WO2016062199A1 - Method, apparatus, client, server, and system for checking security of account - Google Patents

Method, apparatus, client, server, and system for checking security of account Download PDF

Info

Publication number
WO2016062199A1
WO2016062199A1 PCT/CN2015/091689 CN2015091689W WO2016062199A1 WO 2016062199 A1 WO2016062199 A1 WO 2016062199A1 CN 2015091689 W CN2015091689 W CN 2015091689W WO 2016062199 A1 WO2016062199 A1 WO 2016062199A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
client
account
server
preset
Prior art date
Application number
PCT/CN2015/091689
Other languages
French (fr)
Chinese (zh)
Inventor
殷光辉
Original Assignee
阿里巴巴集团控股有限公司
殷光辉
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 殷光辉 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016062199A1 publication Critical patent/WO2016062199A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present application relates to the field of computer security, and in particular, to an account security check method, apparatus, client, server, and system.
  • Network technology has greatly changed people's daily lives. For this kind of network application, users need to establish an account.
  • the theft of web application accounts is a very serious and urgent problem in the field of information security. For example, online game accounts and the theft of game equipment have occurred.
  • the existing account protection mode is generally the password corresponding to the user name. As long as the password is cracked, the hacker can perform various operations, and often can cause irreparable losses to the actual user.
  • the technical problem to be solved by the present application is to provide an account security check method, device, client, server and system for the deficiencies of the prior art.
  • an account security check method including: detecting an operation of a user on an account; when the user operates the account, determining whether the current computing device saves the preset file in a preset path; and if the current calculation If the device saves the preset file in the preset path, the operation is allowed. Otherwise, the operation is not allowed.
  • an account security checking apparatus including: an operation detecting module, configured to detect an operation of a user by an account; and a determining module, configured to determine whether the current computing device saves the preset file in a preset path; And an operation switch module, configured to determine whether to allow the user's operation according to the judgment result of the judgment module.
  • a client account security check method including: when detecting an operation of a user on an account, transmitting operation information to a server; receiving from a server The verification setting determines whether the preset file is saved in the preset path according to the verification setting, wherein the verification setting refers to the preset verification information; and the determination result is sent to the server.
  • a server account security check method including: receiving operation information of a user from a client on an account; and calling a stored verification setting according to the account information corresponding to the user, where the verification setting refers to Pre-set verification information; sending the verification setting to the client; and receiving the judgment result from the client, and determining whether to allow the user to perform the account operation according to the judgment result.
  • a client account security check method including: when an operation of a user is detected on an account, transmitting operation information to a server; receiving a read file request from a server; and reading a file according to the Request, send the corresponding file to the server.
  • a server account security check method including: receiving operation information of a user from a client on an account; and calling a stored verification setting according to the account information corresponding to the user, where the verification setting refers to The preset verification information is sent to the client according to the file name and the file path in the verification setting; receiving the feedback from the client, and determining, according to the verification setting, whether the client saves the preset file in the preset path; And according to the judgment result, it is decided whether to allow the user to perform an account operation.
  • a client account security check method including: when an operation of a user is detected on an account, transmitting operation information to a server; receiving a read file attribute request from a server; Read the file attribute request and send the corresponding file attribute to the server.
  • a server account security check method including: receiving operation information of a user from a client on an account; and calling the stored verification setting according to the account information corresponding to the user;
  • the file name and the file path send a read file attribute request to the client; receive feedback from the client, determine whether the client saves the preset file in the preset path according to the check setting; and determine whether to allow the user to perform the account operation according to the judgment result.
  • a server account security check method including: receiving operation information of a user from a client on an account; and calling according to the account information corresponding to the user
  • the verification setting of the storage wherein the verification setting refers to the preset verification information; the request for reading the file attribute is sent to the client according to the file path in the verification setting; receiving the feedback from the client, determining whether it is in the verification setting according to the verification setting
  • the preset file is saved in the preset path; and the user is allowed to perform the account operation according to the judgment result.
  • an account security check client including: a client transmission module, configured to perform data transmission with a server; and an operation detection module, configured to: when detecting an operation of the account by the user, The operation information is sent to the server through the client transmission module; and the client judgment module is configured to receive the verification setting from the server through the client transmission module, determine whether to save the preset file in the preset path according to the verification setting, and The judgment result is fed back to the server through the client transmission module, wherein the verification setting refers to the preset verification information.
  • an account security check server including: a server transmission module, configured to perform data transmission with a client; and a verification setting acquisition module, configured to receive operation information of the user through the server transmission module, according to The account information corresponding to the user invokes the stored verification setting, and is sent to the client through the server transmission module, where the verification setting refers to preset verification information; and the operation switch module is configured to receive the client from the server transmission module.
  • the judgment result determines whether the user is allowed to perform an account operation according to the judgment result.
  • an account security check client including: a client transmission module, configured to perform data transmission with a server; and an operation detection module, configured to: when detecting an operation of the account by the user, The operation information is sent to the server through the client transmission module; and the client file acquisition module is configured to receive the read file request from the server or read the file attribute request through the client transmission module, and read the corresponding file or file attribute and pass the The client transport module feeds back to the server.
  • an account security check server including: a server transmission module, configured to perform data transmission with a client; and a verification setting acquisition module, configured to receive operation information of the user through the server transmission module, according to The account information corresponding to the user invokes the stored verification setting, wherein the verification setting refers to preset verification information; the server file acquisition module receives the verification setting of the verification setting acquisition module, based on the file path in the verification setting or File path and The file name sends a read file request or a read file attribute request to the client through the server transfer module, and receives the feedback file or file attribute through the server transfer module; the server judgment module receives the verification setting acquisition module verification setting and the server The file or file attribute of the file obtaining module determines whether the client saves the preset file in the preset path according to the check setting; and the operation switch module is configured to receive the judgment result of the server judgment module, and determine whether to allow the user to perform according to the judgment result. Account operation.
  • an account security system comprising: the above account security check client and an account security check server connected to the account security check client.
  • SMS verification mechanism For mobile terminal users such as smart phones, after the mobile terminal device is lost, the SMS verification mechanism also loses its effect, and account security can still be guaranteed.
  • FIG. 1 is a flow chart of an account security check method provided in accordance with an embodiment of the present application.
  • FIG. 2 is a flowchart of a method for checking a client account security according to an embodiment of the present application
  • FIG. 3 is a schematic diagram of a process of setting a verification setting according to an embodiment of the present application.
  • FIG. 4 is a flowchart of a server account security check method provided in an embodiment of the present application.
  • FIG. 5 is a flowchart of a method for checking a client account security according to another embodiment of the present application.
  • FIG. 6 is a flowchart of a server account security check method according to another embodiment of the present application.
  • FIG. 7 is a flowchart of a method for checking a client account security according to another embodiment of the present application.
  • FIG. 8 is a flowchart of a server account security check method according to another embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of an account security checking apparatus according to an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of an account security check system according to an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an account security check system according to another embodiment of the present application.
  • Applicants have found through research that under normal circumstances, after the account password is cracked, the personal information and data in the account will be leaked and suffer losses.
  • the user can also verify the settings that the user has set. The specified file stored in a disk partition path, if there is no such file, or the path of the file is incorrect, it is determined that the operation is not performed (because the file name and the stored path are only known by the user), thus protecting the account security.
  • Embodiment 1 account security check method
  • an account security check method is provided.
  • the account security check method includes:
  • the user's operations on the account may include the opening of the account, the attributes of the account or the modification, creation and deletion of data, etc., for example, the operation of paying with funds in the fund account.
  • the user logs in to a mobile application personal account through the smart phone, and purchases the product through the account, and performs payment.
  • the detection operation can be set to detect User's operation of the account.
  • the computing device can be a PC, a smart phone, a desktop smart terminal, a tablet, a laptop, and the like.
  • the preset path is a file storage path on the persistent device.
  • the storage path in the zone is C: ⁇ Windows ⁇ System32 ⁇ .
  • the content information may or may not be saved in the preset file.
  • the content information can be data of any file type.
  • the preset file under the preset path is used for verification.
  • the specific verification method may be that the file is used for name verification, file type verification, file content verification, or MD5 verification directly.
  • the step of “determining whether the current computing device saves the preset file in the preset path” may include: checking whether the current computing device has a file with the same name as the preset file in the preset path.
  • the step of “determining whether the current computing device saves the preset file in the preset path” may include: (1) checking whether the current computing device has a file with the same name as the preset file in the preset path; And can further perform: (2) check whether the file is the same as the preset file. For example MD5 code check.
  • the step of “determining whether the current computing device saves the preset file in the preset path” may include: (1) checking whether the current computing device has a file with the same name as the preset file in the preset path; (2) Check if the file type is the same as the preset file type.
