CN117811770A - Login authentication method and device, electronic equipment and readable storage medium - Google Patents
Login authentication method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN117811770A CN117811770A CN202311635504.6A CN202311635504A CN117811770A CN 117811770 A CN117811770 A CN 117811770A CN 202311635504 A CN202311635504 A CN 202311635504A CN 117811770 A CN117811770 A CN 117811770A
- Authority
- CN
- China
- Prior art keywords
- login
- login request
- user terminal
- service system
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000003860 storage Methods 0.000 title claims abstract description 16
- 230000006870 function Effects 0.000 claims description 27
- 238000012549 training Methods 0.000 claims description 15
- 238000012886 linear function Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012417 linear regression Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 7
- 239000011159 matrix material Substances 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 4
- 238000013475 authorization Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000012795 verification Methods 0.000 description 9
- 230000015556 catabolic process Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application relates to the technical field of computers, and provides a login authentication method, which comprises the following steps: responding to a login request of a user terminal to a service system to be accessed, judging whether the user terminal has a login state or not, and judging whether the login request occurs within a preset access time threshold or not; under the condition that the user terminal has a login state and the login request occurs within an access time threshold, authenticating and passing the login request; otherwise, triggering the authentication center to authenticate the login request. The login authentication mode reduces the frequent access pressure of the authentication center and improves the stability of the user terminal login service system. The application also discloses a login authentication device, electronic equipment and a computer readable storage medium.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a login authentication method and apparatus, an electronic device, and a computer readable storage medium.
Background
At present, when a user terminal logs in a service system, an independent authentication center is needed, only the authentication center can accept safety information such as an account number, a password and the like of a user, and other service systems do not provide a login inlet and only accept indirect authorization of the authentication center. The indirect authorization is realized through the token, the authentication center receives the user account number and the password sent by the user terminal and authenticates the user account number and the password, an authorization token is created after the authentication is passed, the authorization token is sent to each service system as parameters, the service system obtains the authorization after the authorization token is obtained, and the service system creates a session with the user terminal by means of the authorization token, so that the user terminal can successfully log in the service system and access the protected resources.
Since the authentication center is responsible for all business systems, that is to say all systems have to join the authentication center. When a user terminal accesses a service system, the service system to be accessed applies for a login authentication token to an authentication center, and only the authentication token sent by the authentication center is used for enabling the service system to log in. The large service system group often comprises more than ten service systems and even tens service systems, and access application needs to be carried out to the authentication center when login access is carried out, so that the access amount of the authentication center can be large, if the access amount of the authentication center is too large, the request is slow or even blocked, and the states shown by all user terminals are slow system login or even overtime. If unpredictable problems occur in the authentication center, such as system breakdown, database paralysis, server downtime, etc., the project paralysis of the whole service system group can be caused, all service systems can not carry out login verification, and all users show the state that all systems can not log in and use.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The embodiment of the application provides a login authentication method and device and electronic equipment, so as to improve the stability of a user terminal login service system.
According to a first aspect of embodiments of the present application, there is provided a login authentication method, including: responding to a login request of a user terminal to a service system to be accessed, judging whether the user terminal has a login state or not, and judging whether the login request occurs within a preset access time threshold or not; under the condition that the user terminal has a login state and the login request occurs within an access time threshold, authenticating and passing the login request; otherwise, triggering the authentication center to authenticate the login request.
The user terminal can log in the service system by bypassing the authentication center and directly authenticating the login request under the condition that the user terminal has a login state and the login request occurs within the access time threshold. Since the login request satisfying these authentication conditions does not need to pass authentication by the authentication center, login authentication is performed by the authentication center when these authentication conditions are not satisfied. Therefore, the login request of the login service system can be authenticated based on the login state by the expansion device independent of the authentication center, the frequent access pressure of the authentication center is reduced, the authentication center is not easy to cause slow login, overtime and even breakdown due to too large access quantity, the login authentication is carried out by the expansion device when the authentication center breaks down and is down, the user terminal which is in the login state and in the access time threshold can be ensured to continuously access the service system, and the stability of the user terminal for logging in the service system is improved.
In an optional embodiment of the present application, the login authentication method further generates a login state for the user terminal to log in the service system to be accessed in response to a login request of the user terminal to the service system to be accessed. Therefore, when the authentication center is down, the login state can be produced, and the user can conveniently perform login authentication under the condition that the authentication center is down. The fault tolerance of login authentication is increased compared with the prior art.
In an optional embodiment of the present application, generating a login state for the user terminal to login to the service system to be accessed includes: judging whether the login request is continuous access or not; and under the condition that the login request is continuous access, generating a login state for the user terminal to login the service system to be accessed. The login state is generated under the condition of continuous access by the user terminal, so that the subsequent acquisition of the login record of the user is facilitated to carry out validity judgment, and the security of login authentication is ensured.
