number: CN202311058725.1A
Authority: CN
Inventors: 申义亚
Original assignee: CITIC Consumer Finance Co Ltd
Current assignee: CITIC Consumer Finance Co Ltd
Priority date: 2023-08-22
Filing date: 2023-08-22
Publication date: 2023-10-31
Anticipated expiration: 2043-08-22
Also published as: CN116760646A

Abstract

The application discloses a login processing method, a login processing device, a server and a readable storage medium. The method comprises the following steps: receiving a login request sent by a client; receiving risk index information sent by a client, wherein the risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information; determining a risk level of the login user based on the risk index information; determining a corresponding decision result according to the risk level, wherein the decision result comprises a result of whether login is allowed or not and a security verification mode which needs to be executed under the condition of allowing the login; and sending prompt information generated based on the decision result to the client. Based on the technical scheme disclosed by the application, the security of the account can be improved.

Description

Login processing method, login processing device, server and readable storage medium

Technical Field

The application belongs to the technical field of internet security, and particularly relates to a login processing method, a login processing device, a server and a readable storage medium.

Background

Logging in is a common internet operation. Typically, a user submits a user name (i.e., account name) and password to a server, which verifies the received user name and password and, if verified, allows the user to log in. If the user binds the account number with the mobile phone number in advance, the user can log in by submitting the mobile phone number and the mobile phone verification code. However, both the account number and the password, and the mobile phone number and the mobile phone verification code are easy to be obtained illegally, so that the security of the account is poor.

Disclosure of Invention

In view of the above, an object of the present application is to provide a login processing method, a login processing device, a server and a readable storage medium, so as to improve the security of an account.

In order to achieve the above purpose, the present application provides the following technical solutions:

in a first aspect, the present application provides a login processing method, applied to a server, the method including:

receiving a login request sent by a client;

receiving risk index information sent by the client, wherein the risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information;

determining the risk level of the login user based on the risk index information;

determining a corresponding decision result according to the risk level, wherein the decision result comprises a result of whether login is allowed or not and a security verification mode which needs to be executed under the condition of allowing the login;

and sending prompt information generated based on the decision result to the client.

Optionally, the determining the risk level of the login user based on the risk index information includes:

determining whether the login device is a simulator or not based on the simulation device indication information;

And if the login equipment is a simulator, determining that the risk level of the login user is a first level.

Optionally, the determining the risk level of the login user based on the risk index information further includes:

determining, if the login device is not a simulator, whether the login device is to perform at least one intrusion operation based on the intrusion operation indication information;

determining a risk level of the login user as the first level if the login device is subjected to at least one intrusion operation;

the intrusion operations for the login device include brushing, proxy, reflection, multi-running, code injection and implantation of framework services.

if the login device is not subjected to intrusion operation, acquiring device identification historical information corresponding to a login account, wherein the device identification historical information is: the equipment identification information contained in the risk index information received in the first historical time period;

comparing target equipment identification information with the equipment identification history information, wherein the target equipment identification information is equipment identification information contained in the risk index information received at this time;

And if the target equipment identification information is different from any group of equipment identification historical information, determining the risk level of the login user as a second level.

if the target equipment identification information is the same as at least one group of equipment identification historical information, historical login position information corresponding to the login account is obtained, wherein the historical login position information is: login position information contained in the risk index information received in the second historical time period;

comparing target login position information with the historical login position information, wherein the target login position information is login position information contained in the risk index information received at the present time;

and if the target login position information is different from the historical login position information, determining that the risk level of the login user is a third level.

if the target login position information is the same as at least one historical login position information, acquiring equipment hardware historical information corresponding to the login account, wherein the equipment hardware historical information is: the equipment hardware information contained in the risk index information received in the third historical time period;

Comparing the target equipment hardware information with the equipment hardware history information, wherein the target equipment hardware information is equipment hardware information contained in the risk index information received at this time;

and if the target equipment hardware information is different from any group of equipment hardware history information, determining the risk level of the login user as a fourth level.

if the target device hardware information is the same as at least one group of device hardware history information, acquiring user identification card history information corresponding to the login account, wherein the user identification card history information is: user identification card information contained in the risk index information received in the fourth history period;

comparing target user identification card information with the user identification card history information, wherein the target user identification card information is user identification card information contained in the risk index information received at this time;

if the target user identification card information is different from any group of user identification card history information, determining that the risk level of the login user is a fifth level; and if the target user identification card information is the same as at least one group of user identification card history information, determining that the risk level of the login user is safe.