  • the non-registered client does not save the same file in the same local path, it is impossible to perform the corresponding account operation even after the password corresponding to the user account is cracked. This makes the security of the account secure. Especially for mobile terminal users such as smart phones, even if the account is stolen, account security is guaranteed.
  • a client account security check method in a network environment including:
  • the account fund transfer operation is performed.
  • the verification setting is the related information of the “preserving the preset file in the preset path” in the first embodiment.
  • the embodiment may include: a file name and a storage path at the client.
  • the verification settings are as shown in Table 1, including: a file name, a file type, and a file path (ie, a preset path).
  • the file name is "My Payment File.txt”
  • the file type is a text file
  • the path to save the file on the client is: C: ⁇ Windows ⁇ System32 ⁇ config ⁇ Journal ⁇ .
  • the server sends the verification settings to the client.
  • the verification settings may include a file name, a file path, and a file MD5 encoding.
  • the MD5 encoding of the file is: f96b697d7cb7938d525a2f31aaf161d0.
  • the process of setting a verification setting may include:
  • the user creates a new file in the file directory of a specified hard disk partition.
  • an irregular file name can be set; for example, the user is at C: ⁇ Windows ⁇ System32 ⁇ config ⁇ A "My Payment File.txt" file has been created in the Journal ⁇ file directory.
  • the created new file can also be set to a file type that is not commonly used, such as an image file type that is not commonly used (for example, Jiaoyan.jpg), a sound file type, or a video file type.
  • this file can be created in the same directory of the operating terminals.
  • S22 Receive a verification setting from the server, and determine, according to the verification setting, whether to save the preset file in a preset path.
  • the client judges whether there is a file named Jiaoyan.jpg under the local C: ⁇ Windows ⁇ System32 ⁇ according to the content of the verification setting, and whether the type of the file is JPG.
  • the client feeds back the judgment result to the server.
  • a server account security check method in a network environment including:
  • S31 Receive operation information of the account from the user of the client.
  • the client performs the judgment of the verification setting. Since the verification setting is sensitive information, there may be a security risk to the client, and if the verification setting is performed on the server, the account can be further improved. Security.
  • a client account security check method in a network environment including:
  • the account fund transfer operation is performed.
  • the client sends a local file to the server according to the file path and file name in the file request of the server. If there is no such file locally, the client returns a read failure message to the server.
  • a server account security check method in a network environment including:
  • S51 Receive operation information of a user from the client on the account.
  • S54 Receive feedback from the client, and determine, according to the verification setting, whether the client saves the preset file in a preset path.
  • the server receives the file sent by the client, the file path and file name in the verification settings have passed the check. And preferably, it is also possible to continue to check whether the file type and/or the file content are consistent or the like.
  • the server receives a read failure message, the client is an illegal client.
  • the client directly sends the local file for verification to the server for verification setting judgment. If the content of the file is relatively large, repeated operations waste network traffic and cause operation delay. In order to improve the response speed, the amount of data sent can be reduced.
  • a client account security check method in a network environment including:
  • the client sends the attributes of the local file, such as the file type and the MD5 encoding of the file, to the server according to the file path and file name in the file attribute request of the server. Piece, feedback to the server read failure message.
  • a server account security check method in a network environment including:
  • S74 Receive feedback from the client, and determine, according to the verification setting, whether to save the preset file in the preset path.
  • the server receives the file attribute sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
  • the server receives a read failure message, the client is an illegal client.
  • the configuration file is limited to the file attribute of a specific file.
  • the default file in the default path is all files in the default path, for example, "C: ⁇ Windows ⁇ System32 ⁇ Test ⁇ *.*".
  • the file attributes of each file in the path are saved in the configuration file.
  • a client account security check method in a network environment including:
  • the client reads all the file attributes in the local file path according to the file path in the file attribute request of the server, for example, the file type, the MD5 encoding of the file, and the like, and sends the file to the server. If there is no such path locally, a read failure message is fed back to the server.
  • a server account security check method in a network environment including:
  • the verification setting includes a preset path and file attribute information of all files in the preset path, such as a file name, a file type, an MD5 code of the file content, and the like.
  • file attribute information such as a file name, a file type, an MD5 code of the file content, and the like.
  • the content of the verification setting is as shown in Table 2:
  • S94 Receive feedback from the client, and determine, according to the verification setting, whether to save the preset file in a preset path.
  • the server receives the file attribute sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
  • the server receives feedback from the client as shown in Table 3:
  • Table 3 the information stored in Table 3 is more than the four files in Table 2. In this case, as long as all the file attributes in Table 2 are present in Table 3, it can be determined that the client is a legitimate client. .
  • the server receives feedback sent by the client as shown in Table 4:
  • the file type of the third file in Table 4 is different from the file type of the third file of the verification setting shown in Table 2.
  • the file MD5 data of the fourth file is different from the MD5 data of the fourth file of the verification setting, and Determine that the client is an illegal client.
  • the server receives a read failure message, the client is an illegal client.
  • the server performs an operation request sent by the client; otherwise, the client is an illegal client, and the server ignores the account operation request of the illegal client.
  • the server can also send an alarm message to the user of the client or lock the illegal client.
  • Embodiment 2 account security inspection device
  • the present application provides an account security check device.
  • the account security check apparatus provided in one embodiment of the present application includes:
  • An operation detecting module 51 configured to detect a user operation on an account
  • the determining module 52 is configured to determine whether the current computing device saves the preset file in a preset path
  • the operation switch module 53 is configured to determine whether to allow the user's operation according to the judgment result of the determination module 52.
  • Embodiment 3 account security check system
  • the present application also provides an account security check system.
  • an account security check system including:
  • the account security check client 61 further includes:
  • the operation detecting module 611 is configured to: when detecting the operation of the account by the user, trigger an account security check operation, and send the operation information of the user to the server through the client transmission module 613;
  • the client judging module 612 is configured to receive the verification setting from the server through the client transmission module 613, determine whether to save the preset file in the preset path according to the verification setting, and feed back the determination result to the client transmission module 613.
  • server
  • a client transmission module 613 configured to perform data transmission with the server
  • the account security check server 62 further includes:
  • a server transmission module 621 configured to perform data transmission with the client
  • the verification setting acquisition module 622 is configured to receive the operation information of the user through the server transmission module 621, invoke the stored verification setting according to the account information corresponding to the user, and send the verification setting to the client through the server transmission module 621;
  • the operation switch module 623 is configured to receive the judgment result from the client through the server transmission module 621, and determine whether to allow the user to perform an account operation according to the determination result.
  • the present application also provides an account security check system.
  • an account security check system including:
  • the account security check client 71 further includes:
  • the operation detecting module 711 is configured to: when detecting the operation of the account by the user, trigger an account security check operation, and send the operation information of the user to the server through the client transmission module 713;
  • the client file obtaining module 712 is configured to receive a read file request from the server through the client transmission module 713, read the corresponding file, and feed back to the server through the client transmission module 713;
  • a client transmission module 713 configured to perform data transmission with the server
  • the account security check server 72 further includes:
  • the verification setting obtaining module 722 is configured to receive operation information of the user through the server transmission module 721, and invoke the stored verification setting according to the account information corresponding to the user;
  • the server file obtaining module 723 receives the verification setting of the verification setting obtaining module 722, and sends a read file request to the client through the server transmission module 721 based on the file path and the file name in the verification setting, and receives the read file request through the server transmission module 721.
  • Feedback file
  • the server determining module 724 receives the verification setting of the verification setting obtaining module 722 and the file of the server file obtaining module 723, and determines whether the client is in advance according to the verification setting. Set the default file to save the path.
  • the server receives the file sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
  • the operation switch module 725 is configured to receive the determination result of the server determination module 723, and determine whether to allow the user to perform an account operation according to the determination result.
  • the present application also provides an account security check system. Compared with the system corresponding to the embodiment of FIG. 10, the difference is that the file attribute information is transmitted between the client file obtaining module and the server file acquiring module instead of the file information.
  • the present application further provides an account security checking system.
  • the file attribute information is transmitted between the client file obtaining module and the server file acquiring module instead of the file information; in addition, the server file obtaining module is based on the file in the verification setting.
  • the path sends a read file attribute request to the client instead of the file path and file name.
  • the client file acquisition module feeds back the file attributes of all files in the required path to the server.
  • Advantages of various embodiments disclosed in the present application include: securing account security even after the password corresponding to the user account is cracked; for mobile terminal users such as smart phones, even if the mobile terminal device is lost, account username, password, and SMS authentication After the mechanism has lost its effect, account security is also guaranteed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present application provides a method for checking security of an account, comprising: detecting an operation of a user on an account; when the user performs the operation on the account, determining whether a current computing device saves a preset file in a preset path; and if the current computing device saves the preset file in the preset path, permit the operation, and otherwise, reject the operation. The present application further provides an apparatus for checking security of an account, a client and a server in a network environment, a method for checking security of an account, a client and a server for checking security of an account, and a system for checking security of an account. Advantages of the embodiments disclosed in the present application comprise: in one aspect, even if a password corresponding to an account of the user is cracked, security of the account is ensured; and in another aspect, for a user of a mobile terminal such as a smart phone, even if the mobile terminal device is lost, and a username of an account, a password, and a message verification mechanism all fail to work, the account security is ensured.