In an optional embodiment of the present application, determining whether the login request is a continuous access includes: determining that the login request is continuous access under the condition that the difference value between the first time and the second time is smaller than a preset time threshold value; the first time is the time when the login request is received; the second time is the time when the user terminal logs in the service system for the last time; and under the condition that the difference value between the first time and the second time is not smaller than a preset time threshold value, determining that the login request is not continuous access. And further, the time of receiving the login request and the time of logging in the service system for the last time by the user terminal are utilized to realize continuous access judgment, so that subsequent validity judgment is facilitated.
In an optional embodiment of the present application, when the login request is continuous access, generating a login state for the user terminal to login to the service system to be accessed includes: judging whether the login request is legal or not under the condition that the login request is continuously accessed; and under the condition that the login request is legal, generating a login state for the user terminal to login the service system to be accessed. The user terminal judges the validity of the login request under the condition of continuous access, so that the security of login authentication is ensured.
In an optional embodiment of the present application, determining whether the login request is legal includes: acquiring user login data corresponding to a login request; the user login data comprises login time and login state; acquiring an offset value between user login data and a preset function; the preset function is a unitary linear function obtained by utilizing the historical login success time and the corresponding historical login success state; the unitary linear function is constructed by the following process: let the dataset have a total of p data points, each data point having d described dimensions xi= (xi 1; xi2; xi3 … xid), written in vector form as f (X) =w T X+b; where xi is the ith data point, where w= (W1; W2; W3; W4 … Wd) is the trained model parameter, W T Is a momentThe transpose of the matrix, b is the offset of the model, i is a positive integer, p is a positive integer, and d is a positive integer; after W and b are determined through training, constructing a unitary linear regression function;
and judging whether the login request is legal or not according to the offset value. The validity judgment of the login request is realized by acquiring the offset value between the unitary linear function acquired by the historical login data and the user login data corresponding to the login request, so that the security of login authentication is ensured.
In an optional embodiment of the present application, determining whether the login request is legal according to the offset value includes: determining that the login request is legal under the condition that the offset value is smaller than a preset offset threshold value; and under the condition that the offset value is greater than or equal to the offset threshold value, determining that the login request is illegal. The offset value between the unitary linear function acquired by the historical login data and the user login data corresponding to the login request can represent the correct rate of login legitimacy, and when the offset value is smaller, the higher the correct rate of login at the time is indicated, and the judgment mode can accurately verify the login legitimacy.
According to a second aspect of the embodiments of the present application, there is provided a login authentication device, including: the judging module is used for responding to a login request of the user terminal to the service system to be accessed and judging whether the user terminal has a login state or not, and whether the login request occurs in an access time threshold or not; the authentication module is used for passing the login request under the condition that the user terminal has a login state and the login request occurs within an access time threshold; otherwise, triggering an authentication center to authenticate the login request.
In an optional embodiment of the present application, the login authentication device further includes: the login state generation module is used for responding to a login request of the user terminal to the service system to be accessed and generating a login state for the user terminal to login to the service system to be accessed.
In an optional embodiment of the present application, the login state generating module generates a login state for the user terminal to login to the service system to be accessed by: judging whether the login request is continuous access or not;
and under the condition that the login request is continuous access, generating a login state for the user terminal to login the service system to be accessed.
In an alternative embodiment of the present application, the login state generating module determines whether the login request is a continuous access by: determining that the login request is continuous access under the condition that the difference value between the first time and the second time is smaller than a preset time threshold value; the first time is the time when a login request is received; the second time is the time when the user terminal logs in the service system for the last time; and under the condition that the difference value between the first time and the second time is not smaller than the preset time threshold value, determining that the login request is not continuous access.
In an optional embodiment of the present application, the login state generating module generates a login state for the user terminal to log in the service system to be accessed in the case that the login request is continuous access by: judging whether the login request is legal or not under the condition that the login request is continuously accessed; and under the condition that the login request is legal, generating a login state for the user terminal to login the service system to be accessed.
In an alternative embodiment of the present application, the login state generating module determines whether the login request is legal by: acquiring user login data corresponding to a login request; the user login data comprises login time and login state; acquiring an offset value between user login data and a preset function; the preset function is a unitary linear function obtained by utilizing the historical login success time and the corresponding historical login success state; the unitary linear function is constructed by the following process: let the dataset have a total of p data points, each data point having d described dimensions xi= (xi 1; xi2; xi3 … xid), written in vector form as f (X) =w T X+b; where xi is the ith data point, where w= (W1; W2; W3; W4 … Wd) is the trained model parameter, W T The matrix is transposed, b is the offset of the model, i is a positive integer, p is a positive integer, and d is a positive integer; after W and b are determined through training, constructing a unitary linear regression function;
and judging whether the login request is legal or not according to the offset value.