In a second aspect, the present application provides a login processing device applied to a server, the login processing device including:

the login request receiving module is used for receiving a login request sent by the client;

the risk index information receiving module is used for receiving risk index information sent by the client, wherein the risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information;

the risk level determining module is used for determining the risk level of the login user based on the risk index information;

the decision module is used for determining a corresponding decision result according to the risk level, wherein the decision result comprises a result of whether login is allowed or not and a security verification mode which needs to be executed under the condition of allowing the login;

and the output module is used for sending prompt information generated based on the decision result to the client.

In a third aspect, the present application provides a server comprising a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the program to implement each step of any one of the login processing methods described above.

In a fourth aspect, the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any one of the above-described login processing methods.

Therefore, the application has the beneficial effects that:

according to the login processing method disclosed by the application, a server receives a login request and risk index information (the risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information) sent by a client, determines the risk level of a login user based on the risk index information, determines a corresponding decision result (comprising a result of whether login is allowed or not and a security verification mode required to be executed under the condition of allowing login) according to the risk level, and sends prompt information generated based on the decision result to the client. It can be seen that, in the login processing method disclosed by the application, the basis used for determining the risk level of the login user comprises information of multiple dimensions, that is, whether the login device is a virtual device, whether the login device is subjected to intrusion operation, the stability of the login device, the stability of the login position and the stability of the user identification card are comprehensively considered to determine the risk level of the login user, so that whether to allow login and the security verification mode required to be executed under the condition of allowing login are determined according to the risk level of the login user, and the security of the account is improved. In addition, based on the login processing method disclosed by the application, the security verification mode required to be executed by the login user is matched with the risk level of the login user, and the following situations can be avoided by reasonably configuring the security verification modes corresponding to the risk levels: the risk of the login user is small, but the login user is required to execute a complex security verification mode; the risk of logging in the user is larger, but the user is instructed to execute a looser security verification mode, so that the security of the account is reduced.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a login processing method disclosed in the present application;

FIG. 2 is a schematic diagram of a login processing device according to the present application;

fig. 3 is a hardware configuration diagram of a server according to the present disclosure.

Detailed Description

The application discloses a login processing method, a login processing device, a server and a readable storage medium, so as to improve the security of an account.

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

Referring to fig. 1, fig. 1 is a flowchart of a login processing method disclosed in the present application, which is executed by a server and includes steps S1 to S5.

S1: and receiving a login request sent by the client.

The login request sent by the client at least carries a login account. The login account may be a user name registered by the user in the server, a mobile phone number of the user, an email address of the user, and an identity of the user (such as an identity card number of the user).

S2: and receiving the risk index information sent by the client.

The risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information.

Optionally, the client is configured to: after a login request is sent to the server, risk index information is automatically sent to the server.

Optionally, after receiving the login request sent by the client, the server sends an information reporting instruction to the client, so that the client sends risk indicator information to the server.

Optionally, after the client acquires the risk index information, the risk index information is encrypted, and the encrypted risk index information is sent to the server, so that the data is prevented from being tampered in the transmission process. Correspondingly, the server receives the data sent by the client and decrypts the data, so that risk index information is obtained.

As an optional implementation manner, the scheme for sending the risk indicator information by the client includes:

first, the client generates field data for each type of information collected, respectively. Wherein the field data includes a field name and a field value. Optionally, a separator is set between the field name and the field value (e.g., separator is "=").

Secondly, the client orders the field data according to a preset order. For example, the respective field data are sorted in ascending order of the first letter of the field name.

Third, the client adds a separator (e.g., separator "≡") between any two adjacent field data to form a field data sequence.

Fourth, the client generates a signature based on a preset digest algorithm.

The aforementioned field data sequence is encrypted using, for example, an SM3 encryption algorithm (which is a hash algorithm) to generate a signature. For example, the identification field data of the application is added at the tail (or other positions, such as the head) of the field data sequence to form the target data, and the target data is encrypted by using the SM3 encryption algorithm to generate the signature. Wherein, the identification of the application can adopt the package name of the application.

Fifth, the client sends a message to the server, where the message carries the field data sequence and the signature, and a separator (for example, the separator is "&") is set between the field data sequence and the signature.