Description

账户安全检查方法、装置、客户端、服务器及系统Account security check method, device, client, server and system 技术领域Technical field
本申请涉及计算机安全领域,尤其涉及一种账户安全检查方法、装置、客户端、服务器及系统。The present application relates to the field of computer security, and in particular, to an account security check method, apparatus, client, server, and system.
背景技术Background technique
网络技术极大的改变了人们的日常生活,对这种网络应用,用户都需要建立账户。网络应用账户被盗是目前信息安全领域非常严重和急需解决的问题,例如网络游戏账户和游戏装备被盗的事件时有发生。Network technology has greatly changed people's daily lives. For this kind of network application, users need to establish an account. The theft of web application accounts is a very serious and urgent problem in the field of information security. For example, online game accounts and the theft of game equipment have occurred.
互联网的发展也给金融行业带来新的业务模式,人们对在线资金账户的安全性有更高的要求。The development of the Internet has also brought new business models to the financial industry, and people have higher requirements for the security of online fund accounts.
现有的账户保护方式一般为用户名对应的密码,只要破解密码,盗号者就可以进行各种操作,往往能够给实际用户造成无法挽回的损失。The existing account protection mode is generally the password corresponding to the user name. As long as the password is cracked, the hacker can perform various operations, and often can cause irreparable losses to the actual user.
发明内容Summary of the invention
本申请要解决的技术问题是,针对现有技术的不足,提供一种账户安全检查方法、装置、客户端、服务器及系统。The technical problem to be solved by the present application is to provide an account security check method, device, client, server and system for the deficiencies of the prior art.
根据本申请一个方面,提供一种账户安全检查方法,包括:检测用户对账户的操作;当用户对账户进行操作时,判断当前计算设备是否在预设路径下保存预设文件;和如果当前计算设备在预设路径下保存预设文件,则允许操作,否则不允许操作。According to an aspect of the present application, an account security check method is provided, including: detecting an operation of a user on an account; when the user operates the account, determining whether the current computing device saves the preset file in a preset path; and if the current calculation If the device saves the preset file in the preset path, the operation is allowed. Otherwise, the operation is not allowed.
根据本申请另一个方面,提供一种账户安全检查装置,包括:操作检测模块,用于检测用户对账户的操作;判断模块,用于判断当前计算设备是否在预设路径下保存预设文件;和操作开关模块,用于根据所述判断模块的判断结果决定是否允许用户的操作。According to another aspect of the present application, an account security checking apparatus is provided, including: an operation detecting module, configured to detect an operation of a user by an account; and a determining module, configured to determine whether the current computing device saves the preset file in a preset path; And an operation switch module, configured to determine whether to allow the user's operation according to the judgment result of the judgment module.
根据本申请另一个方面,提供一种客户端账户安全检查方法,包括:当检测到用户对账户的操作时,将操作信息发送给服务器;接收来自服务器的 校验设置,根据校验设置判断是否在预设路径下保存预设文件,其中,校验设置指预设的校验信息;和将判断结果发送给服务器。According to another aspect of the present application, a client account security check method is provided, including: when detecting an operation of a user on an account, transmitting operation information to a server; receiving from a server The verification setting determines whether the preset file is saved in the preset path according to the verification setting, wherein the verification setting refers to the preset verification information; and the determination result is sent to the server.
根据本申请另一个方面,提供一种服务器账户安全检查方法,包括:接收来自客户端的用户对账户的操作信息;根据所述用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;将校验设置发送给客户端;和接收来自客户端的判断结果,并根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, a server account security check method is provided, including: receiving operation information of a user from a client on an account; and calling a stored verification setting according to the account information corresponding to the user, where the verification setting refers to Pre-set verification information; sending the verification setting to the client; and receiving the judgment result from the client, and determining whether to allow the user to perform the account operation according to the judgment result.
根据本申请另一个方面,提供一种客户端账户安全检查方法,包括:当检测到用户对账户的操作时,将操作信息发送给服务器;接收来自服务器的读取文件请求;和根据读取文件请求,将相应的文件发送给服务器。According to another aspect of the present application, a client account security check method is provided, including: when an operation of a user is detected on an account, transmitting operation information to a server; receiving a read file request from a server; and reading a file according to the Request, send the corresponding file to the server.
根据本申请另一个方面,提供一种服务器账户安全检查方法,包括:接收来自客户端的用户对账户的操作信息;根据所述用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;根据校验设置中的文件名和文件路径向客户端发送读取文件请求;接收来自客户端的反馈,根据校验设置判断客户端是否在预设路径下保存预设文件;和根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, a server account security check method is provided, including: receiving operation information of a user from a client on an account; and calling a stored verification setting according to the account information corresponding to the user, where the verification setting refers to The preset verification information is sent to the client according to the file name and the file path in the verification setting; receiving the feedback from the client, and determining, according to the verification setting, whether the client saves the preset file in the preset path; And according to the judgment result, it is decided whether to allow the user to perform an account operation.
根据本申请另一个方面,提供一种客户端账户安全检查方法,包括:当检测到用户对账户的操作时,将操作信息发送给服务器;接收来自服务器的读取文件属性请求;和根据所述读取文件属性请求,将相应的文件属性发送给服务器。According to another aspect of the present application, a client account security check method is provided, including: when an operation of a user is detected on an account, transmitting operation information to a server; receiving a read file attribute request from a server; Read the file attribute request and send the corresponding file attribute to the server.
根据本申请另一个方面,提供一种服务器账户安全检查方法,包括:接收来自客户端的用户对账户的操作信息;根据所述用户对应的账户信息调用存储的校验设置;根据校验设置中的文件名和文件路径向客户端发送读取文件属性请求;接收来自客户端的反馈,根据校验设置判断客户端是否在预设路径下保存预设文件;根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, a server account security check method is provided, including: receiving operation information of a user from a client on an account; and calling the stored verification setting according to the account information corresponding to the user; The file name and the file path send a read file attribute request to the client; receive feedback from the client, determine whether the client saves the preset file in the preset path according to the check setting; and determine whether to allow the user to perform the account operation according to the judgment result.
根据本申请另一个方面,提供一种服务器账户安全检查方法,包括:接收来自客户端的用户对账户的操作信息;根据所述用户对应的账户信息调用 存储的校验设置,其中,校验设置指预设的校验信息;根据校验设置中的文件路径向客户端发送读取文件属性请求;接收来自客户端的反馈,根据校验设置判断是否在预设路径下保存预设文件;和根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, a server account security check method is provided, including: receiving operation information of a user from a client on an account; and calling according to the account information corresponding to the user The verification setting of the storage, wherein the verification setting refers to the preset verification information; the request for reading the file attribute is sent to the client according to the file path in the verification setting; receiving the feedback from the client, determining whether it is in the verification setting according to the verification setting The preset file is saved in the preset path; and the user is allowed to perform the account operation according to the judgment result.
根据本申请另一个方面,提供一种账户安全检查客户端,包括:客户端传输模块,用于与服务器进行数据传输;操作检测模块,用于当检测到用户对账户的操作时,将用户的操作信息通过客户端传输模块发送给服务器;和客户端判断模块,用于通过客户端传输模块接收来自服务器的校验设置,根据校验设置判断是否在预设路径下保存预设文件,并将判断结果通过客户端传输模块反馈给服务器,其中,校验设置指预设的校验信息。According to another aspect of the present application, an account security check client is provided, including: a client transmission module, configured to perform data transmission with a server; and an operation detection module, configured to: when detecting an operation of the account by the user, The operation information is sent to the server through the client transmission module; and the client judgment module is configured to receive the verification setting from the server through the client transmission module, determine whether to save the preset file in the preset path according to the verification setting, and The judgment result is fed back to the server through the client transmission module, wherein the verification setting refers to the preset verification information.
根据本申请另一个方面,提供一种账户安全检查服务器,包括:服务器传输模块,用于与客户端进行数据传输;校验设置获取模块,用于通过服务器传输模块接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置,并通过服务器传输模块发送给客户端,其中,校验设置指预设的校验信息;和操作开关模块,用于通过服务器传输模块接收来自客户端的判断结果,根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, an account security check server is provided, including: a server transmission module, configured to perform data transmission with a client; and a verification setting acquisition module, configured to receive operation information of the user through the server transmission module, according to The account information corresponding to the user invokes the stored verification setting, and is sent to the client through the server transmission module, where the verification setting refers to preset verification information; and the operation switch module is configured to receive the client from the server transmission module. The judgment result determines whether the user is allowed to perform an account operation according to the judgment result.
根据本申请另一个方面,提供一种账户安全检查客户端,包括:客户端传输模块,用于与服务器进行数据传输;操作检测模块,用于当检测到用户对账户的操作时,将用户的操作信息通过客户端传输模块发送给服务器;和客户端文件获取模块,用于通过客户端传输模块接收来自服务器的读取文件请求或读取文件属性请求,读取相应的文件或文件属性并通过客户端传输模块反馈给服务器。According to another aspect of the present application, an account security check client is provided, including: a client transmission module, configured to perform data transmission with a server; and an operation detection module, configured to: when detecting an operation of the account by the user, The operation information is sent to the server through the client transmission module; and the client file acquisition module is configured to receive the read file request from the server or read the file attribute request through the client transmission module, and read the corresponding file or file attribute and pass the The client transport module feeds back to the server.
根据本申请另一个方面,提供一种账户安全检查服务器,包括:服务器传输模块,用于与客户端进行数据传输;校验设置获取模块,用于通过服务器传输模块接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;服务器文件获取模块,接收校验设置获取模块的校验设置,基于校验设置中的文件路径或者文件路径以及 文件名称通过服务器传输模块向客户端发送读取文件请求或读取文件属性请求,并通过服务器传输模块接收反馈的文件或文件属性;服务器判断模块,接收校验设置获取模块的校验设置和服务器文件获取模块的文件或文件属性,根据校验设置判断客户端是否在预设路径下保存预设文件;和操作开关模块,用于接收服务器判断模块的判断结果,根据判断结果决定是否允许用户进行账户操作。According to another aspect of the present application, an account security check server is provided, including: a server transmission module, configured to perform data transmission with a client; and a verification setting acquisition module, configured to receive operation information of the user through the server transmission module, according to The account information corresponding to the user invokes the stored verification setting, wherein the verification setting refers to preset verification information; the server file acquisition module receives the verification setting of the verification setting acquisition module, based on the file path in the verification setting or File path and The file name sends a read file request or a read file attribute request to the client through the server transfer module, and receives the feedback file or file attribute through the server transfer module; the server judgment module receives the verification setting acquisition module verification setting and the server The file or file attribute of the file obtaining module determines whether the client saves the preset file in the preset path according to the check setting; and the operation switch module is configured to receive the judgment result of the server judgment module, and determine whether to allow the user to perform according to the judgment result. Account operation.