In an alternative embodiment of the present application, the login state generating module determines whether the login request is legal according to the offset value by: determining that the login request is legal under the condition that the offset value is smaller than a preset offset threshold value; and determining that the login request is illegal in the case that the offset value is greater than or equal to the offset threshold value.
According to a third aspect of embodiments of the present application, there is provided an electronic device comprising a processor and a memory storing program instructions, the processor being configured to perform the steps of the login authentication method described above when the program instructions are run.
According to a fourth aspect of embodiments of the present application, there is provided a computer-readable storage medium having a computer program stored thereon; the computer program is executed by a processor to implement the steps of the login authentication method described above.
By adopting the technical scheme, the embodiment of the application has the following technical effects:
the user terminal can log in the service system by bypassing the authentication center and directly authenticating the login request under the condition that the user terminal has a login state and the login request occurs within the access time threshold. Since the login request satisfying these authentication conditions does not need to pass authentication by the authentication center, login authentication is performed by the authentication center when these authentication conditions are not satisfied. Therefore, the login request of the login service system can be authenticated based on the login state by the expansion device independent of the authentication center, the frequent access pressure of the authentication center is reduced, the authentication center is not easy to cause slow login, overtime and even breakdown due to too large access quantity, the login authentication is carried out by the expansion device when the authentication center breaks down and is down, the user terminal which is in the login state and in the access time threshold can be ensured to continuously access the service system, and the stability of the user terminal for logging in the service system is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a schematic diagram of an interaction process between a user terminal, a service system and an authentication center in the prior art;
fig. 2 is a schematic diagram of a login authentication method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a login authentication device according to an embodiment of the present application;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions and advantages of the embodiments of the present application more apparent, the following detailed description of exemplary embodiments of the present application is given with reference to the accompanying drawings, and it is apparent that the described embodiments are only some of the embodiments of the present application and not exhaustive of all the embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
The login state is a random string, also known as a token, used to maintain the login state. The authentication center creates a token after the authentication of the user terminal is passed, and sends the token as a parameter to the service system, and the service system creates a session with the user terminal by means of the token, so that the user terminal can successfully log in the service system and access the protected resource. Fig. 1 is a schematic diagram of an interaction process among a user terminal, a service system and an authentication center in the prior art. As shown in fig. 1, the user terminal accesses the service system a through a browser. And the service system A verifies the access request, and under the condition of verification failure, the service system A executes the jump operation and sends the address information of the service system A to the authentication center. The authentication center verifies the address information of the service system A, and if the verification fails, a notification of the verification failure is returned to the browser. The user terminal sends a login request for logging in the service system A to the authentication center through the browser, wherein the login request carries a user name, a password and address information of the service system A. The authentication center authenticates the login request, and under the condition that the authentication is successful, the authentication center creates a session and creates an authorization token. The authentication center executes the jump operation and sends the authorization token to the service system A. And the service system A sends a verification request to the authentication center, wherein the verification request carries the authorization token and the address information of the service system A. The authentication center verifies the verification request, and returns a notification message that the authorization token is valid to the service system A after the verification is successful. After the service system A determines that the authorization token is valid, a session between the service system A and the user terminal is established, so that the user terminal logs in the service system A and accesses the protected resource.
At present, when a user terminal logs in a service system, an independent authentication center is needed, only the authentication center can accept the safety information such as the account number, the password and the like of the user, and other service systems do not provide a login inlet and only accept the authorization of the authentication center. The frequent access of the authentication center can cause slow login, overtime and even breakdown of the authentication center due to the large access quantity, and the user terminal cannot access the service system when the authentication center breaks down and is down, so that the stability of the user terminal logging in the service system in the traditional login authentication mode is poor.
Based on the above, the login authentication method is improved, so that the stability of the user terminal login service system is improved.
As shown in fig. 2, a login authentication method in an embodiment of the present application includes:
step S201, responding to the login request of the user terminal to the service system to be accessed, judging whether the user terminal has a login state, and judging whether the login request occurs within a preset access time threshold.
Step S202, under the condition that the user terminal has a login state and the login request occurs within the access time threshold, the login request is authenticated and passed, so as to complete the login of the user terminal to the service system to be accessed. Otherwise, triggering the authentication center to authenticate the login request.