Correspondingly, the server receives the message sent by the client, analyzes the field data sequence and the signature carried in the message, performs data integrity verification based on the signature, and if the data integrity verification is passed, executes the subsequent step of determining the risk level of the login user based on the risk index information.

Wherein, if the client encrypts the field data sequence by using SM3 encryption algorithm to generate a signature, the server performs integrity verification according to the following scheme: and encrypting the field data sequence obtained by analysis by using an SM3 encryption algorithm to obtain a signature, if the signature is the same as the signature obtained by analysis, determining that the integrity verification is passed, and if the signature is different from the signature obtained by analysis, determining that the integrity verification is not passed.

If the client encrypts the target data composed of the field data sequence and the identification field data of the application by using the SM3 encryption algorithm to obtain a signature, the server performs integrity verification according to the scheme that: and encrypting the field data sequence obtained by analysis and the identification field data of the application by using an SM3 encryption algorithm to obtain a signature, if the signature is the same as the signature obtained by analysis, determining that the integrity verification is passed, and if the signature is different from the signature obtained by analysis, determining that the integrity verification is not passed.

S3: and determining the risk level of the login user based on the risk index information.

S4: and determining a corresponding decision result according to the risk level, wherein the decision result comprises a result of whether login is allowed or not and a security verification mode which needs to be executed under the condition of allowing the login.

That is, the decision result determined by the server based on the risk level of the login user may be that login is refused or allowed, and in the case that login is allowed, the security verification manner that the login user needs to execute needs to be determined.

In implementation, the corresponding relation between each risk level and the decision result is constructed in advance. After determining the risk level of the login user, the server can quickly determine a corresponding decision result based on the corresponding relation.

S5: and sending prompt information generated based on the decision result to the client.

The server generates prompt information based on the decision result and sends the prompt information to the client to prompt whether the login user allows login or not and the security verification mode to be executed under the condition that the login is allowed.

According to the login processing method disclosed by the application, a server receives a login request and risk index information (the risk index information comprises simulation equipment indication information, intrusion operation indication information, equipment identification information, login position information, equipment hardware information and user identification card information) sent by a client, determines the risk level of a login user based on the risk index information, determines a corresponding decision result (comprising a result of whether login is allowed or not and a security verification mode required to be executed under the condition of allowing login) according to the risk level, and sends prompt information generated based on the decision result to the client. It can be seen that, in the login processing method disclosed by the application, the basis used for determining the risk level of the login user comprises information of multiple dimensions, that is, whether the login device is a virtual device, whether the login device is subjected to intrusion operation, the stability of the login device, the stability of the login position and the stability of the user identification card are comprehensively considered to determine the risk level of the login user, so that whether to allow login and the security verification mode required to be executed under the condition of allowing login are determined according to the risk level of the login user, and the security of the account is improved.

In addition, based on the login processing method disclosed by the application, the security verification mode required to be executed by the login user is matched with the risk level of the login user, and the following situations can be avoided by reasonably configuring the security verification modes corresponding to the risk levels: the risk of the login user is small, but the login user is required to execute a complex security verification mode; the risk of logging in the user is larger, but the user is instructed to execute a looser security verification mode, so that the security of the account is reduced.

In another embodiment of the present application, an introduction is focused on a solution where a server determines a risk level of a logged-in user based on risk indicator information.

The server determines the risk level of the login user based on the risk index information, and the method comprises the following steps:

determining whether the login device is a simulator based on the simulation device indication information;

if the login device is a simulator, determining that the risk level of the login user is a first level.

In the application, the client is technically modified to have the function of detecting whether the equipment (namely the login equipment) is the virtual equipment or not. Optionally, a code for detecting whether the device where the client is located is a virtual device is added to the code of the client. The server determines whether the login device is a simulator based on the simulation device indication information included in the risk index information, and if it is determined that the login device is a simulator, determines the risk level of the login user as a first level. The decision result corresponding to the first level is: the login is denied.

Optionally, the analog device indication information is in the form of field data. For example: is_emulgator=1, indicating that the login device is a simulator, is_emulgator=0, indicating that the login device is not a simulator.