根据本申请最后一个方面,提供一种账户安全系统,包括:上述账户安全检查客户端和与所述账户安全检查客户端连接的账户安全检查服务器。According to a last aspect of the present application, there is provided an account security system comprising: the above account security check client and an account security check server connected to the account security check client.
与现有技术相比,本申请公开的各个实施例的优点包括:Advantages of various embodiments disclosed herein in comparison with the prior art include:
(1)即使在用户账户对应的密码被破解后,账户安全也得到保障;(1) Even after the password corresponding to the user account is cracked, the account security is guaranteed;
(2)对于智能手机等移动终端用户,在移动终端设备丢失后,短信验证机制也失去作用,账户安全依然能够得到保障。(2) For mobile terminal users such as smart phones, after the mobile terminal device is lost, the SMS verification mechanism also loses its effect, and account security can still be guaranteed.
附图说明DRAWINGS
图1是根据本申请一个实施例中提供的账户安全检查方法的流程图;1 is a flow chart of an account security check method provided in accordance with an embodiment of the present application;
图2是根据本申请一个实施例中提供的客户端账户安全检查方法的流程图;2 is a flowchart of a method for checking a client account security according to an embodiment of the present application;
图3是根据本申请一个实施例中提供的设定校验设置的过程示意图;3 is a schematic diagram of a process of setting a verification setting according to an embodiment of the present application;
图4是根据本申请一个实施例中提供的服务器账户安全检查方法的流程图;4 is a flowchart of a server account security check method provided in an embodiment of the present application;
图5是根据本申请另一个实施例中提供的客户端账户安全检查方法的流程图;FIG. 5 is a flowchart of a method for checking a client account security according to another embodiment of the present application; FIG.
图6是根据本申请另一个实施例中提供的服务器账户安全检查方法的流程图;6 is a flowchart of a server account security check method according to another embodiment of the present application;
图7是根据本申请另一个实施例中提供的客户端账户安全检查方法的流程图;7 is a flowchart of a method for checking a client account security according to another embodiment of the present application;
图8是根据本申请另一个实施例中提供的服务器账户安全检查方法的流程图;FIG. 8 is a flowchart of a server account security check method according to another embodiment of the present application; FIG.
图9是根据本申请一个实施例中提供的账户安全检查装置的结构示意图; 9 is a schematic structural diagram of an account security checking apparatus according to an embodiment of the present application;
图10是根据本申请一个实施例中提供的账户安全检查系统的结构示意图;FIG. 10 is a schematic structural diagram of an account security check system according to an embodiment of the present application; FIG.
图11是根据本申请另一个实施例中提供的账户安全检查系统的结构示意图。FIG. 11 is a schematic structural diagram of an account security check system according to another embodiment of the present application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图,对本申请进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
申请人经研究发现:通常情况下,账户密码被破解后,账户里的个人信息和数据都将泄漏并遭受损失,可以在常规的密码、手机校验码之外,还校验用户曾经设置的存放于某个磁盘分区路径下的指定文件,如果没有这个文件,或者文件的路径不正确,则确定非本人操作(因为文件名及存放的路径只有用户自己知道),从而保护了账户安全。Applicants have found through research that under normal circumstances, after the account password is cracked, the personal information and data in the account will be leaked and suffer losses. In addition to the regular password and mobile phone check code, the user can also verify the settings that the user has set. The specified file stored in a disk partition path, if there is no such file, or the path of the file is incorrect, it is determined that the operation is not performed (because the file name and the stored path are only known by the user), thus protecting the account security.
实施方式一、账户安全检查方法Embodiment 1, account security check method
基于上述发现,根据本申请一个实施例,提供一种账户安全检查方法。Based on the above findings, according to an embodiment of the present application, an account security check method is provided.
如图1所示,该账户安全检查方法包括:As shown in Figure 1, the account security check method includes:
S11、检测用户对账户的操作。S11. Detect a user operation on an account.
用户对账户的操作可包括账户的打开、账户的属性或者数据的修改、创建和删除等等,例如,资金账户中利用资金进行支付的操作。又例如,用户通过智能手机登录某移动应用个人账户,以及通过该账户购买商品,并进行支付,此时用户即将对账户的资金进行改动等,则在此过程中都可以设置检测操作,以检测用户对账户的操作。The user's operations on the account may include the opening of the account, the attributes of the account or the modification, creation and deletion of data, etc., for example, the operation of paying with funds in the fund account. For another example, the user logs in to a mobile application personal account through the smart phone, and purchases the product through the account, and performs payment. At this time, the user is about to change the funds of the account, etc., in this process, the detection operation can be set to detect User's operation of the account.
S12、当用户对账户进行操作时,判断当前计算设备是否在预设路径下保存预设文件。S12. When the user operates the account, determine whether the current computing device saves the preset file in a preset path.
计算设备可以为PC机、智能手机、桌面智能终端、平板电脑、笔记本电脑等等。The computing device can be a PC, a smart phone, a desktop smart terminal, a tablet, a laptop, and the like.
优选地,预设路径为在持久化设备上的文件存储路径。例如,在硬盘分 区中的存储路径C:\Windows\System32\。Preferably, the preset path is a file storage path on the persistent device. For example, in the hard disk The storage path in the zone is C:\Windows\System32\.
预设文件中可以保存有内容信息,也可以不保存内容信息。该内容信息可以是任何文件类型的数据。The content information may or may not be saved in the preset file. The content information can be data of any file type.
该预设路径下的预设文件用于校验。具体校验的方式可以是,利用该文件进行名称校验、文件类型校验、文件内容校验或者直接进行MD5校验等等。The preset file under the preset path is used for verification. The specific verification method may be that the file is used for name verification, file type verification, file content verification, or MD5 verification directly.
根据本申请一个实施例,步骤“判断当前计算设备是否在预设路径下保存预设文件”可包括:检查当前计算设备是否在预设路径下存在与预设文件同名的文件。According to an embodiment of the present application, the step of “determining whether the current computing device saves the preset file in the preset path” may include: checking whether the current computing device has a file with the same name as the preset file in the preset path.
根据本申请另一个实施例,步骤“判断当前计算设备是否在预设路径下保存预设文件”可包括:(1)检查当前计算设备是否在预设路径下存在与预设文件同名的文件;并且还可以进一步执行:(2)检查该文件是否与预设文件相同。例如MD5编码校验。According to another embodiment of the present application, the step of “determining whether the current computing device saves the preset file in the preset path” may include: (1) checking whether the current computing device has a file with the same name as the preset file in the preset path; And can further perform: (2) check whether the file is the same as the preset file. For example MD5 code check.
根据本申请另一个实施例,步骤“判断当前计算设备是否在预设路径下保存预设文件”可包括:(1)检查当前计算设备是否在预设路径下存在与预设文件同名的文件;(2)检查该文件类型是否与预设文件类型相同。According to another embodiment of the present application, the step of “determining whether the current computing device saves the preset file in the preset path” may include: (1) checking whether the current computing device has a file with the same name as the preset file in the preset path; (2) Check if the file type is the same as the preset file type.
S13、如果当前计算设备在预设路径下保存预设文件,则允许操作,否则不允许操作。S13. If the current computing device saves the preset file in the preset path, the operation is allowed, otherwise the operation is not allowed.
由于非注册客户端在本地的相同路径下没有保存相同文件,因此,即使在用户账户对应的密码被破解后,也不可能执行对应的账户操作。这使得账户的安全得到了保障。特别是对于智能手机等移动终端用户,即使账户被盗,账户安全也得到保障。Since the non-registered client does not save the same file in the same local path, it is impossible to perform the corresponding account operation even after the password corresponding to the user account is cracked. This makes the security of the account secure. Especially for mobile terminal users such as smart phones, even if the account is stolen, account security is guaranteed.
第一种网络环境下的账户安全检查方法Account security check method in the first network environment
如图2所示,根据本申请一个实施例,提供一种网络环境下的客户端账户安全检查方法,包括:As shown in FIG. 2, according to an embodiment of the present application, a client account security check method in a network environment is provided, including:
S21、当检测到用户对账户的操作时,将操作信息发送给服务器。S21: When the user's operation on the account is detected, the operation information is sent to the server.
根据本申请一个实施例,当用户登录客户端之后,进行账户资金转账操作,此时,客户端将用户操作的操作编码和/或操作名称本身“转账操作”发送给服务器。例如,假设转账操作对应的操作编码为OP-ID=000011。客户端 将“OP-ID=000011”信息发送给服务器。According to an embodiment of the present application, after the user logs in to the client, the account fund transfer operation is performed. At this time, the client sends the operation code of the user operation and/or the operation name itself “transfer operation” to the server. For example, suppose the operation code corresponding to the transfer operation is OP-ID=000011. Client Send the "OP-ID=000011" message to the server.
当服务器接收到来自客户端的操作编码“OP-ID=000011”之后,根据用户对应的账户信息调用存储的校验设置,并发送给客户端。After the server receives the operation code "OP-ID=000011" from the client, the stored verification settings are called according to the account information corresponding to the user, and sent to the client.
校验设置即上述实施方式一中的“预设路径下保存预设文件”的相关信息,本实施例中具体可包括:文件名称及其在客户端的存储路径。The verification setting is the related information of the “preserving the preset file in the preset path” in the first embodiment. The embodiment may include: a file name and a storage path at the client.
根据本申请另一个实施例,校验设置如表1所示,包括:文件名称、文件类型、文件路径(即预设路径)。According to another embodiment of the present application, the verification settings are as shown in Table 1, including: a file name, a file type, and a file path (ie, a preset path).
其中文件名称为“我的支付文件.txt”,文件类型为文本文件,在客户端保存文件的路径为:C:\Windows\System32\config\Journal\。服务器将该校验设置发送给客户端。The file name is "My Payment File.txt", the file type is a text file, and the path to save the file on the client is: C:\Windows\System32\config\Journal\. The server sends the verification settings to the client.
表1Table 1
预设路径Preset path C:\Windows\System32\config\Journal\C:\Windows\System32\config\Journal\
文件名称file name 我的支付文件.txtMy payment file.txt
文件类型file type 文本文件Text file
根据本申请另一个实施例,校验设置可包括文件名称、文件路径、文件MD5编码。例如,文件的MD5编码为:f96b697d7cb7938d525a2f31aaf161d0。According to another embodiment of the present application, the verification settings may include a file name, a file path, and a file MD5 encoding. For example, the MD5 encoding of the file is: f96b697d7cb7938d525a2f31aaf161d0.
如图3所示,根据本申请另一个实施例,设定校验设置的过程可包括:As shown in FIG. 3, according to another embodiment of the present application, the process of setting a verification setting may include:
(1)用户在某个指定硬盘分区的文件目录下创建一个新的文件,为了不被猜到文件名,可以设置一个不规则的文件名;例如,用户在C:\Windows\System32\config\Journal\文件目录下创建了一个“我的支付文件.txt”的文件。进一步地,还可以将创建的新文件设置为一个不常用到的文件类型,如不常用的图片文件类型(例如Jiaoyan.jpg)、声音文件类型或视频文件类型等等。(1) The user creates a new file in the file directory of a specified hard disk partition. In order not to guess the file name, an irregular file name can be set; for example, the user is at C:\Windows\System32\config\ A "My Payment File.txt" file has been created in the Journal\ file directory. Further, the created new file can also be set to a file type that is not commonly used, such as an image file type that is not commonly used (for example, Jiaoyan.jpg), a sound file type, or a video file type.