By adopting the login authentication method, the login of the user terminal to the service system can be realized by bypassing the authentication center to directly pass the authentication of the login request under the condition that the user terminal has a login state and the login request occurs within the access time threshold. Since the login request satisfying these authentication conditions does not need to pass authentication by the authentication center, login authentication is performed by the authentication center when these authentication conditions are not satisfied. Therefore, the login request of the login service system can be authenticated based on the login state by the expansion device independent of the authentication center, the frequent access pressure of the authentication center is reduced, the authentication center is not easy to cause slow login, overtime and even breakdown due to too large access quantity, the login authentication can be carried out by the expansion device when the authentication center breaks down and is down, the user terminal which is in the access time threshold and has the login state can be ensured to continuously access the service system, and the stability and fault tolerance of the user terminal login service system are improved.
In some embodiments, after the authentication is performed on the login request, the method further includes sending a login state corresponding to the user terminal to the service system to be accessed.
Authentication passing processing of the login request means that authentication of the login request is passed. And the service system to be accessed establishes a session with the user terminal according to the received login state corresponding to the user terminal, so that the user terminal can access the resource protected by the service system to be accessed.
In some embodiments, after the authentication of the center to be authenticated passes, the authentication center sends a login state, namely a token, to the service system to be accessed, and the service system to be accessed establishes a session with the user terminal according to the received login state corresponding to the user terminal, so that the user terminal can access the resource protected by the service system to be accessed.
In some embodiments, the login authentication method further generates a login state for the user terminal to login to the service system to be accessed in response to a login request of the user terminal to the service system to be accessed.
In this way, the login state can be generated by an expansion device independent of the authentication center. Under the condition that the user terminal does not have a login state, the login state can be generated for the user terminal according to the requirement so as to authenticate and pass the login request of the login service system, so that the user terminal can access the service system, the function of an authentication center is further replaced, and the frequent access pressure of the authentication center can be further relieved.
In some embodiments, generating a login state for a user terminal to login to a service system to be accessed includes: judging whether the login request is continuous access or not; and under the condition that the login request is continuous access, generating a login state for the user terminal to login the service system to be accessed. If the user terminal is not continuously accessed, the user terminal is required to log in again. The login state is generated for the user terminal to log in the service system to be accessed according to whether the user terminal is in the continuous access state, repeated identity verification can be avoided when the user terminal continuously logs in, and the experience of the user when accessing the service system is improved.
In some embodiments, determining whether the login request is a continuous access includes: determining that the login request is continuous access under the condition that the difference value between the first time and the second time is smaller than a preset time threshold value; the first time is the time when a login request is received; the second time is the time when the user terminal logs in the service system for the last time; and under the condition that the difference value between the first time and the second time is not smaller than the preset time threshold value, determining that the login request is not continuous access.
In some embodiments, in the case that the login request is continuous access, generating a login state for the user terminal to login to the service system to be accessed includes: judging whether the login request is legal or not under the condition that the login request is continuously accessed; and under the condition that the login request is legal, generating a login state for the user terminal to login the service system to be accessed.
By confirming the validity of the login request, the security of generating the login state is improved. Furthermore, the security of the accessed service system can be ensured under the condition that the login authentication is not performed through the authentication center.
In some embodiments, determining whether the login request is legitimate includes:
acquiring the number of successful login times of the user terminal in unit time, and determining that the login request is legal under the condition that the number of successful login times of the user terminal in unit time is larger than a preset threshold value. Otherwise, determining that the login request is illegal.
In some embodiments, determining whether the login request is legitimate includes:
acquiring the service system sequence of successful login of the user terminal in a preset time period, inputting the service system sequence of successful login into a preset legal login identification model for identification, and acquiring an identification result. Optionally, the preset time period is a period of time before the present login request, for example, one hour before the present login request. The identification result is used for representing whether the login request is legal or not. The legal login recognition model carries out model training by inputting a sample with a label into a preset neural network model, records training loss values of each training period, stops model training when the training loss values of the continuous preset number are not lower than the lowest value in all the training loss values, and determines the model obtained by training in the last period as a malicious software recognition model. Optionally, the preset number is a positive integer greater than 3. The sample for training the model is the business system login sequence of the user terminal, and the labels for training the model comprise login legal labels and login illegal labels. The sequence of the user terminal logging in the service system can embody the service system using characteristics of the user, for example, the user is in the working requirement, and needs to log in the service system 1, the service system 2, the service system 3 and the service system 4 in sequence, so that whether the current logging-in request of the user terminal of the user accords with the working requirement of the user can be embodied through the logging-in sequence of the service system, and further whether the logging-in request of the user terminal is legal or not can be determined.
In some embodiments, determining whether the login request is legitimate includes:
and acquiring the IP address of the user terminal and the IP address range corresponding to the service system to be accessed, and determining that the login request is legal under the condition that the IP address of the user terminal is in the IP address range. Otherwise, determining that the login request is illegal.