Optionally, the method for determining the risk level of the login user based on the risk index information further includes:

if the login device is not a simulator, determining whether the login device is subjected to at least one intrusion operation based on the intrusion operation indication information;

if the login device is subjected to at least one intrusion operation, determining that the risk level of the login user is a first level.

The intrusion operations for the login device include brushing, proxy, reflection, multi-running, code injection and implantation of framework services. The aforementioned intrusion operations present a significant risk. For example: the login equipment is refreshed, so that the user data can be leaked, and a large risk exists; the login device is subjected to proxy operation, and the risk that data sent by a client are intercepted and tampered possibly occurs; the login device is subjected to a reflection operation, which may cause the user operation behavior to be monitored; the login equipment is operated in a multi-opening mode, so that potential safety hazards exist in application data; the login equipment is injected with the executed code, so that the application cannot normally run; the login device is implanted into the framework service, and the problem that information is tampered with by the framework service may occur.

In the application, the client is technically modified to have the function of detecting whether the equipment in which the client is positioned is invaded or not. Optionally, a code for detecting whether the device where the client is located is executed by the intrusion operation is added in the code of the client. The server determines whether the login device is subjected to the intrusion operation based on the intrusion operation indication information included in the risk index information, and if it is determined that the login device is subjected to at least one intrusion operation, determines the risk level of the login user as a first level.

Optionally, the intrusion operation indication information is in the form of field data. For example: is_root=1, indicating that the login device is performing a brushing operation, is_root=0, indicating that the login device is not performing a brushing operation; is_proxy=1, indicating that the login device is performing a proxy operation, is_proxy=0, indicating that the login device is not performing a proxy operation; is_hook=1, indicating that the login device is performing a reflection operation, is_hook=0, indicating that the login device is not performing a reflection operation; is_nature=1, indicating that the login device is performing multi-open operation, is_nature=0, indicating that the login device is not performing multi-open operation; is_object=1, indicating that the login device is injected with code, is_object=0, indicating that the login device is not injected with code; is_xposed=1, indicating that the login device is being implanted in the framework service, is_xposed=0, indicating that the login device is not being implanted in the framework service.

if the login equipment is not subjected to the intrusion operation, acquiring equipment identification history information corresponding to the login account;

comparing the target device identification information with the device identification history information;

and if the target equipment identification information is different from any group of equipment identification historical information, determining that the risk level of the login user is a second level.

Wherein, the equipment identification history information is: and the equipment identification information contained in the risk index information received in the first historical time period. The first historical time period is a time period before the risk indicator information is received this time, for example, one week before the risk indicator information is received this time, of course, this is just one example. The target equipment identification information is the equipment identification information contained in the risk index information received at this time. It should be noted that, the risk indicator information received this time may be understood as the risk indicator information received last time.

It should be noted that, both the terminal installed with the android system and the terminal installed with the IOS system have mac addresses, and the mac addresses have uniqueness. In addition, the android system-installed terminal also has an android id (android system identification) and an IMEI (International Mobile Equipment Identity ), and the android id and the IMEI have uniqueness. In addition, terminals manufactured by some manufacturers and installed with android systems also have OAIDs (Open Advertising Identity Document, advertisement identifier, which is a non-permanent device identifier), and OAIDs are unique. Based on this, the device identification information in the present application contains at least mac address, and on this basis, may also contain one or more of AndroidID, IMEI and OAID.

The server compares the equipment identification information contained in the risk index information received at this time with the equipment identification information contained in the risk index information received in the first historical time period, and if the equipment identification information at this time is different from the equipment identification information of each group received in the first historical time period, the risk level of the login user is determined to be the second level. It should be noted that, the device identification information included in one piece of risk indicator information is regarded as a set of device identification information.

Optionally, the decision result corresponding to the second level is: the login is allowed, and security verification modes to be executed include face verification and problem confirmation. Accordingly, the login user needs to perform face verification or problem confirmation at the client.

if the target equipment identification information is the same as at least one group of equipment identification historical information, historical login position information corresponding to a login account is obtained;

comparing the target login position information with the historical login position information;

Wherein, the historical login location information is: and login position information contained in the risk index information received in the second history period. The second historical time period is a time period prior to the present receipt of the risk indicator information, for example, five days prior to the present receipt of the risk indicator information, although this is merely one example. The target login position information is login position information contained in the risk index information received at the present time;

the client needs to have authority to read the device location information. In practice, the login location information may be GPS location information, and of course, other manners may be used to determine the location of the login device.

The server compares the login position information contained in the risk index information received at this time with the login position information contained in the risk index information received in the second historical time period, and if the login position information at this time is different from the login position information received in the second historical time period, the risk level of the login user is determined to be a third level.

Optionally, the decision result corresponding to the third level is: the login is allowed, and security verification modes to be executed include fingerprint verification, face recognition and secure mailbox verification. Accordingly, the login user needs to perform fingerprint authentication, facial recognition, or secure mailbox authentication at the client.

if the target login position information is the same as at least one historical login position information, acquiring equipment hardware historical information corresponding to a login account;

comparing the target device hardware information with the device hardware history information;

and if the target device hardware information is different from any group of device hardware history information, determining that the risk level of the login user is a fourth level.

Wherein, the equipment hardware history information is: and receiving the equipment hardware information contained in the risk index information in the third historical time period. The third historical time period is a time period before the risk indicator information is received this time, for example, ten days before the risk indicator information is received this time, of course, this is just one example. The target device hardware information is the device hardware information contained in the risk index information received at this time.

The device hardware information in the present application includes at least device vendor information (field name may be device_brand) and device model information (field name may be device_model). Optionally, the device hardware information further includes one or more of the following information: CPU model (field name may be CPU info), system version number (field name may be os_version), system language (field name may be os_language), and device name (field name may be device).

And the server compares the equipment hardware information contained in the risk index information received at the time with the equipment hardware information contained in the risk index information received in the third historical time period, and if the equipment hardware information at the time is different from the equipment hardware information of each group received in the third historical time period, the risk level of the login user is determined to be a fourth level. It should be noted that, the device hardware information included in one piece of risk indicator information is regarded as a set of device hardware information.

Optionally, the decision result corresponding to the fourth level is: login is allowed, and the security verification mode to be executed includes gesture password. Accordingly, the login user needs to perform gesture password verification on the client.

if the target equipment hardware information is the same as at least one group of equipment hardware history information, acquiring user identification card history information corresponding to the login account;

comparing the target user identification card information with the user identification card history information;

if the target user identification card information is different from any group of user identification card history information, determining that the risk level of the login user is a fifth level;

And if the target user identification card information is the same as at least one group of user identification card history information, determining that the risk level of the login user is safe.

The history information of the user identification card is as follows: user identification card information contained in the risk index information received in the fourth history period. The fourth historical time period is a time period before the risk indicator information is received this time, for example, five days before the risk indicator information is received this time, of course, this is just one example. The target user identification card information is the user identification card information contained in the risk index information received at this time.

The subscriber identity card information in the present application includes at least the serial number of the subscriber identity card. Optionally, the subscriber identity card information further includes one or more of the following: the identity of the operator of the subscriber identity card, the name of the operator of the subscriber identity card, the country to which the subscriber identity card belongs and the IMSI (International Mobile Subscriber Identity ).

The server compares the user identification card information contained in the risk index information received at this time with the user identification card information contained in the risk index information received in the fourth historical time period, and if the user identification card information at this time is different from the user identification card information of each group received in the fourth historical time period, the risk level of the login user is determined to be a fifth level. If the user identification card information of this time is the same as at least one group of user identification card information received in the fourth historical time period, determining that the risk level of the login user is safe. It should be noted that, the subscriber identity card information included in the piece of risk indicator information is regarded as a set of subscriber identity card information.

Optionally, the decision result corresponding to the fifth level is: the user is authorized. Accordingly, the login user needs to perform a user authorization operation at the client.

It should be noted that, in the present application, the risk of the accounts characterized by the first to fifth levels is reduced one by one.

According to the scheme for determining the risk level of the login user based on the risk index information, disclosed by the application, the influence degree of the risk represented by the simulated equipment indication information, the intrusion operation indication information, the equipment identification information, the login position information, the equipment hardware information and the user identification card information on account safety is referred to, and the sequence (i.e. the priority) of using the 6 types of data is set, so that the operation amount can be reduced on the premise of ensuring that the risk level of the login user is accurately determined.

In the above scheme for determining the risk level of the login user, the following scheme may be adopted to compare whether the two pieces of information are identical: and calculating the similarity of the strings of the two pieces of information, if the similarity of the strings of the two pieces of information is 1, determining that the two pieces of information are identical, and if the similarity of the strings of the two pieces of information is less than 1, determining that the two pieces of information are different.

Wherein the character string similarity is also called an edit distance, which is used to calculate the minimum number of insert operations, delete operations, and replace operations required to convert from an original character string to a target character string, the fewer the number of required execution operations, indicating that the two character strings are more similar.

In another embodiment of the present application, further comprising:

under the condition that the risk level of the login user is determined to be safe, if the number of times of inputting the wrong login credentials by the user reaches a preset number of times threshold in a preset time period, freezing the login account. The login credentials comprise a password and a mobile phone verification code. Optionally, the method further comprises: and thawing the login account after the freezing time of the login account reaches a preset time threshold.

For example, if the number of times the login user entered the wrong password reaches 5 times within 1 hour, the login account is frozen. After the freezing time of the login account reaches 24 hours, the login account is thawed.

Various security verification approaches in the present application are described herein.

User authorization: the server sends a prompt to the old device of the user to allow the new device to be authorized to log in to the account. For example, the user has two devices, namely an a device and a B device, respectively, the a device is successfully logged in, if the user sends a login request to the server through the new device B, at this time, the server sends a prompt message to the a device whether to authorize the login account of the B device, and the user can perform a login permission operation or a login rejection operation on the a device.

Gesture password: and comparing the gesture password input by the user with a preset gesture password so as to determine whether the user is allowed to log in.

Secure mailbox verification: and judging whether the mailbox verification code input by the user is correct or not, so as to determine whether the user is allowed to log in or not.

Fingerprint verification: and checking whether the fingerprint of the current user is matched with the preset fingerprint or not, so as to determine whether the user is allowed to log in or not.

Face recognition: and checking whether the face of the current user is matched with preset face information, so as to determine whether the user is allowed to log in.

Problem confirmation: the server sends a verification question to the client, the client outputs the verification question, the user inputs a corresponding answer, and whether the user can continue to log in or not is determined based on the answer input by the user. For example, the year of the user inputting the registration account or the province where the user inputs the registration account is prompted, so as to determine whether the user can continue to log in.

Face nuclear body: the registered user is face-authenticated by the country-related department to determine whether the current user is an account holder.

Refusing login: the login operation of the user is refused.

The application discloses a login processing method applied to a server, and correspondingly, the application also discloses a login processing device applied to the server, and the description of the login processing device can be referred to each other in the specification.

Referring to fig. 2, fig. 2 is a schematic structural diagram of a login processing device according to the present application. The login processing device comprises:

a login request receiving module 10, configured to receive a login request sent by a client;

the risk indicator information receiving module 20 is configured to receive risk indicator information sent by the client, where the risk indicator information includes analog device indication information, intrusion operation indication information, device identification information, login location information, device hardware information, and user identification card information;

a risk level determining module 30, configured to determine a risk level of the logged-in user based on the risk indicator information;

the decision module 40 is configured to determine a corresponding decision result according to the risk level, where the decision result includes a result of whether to allow login and a security verification mode that needs to be executed under the condition of allowing login;

and the output module 50 is used for sending prompt information generated based on the decision result to the client.

According to the login processing method disclosed by the application, the basis used by the risk level of the login user is determined, wherein the basis comprises information of multiple dimensions, namely, whether the login device is a virtual device, whether the login device is subjected to intrusion operation, the stability of the login device, the stability of the login position and the stability of user identification are comprehensively considered, so that the risk level of the login user is determined, whether login is allowed or not is further determined according to the risk level of the login user, and a security verification mode which is required to be executed under the condition of allowing the login is further determined, and therefore the security of an account is improved. In addition, the security verification mode to be executed by the login user is matched with the risk level of the login user, and the following situations can be avoided by reasonably configuring the security verification mode corresponding to each risk level: the risk of the login user is small, but the login user is required to execute a complex security verification mode; the risk of logging in the user is larger, but the user is instructed to execute a looser security verification mode, so that the security of the account is reduced.

Optionally, the risk level determination module 30 includes a first processing unit.

The first processing unit is used for: determining whether the login device is a simulator based on the simulation device indication information; if the login device is a simulator, determining that the risk level of the login user is a first level.

Optionally, the risk level determination module 30 further comprises a second processing unit.

The second processing unit is used for: determining, in a case where the first processing unit determines that the login device is not a simulator, whether the login device is to perform at least one intrusion operation based on the intrusion operation indication information; if the login device is subjected to at least one intrusion operation, determining that the risk level of the login user is a first level; the intrusion operations for the login device include brushing, proxy, reflection, multi-running, code injection and implantation of framework services.

Optionally, the risk level determination module 30 further comprises a third processing unit.

The third processing unit is used for: under the condition that the second processing unit determines that the login equipment is not subjected to intrusion operation, acquiring equipment identification history information corresponding to the login account, wherein the equipment identification history information is as follows: the equipment identification information contained in the risk index information received in the first historical time period; comparing the target equipment identification information with the equipment identification history information, wherein the target equipment identification information is the equipment identification information contained in the risk index information received at this time; and if the target equipment identification information is different from any group of equipment identification historical information, determining that the risk level of the login user is a second level.

Optionally, the risk level determination module 30 further comprises a fourth processing unit.

The fourth processing unit is used for: and under the condition that the third processing unit determines that the target equipment identification information is the same as at least one group of equipment identification historical information, acquiring historical login position information corresponding to the login account, wherein the historical login position information is as follows: login position information contained in the risk index information received in the second historical time period; comparing the target login position information with the historical login position information, wherein the target login position information is login position information contained in the risk index information received at the present time; and if the target login position information is different from the historical login position information, determining that the risk level of the login user is a third level.

Optionally, the risk level determination module 30 further includes a fifth processing unit.

The fifth processing unit is used for: when the fourth processing unit determines that the target login position information is the same as at least one historical login position information, acquiring equipment hardware historical information corresponding to the login account, wherein the equipment hardware historical information is: the equipment hardware information contained in the risk index information received in the third historical time period; comparing the target equipment hardware information with the equipment hardware history information, wherein the target equipment hardware information is equipment hardware information contained in the risk index information received at this time; and if the target equipment hardware information is different from any group of equipment hardware history information, determining the risk level of the login user as a fourth level.

Optionally, the risk level determination module 30 further includes a sixth processing unit.

The sixth processing unit is used for: under the condition that the fifth processing unit determines that the target device hardware information is the same as at least one group of device hardware history information, acquiring user identification card history information corresponding to the login account, wherein the user identification card history information is: user identification card information contained in the risk index information received in the fourth history period; comparing target user identification card information with user identification card history information, wherein the target user identification card information is user identification card information contained in the risk index information received at this time; if the target user identification card information is different from any group of user identification card history information, determining that the risk level of the login user is a fifth level; and if the target user identification card information is the same as at least one group of user identification card history information, determining that the risk level of the login user is safe.

The application also provides a server.

Referring to fig. 3, fig. 3 shows a hardware structure of a server including: a processor 301, a memory 302, a communication interface 303, and a communication bus 304.

In the embodiment of the present application, the number of the processor 301, the memory 302, the communication interface 303, and the communication bus 304 is at least one, and the processor 301, the memory 302, and the communication interface 303 complete communication with each other through the communication bus 304. Communication bus 304 may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc.

It should be noted that the structure of the server shown in fig. 3 is not limited to the server, and the server may include more or less components than those shown in fig. 3, or may combine some components, or may be arranged with different components, as will be understood by those skilled in the art.

The respective constituent elements of the server are specifically described below with reference to fig. 3.

The processor 301 is a control center of the server, connects various parts of the entire server using various interfaces and lines, and performs various functions of the server and processes data by running or executing software programs and/or modules stored in the memory 302, and calling data stored in the memory 302, thereby performing overall monitoring of the server.

Processor 301 may be a central processing unit (Central Processing Unit, CPU), or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention, etc.;

the Memory 302 may include a Memory such as a Random-Access Memory (RAM) and a Read-Only Memory (ROM), and may further include a mass storage device such as at least 1 disk Memory, etc.

Wherein the memory 302 stores a program, the processor 301 may call the program stored in the memory, the program being for:

receiving a login request sent by a client;

Alternatively, the refinement function and the extension function of the program may be described with reference to the above.

The present application also provides a readable storage medium storing a program adapted to be executed by a processor, the program being configured to:

receiving a login request sent by a client;

It should be noted that technical features described in each embodiment in the specification may be replaced or combined with each other, and each embodiment is mainly described in a different point from other embodiments, and identical or similar parts between each embodiment are referred to each other. The steps in the method of the embodiments of the present application may be sequentially adjusted, combined, and deleted according to actual needs. The modules and the submodules in the device and the equipment of the embodiment of the application can be combined, divided and deleted according to actual needs.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or sub-modules is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple sub-modules or modules may be combined or integrated into another module, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.

The modules or sub-modules illustrated as separate components may or may not be physically separate, and components that are modules or sub-modules may or may not be physical modules or sub-modules, i.e., may be located in one place, or may be distributed over multiple network modules or sub-modules. Some or all of the modules or sub-modules may be selected according to actual needs to achieve the purpose of the embodiment.

In addition, each functional module or sub-module in the embodiments of the present application may be integrated in one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated in one module. The integrated modules or sub-modules may be implemented in hardware or in software functional modules or sub-modules.

It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. The technical features of each embodiment can be arranged and combined to form a new embodiment. The login processing device, the server and the readable storage medium disclosed in the embodiments correspond to the login processing method disclosed in the embodiments, so that the description is relatively simple, and the relevant points are referred to in the description of the method section.

Claims

1. A login processing method, applied to a server, the method comprising:

receiving a login request sent by a client;

Sending prompt information generated based on the decision result to the client;

the security verification mode required to be executed by the login user is matched with the risk level of the login user, and the following situations can be avoided by reasonably configuring the security verification mode corresponding to each risk level: the risk of the login user is small, but the login user is required to execute a complex security verification mode; the risk of logging in the user is larger, but the user is instructed to execute a loose security verification mode, so that the security of the account is reduced;

the determining the risk level of the login user based on the risk index information comprises the following steps:

if the login device is a simulator, determining that the risk level of the login user is a first level, wherein a decision result corresponding to the first level is as follows: rejecting login;

wherein, the determining the risk level of the login user based on the risk index information further comprises:

the intrusion operation for the login equipment comprises brushing, proxy, reflection, multi-running, code injection and implantation frame service; the method comprises the steps that a client is technically modified, a code for detecting whether equipment where the client is located is subjected to intrusion operation is added to the code of the client, so that the client has the function of detecting whether the equipment where the client is located is intruded, and a server determines whether logging equipment is subjected to intrusion operation based on intrusion operation indication information contained in risk index information;

If the target equipment identification information is different from any group of equipment identification history information, determining that the risk level of the login user is a second level, wherein a decision result corresponding to the second level is as follows: the login is allowed, the security verification mode to be executed comprises face verification and problem confirmation, and correspondingly, the login user needs to execute face verification or problem confirmation at the client;

if the target login position information is different from the historical login position information, determining that the risk level of the login user is of a third level, wherein a decision result corresponding to the third level is as follows: the login is allowed, and the security verification mode to be executed comprises fingerprint verification, face recognition and security mailbox verification, and correspondingly, the login user needs to execute fingerprint verification, face recognition or security mailbox verification on the client side;

if the target device hardware information is different from any group of device hardware history information, determining that the risk level of the login user is a fourth level, wherein a decision result corresponding to the fourth level is as follows: the login is allowed, the security verification mode to be executed comprises gesture password, and correspondingly, the login user needs to execute gesture password verification at the client;

wherein the determining the risk level of the login user based on the risk index information further comprises:

if the target user identification card information is different from any group of user identification card history information, determining that the risk level of the login user is a fifth level, wherein a decision result corresponding to the fifth level is as follows: user authorization; and if the target user identification card information is the same as at least one group of user identification card history information, determining that the risk level of the login user is safe.

2. A login processing device, which is applied to a server, the login processing device comprising:

the output module is used for sending prompt information generated based on the decision result to the client;

the security verification mode to be executed by the device for logging in the user is matched with the risk level of the logging in user, and the following situations can be avoided by reasonably configuring the security verification mode corresponding to each risk level: the risk of the login user is small, but the login user is required to execute a complex security verification mode; the risk of logging in the user is larger, but the user is instructed to execute a loose security verification mode, so that the security of the account is reduced;

3. A server comprising a processor and a memory;

the memory is used for storing programs;

The processor is configured to execute the program to implement the steps of the login processing method according to claim 1.

4. A readable storage medium, on which a computer program is stored which, when being executed by a processor, implements the steps of the login processing method as claimed in claim 1.