(2)指定新创建的文件及其存放的路径为校验设置,服务器将校验设置保存到数据库。(2) Specify the newly created file and the path it stores as the verification setting, and the server saves the verification settings to the database.
根据本申请另一个实施例中,如果用户可有多个操作终端,可以在这些操作终端的同样的目录下创建这个文件。According to another embodiment of the present application, if the user can have multiple operating terminals, this file can be created in the same directory of the operating terminals.
S22、接收来自服务器的校验设置,根据校验设置判断是否在预设路径下保存预设文件。 S22. Receive a verification setting from the server, and determine, according to the verification setting, whether to save the preset file in a preset path.
客户端按照校验设置的内容,判断本地C:\Windows\System32\下是否存在名称为Jiaoyan.jpg的文件,以及该文件的类型是否为JPG。The client judges whether there is a file named Jiaoyan.jpg under the local C:\Windows\System32\ according to the content of the verification setting, and whether the type of the file is JPG.
S23、将判断结果发送给服务器。S23. Send the judgment result to the server.
客户端将判断结果反馈给服务器。服务器根据判断结果决定是否允许用户进行账户操作,即客户端判断是否存在预设路径下的预设文件,当判断结果为“是”时,则执行对应的操作,例如,服务器按照转账操作“OP-ID=000011”进行账户资金变动;当判断结果为“否”时,则不允许操作,例如,服务器忽略或拒绝转账操作“OP-ID=000011”。从而很好的保障了用户账户资金的安全。The client feeds back the judgment result to the server. The server determines whether to allow the user to perform an account operation according to the judgment result, that is, the client determines whether there is a preset file in the preset path, and when the judgment result is “Yes”, the corresponding operation is performed, for example, the server performs the transfer operation “OP”. -ID=000011" to perform account fund change; when the judgment result is "No", the operation is not allowed, for example, the server ignores or rejects the transfer operation "OP-ID=000011". Therefore, the security of the user account funds is well protected.
与客户端操作相对应地,如图4所示,根据本申请一个实施例,提供一种网络环境下的服务器账户安全检查方法,包括:Corresponding to the client operation, as shown in FIG. 4, according to an embodiment of the present application, a server account security check method in a network environment is provided, including:
S31、接收来自客户端的用户对账户的操作信息。S31. Receive operation information of the account from the user of the client.
S32、根据用户对应的账户信息调用存储的校验设置;S32. Call the stored verification setting according to the account information corresponding to the user;
S33、将校验设置发送给客户端;S33. Send the verification setting to the client.
S34、接收来自客户端的判断结果,根据判断结果决定是否允许用户进行账户操作。S34. Receive a judgment result from the client, and determine, according to the judgment result, whether the user is allowed to perform an account operation.
第二种网络环境下的账户安全检查方法Account security check method in the second network environment
上述第一种方法中,客户端进行校验设置的判断工作,由于校验设置属于敏感信息,发送给客户端可能存在安全隐患,校验设置的判断工作如果放在服务器完成,能够进一步提高账户的安全性。In the above first method, the client performs the judgment of the verification setting. Since the verification setting is sensitive information, there may be a security risk to the client, and if the verification setting is performed on the server, the account can be further improved. Security.
如图5所示,根据本申请另一个实施例,提供一种网络环境下的客户端账户安全检查方法,包括:As shown in FIG. 5, according to another embodiment of the present application, a client account security check method in a network environment is provided, including:
S41、当检测到用户对账户的操作时,将操作信息发送给服务器。S41. When the user's operation on the account is detected, the operation information is sent to the server.
如上面实施例所述,当用户登录客户端之后,进行账户资金转账操作,此时,客户端将“OP-ID=000011”信息发送给服务器。As described in the above embodiment, after the user logs in to the client, the account fund transfer operation is performed. At this time, the client sends the "OP-ID=000011" information to the server.
当服务器接收到来自客户端的操作编码“OP-ID=000011”之后,根据用户对应的账户信息调用存储的校验设置,根据校验设置中的文件名和文件路径向客户端发送读取文件请求。 After the server receives the operation code "OP-ID=000011" from the client, the stored verification setting is called according to the account information corresponding to the user, and the read file request is sent to the client according to the file name and the file path in the verification setting.
S42、接收来自服务器的读取文件请求。S42. Receive a read file request from a server.
S43、根据读取文件请求,将相应的文件发送给服务器。S43. Send a corresponding file to the server according to the read file request.
客户端根据服务器的文件请求中的文件路径和文件名,调用本地文件发送给服务器,如果本地无此文件,向服务器反馈读取失败消息。The client sends a local file to the server according to the file path and file name in the file request of the server. If there is no such file locally, the client returns a read failure message to the server.
与客户端操作相对应地,如图6所示,根据本申请一个实施例,提供一种网络环境下的服务器账户安全检查方法,包括:Corresponding to the client operation, as shown in FIG. 6, according to an embodiment of the present application, a server account security check method in a network environment is provided, including:
S51、接收来自客户端的用户对账户的操作信息;S51. Receive operation information of a user from the client on the account.
S52、根据用户对应的账户信息调用存储的校验设置;S52. Call the stored verification setting according to the account information corresponding to the user.
S53、根据校验设置中的文件名和文件路径向客户端发送读取文件请求;S53. Send a read file request to the client according to the file name and the file path in the verification setting.
S54、接收来自客户端的反馈,根据校验设置判断客户端是否在预设路径下保存预设文件。S54. Receive feedback from the client, and determine, according to the verification setting, whether the client saves the preset file in a preset path.
如果服务器接收到了客户端发送的文件,则校验设置中的文件路径、文件名两项已经通过检查。并且优选地,还可以继续检查文件类型和/或文件内容是否一致等等。If the server receives the file sent by the client, the file path and file name in the verification settings have passed the check. And preferably, it is also possible to continue to check whether the file type and/or the file content are consistent or the like.
如果服务器接收到读取失败消息,则客户端为非法客户端。If the server receives a read failure message, the client is an illegal client.
S55、根据判断结果决定是否允许用户进行账户操作。S55. Determine, according to the judgment result, whether the user is allowed to perform an account operation.
第三种网络环境下的账户安全检查方法Account security check method in the third network environment
上述第二种方法中,客户端将用于校验的本地文件直接发送给服务器进行校验设置判断,如果文件内容比较大,反复操作浪费网络流量,并造成操作延时。为了提高响应速度,可以减少发送的数据量。In the foregoing second method, the client directly sends the local file for verification to the server for verification setting judgment. If the content of the file is relatively large, repeated operations waste network traffic and cause operation delay. In order to improve the response speed, the amount of data sent can be reduced.
如图7所示,根据本申请另一个实施例,提供一种网络环境下的客户端账户安全检查方法,包括:As shown in FIG. 7, according to another embodiment of the present application, a client account security check method in a network environment is provided, including:
S61、当检测到用户对账户的操作时,将操作信息发送给服务器;S61. When detecting the operation of the account by the user, sending the operation information to the server;
S62、接收来自服务器的读取文件属性请求;S62. Receive a read file attribute request from a server.
S63、根据读取文件属性请求,将相应的文件属性发送给服务器。S63. Send the corresponding file attribute to the server according to the read file attribute request.
客户端根据服务器的文件属性请求中的文件路径和文件名,读取本地文件的属性例如文件类型、文件的MD5编码等发送给服务器,如果本地无此文 件,向服务器反馈读取失败消息。The client sends the attributes of the local file, such as the file type and the MD5 encoding of the file, to the server according to the file path and file name in the file attribute request of the server. Piece, feedback to the server read failure message.
与客户端操作相对应地,如图8所示,根据本申请一个实施例,提供一种网络环境下的服务器账户安全检查方法,包括:Corresponding to the client operation, as shown in FIG. 8, according to an embodiment of the present application, a server account security check method in a network environment is provided, including:
S71、接收来自客户端的用户对账户的操作信息;S71. Receive operation information of a user from the client on the account.
S72、根据用户对应的账户信息调用存储的校验设置;S72. Call the stored verification setting according to the account information corresponding to the user.
S73、根据校验设置中的文件名和文件路径向客户端发送读取文件属性请求;S73. Send a read file attribute request to the client according to the file name and the file path in the verification setting.
S74、接收来自客户端的反馈,根据校验设置判断是否在预设路径下保存预设文件。S74. Receive feedback from the client, and determine, according to the verification setting, whether to save the preset file in the preset path.
如果服务器接收到了客户端发送的文件属性,则校验设置中的文件路径、文件名两项已经通过检查,可以继续检查文件类型,以及文件内容,例如通过MD5编码来检查。If the server receives the file attribute sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
如果服务器接收到读取失败消息,则客户端为非法客户端。If the server receives a read failure message, the client is an illegal client.
S75、根据判断结果决定是否允许用户进行账户操作。S75. Determine, according to the judgment result, whether the user is allowed to perform an account operation.
第四种网络环境下的账户安全检查方法Account security check method in the fourth network environment
上述第三种方法中,将配置文件局限于某个具体文件的文件属性,在实践中,为了增加复杂度,进一步提高账户安全性,可以直接将整个预设路径下的所有文件进行检查。预设路径下的预设文件为预设路径下的所有文件,例如“C:\Windows\System32\Test\*.*”,此时配置文件中保存该路径下的各个文件的文件属性。In the foregoing third method, the configuration file is limited to the file attribute of a specific file. In practice, in order to increase the complexity and further improve the account security, all the files in the entire preset path can be directly checked. The default file in the default path is all files in the default path, for example, "C:\Windows\System32\Test\*.*". At this time, the file attributes of each file in the path are saved in the configuration file.
根据本申请另一个实施例,提供一种网络环境下的客户端账户安全检查方法,包括:According to another embodiment of the present application, a client account security check method in a network environment is provided, including:
S81、当检测到用户对账户的操作时,将操作信息发送给服务器;S81. When detecting the operation of the account by the user, sending the operation information to the server;
S82、接收来自服务器的读取文件属性请求,将相应的文件属性发送给服务器。S82. Receive a read file attribute request from the server, and send the corresponding file attribute to the server.
客户端根据服务器的文件属性请求中的文件路径,读取本地对应该文件路径下的所有文件属性,例如文件类型、文件的MD5编码等发送给服务器, 如果本地无此路径,向服务器反馈读取失败消息。The client reads all the file attributes in the local file path according to the file path in the file attribute request of the server, for example, the file type, the MD5 encoding of the file, and the like, and sends the file to the server. If there is no such path locally, a read failure message is fed back to the server.
与客户端操作相对应地,根据本申请一个实施例,提供一种网络环境下的服务器账户安全检查方法,包括:Corresponding to the client operation, according to an embodiment of the present application, a server account security check method in a network environment is provided, including:
S91、接收来自客户端的用户对账户的操作信息;S91. Receive operation information of a user from the client on the account.
S92、根据用户对应的账户信息调用存储的校验设置;S92. Call the stored verification setting according to the account information corresponding to the user.
本实施例中,校验设置中包括预设路径以及在预设路径下所有文件的文件属性信息,例如文件名称、文件类型、文件内容的MD5编码等等。根据本申请一个实施例,校验设置的内容如表2所示:In this embodiment, the verification setting includes a preset path and file attribute information of all files in the preset path, such as a file name, a file type, an MD5 code of the file content, and the like. According to an embodiment of the present application, the content of the verification setting is as shown in Table 2:
表2Table 2
Figure PCTCN2015091689-appb-000001
Figure PCTCN2015091689-appb-000001
S93、根据校验设置中的文件路径向客户端发送读取文件属性请求;S93. Send a read file attribute request to the client according to the file path in the verification setting.