In some embodiments, determining whether the login request is legitimate includes: acquiring user login data corresponding to a login request; the user login data comprises login time and login state; acquiring an offset value between user login data and a preset function; the preset function is a unitary linear function obtained by utilizing the historical login success time and the corresponding historical login success state; and judging whether the login request is legal or not according to the offset value.
Illustratively, a unitary linear regression function is generated using historical login data in the event of a login success. The history login data in the case of successful login includes history login time and history login status in the case of successful login. With the continued increase of logging data, historical logging data under the condition of successful logging is more and more, and the unified linear regression function is trained in an iterative manner, so that the unified linear regression function is more and more close to a linear distribution state of successful logging. When logging in, each data (such as logging in time and logging in state) in the logging in information is taken as a parameter to be put into a unitary linear function to calculate a coordinate point corresponding to the logging in request, and the distance between the coordinate point corresponding to the logging in request and the unitary linear function is obtained, wherein the distance is the offset value between the logging in data of the user and a preset function. The smaller the offset value, that is, the closer the point generated in the coordinates of the current login is to the unitary linear function which has been calculated to be successful in the previous login, the more the parameter states of the current login are, which is similar to the situation that many times of logins are successful in the previous, and the higher the accuracy of the current login is, the more legal the user terminal accesses the service system.
In some embodiments, determining whether the login request is legitimate based on the offset value includes: determining that the login request is legal under the condition that the offset value is smaller than a preset offset threshold value; and determining that the login request is illegal in the case that the offset value is greater than or equal to the offset threshold value.
Illustratively, the unitary linear regression function may be constructed by:
firstly, establishing a model: let the dataset have a total of p data points, each data point having d described dimensions xi= (xi 1; xi2; xi3 … xid), written in vector form as f (X) =w T X+b. Wherein xi isThe ith data point, where W= (W1; W2; W3; W4 … Wd) is the trained model parameter, W T The matrix is transposed, b is the offset of the model, i is a positive integer, p is a positive integer, and d is a positive integer. After training out W and b, the model can be determined. In some embodiments, the calculationObtaining model parameters w, calculating->The offset b is obtained. Wherein,the model for calculating W and b is an algorithm for obtaining model parameters and offsets from a linear regression algorithm well known to those skilled in the art, and those skilled in the art know that the model parameters W and offsets b can be obtained by taking user login data into the above algorithm, and a unitary linear regression function can be constructed based on W and b. Optionally, the user login data further includes a login return time, a login return state and a user ID, where the login return time is a dimension of the request time, and may be recorded as a shorter return time, and a closer to the authentication success direction. The return state of the login includes various states such as 200, 500, 300, 404, 403, and the like, and only when the return state is 200, the closer the return state is to the authentication success direction is. The return status of the login is 200 representing that the request was successfully received and the requested resource is sent back to the client. The return state of the login 500 represents that the server encounters an error and cannot complete the request. The return state of the login is 300, which represents that the server may perform various operations for the request. The return status of the login is 404 represents that the web page request resource is not present, which is connectable to the server but the server cannot get the request. The return status of the login is 403 for prohibiting access and the server receives the request but refuses to provide service. The user ID is recorded as constant, and the ID of the login system is also recorded as constant.
As shown in fig. 3, a login authentication device according to an embodiment of the present application includes: a judgment module 301 and an authentication module 302. The determining module 301 is configured to determine whether the user terminal has a login state in response to a login request of the user terminal for a service system to be accessed, and whether the login request occurs within an access time threshold. The authentication module 302 is configured to pass the login request when the user terminal has a login state and the login request occurs within an access time threshold; otherwise, triggering the authentication center to authenticate the login request.
By adopting the login authentication device provided by the embodiment of the application, the authentication center can be bypassed to directly pass the authentication of the login request under the condition that the user terminal has a login state and the login request occurs within the access time threshold, so that the user terminal can log in the service system. Since the login request satisfying these authentication conditions does not need to pass authentication by the authentication center, login authentication is performed by the authentication center when these authentication conditions are not satisfied. Therefore, the login request of the login service system can be authenticated based on the login state by the expansion device independent of the authentication center, the frequent access pressure of the authentication center is reduced, the authentication center is not easy to cause slow login, overtime and even breakdown due to too large access quantity, the login authentication can be carried out by the expansion device when the authentication center breaks down and is down, the user terminal which is in the access time threshold and has the login state can be ensured to continuously access the service system, and the stability and fault tolerance of the user terminal login service system are improved.
Further, the login authentication device further comprises a login state generation module, and the login state generation module is used for responding to a login request of the user terminal to the service system to be accessed and generating a login state for the user terminal to login to the service system to be accessed.
Further, the login state generating module generates a login state for the user terminal to log in the service system to be accessed by the following method: judging whether the login request is continuous access or not, and generating a login state for the user terminal to login the service system to be accessed under the condition that the login request is continuous access.
Further, the login state generating module determines whether the login request is a continuous access by:
determining that the login request is continuous access under the condition that the difference value between the first time and the second time is smaller than a preset time threshold value; the first time is the time when a login request is received; the second time is the time when the user terminal logs in the service system for the last time. And under the condition that the difference value between the first time and the second time is not smaller than the preset time threshold value, determining that the login request is not continuous access.
Further, the login state generating module generates a login state for the user terminal to log in the service system to be accessed under the condition that the login request is continuous access by the following modes: if the login request is a continuous access, it is determined whether the login request is legal. And under the condition that the login request is legal, generating a login state for the user terminal to login the service system to be accessed.
Further, the login state generating module determines whether the login request is legal by: acquiring user login data corresponding to a login request; the user login data includes login time and login status. Acquiring an offset value between user login data and a preset function; the preset function is a unitary linear function obtained by utilizing the historical login success time and the corresponding historical login success state. The unitary linear function is constructed by the following process: let the dataset have a total of p data points, each data point having d described dimensions xi= (xi 1; xi2; xi3 … xid), written in vector form as f (X) =w T X+b; where xi is the ith data point, where w= (W1; W2; W3; W4 … Wd) is the trained model parameter, W T The matrix is transposed, b is the offset of the model, i is a positive integer, p is a positive integer, and d is a positive integer; after W and b are determined through training, constructing a unitary linear regression function;
and judging whether the login request is legal or not according to the offset value.
Further, the login state generating module determines whether the login request is legal according to the offset value by: and under the condition that the offset value is smaller than a preset offset threshold value, determining that the login request is legal. And under the condition that the offset value is greater than or equal to the offset threshold value, determining that the login request is illegal.
In some embodiments, the login authentication device further comprises a time threshold control module. The time threshold control module firstly needs to set the user access timeout time, and records the IP, the MAC address and the current time of the user when the user logs in for the first time (the same user can be determined according to the same IP and the accessed MAC address). When the same user accesses again, whether the last time the user accessed exceeds the set user access timeout time is judged. If not, then the same user is identified as continuous access; if the data exceeds the preset time, the user is considered to be the discontinuous access of the same user, the IP address, the MAC address and the current time of the user are recorded again, and the data before the user is deleted. For the same user, only one piece of data information is recorded in the module.
In some embodiments, the login authentication device further comprises a user access information recording module. When the same user logs in, the information of logging in different systems is recorded. For example, logging in the A system, then recording the IP, MAC, logged in system number A and login time of the user; such as logging in to the B system, then the user's IP, MAC, logged in system number B, and login time are recorded. When the user successfully logs in N systems in one continuous access, the login state generating module is called, wherein N is a positive integer. When the user is not continuously accessing, the data before the user is completely emptied, so that each user is ensured to have only one group of data. The user logs in each service system and records the independent data, and logs in a plurality of service systems and records a plurality of corresponding data, wherein the data do not have an association relationship.
In some embodiments, the login authentication device further comprises a threshold setting module. Modeling criteria, iteration criteria, and offset thresholds are set at the threshold setting module. After the modeling criteria are used to characterize how many times the underlying data are, modeling calculations can be performed to generate a unitary linear regression function. The iteration standard is used for representing how many times the set data are added, and iteration training is needed based on the collected login data. The offset threshold is used to compare with the calculated offset value. When the calculated offset value is smaller than the distance, the sign-on is considered to be close to the successful sign-on direction, and the sign-on is considered to be a successful sign-on.
In some embodiments, the login authentication device further comprises a user login status record module. According to the number of times that the user P logs in a certain system (such as the system A) within a certain time and the number of times that the user P leans against the optimal solution after iteration (the login is successful and the time is short), the user P is matched with a set threshold value, and after the number of times that the user P leans against the optimal solution is matched, a login state is generated for the user P to log in the system A.
As shown in fig. 4, an electronic device according to an embodiment of the present application includes a processor (processor) 400 and a memory (memory) 401 storing program instructions. Optionally, the electronic device may also include a communication interface (Communication Interface) 402 and a bus 403. The processor 400, the communication interface 402, and the memory 401 may communicate with each other via the bus 403. The communication interface 402 may be used for information transfer. The processor 400 may call the program instructions in the memory 401 to perform the login authentication method of the above-described embodiment.
Further, the program instructions in the memory 401 described above may be implemented in the form of software functional units and may be stored in a readable storage medium when sold or used as a separate product.
The memory 401 is used as a readable storage medium for storing a software program and an executable program, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 400 executes the functional application and the data processing by executing the program instructions/modules stored in the memory 401, i.e., implements the login authentication method in the above-described embodiment.