如表2所示,将表一中的预设路径内容“C:\Windows\System32\Test\”发送给客户端,并要求客户端反馈文件属性。As shown in Table 2, the default path content "C:\Windows\System32\Test\" in Table 1 is sent to the client, and the client is required to feed back the file attributes.
S94、接收来自客户端的反馈,根据校验设置判断是否在预设路径下保存预设文件。S94. Receive feedback from the client, and determine, according to the verification setting, whether to save the preset file in a preset path.
如果服务器接收到了客户端发送的文件属性,则校验设置中的文件路径、文件名两项已经通过检查,可以继续检查文件类型,以及文件内容,例如通过MD5编码来检查。If the server receives the file attribute sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
例如,服务器接收到客户端发送的反馈如表3所示:For example, the server receives feedback from the client as shown in Table 3:
表3 table 3
Figure PCTCN2015091689-appb-000002
Figure PCTCN2015091689-appb-000002
可见,表3中所保存的信息,多于表2中的四个文件,此时,只要判断表2中的所有文件属性都存在于表3中即可,可以判断该客户端为合法客户端。It can be seen that the information stored in Table 3 is more than the four files in Table 2. In this case, as long as all the file attributes in Table 2 are present in Table 3, it can be determined that the client is a legitimate client. .
再例如,服务器接收到客户端发送的反馈如表4所示:For another example, the server receives feedback sent by the client as shown in Table 4:
表4Table 4
Figure PCTCN2015091689-appb-000003
Figure PCTCN2015091689-appb-000003
可见,表4中第三文件的文件类型与表2所示的校验设置的第三文件的文件类型不同,第四文件的文件MD5数据与校验设置的第四文件的MD5数据不同,可以判断该客户端为非法客户端。It can be seen that the file type of the third file in Table 4 is different from the file type of the third file of the verification setting shown in Table 2. The file MD5 data of the fourth file is different from the MD5 data of the fourth file of the verification setting, and Determine that the client is an illegal client.
如果服务器接收到读取失败消息,则客户端为非法客户端。If the server receives a read failure message, the client is an illegal client.
S95、根据判断结果决定是否允许用户进行账户操作。S95. Determine, according to the judgment result, whether the user is allowed to perform an account operation.
即如果判断客户端在预设路径下保存了预设文件,则该客户端为合法客 户端,服务器执行客户端发送的操作请求;否则,客户端为非法客户端,服务器忽略非法客户端的账户操作请求。That is, if it is determined that the client saves the preset file in the preset path, the client is a legal guest. At the client end, the server performs an operation request sent by the client; otherwise, the client is an illegal client, and the server ignores the account operation request of the illegal client.
进一步的,服务器还可以向客户端的用户发送报警信息或者锁定非法客户端。Further, the server can also send an alarm message to the user of the client or lock the illegal client.
实施方式二、账户安全检查装置Embodiment 2, account security inspection device
本领域技术人员能够根据说明书,采用DSP/FPGA/ASIC等常规手段,实现与上述各个实施例中提供的方法对应的产品权利要求的功能模块。Those skilled in the art can implement the functional modules of the product claims corresponding to the methods provided in the above respective embodiments by conventional means such as DSP/FPGA/ASIC according to the specification.
与上述账户安全检查方法相对应,本申请提供一种账户安全检查装置。Corresponding to the above account security check method, the present application provides an account security check device.
如图9所示,根据本申请一个实施例中提供的账户安全检查装置包括:As shown in FIG. 9, the account security check apparatus provided in one embodiment of the present application includes:
操作检测模块51,用于检测用户对账户的操作;An operation detecting module 51, configured to detect a user operation on an account;
判断模块52,用于判断当前计算设备是否在预设路径下保存预设文件;The determining module 52 is configured to determine whether the current computing device saves the preset file in a preset path;
操作开关模块53,用于根据判断模块52的判断结果决定是否允许用户的操作。The operation switch module 53 is configured to determine whether to allow the user's operation according to the judgment result of the determination module 52.
实施方式三、账户安全检查系统Embodiment 3, account security check system
与网络环境下的账户安全检查方法中的第一种相对应,本申请还提供一种账户安全检查系统。Corresponding to the first one of the account security check methods in the network environment, the present application also provides an account security check system.
如图10所示,根据本申请一个实施例,提供一种账户安全检查系统,包括:As shown in FIG. 10, according to an embodiment of the present application, an account security check system is provided, including:
账户安全检查客户端61,进一步包括:The account security check client 61 further includes:
操作检测模块611,用于当检测到用户对账户的操作时,触发账户安全检查操作,将用户的操作信息通过客户端传输模块613发送给服务器;The operation detecting module 611 is configured to: when detecting the operation of the account by the user, trigger an account security check operation, and send the operation information of the user to the server through the client transmission module 613;
客户端判断模块612,用于通过客户端传输模块613接收来自服务器的校验设置,根据校验设置判断是否在预设路径下保存预设文件,并将判断结果通过客户端传输模块613反馈给服务器;The client judging module 612 is configured to receive the verification setting from the server through the client transmission module 613, determine whether to save the preset file in the preset path according to the verification setting, and feed back the determination result to the client transmission module 613. server;
客户端传输模块613,用于与服务器进行数据传输;a client transmission module 613, configured to perform data transmission with the server;
账户安全检查服务器62,进一步包括: The account security check server 62 further includes:
服务器传输模块621,用于与客户端进行数据传输;a server transmission module 621, configured to perform data transmission with the client;
校验设置获取模块622,用于通过服务器传输模块621接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置,并通过服务器传输模块621发送给客户端;The verification setting acquisition module 622 is configured to receive the operation information of the user through the server transmission module 621, invoke the stored verification setting according to the account information corresponding to the user, and send the verification setting to the client through the server transmission module 621;
操作开关模块623,用于通过服务器传输模块621接收来自客户端的判断结果,根据判断结果决定是否允许用户进行账户操作。The operation switch module 623 is configured to receive the judgment result from the client through the server transmission module 621, and determine whether to allow the user to perform an account operation according to the determination result.
与网络环境下的账户安全检查方法中的第二种相对应,本申请还提供一种账户安全检查系统。Corresponding to the second of the account security check methods in the network environment, the present application also provides an account security check system.
如图11所示,根据本申请一个实施例,提供一种账户安全检查系统,包括:As shown in FIG. 11, according to an embodiment of the present application, an account security check system is provided, including:
账户安全检查客户端71,进一步包括:The account security check client 71 further includes:
操作检测模块711,用于当检测到用户对账户的操作时,触发账户安全检查操作,将用户的操作信息通过客户端传输模块713发送给服务器;The operation detecting module 711 is configured to: when detecting the operation of the account by the user, trigger an account security check operation, and send the operation information of the user to the server through the client transmission module 713;
客户端文件获取模块712,用于通过客户端传输模块713接收来自服务器的读取文件请求,读取相应的文件并通过客户端传输模块713反馈给服务器;The client file obtaining module 712 is configured to receive a read file request from the server through the client transmission module 713, read the corresponding file, and feed back to the server through the client transmission module 713;
客户端传输模块713,用于与服务器进行数据传输;a client transmission module 713, configured to perform data transmission with the server;
账户安全检查服务器72,进一步包括:The account security check server 72 further includes:
服务器传输模块721,用于与客户端进行数据传输;a server transmission module 721, configured to perform data transmission with the client;
校验设置获取模块722,用于通过服务器传输模块721接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置;The verification setting obtaining module 722 is configured to receive operation information of the user through the server transmission module 721, and invoke the stored verification setting according to the account information corresponding to the user;
服务器文件获取模块723,接收校验设置获取模块722的校验设置,基于校验设置中的文件路径和文件名称通过服务器传输模块721向客户端发送读取文件请求,并通过服务器传输模块721接收反馈的文件;The server file obtaining module 723 receives the verification setting of the verification setting obtaining module 722, and sends a read file request to the client through the server transmission module 721 based on the file path and the file name in the verification setting, and receives the read file request through the server transmission module 721. Feedback file
服务器判断模块724,接收校验设置获取模块722的校验设置和服务器文件获取模块723的文件,根据校验设置判断客户端是否在预 设路径下保存预设文件。The server determining module 724 receives the verification setting of the verification setting obtaining module 722 and the file of the server file obtaining module 723, and determines whether the client is in advance according to the verification setting. Set the default file to save the path.
如果服务器接收到了客户端发送的文件,则校验设置中的文件路径、文件名两项已经通过检查,可以继续检查文件类型,以及文件内容,例如通过MD5编码来检查。If the server receives the file sent by the client, the file path and file name in the verification settings have passed the check, and the file type and the file content can be continuously checked, for example, by MD5 encoding.
操作开关模块725,用于接收服务器判断模块723的判断结果,根据判断结果决定是否允许用户进行账户操作。The operation switch module 725 is configured to receive the determination result of the server determination module 723, and determine whether to allow the user to perform an account operation according to the determination result.
为了节约网络传输资源,提高账户操作效率,与网络环境下的账户安全检查方法中的第三种相对应,本申请还提供一种账户安全检查系统。与图10对应实施例的系统相比,区别在于客户端文件获取模块、服务器文件获取模块之间传输的是文件属性信息,而不是文件信息。In order to save network transmission resources and improve account operation efficiency, corresponding to the third of the account security check methods in the network environment, the present application also provides an account security check system. Compared with the system corresponding to the embodiment of FIG. 10, the difference is that the file attribute information is transmitted between the client file obtaining module and the server file acquiring module instead of the file information.
为了进一步提高账户安全性,与网络环境下的账户安全检查方法中的第四种相对应,本申请还提供一种账户安全检查系统。与图10对应实施例的系统相比,区别在于客户端文件获取模块、服务器文件获取模块之间传输的是文件属性信息,而不是文件信息;另外,服务器文件获取模块根据校验设置中的文件路径向客户端发送读取文件属性请求,而不是文件路径和文件名称,客户端文件获取模块将所需路径下所有文件的文件属性都反馈给服务器。In order to further improve account security, corresponding to the fourth of the account security checking methods in the network environment, the present application further provides an account security checking system. Compared with the system corresponding to the embodiment of FIG. 10, the difference is that the file attribute information is transmitted between the client file obtaining module and the server file acquiring module instead of the file information; in addition, the server file obtaining module is based on the file in the verification setting. The path sends a read file attribute request to the client instead of the file path and file name. The client file acquisition module feeds back the file attributes of all files in the required path to the server.
本申请公开的各个实施例的优点包括:即使在用户账户对应的密码被破解后,账户安全也得到保障;对于智能手机等移动终端用户,即使移动终端设备丢失,账户用户名、密码、短信验证机制都失去作用之后,账户安全也得到保障。Advantages of various embodiments disclosed in the present application include: securing account security even after the password corresponding to the user account is cracked; for mobile terminal users such as smart phones, even if the mobile terminal device is lost, account username, password, and SMS authentication After the mechanism has lost its effect, account security is also guaranteed.
应该注意到并理解,在不脱离后附的权利要求所要求的本申请的精神和范围的情况下,能够对上述详细描述的本申请做出各种修改和改进。因此,要求保护的技术方案的范围不受所给出的任何特定示范教导的限制。 It should be noted and appreciated that various modifications and improvements can be made to the present invention described in detail above without departing from the spirit and scope of the invention as claimed. Therefore, the scope of the claimed technical solutions is not limited by any particular exemplary teachings presented.

Claims (18)

  1. 一种账户安全检查方法,包括:An account security check method includes:
    检测用户对账户的操作;Detecting user operations on the account;
    当用户对账户进行操作时,判断当前计算设备是否在预设路径下保存预设文件;和When the user operates the account, it is determined whether the current computing device saves the preset file in the preset path; and
    如果当前计算设备在预设路径下保存预设文件,则允许操作,否则不允许操作。If the current computing device saves the preset file in the preset path, the operation is allowed, otherwise the operation is not allowed.
  2. 根据权利要求1所述账户安全检查方法,其中,所述预设路径为在当前计算设备中的持久化设备上的文件存储路径。The account security checking method of claim 1, wherein the predetermined path is a file storage path on a persistent device in the current computing device.
  3. 根据权利要求1所述账户安全检查方法,其中,所述检查当前计算设备是否在预设路径下保存预设文件步骤包括:The account security check method according to claim 1, wherein the step of checking whether the current computing device saves the preset file in the preset path comprises:
    检查在预设路径下是否存在与预设文件同名的文件。Check if there is a file with the same name as the preset file in the preset path.
  4. 根据权利要求3所述账户安全检查方法,其中,所述检查当前计算设备是否在预设路径下保存预设文件步骤还包括:The account security check method according to claim 3, wherein the step of checking whether the current computing device saves the preset file in the preset path further comprises:
    该同名文件的文件类型是否与预设文件的文件类型相同。Whether the file type of the file with the same name is the same as the file type of the preset file.
  5. 根据权利要求4所述账户安全检查方法,其中,所述检查当前计算设备是否在预设路径下保存预设文件步骤还包括:The account security check method according to claim 4, wherein the step of checking whether the current computing device saves the preset file in the preset path further comprises:
    检查该同名文件的文件MD5编码是否与预设文件的MD5编码相同。Check whether the file MD5 code of the file with the same name is the same as the MD5 code of the preset file.
  6. 一种账户安全检查装置,包括:An account security inspection device includes:
    操作检测模块,用于检测用户对账户的操作;An operation detecting module, configured to detect a user operation on an account;
    判断模块,用于判断当前计算设备是否在预设路径下保存预设文件;和a determining module, configured to determine whether the current computing device saves the preset file in a preset path; and
    操作开关模块,用于根据所述判断模块的判断结果决定是否允许用户的操作。The operation switch module is configured to determine whether to allow the user's operation according to the judgment result of the determination module.
  7. 一种客户端账户安全检查方法,包括:A method for checking client account security, including:
    当检测到用户对账户的操作时,将操作信息发送给服务器;When the user's operation on the account is detected, the operation information is sent to the server;
    接收来自服务器的校验设置,根据校验设置判断是否在预设路径下保存预设文件,其中,校验设置指预设的校验信息;和Receiving the verification setting from the server, determining whether to save the preset file in the preset path according to the verification setting, wherein the verification setting refers to the preset verification information;
    将判断结果发送给服务器。 Send the judgment result to the server.
  8. 根据权利要求7所述客户端账户安全检查方法,其中,校验设置包括:文件名称、文件类型、文件路径。The client account security checking method according to claim 7, wherein the verification setting comprises: a file name, a file type, and a file path.
  9. 根据权利要求8所述客户端账户安全检查方法,其中,校验设置还包括:文件的MD5编码。The client account security check method according to claim 8, wherein the verification setting further comprises: MD5 encoding of the file.
  10. 一种服务器账户安全检查方法,包括:A server account security check method includes:
    接收来自客户端的用户对账户的操作信息;Receiving operation information of the account from the user of the client;
    根据所述用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;Resetting the stored verification setting according to the account information corresponding to the user, where the verification setting refers to preset verification information;
    将校验设置发送给客户端;和Send the verification settings to the client; and
    接收来自客户端的判断结果,并根据判断结果决定是否允许用户进行账户操作。Receiving the judgment result from the client, and determining whether to allow the user to perform an account operation according to the judgment result.
  11. 一种客户端账户安全检查方法,包括:A method for checking client account security, including:
    当检测到用户对账户的操作时,将操作信息发送给服务器;When the user's operation on the account is detected, the operation information is sent to the server;
    接收来自服务器的读取文件请求或读取文件属性请求;和Receiving a read file request or reading a file attribute request from a server; and
    根据所述读取文件请求或读取文件属性请求,将相应的文件或文件属性发送给服务器。Send the corresponding file or file attribute to the server according to the read file request or the read file attribute request.
  12. 一种服务器账户安全检查方法,包括:A server account security check method includes:
    接收来自客户端的用户对账户的操作信息;Receiving operation information of the account from the user of the client;
    根据所述用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;Resetting the stored verification setting according to the account information corresponding to the user, where the verification setting refers to preset verification information;
    根据校验设置中的文件路径或者文件路径和文件名称向客户端发送读取文件请求或读取文件属性请求;Send a read file request or read a file attribute request to the client according to the file path or the file path and the file name in the check setting;
    接收来自客户端的反馈,根据校验设置判断客户端是否在预设路径下保存预设文件;和Receiving feedback from the client, determining, according to the verification setting, whether the client saves the preset file in a preset path; and
    根据判断结果决定是否允许用户进行账户操作。According to the judgment result, it is determined whether the user is allowed to perform an account operation.
  13. 一种账户安全检查客户端,包括:An account security check client that includes:
    客户端传输模块,用于与服务器进行数据传输;a client transmission module for performing data transmission with a server;
    操作检测模块,用于当检测到用户对账户的操作时,将用户的操作信息通过客户端传输模块发送给服务器;和 An operation detecting module, configured to send the operation information of the user to the server through the client transmission module when detecting the operation of the account by the user; and
    客户端判断模块,用于通过客户端传输模块接收来自服务器的校验设置,根据校验设置判断是否在预设路径下保存预设文件,并将判断结果通过客户端传输模块反馈给服务器,其中,校验设置指预设的校验信息。The client judging module is configured to receive the verification setting from the server through the client transmission module, determine whether to save the preset file in the preset path according to the verification setting, and feed the judgment result to the server through the client transmission module, where The verification setting refers to the preset verification information.
  14. 一种账户安全检查服务器,包括:An account security check server, comprising:
    服务器传输模块,用于与客户端进行数据传输;a server transmission module for performing data transmission with a client;
    校验设置获取模块,用于通过服务器传输模块接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置,并通过服务器传输模块发送给客户端,其中,校验设置指预设的校验信息;和The verification setting acquisition module is configured to receive the operation information of the user through the server transmission module, invoke the stored verification setting according to the account information corresponding to the user, and send the verification setting to the client through the server transmission module, where the verification setting refers to the preset Check information; and
    操作开关模块,用于通过服务器传输模块接收来自客户端的判断结果,根据判断结果决定是否允许用户进行账户操作。The operation switch module is configured to receive a judgment result from the client through the server transmission module, and determine, according to the judgment result, whether the user is allowed to perform an account operation.
  15. 一种账户安全检查客户端,包括:An account security check client that includes:
    客户端传输模块,用于与服务器进行数据传输;a client transmission module for performing data transmission with a server;
    操作检测模块,用于当检测到用户对账户的操作时,将用户的操作信息通过客户端传输模块发送给服务器;和An operation detecting module, configured to send the operation information of the user to the server through the client transmission module when detecting the operation of the account by the user; and
    客户端文件获取模块,用于通过客户端传输模块接收来自服务器的读取文件请求或读取文件属性请求,读取相应的文件或文件属性并通过客户端传输模块反馈给服务器。The client file obtaining module is configured to receive a read file request or read a file attribute request from the server through the client transmission module, read the corresponding file or file attribute, and feed back to the server through the client transmission module.
  16. 一种账户安全检查服务器,包括:An account security check server, comprising:
    服务器传输模块,用于与客户端进行数据传输;a server transmission module for performing data transmission with a client;
    校验设置获取模块,用于通过服务器传输模块接收用户的操作信息,根据与用户对应的账户信息调用存储的校验设置,其中,校验设置指预设的校验信息;The verification setting acquisition module is configured to receive the operation information of the user through the server transmission module, and invoke the stored verification setting according to the account information corresponding to the user, where the verification setting refers to the preset verification information;
    服务器文件获取模块,接收校验设置获取模块的校验设置,基于校验设置中的文件路径或者文件路径以及文件名称通过所述服务器传输模块向客户端发送读取文件请求或读取文件属性请求,并通过服务器传输模块接收客户端反馈的文件或文件属性;The server file obtaining module receives the verification setting of the verification setting acquisition module, and sends a read file request or a read file attribute request to the client through the server transmission module based on the file path or the file path and the file name in the verification setting. And receiving the file or file attribute fed back by the client through the server transmission module;
    服务器判断模块,接收校验设置获取模块的校验设置和服务器文件获取模块的文件或文件属性,根据校验设置判断客户端是否在预设路径下保存预设文件;和 The server judging module receives the verification setting of the verification setting acquisition module and the file or file attribute of the server file acquisition module, and determines, according to the verification setting, whether the client saves the preset file in the preset path; and
    操作开关模块,用于接收服务器判断模块的判断结果,根据判断结果决定是否允许用户进行账户操作。The operation switch module is configured to receive a judgment result of the server judgment module, and determine, according to the judgment result, whether the user is allowed to perform an account operation.
  17. 一种账户安全检查系统,包括:An account security check system, comprising:
    如权利要求13所述的账户安全检查客户端;和The account security check client of claim 13;
    如权利要求14所述的账户安全检查服务器,与所述账户安全检查客户端连接。The account security check server of claim 14 connected to said account security check client.
  18. 一种账户安全检查系统,包括:An account security check system, comprising:
    如权利要求15所述的账户安全检查客户端;和The account security check client of claim 15;
    如权利要求16所述的账户安全检查服务器,与所述账户安全检查客户端连接。 The account security check server of claim 16 connected to said account security check client.
PCT/CN2015/091689 2014-10-21 2015-10-10 Method, apparatus, client, server, and system for checking security of account WO2016062199A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410564555.9 2014-10-21
CN201410564555.9A CN105592004B (en) 2014-10-21 2014-10-21 Account safety inspection method, device, client, server and system

Publications (1)

Publication Number Publication Date
WO2016062199A1 true WO2016062199A1 (en) 2016-04-28

Family

ID=55760279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/091689 WO2016062199A1 (en) 2014-10-21 2015-10-10 Method, apparatus, client, server, and system for checking security of account

Country Status (3)

Country Link
CN (1) CN105592004B (en)
HK (1) HK1224455A1 (en)
WO (1) WO2016062199A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112783845A (en) * 2021-01-15 2021-05-11 天津五八到家货运服务有限公司 Data reconciliation system, method, device and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1304105A (en) * 2000-01-13 2001-07-18 卡西欧计算机株式会社 Portable terminal, servecx, system and their program recording medium
US20070239595A1 (en) * 2006-04-11 2007-10-11 Karen Setz Credit data processing system for controlling electronic trading based on credit arrangements
CN103441848A (en) * 2013-08-16 2013-12-11 广东欧珀移动通信有限公司 Application authentication method and system of mobile terminal
CN103745345A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method applied to transaction platform for realizing grading safety processing of financial information

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4578088B2 (en) * 2003-11-20 2010-11-10 大日本印刷株式会社 Information processing apparatus, information processing system, and program
CN102932407B (en) * 2012-09-20 2016-03-30 无锡华御信息技术有限公司 Based on the carrying out safety backup system and method for cloud computing
CN103049698B (en) * 2013-01-17 2015-08-19 珠海市君天电子科技有限公司 Method and device for defending online shopping Trojan

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1304105A (en) * 2000-01-13 2001-07-18 卡西欧计算机株式会社 Portable terminal, servecx, system and their program recording medium
US20070239595A1 (en) * 2006-04-11 2007-10-11 Karen Setz Credit data processing system for controlling electronic trading based on credit arrangements
CN103441848A (en) * 2013-08-16 2013-12-11 广东欧珀移动通信有限公司 Application authentication method and system of mobile terminal
CN103745345A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method applied to transaction platform for realizing grading safety processing of financial information

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112783845A (en) * 2021-01-15 2021-05-11 天津五八到家货运服务有限公司 Data reconciliation system, method, device and medium
CN112783845B (en) * 2021-01-15 2023-04-07 天津五八到家货运服务有限公司 Data reconciliation system, method, device and medium

Also Published As

Publication number Publication date
CN105592004B (en) 2019-08-09
CN105592004A (en) 2016-05-18
HK1224455A1 (en) 2017-08-18

Similar Documents

Publication Publication Date Title
WO2021036172A1 (en) Blockchain transaction query method and system
US8893286B1 (en) Systems and methods for preventing fraudulent activity associated with typo-squatting procedures
US9763100B2 (en) Instant messaging message processing method and device and storage medium
TWI587672B (en) Login authentication method, client, server and system
WO2021036170A1 (en) Blockchain transaction processing method and apparatus
US9055097B1 (en) Social network scanning
US8966621B1 (en) Out-of-band authentication of e-mail messages
TWI646479B (en) Business authentication method, system and server
US20180365697A1 (en) Suspicious remittance detection through financial behavior analysis
WO2016101635A1 (en) Method, apparatus and device for synchronizing login status, and computer storage medium
WO2021036171A1 (en) Blockchain transaction processing method and apparatus
TW201541277A (en) Method and apparatus of detecting weak password
US9083696B1 (en) Trusted peer-based information verification system
JP2018501694A (en) System and method for protecting against unauthorized network intrusion
US20210294888A1 (en) Login to a suspended account
WO2019011187A1 (en) Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account
WO2017190436A1 (en) Data processing method and apparatus
WO2019037521A1 (en) Security detection method, device, system, and server
WO2016062199A1 (en) Method, apparatus, client, server, and system for checking security of account
US20150052593A1 (en) Secure file transfers within network-based storage
WO2020000753A1 (en) Device security monitoring method and apparatus
US11363020B2 (en) Method, device and storage medium for forwarding messages
US20210173904A1 (en) System and method for verifying a media file
WO2017129068A1 (en) Event execution method and device and system therefor
CN112015494A (en) Third-party API tool calling method, system and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15853383

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15853383

Country of ref document: EP

Kind code of ref document: A1