Memory 401 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the terminal device, etc. In addition, memory 401 may include high-speed random access memory, and may also include nonvolatile memory.
Optionally, the electronic device includes a smart phone, a tablet computer, a computer or a server, etc.
The conventional service system login authentication system includes a plurality of service systems, user terminals, and authentication centers. When the login authentication method provided by the embodiment of the application is implemented by the electronic equipment, the electronic equipment can be used as an expansion device of the business system login authentication system, and the expansion device is used for authenticating the login of the user terminal for accessing the business system. Alternatively, the login authentication method in the above embodiment is implemented by a computer or a server. The server may be an application server or a cloud server. The system comprises a user terminal, a plurality of service systems, an authentication center and an expansion device realized by a server to form a new service system login authentication system, and when the service system login authentication system is applied to single sign-on, the safety, stability and fault tolerance of single sign-on can be effectively improved.
In the present application, the Terminal may be a Mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a Personal Digital Assistant (PDA), a User Equipment (UE) such as a tablet computer (PAD), a handheld device, a vehicle-mounted device, a wearable device, a computing device, or other processing device connected to a wireless modem, a Mobile Station (MS), a Mobile Terminal (Mobile Terminal), or the like. The terminal is capable of communicating with one or more core networks via a radio access network (Radio Access Network, RAN).
The readable storage medium may be a transitory readable storage medium or a non-transitory readable storage medium.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (10)
1. A login authentication method, comprising:
responding to a login request of a user terminal to a service system to be accessed, judging whether the user terminal has a login state or not, and judging whether the login request occurs in a preset access time threshold or not;
when the user terminal has a login state and the login request occurs within an access time threshold, authenticating and passing the login request; otherwise, triggering an authentication center to authenticate the login request.
2. The method of claim 1, further comprising generating a login status for a user terminal to login to a service system to be accessed in response to a login request from the user terminal to the service system to be accessed.
3. The method of claim 2, wherein generating a login status for the user terminal to login to the service system to be accessed comprises:
judging whether the login request is continuous access or not;
and under the condition that the login request is continuous access, generating a login state for the user terminal to login the service system to be accessed.
4. A method according to claim 3, wherein determining whether the login request is a continuous access comprises:
determining that the login request is continuous access under the condition that the difference value between the first time and the second time is smaller than a preset time threshold value; the first time is the time when the login request is received; the second time is the time when the user terminal logs in the service system for the last time;
and under the condition that the difference value between the first time and the second time is not smaller than a preset time threshold value, determining that the login request is not continuous access.
5. A method according to claim 3, wherein, in case the login request is a continuous access, generating a login status for the user terminal to login to the service system to be accessed comprises:
judging whether the login request is legal or not under the condition that the login request is continuously accessed;
and under the condition that the login request is legal, generating a login state for the user terminal to login the service system to be accessed.
6. The method of claim 5, wherein determining whether the login request is legitimate comprises:
acquiring user login data corresponding to a login request; the user login data comprises login time and login state;
acquiring an offset value between user login data and a preset function; the preset function is a unitary linear function obtained by utilizing the historical login success time and the corresponding historical login success state;
the unitary linear function is constructed by the following process:
let the dataset have a total of p data points, each data point having d described dimensions xi= (xi 1; xi2; xi3 … xid), written in vector form as f (X) =w T X+b; where xi is the ith data point, where w= (W1; W2; W3; W4 … Wd) is the trained model parameter, W T The matrix is transposed, b is the offset of the model, i is a positive integer, p is a positive integer, and d is a positive integer;
after W and b are determined through training, constructing a unitary linear regression function;
and judging whether the login request is legal or not according to the offset value.
7. The method of claim 6, wherein determining whether the login request is legitimate based on the offset value comprises:
determining that the login request is legal under the condition that the offset value is smaller than a preset offset threshold value;
and under the condition that the offset value is greater than or equal to the offset threshold value, determining that the login request is illegal.
8. A login authentication device, comprising:
the judging module is used for responding to a login request of the user terminal to the service system to be accessed and judging whether the user terminal has a login state or not, and whether the login request occurs in an access time threshold or not;
the authentication module is used for authenticating and processing the login request under the condition that the user terminal has a login state and the login request is in an access time threshold; otherwise, triggering an authentication center to authenticate the login request.
9. An electronic device comprising a processor and a memory storing program instructions, wherein the processor is configured to perform the login authentication method according to any one of claims 1 to 7 when the program instructions are executed.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon; the computer program being executed by a processor to implement the login authentication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311635504.6A CN117811770A (en) | 2023-12-01 | 2023-12-01 | Login authentication method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311635504.6A CN117811770A (en) | 2023-12-01 | 2023-12-01 | Login authentication method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117811770A true CN117811770A (en) | 2024-04-02 |
Family
ID=90420510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311635504.6A Pending CN117811770A (en) | 2023-12-01 | 2023-12-01 | Login authentication method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117811770A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271331A1 (en) * | 2010-04-29 | 2011-11-03 | Research In Motion Limited | Assignment and Distribution of Access Credentials to Mobile Communication Devices |
| US20140041005A1 (en) * | 2012-07-18 | 2014-02-06 | Tencent Technology (Shenzhen) Company Limited | Method and system of login authentication |
| US20150180859A1 (en) * | 2013-12-20 | 2015-06-25 | DeNA Co., Ltd. | Login requesting device and method for requesting login to server and storage medium storing a program used therefor |
| US20180084008A1 (en) * | 2016-09-16 | 2018-03-22 | Salesforce.Com, Inc. | Phishing detection and prevention |
| US10057246B1 (en) * | 2015-08-31 | 2018-08-21 | EMC IP Holding Company LLC | Method and system for performing backup operations using access tokens via command line interface (CLI) |
| CN110287682A (en) * | 2019-07-01 | 2019-09-27 | 北京芯盾时代科技有限公司 | A kind of login method, apparatus and system |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN112597472A (en) * | 2021-03-03 | 2021-04-02 | 北京视界云天科技有限公司 | Single sign-on method, device and storage medium |
| CN116032627A (en) * | 2022-12-22 | 2023-04-28 | 北京中电普华信息技术有限公司 | Unified authentication and authorization method and device based on micro-service architecture |
-
2023
- 2023-12-01 CN CN202311635504.6A patent/CN117811770A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271331A1 (en) * | 2010-04-29 | 2011-11-03 | Research In Motion Limited | Assignment and Distribution of Access Credentials to Mobile Communication Devices |
| US20140041005A1 (en) * | 2012-07-18 | 2014-02-06 | Tencent Technology (Shenzhen) Company Limited | Method and system of login authentication |
| US20150180859A1 (en) * | 2013-12-20 | 2015-06-25 | DeNA Co., Ltd. | Login requesting device and method for requesting login to server and storage medium storing a program used therefor |
| US10057246B1 (en) * | 2015-08-31 | 2018-08-21 | EMC IP Holding Company LLC | Method and system for performing backup operations using access tokens via command line interface (CLI) |
| US20180084008A1 (en) * | 2016-09-16 | 2018-03-22 | Salesforce.Com, Inc. | Phishing detection and prevention |
| CN110287682A (en) * | 2019-07-01 | 2019-09-27 | 北京芯盾时代科技有限公司 | A kind of login method, apparatus and system |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN112597472A (en) * | 2021-03-03 | 2021-04-02 | 北京视界云天科技有限公司 | Single sign-on method, device and storage medium |
| CN116032627A (en) * | 2022-12-22 | 2023-04-28 | 北京中电普华信息技术有限公司 | Unified authentication and authorization method and device based on micro-service architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108752B2 (en) | Systems and methods for managing resetting of user online identities or accounts | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| US11399045B2 (en) | Detecting fraudulent logins | |
| US8683562B2 (en) | Secure authentication using one-time passwords | |
| CN105827573B (en) | System, method and the relevant apparatus of internet of things equipment strong authentication | |
| CN105323253B (en) | Identity verification method and device | |
| CN106453205B (en) | identity verification method and device | |
| CN111092899B (en) | Information acquisition method, device, equipment and medium | |
| US9485255B1 (en) | Authentication using remote device locking | |
| CN104144419A (en) | Identity authentication method, device and system | |
| CN106878250B (en) | Cross-application single-state login method and device | |
| CN112165448B (en) | Service processing method, device, system, computer equipment and storage medium | |
| CN105827571A (en) | UAF (Universal Authentication Framework) protocol based multi-modal biological characteristic authentication method and equipment | |
| Bakar et al. | Adaptive authentication: Issues and challenges | |
| CN108076077A (en) | A kind of conversation controlling method and device | |
| CN105022939A (en) | Information verification method and device | |
| CN105681258A (en) | Session method and session device based on third-party server | |
| CN115348037A (en) | Identity authentication method, device and equipment of terminal equipment | |
| CN111901321A (en) | Authentication method, device, electronic equipment and readable storage medium | |
| CN113849798A (en) | Secure login authentication method, system, computer equipment and storage medium | |
| CN111581616B (en) | Multi-terminal login control method and device | |
| CN106603472A (en) | Method, server and system for user authentication | |
| CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment | |
| CN112422516A (en) | Connection method and device of power system, computer equipment and storage medium | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |