CN109257321A - Safe login method and device - Google Patents
Safe login method and device Download PDFInfo
- Publication number
- CN109257321A CN109257321A CN201710569411.6A CN201710569411A CN109257321A CN 109257321 A CN109257321 A CN 109257321A CN 201710569411 A CN201710569411 A CN 201710569411A CN 109257321 A CN109257321 A CN 109257321A
- Authority
- CN
- China
- Prior art keywords
- account name
- terminal
- user
- risk class
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application discloses safe login methods and device, this method comprises: receiving the logging request that user is sent by terminal, wherein logging request includes the account name and account number cipher of user;It is matched in response to account name with account number cipher, inquires preset list, determine the corresponding risk class of account name, wherein list is used to indicate the corresponding relationship between account name and risk class;It is default risk class in response to the corresponding risk class of account name, secure log certification is carried out to terminal, determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully the page to terminal return.Which improves the safety of terminal and website.
Description
Technical field
This application involves field of computer technology, and in particular to Internet technical field more particularly to safe login method
And device.
Background technique
With the development of information technology, internet can provide various conveniences for user.People can stay indoors into
Row shopping online can use internet dispatch chapter, retrieval information etc..Internet while providing convenient for people there is also
Certain security risk, such as hacker steal user account to carry out online transaction etc..
In the prior art, user name can usually be entered with password match and be requested when carrying out website log by user
The Website page of login.So, it is difficult to tell whether the terminal that request logs in is hacker's terminal.
Summary of the invention
The purpose of the application is to propose a kind of improved safe login method and device, to solve background above technology department
Divide the technical issues of mentioning.
In a first aspect, being sent this method comprises: receiving user by terminal this application provides a kind of safe login method
Logging request, wherein logging request includes the account name and account number cipher of user;In response to account name and account number cipher
Match, inquire preset list, determines the corresponding risk class of account name, wherein list is used to indicate account name and risk class
Between corresponding relationship;It is default risk class in response to the corresponding risk class of account name, secure log is carried out to terminal and is recognized
Card, determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully the page to terminal return.
In some embodiments, this method further includes the establishment step of list, which includes: acquisition preset time
In the first account name and user information corresponding with the first account name of the historical user of targeted website registration in section;According to
One account name and user information determine the corresponding risk class of the first account name;According to the first account name and identified
Risk class establishes list.
In some embodiments, risk class includes the first risk class, and user information includes user in historical risk net
The the second account name registered, historical risk website and current site stand as different web sites;And according to the first account name and use
Family information determines the corresponding risk class of the first account name, comprising: determines whether the second account name and the first account name are identical;
It is identical as the first account name in response to the second account name, determine that the corresponding risk class of the first account name is the first risk class.
In some embodiments, risk class includes the second risk class, and user information further includes the behavioral data of user
Information;And according to the first account name and user information, determine the corresponding risk class of the first account name, comprising: according to row
For data information, behavior value corresponding with behavioral data information is determined;It is identical in response to the second account name and the first account name,
Whether the behavior value of determination is less than preset threshold;If behavior value is less than preset threshold, it is determined that the corresponding risk of the first account name
Grade is the second risk class.
In some embodiments, secure log certification is carried out to terminal, determines whether terminal is security terminal, comprising: rung
It should be the first risk class in the corresponding risk class of account name, the instruction for resetting account number cipher is issued to terminal;It receives
The account number cipher that user resets determines whether the account number cipher reset and account number cipher are identical;In response to setting again
The account number cipher set is different from account number cipher, determines that terminal is security terminal.
In some embodiments, secure log certification is carried out to terminal, determines whether terminal is security terminal, comprising: rung
It should be the second risk class in the corresponding risk class of account name, communication information corresponding with account name is obtained according to account name;
In response to obtaining communication information success, then the first login authentication information is issued to terminal;The second login for receiving user's input is tested
Information is demonstrate,proved, and by the first login authentication information compared with the second login authentication information, determines the first login authentication information and second
Whether login authentication information is identical;It is identical as the second login authentication information in response to the first login authentication information, determine that terminal is
Security terminal.
In some embodiments, logging request further includes the entry address of user;And
Before obtaining communication information corresponding with account name according to account name, method further include: determine the login of user
Whether address is historical log address;Entry address in response to user is not historical log address, then it is right with account name to obtain
The communication information answered.
Second aspect, this application provides a kind of secure login device, which includes: receiving unit, is configured to connect
Receive the logging request that user is sent by terminal, wherein logging request includes the account name and account number cipher of user;First really
Order member, is configured to match in response to account name with account number cipher, inquires preset list, determine the corresponding risk of account name
Grade, wherein list is used to indicate the corresponding relationship between account name and risk class;Second determination unit is configured to ring
Should be default risk class in the corresponding risk class of account name, secure log certification is carried out to terminal, determine terminal whether be
Security terminal;Return unit, is configured in response to terminal be security terminal, logins successfully the page to terminal return.
In some embodiments, device further includes that unit is established in list, and it includes: acquisition subelement that unit is established in list, is matched
Set for obtain in preset time period targeted website registration historical user the first account name and with the first account name it is right
The user information answered;It determines subelement, is configured to determine that the first account name is corresponding according to the first account name and user information
Risk class;Subelement is established in list, is configured to establish column according to the first account name and identified risk class
Table.
In some embodiments, risk class includes the first risk class, and user information includes user in historical risk net
The the second account name registered, historical risk website and current site stand as different web sites;And determine that subelement further configures
For determining whether the second account name and the first account name are identical;It is identical as the first account name in response to the second account name, it determines
The corresponding risk class of first account name is the first risk class.
In some embodiments, risk class includes the second risk class, and user information further includes the behavioral data of user
Information;And determine that subelement is further configured to determine row corresponding with behavioral data information according to behavioral data information
For value;Not identical in response to the second account name and the first account name, whether the behavior value of determination is less than preset threshold;If behavior value
Less than preset threshold, it is determined that the corresponding risk class of the first account name is the second risk class.
In some embodiments, second determine that subelement is further configured to risk class corresponding in response to account name
For the first risk class, the instruction for resetting account number cipher is issued to terminal;The account number cipher that user resets is received, really
Whether the account number cipher reset surely is identical as account number cipher;Not in response to the account number cipher that resets and account number cipher
Together, determine that terminal is security terminal.
In some embodiments, second determine that subelement is further configured to risk class corresponding in response to account name
For the second risk class, communication information corresponding with account name is obtained according to account name;In response to obtaining communication information success, then
The first login authentication information is issued to terminal;The second login authentication information of user's input is received, and the first login authentication is believed
Breath determines whether the first login authentication information is identical as the second login authentication information compared with the second login authentication information;Response
It is identical as the second login authentication information in the first login authentication information, determine that terminal is security terminal.
In some embodiments, logging request further includes the entry address of user, is obtained and account name according to account name
Before corresponding communication information, second determines that subelement is further configured to determine whether the entry address of user is that history is stepped on
Record address;Entry address in response to user is not historical log address, then obtains communication information corresponding with account name.
Safe login method and device provided by the present application, the account name including user sent by reception user are stepped on
Record request, inquires preset list, risk class corresponding with the account name of user is determined, in the corresponding risk class of account name
In the case where for default risk class, secure log verifying is carried out to terminal, the safety of terminal is determined, finally to security terminal
Return logins successfully the page, to reduce the risk of for example stolen account success log-on webpage page of abnormal account, improves account
Number and website safety.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is that this application can be applied to exemplary system architecture figures therein;
Fig. 2 is the flow chart according to one embodiment of the safe login method of the application;
Fig. 3 is the schematic diagram according to an application scenarios of the safe login method of the application;
Fig. 4 is the flow chart according to another embodiment of the safe login method of the application;
Fig. 5 is the structural schematic diagram according to one embodiment of the secure login device of the application;
Fig. 6 is adapted for the structural representation of the computer system for the terminal device or server of realizing the embodiment of the present application
Figure.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to
Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 is shown can be using the exemplary system of the embodiment of the safe login method or secure login device of the application
System framework 100.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105.
Network 104 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to receive or send out
Send message etc..Various telecommunication customer end applications can be installed, such as web browser is answered on terminal device 101,102,103
With, shopping class application, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 101,102,103 can be the various electronic equipments with display screen and supported web page browsing, packet
Include but be not limited to smart phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts
Group Audio Layer III, dynamic image expert's compression standard audio level 3), MP4 (Moving Picture
Experts Group Audio Layer IV, dynamic image expert's compression standard audio level 4) it is player, on knee portable
Computer and desktop computer etc..
Server 105 can be to provide the server of various services, such as to showing on terminal device 101,102,103
Webpage provides the backstage web page server supported.The data such as the logging request that backstage web page server can send user carry out
Analysis processing, and processing result (such as page data) is fed back into terminal device.
It should be noted that safe login method provided by the embodiment of the present application is generally executed by server 105, accordingly
Ground, secure login device are generally positioned in server 105.
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to realization need
It wants, can have any number of terminal device, network and server.
With continued reference to Fig. 2, the process 200 of one embodiment of the safe login method according to the application is shown.The peace
Full login method, comprising the following steps:
Step 201, the logging request that user is sent by terminal is received.
In the present embodiment, the electronic equipment (such as server shown in FIG. 1) of safe login method operation thereon can
To receive logging request using the terminal that it is logged in from user by wired connection mode or radio connection,
In, above-mentioned logging request includes that user is close in the account name for the website that expectation logs in and account corresponding with the account name
Code.In practice, number of site for example do shopping class website, read class website etc. need register account number just and can carry out some behaviors it is living
It is dynamic, such as shopping, reading etc..The server of electronic equipment operation thereon is stored with the account name of the user of register account number
And account number cipher corresponding with account name, the account name can be arranged for user oneself, it can also be by server according in advance
The logon mode of setting automatically generates, and account number cipher is usually set by user oneself.When registered user needs to log in certain
When one website, the account name registered in the website and account number cipher corresponding with account name can be provided to server, with
Authentication is carried out to the account name for server.
Step 202, it is matched in response to account name with account number cipher, inquires preset list, determine the corresponding wind of account name
Dangerous grade.
In the present embodiment, the account due to being frequently present of user in existing computer network is stolen, user is in website (example
Such as shopping website) situations such as carrying out some malicious acts (such as returning goods in batches after bulk purchase article), server can be to
The account name of registration carries out risk and determines, and the risk class corresponding with account name determined is pre-stored in list.
Above-mentioned risk class for example may include priming the pump grade, intermediate risk grade and highest risk class.When user passes through
When terminal logs on the website for requesting to log in using chartered account name, server can be according to true in step 201
The account name of fixed user and account number cipher corresponding with the account name of user, account name is matched with account number cipher,
After successful match, pre-set list can be further inquired, to further determine that risk corresponding with above-mentioned account name
Grade.In the present embodiment, above-mentioned list is used to indicate the corresponding relationship between account name and risk class.
Step 203, it is default risk class in response to the corresponding risk class of account name, secure log is carried out to terminal and is recognized
Card, determines whether terminal is security terminal.
Multiple default risk class can be preset in the present embodiment, in server, for example, default risk class can
Think the first risk class, can be the second risk class, can be third level risk class etc..
According to the corresponding risk class of account name determined in step 202, server can further determine that right with account name
Which rank of in default risk class the risk class answered be, to carry out secure log certification to terminal.In some applied fields
Jing Zhong, secure log certification can be sent in short-message verification by the electronic equipment of the terminal operating of user thereon to server
Hold to carry out secure log certification, the short message content that server is sent according to the user received in its pre-set encryption
Appearance is matched, and is detected according to matching result and is sent whether the terminal of short message is security terminal.
In some optional implementations of the present embodiment, above-mentioned risk class may include the first risk class, should
First risk class can represent highest risk class.For example, server can be by the corresponding wind of account name that account was stolen
Dangerous grade is set as the first risk class.Since account was stolen, it is hidden to there is safety in the corresponding account number cipher of the account
Suffer from.Server can be run when being the first risk class in response to the corresponding risk class of above-mentioned account name to electronic equipment
Terminal thereon issues the instruction for resetting account number cipher.After the instruction to be sent for resetting account number cipher, server
Can receive the account number cipher that user resets, and determine the account number cipher that resets and above-mentioned account number cipher whether phase
Together.When server detects the account number cipher reset and above-mentioned account number cipher difference, above-mentioned terminal can be determined for peace
Full terminal.Herein, when user carries out resetting the process of account number cipher, server can carry out account registration to user
When be stored in registration information in mailbox send verifying instruction, and password resetting is carried out in the mailbox, so, can be into
One step ensures the safety of terminal.
In some optional implementations of the present embodiment, above-mentioned risk class may include the second risk class, should
Second risk class can represent time high-risk grade.In specific application scenarios, server can be by the credit value of user
The corresponding risk class of lower account name is set as the second risk class.As an example, when user requests the website logged in
When for shopping class website, behavioural information according to user in the website, the account name setting that user can register in the website
Credit value.For example, user successfully buys in commodity and when the commodity bought in reasonably are evaluated in the website, letter can be increased
With value;Product itself be not present quality problems, user batch buy in commodity carries out again in batches the return of goods when, credit can be reduced
Value.User request log in websites response in the corresponding risk class of above-mentioned account name be the second risk class when, Ke Yigen
Communication information corresponding with account name is obtained according to above-mentioned account name.Herein, communication information can carry out account note for user
Phone number when volume in be stored in registration information, or the Email Accounts being stored in registration information.Server is rung
It should be when obtaining the success of above-mentioned communication information, the terminal that can be run to electronic equipment thereon issues the first login authentication letter
Breath.Wherein, which can be to state the verification code information that phone number or mailbox are sent upwards, or
User is reminded to pass through the cell-phone number of registration to the information for the website platform transmission short message for requesting login.Server is to end
After end issues the first login authentication information, the second login authentication information of user's input, second login authentication letter can receive
Whether terminal of the breath for checking request to log in is security terminal.Then, server can be by above-mentioned first login authentication information
Compared with the second login authentication information, determine whether the first login authentication information is identical as the second login authentication information.It is to be serviced
When device is identical as the second login authentication information in response to above-mentioned first login authentication information, it can determine and request to log in the website
Terminal be security terminal.For example, user passes through end when the identifying code that server is sent to the phone number of user is " 4321 "
It holds when requesting the identifying code of the website logged in input to be also " 4321 ", can determine that terminal is security terminal.Herein, when
When the available phone number to user of server, the first login authentication letter preferentially can be issued to the phone number of user
Breath;When server obtains the phone number less than user, the Email Accounts of user is obtained, and send to the Email Accounts of user
First login authentication information;Server can also send different first and log in the phone number or mailbox of user simultaneously to be recognized
Information is demonstrate,proved, after user needs to verify above-mentioned two first login authentication information, just can determine above-mentioned account name corresponding end
End is security terminal.When server obtains communication information corresponding with account and has not been obtained successfully according to account name, Ke Yixiang
The terminal that request logs in sends the information for obtaining phone number or mailbox.
In some optional implementations of the present embodiment, above-mentioned logging request can also include the login of user
Location, wherein the entry address may include the device id model that user is applicable in, the IP of user (Internet Protocol,
Network protocol) address.Server can determine whether the entry address of the user is to go through in the logging request for receiving user
History entry address.When server is not historical log address in response to the entry address of user, then available and above-mentioned account
Number corresponding communication information of name.Server then issues the first login authentication information to terminal in response to obtaining communication information success;
The second login authentication information of user's input is received, and by the first login authentication information compared with the second login authentication information, really
Whether fixed first login authentication information and the second login authentication information are identical;It is logged in response to the first login authentication information with second
Verification information is identical, determines that terminal is security terminal.Herein, above-mentioned historical log address can carry out account note for user
Used entry address when volume, or user logs in used address when the website last time.
Step 204, it is security terminal in response to terminal, logins successfully the page to terminal return.
It whether is security terminal according to the terminal determined in step 203, server is in response to above-mentioned terminal in the present embodiment
When for security terminal, the page that login successfully can be returned to terminal.Wherein, which can be asked by user
Seek the page of login, or the page with " logining successfully " mark.
With continued reference to the schematic diagram that Fig. 3, Fig. 3 are according to the application scenarios of the safe login method of the present embodiment.?
In the application scenarios of Fig. 3, " user a " issues the log in page currently presented to terminal device 301 by terminal device 301 first
The logging request in face, the logging request include the account name " user a " and account number cipher " * * * * * * * * * " of user.Then, it takes
After business device 302 receives the logging request of the sending of terminal device 301, examine whether above-mentioned account name matches with account number cipher.?
List 3021 is previously provided on server 302, the account name that multiple users are recorded in list 3021 " user a, user b, is used
Family c ... " and risk class corresponding with account name.For example, risk class corresponding with " user a " is " level-one ", with " user
The corresponding risk class of b " is " second level ", and risk class corresponding with " user c " is " three-level " ....In account name and account number cipher
In matched situation, server can inquire list 3021, determine risk class corresponding with " user a ".It is true in server 302
Determined the corresponding risk class of account name " user a " be preset " level-one " when, can according to risk class be " level-one "
Authentication mode to terminal carry out secure log certification, such as the certification can for reset user login password.When with
After family resets login password, server 302 can include the page of " logining successfully " several words to the return of terminal device 301
Face.
The logging request that the present embodiment is sent by receiving user, and preset list is inquired, determine that account name is corresponding
After risk class, according to login authentication condition corresponding to default risk class, secure log certification carried out to terminal, in determination
State whether terminal is security terminal, and is the page logined successfully to terminal return after security terminal in response to above-mentioned terminal, from
And the risk of for example stolen account success log-on webpage page of abnormal account is reduced, improve the safety of account and website.
With further reference to Fig. 4, it illustrates the processes 400 of another embodiment of safe login method.The secure log
The process 400 of method, comprising the following steps:
Step 401, it obtains in preset time period in the first account name of the historical user of targeted website registration and with the
The corresponding user information of one account name.
In the present embodiment, user targeted website carry out account registration when, can be set account name and with the account name
Corresponding user information.Wherein, above-mentioned targeted website is the website that terminal current request logs in, and above-mentioned user information may include
The phone number of user, the identification card number of user, the Email Accounts of user, personal attribute information (such as the age, property of user
Not) etc..After the account registration of user, above-mentioned account name and information corresponding with account name can be stored in server
In.Therefore, server can be obtained according to preset time period the historical user registered in targeted website the first account name and
User information corresponding with the first account name.Above-mentioned preset time period can be by manually setting, can also be with default setting.
Step 402, according to the first account name and user information, the corresponding risk class of the first account name is determined.
Server can the first account name according to the historical user got and user corresponding with the first account name
Information assesses the first account name of historical user, so that it is determined that risk class corresponding with the first account name.
In some optional implementations of the present embodiment, above-mentioned risk class may include the first risk class, above-mentioned
User information may include the second account name that user registers in historical risk website, above-mentioned historical risk website and current site
For different websites.The historical risk website can steal user sensitive information once to there is the stolen website of account password
Website, the website etc. of user information is allowed tampering with without user.In general, these historical risk websites can be by source code and use
The register account number name at family is revealed, therefore, when user is when targeted website uses account name identical with historical risk website, with this
The corresponding user information of account name (when the website be shopping class website when, user information for example can for user identification card number,
Bank's card number of user, bank card password etc.) it will be leaked, so, server can pass through the net of inquiry risk website
Page source code obtains the second account name that user is registered in these historical risk websites.Server exists getting user
After second account name of historical risk website, can determine whether the second account name and above-mentioned first account name are identical.Such as
When account name is collectively constituted by text and letter, can check the first account name text and letter whether with the second account name
Whether text and letter are all the same, when above-mentioned text and letter all the same, can determine the second account name and the first account name
It is identical.When above-mentioned second account name and the first account famous prime minister simultaneously, can determine the corresponding risk class of above-mentioned first account name
For the first risk class.
In some optional implementations of the present embodiment, above-mentioned risk class may include the second risk class, on
State the behavioral data information that user information can also include user.It, should when it is shopping class website that user, which requests the website logged in,
Behavioral data information can buy the information of article in the website for user, evaluate the information etc. of article;When user requests to log in
Website be blog class website when, behavior data information can be information, comment of the user in the website orientation article
Information etc..According to above-mentioned behavioral data information, server can determine behavior value corresponding with behavioral data information.Work as user
When buying article and objectively evaluating to commodity, behavior value can be increased, when user carries out false evaluation to commodity
When, it is possible to reduce behavior value;When user's publication is not related to the article of sensitive word and is repeatedly quoted, behavior can be increased
Value can reduce behavior value when user, which issues malice, to be commented on and have personal attack.Row can be preset in the server
To be worth threshold value, server can determine whether user belongs to the second risk class according to preset behavior asset pricing.Service
Device is different from the second account name in response to above-mentioned first account name, i.e. the corresponding risk class of account name is not belonging to first risk etc.
In the case where grade, it may further determine that whether above-mentioned behavior value is less than preset threshold.When above-mentioned behavior value is less than preset threshold
When, it may be determined that the corresponding risk class of above-mentioned first account name is the second risk class.
Step 403, according to the first account name and identified risk class, list is established.
In the present embodiment, it can be determined according in the first account name and step 402 of the historical user of target registered
Corresponding with the first account name risk class establish list.
It can be seen from above-described embodiment that the present embodiment, which essentially describes, to be built unlike embodiment shown in Fig. 2
The step of vertical list, can delimit account name different risk class and be stored in service the step of establishing list by this
In device, to there is verifying according to different risk class to the corresponding terminal of account name for the property being directed to, further increase
The safety of terminal and the safety of website.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, this application provides a kind of secure log dresses
The one embodiment set, the Installation practice is corresponding with embodiment of the method shown in Fig. 2, which specifically can be applied to respectively
In kind electronic equipment.
As shown in figure 5, the secure login device 500 of the present embodiment include: receiving unit 501, the first determination unit 502,
Second determination unit 503 and return unit 504.Wherein, receiving unit 501 be configured to receive user stepped on by what terminal was sent
Record request, wherein the logging request includes the account name and account number cipher of the user;The configuration of first determination unit 502
For being matched in response to the account name with the account number cipher, preset list is inquired, determines the corresponding wind of the account name
Dangerous grade, wherein the list is used to indicate the corresponding relationship between account name and risk class;Second determination unit 503 is matched
It sets for being default risk class in response to the corresponding risk class of the account name, secure log is carried out to the terminal and is recognized
Card, determines whether the terminal is security terminal;And return unit 504 is configured in response to the terminal be security terminal,
The page is logined successfully to terminal return.
In the present embodiment, receiving unit 501, the first determination unit 502, the second determination unit 503 and return unit
505 specific processing can be with reference to Fig. 2 corresponding embodiment step 201, step 202, step 203, step 204 and step 205
Detailed description, details are not described herein.
In some optional implementations of the present embodiment, secure login device further includes that unit, list are established in list
Establishing unit includes: to obtain subelement (not shown), is configured to obtain in preset time period in the history of targeted website registration
The first account name of user and user information corresponding with the first account name;It determines subelement (not shown), is configured to root
According to the first account name and user information, the corresponding risk class of the first account name is determined;Subelement (not shown) is established in list,
It is configured to establish list according to the first account name and identified risk class.
In some optional implementations of the present embodiment, risk class includes the first risk class, user information packet
The second account name that user registers in historical risk website is included, historical risk website and current site are different web sites;And really
Stator unit (not shown) is further configured to determine whether the second account name and the first account name are identical;In response to the second account
Number name is identical as the first account name, determines that the corresponding risk class of the first account name is the first risk class.
In some optional implementations of the present embodiment, risk class includes the second risk class, and user information is also
Behavioral data information including user;And determine that subelement (not shown) is further configured to according to behavioral data information,
Determine behavior value corresponding with behavioral data information;It is not identical in response to the second account name and the first account name, determine behavior value
Whether preset threshold is less than;If behavior value is less than preset threshold, it is determined that the corresponding risk class of the first account name is second
Risk class.
In some optional implementations of the present embodiment, the second determination unit 503 be further configured in response to
The corresponding risk class of account name is the first risk class, and the instruction for resetting account number cipher is issued to terminal;Receive user
The account number cipher reset determines whether the account number cipher reset and account number cipher are identical;In response to what is reset
Account number cipher is different from account number cipher, determines that terminal is security terminal.
In some optional implementations of the present embodiment, the second determination unit 503 be further configured in response to
The corresponding risk class of account name is the second risk class, obtains communication information corresponding with account name according to account name;Response
In obtaining communication information success, then the first login authentication information is issued to terminal;Receive the second login authentication letter of user's input
Breath, and by the first login authentication information compared with the second login authentication information, determine that the first login authentication information is logged in second
Whether verification information is identical;It is identical as the second login authentication information in response to the first login authentication information, determine terminal for safety
Terminal.
In some optional implementations of the present embodiment, logging request further includes the entry address of user, in basis
Before account name obtains communication information corresponding with account name, the second determination unit 503 is further configured to determine user's
Whether entry address is historical log address;Entry address in response to user is not historical log address, then acquisition and account
The corresponding communication information of name.
Below with reference to Fig. 6, it illustrates the computer systems 600 for the server for being suitable for being used to realize the embodiment of the present application
Structural schematic diagram.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in
Program in memory (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage section 608 and
Execute various movements appropriate and processing.In RAM 603, also it is stored with system 600 and operates required various programs and data.
CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always
Line 604.
I/O interface 605 is connected to lower component: the importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 606 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 608 including hard disk etc.;
And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because
The network of spy's net executes communication process.Driver 610 is also connected to I/O interface 605 as needed.Detachable media 611, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 610, in order to read from thereon
Computer program be mounted into storage section 608 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description
Application program.For example, embodiment of the disclosure includes a kind of computer program product comprising be tangibly embodied in machine readable
Computer program on medium, the computer program include the program code for method shown in execution flow chart.At this
In the embodiment of sample, which can be downloaded and installed from network by communications portion 609, and/or from removable
Medium 611 is unloaded to be mounted.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong
The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer
The combination of order is realized.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard
The mode of part is realized.Described unit also can be set in the processor, for example, can be described as: a kind of processor packet
Include receiving unit, the first determination unit, the second determination unit and return unit.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself, for example, receiving unit is also described as " receiving user and passing through terminal transmission
Logging request unit ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media, the non-volatile calculating
Machine storage medium can be nonvolatile computer storage media included in device described in above-described embodiment;It is also possible to
Individualism, without the nonvolatile computer storage media in supplying terminal.Above-mentioned nonvolatile computer storage media is deposited
One or more program is contained, when one or more program is executed by an equipment, so that equipment: receiving user and pass through
The logging request that terminal is sent, wherein logging request includes the account name and account number cipher of user;In response to account name and account
Number password match, inquires preset list, determines the corresponding risk class of account name, wherein list be used to indicate account name with
Corresponding relationship between risk class;It is default risk class in response to the corresponding risk class of account name, terminal is pacified
Full login authentication determines whether terminal is security terminal;It is security terminal in response to terminal, logins successfully page to terminal return
Face.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein
Can technical characteristic replaced mutually and the technical solution that is formed.
Claims (11)
1. a kind of safe login method, which is characterized in that the described method includes:
Receive the logging request that sends by terminal of user, wherein the logging request include the user account name and
Account number cipher;
It is matched in response to the account name with the account number cipher, inquires preset list, determine the corresponding wind of the account name
Dangerous grade, wherein the list is used to indicate the corresponding relationship between account name and risk class;
It is default risk class in response to the corresponding risk class of the account name, secure log certification is carried out to the terminal,
Determine whether the terminal is security terminal;
It is security terminal in response to the terminal, logins successfully the page to terminal return.
2. the method according to claim 1, wherein the method also includes the establishment step of the list, institute
Stating establishment step includes:
Obtain preset time period in targeted website registration historical user the first account name and with the first account name
Corresponding user information;
According to the first account name and the user information, the corresponding risk class of the first account name is determined;
According to the first account name and identified risk class, the list is established.
3. according to the method described in claim 2, it is characterized in that, the risk class includes the first risk class, the use
Family information includes the second account name that user registers in historical risk website, and the historical risk website is with the current site
Different web sites;And
According to the first account name and the user information, the corresponding risk class of the first account name is determined, comprising:
Determine whether the second account name and the first account name are identical;
It is identical as the first account name in response to the second account name, determine the corresponding risk class of the first account name
For first risk class.
4. according to the method described in claim 3, it is characterized in that, the risk class includes the second risk class, the use
Family information further includes the behavioral data information of user;And
According to the first account name and the user information, the corresponding risk class of the first account name is determined, comprising:
According to the behavioral data information, behavior value corresponding with the behavioral data information is determined;
It is not identical in response to the second account name and the first account name, determine whether the behavior value is less than default threshold
Value;
If the behavior value is less than preset threshold, it is determined that the corresponding risk class of the first account name is second wind
Dangerous grade.
5. according to the method described in claim 3, it is characterized in that, described carry out secure log certification, determination to the terminal
Whether the terminal is security terminal, comprising:
It is first risk class in response to the corresponding risk class of the account name, resets account to terminal sending
The instruction of number password;
Receive the account number cipher that the user resets, determine the account number cipher that resets and the account number cipher whether phase
Together;
It is different from the account number cipher in response to the account number cipher that resets, determine that the terminal is security terminal.
6. according to the method described in claim 4, it is characterized in that, described carry out secure log certification, determination to the terminal
Whether the terminal is security terminal, comprising:
In response to the corresponding risk class of the account name be second risk class, according to the account name obtain with it is described
The corresponding communication information of account name;
In response to obtaining the communication information success, then the first login authentication information is issued to the terminal;
The second login authentication information of user's input is received, and first login authentication information and described second are logged in
Verification information compares, and determines whether first login authentication information and second login authentication information are identical;
It is identical as second login authentication information in response to first login authentication information, determine the terminal for safety eventually
End.
7. according to the method described in claim 6, it is characterized in that, the logging request further includes the entry address of user;With
And
Before the communication information corresponding with the account name according to account name acquisition, the method also includes:
Whether the entry address for determining the user is historical log address;
Entry address in response to user is not historical log address, then obtains communication information corresponding with the account name.
8. a kind of secure login device, which is characterized in that described device includes:
Receiving unit is configured to receive the logging request that user is sent by terminal, wherein the logging request includes described
The account name and account number cipher of user;
First determination unit is configured to match in response to the account name with the account number cipher, inquires preset list, really
Determine the corresponding risk class of the account name, wherein the list is used to indicate the corresponding pass between account name and risk class
System;
Second determination unit is configured in response to the corresponding risk class of the account name be default risk class, to described
Terminal carries out secure log certification, determines whether the terminal is security terminal;
Return unit, is configured in response to the terminal be security terminal, logins successfully the page to terminal return.
9. device according to claim 8, which is characterized in that described device further includes that unit, the list are established in list
Establishing unit includes:
Obtain subelement, be configured to obtain preset time period in targeted website registration historical user the first account name with
And user information corresponding with the first account name;
It determines subelement, is configured to determine the first account name according to the first account name and the user information
Corresponding risk class;
Subelement is established in list, is configured to establish the column according to the first account name and identified risk class
Table.
10. a kind of server, which is characterized in that the server includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now method as described in any in claim 1-7.
11. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The method as described in any in claim 1-7 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710569411.6A CN109257321B (en) | 2017-07-13 | 2017-07-13 | Secure login method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710569411.6A CN109257321B (en) | 2017-07-13 | 2017-07-13 | Secure login method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109257321A true CN109257321A (en) | 2019-01-22 |
CN109257321B CN109257321B (en) | 2021-12-03 |
Family
ID=65051670
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710569411.6A Active CN109257321B (en) | 2017-07-13 | 2017-07-13 | Secure login method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109257321B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110138791A (en) * | 2019-05-20 | 2019-08-16 | 四川长虹电器股份有限公司 | Web service account takeover method of real-time and system based on Flink |
CN111447221A (en) * | 2020-03-26 | 2020-07-24 | 支付宝(杭州)信息技术有限公司 | Method and system for verifying identity using biometrics |
CN112073404A (en) * | 2020-09-03 | 2020-12-11 | 中国平安财产保险股份有限公司 | Account login method and device based on browser |
CN112910905A (en) * | 2021-02-07 | 2021-06-04 | 中国工商银行股份有限公司 | Security verification method and device |
CN113709082A (en) * | 2020-05-20 | 2021-11-26 | 腾讯科技(深圳)有限公司 | Application login method and device and account login mode setting method |
CN115065512A (en) * | 2022-05-31 | 2022-09-16 | 北京奇艺世纪科技有限公司 | Account login method, system, device, electronic equipment and storage medium |
CN116760646A (en) * | 2023-08-22 | 2023-09-15 | 中信消费金融有限公司 | Login processing method, login processing device, server and readable storage medium |
TWI825963B (en) * | 2021-08-31 | 2023-12-11 | 日商樂天集團股份有限公司 | Fraud detection systems, fraud detection methods and program products |
US12137107B2 (en) | 2021-08-31 | 2024-11-05 | Rakuten Group, Inc. | Fraud detection system, fraud detection method, and program |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852883A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method and system for protecting safety of account information |
CN104852888A (en) * | 2014-02-17 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method and device for setting static authentication information |
CN104980400A (en) * | 2014-04-08 | 2015-10-14 | 深圳市腾讯计算机系统有限公司 | Login access control method and login access control server |
CN105471819A (en) * | 2014-08-19 | 2016-04-06 | 腾讯科技(深圳)有限公司 | Account abnormity detection method and account abnormity detection device |
CN105654303A (en) * | 2015-12-31 | 2016-06-08 | 拉扎斯网络科技(上海)有限公司 | High-risk user identification method and device |
US9628491B1 (en) * | 2016-01-25 | 2017-04-18 | International Business Machines Corporation | Secure assertion attribute for a federated log in |
CN106899561A (en) * | 2015-12-24 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of TNC authority control methods and system based on ACL |
-
2017
- 2017-07-13 CN CN201710569411.6A patent/CN109257321B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852883A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method and system for protecting safety of account information |
CN104852888A (en) * | 2014-02-17 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method and device for setting static authentication information |
CN104980400A (en) * | 2014-04-08 | 2015-10-14 | 深圳市腾讯计算机系统有限公司 | Login access control method and login access control server |
CN105471819A (en) * | 2014-08-19 | 2016-04-06 | 腾讯科技(深圳)有限公司 | Account abnormity detection method and account abnormity detection device |
CN106899561A (en) * | 2015-12-24 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of TNC authority control methods and system based on ACL |
CN105654303A (en) * | 2015-12-31 | 2016-06-08 | 拉扎斯网络科技(上海)有限公司 | High-risk user identification method and device |
US9628491B1 (en) * | 2016-01-25 | 2017-04-18 | International Business Machines Corporation | Secure assertion attribute for a federated log in |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110138791A (en) * | 2019-05-20 | 2019-08-16 | 四川长虹电器股份有限公司 | Web service account takeover method of real-time and system based on Flink |
CN111447221A (en) * | 2020-03-26 | 2020-07-24 | 支付宝(杭州)信息技术有限公司 | Method and system for verifying identity using biometrics |
CN111447221B (en) * | 2020-03-26 | 2022-07-19 | 支付宝(杭州)信息技术有限公司 | Method and system for verifying identity using biometrics |
CN113709082A (en) * | 2020-05-20 | 2021-11-26 | 腾讯科技(深圳)有限公司 | Application login method and device and account login mode setting method |
CN112073404A (en) * | 2020-09-03 | 2020-12-11 | 中国平安财产保险股份有限公司 | Account login method and device based on browser |
CN112073404B (en) * | 2020-09-03 | 2023-09-29 | 中国平安财产保险股份有限公司 | Account login method and device based on browser |
CN112910905A (en) * | 2021-02-07 | 2021-06-04 | 中国工商银行股份有限公司 | Security verification method and device |
TWI825963B (en) * | 2021-08-31 | 2023-12-11 | 日商樂天集團股份有限公司 | Fraud detection systems, fraud detection methods and program products |
US12137107B2 (en) | 2021-08-31 | 2024-11-05 | Rakuten Group, Inc. | Fraud detection system, fraud detection method, and program |
CN115065512A (en) * | 2022-05-31 | 2022-09-16 | 北京奇艺世纪科技有限公司 | Account login method, system, device, electronic equipment and storage medium |
CN115065512B (en) * | 2022-05-31 | 2024-03-15 | 北京奇艺世纪科技有限公司 | Account login method, system, device, electronic equipment and storage medium |
CN116760646B (en) * | 2023-08-22 | 2023-10-31 | 中信消费金融有限公司 | Login processing method, login processing device, server and readable storage medium |
CN116760646A (en) * | 2023-08-22 | 2023-09-15 | 中信消费金融有限公司 | Login processing method, login processing device, server and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109257321B (en) | 2021-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11276048B2 (en) | Online payment processing method apparatus and system | |
CN109257321A (en) | Safe login method and device | |
US9756042B2 (en) | Systems and methods for authentication and verification | |
US11120493B2 (en) | Payment method, apparatus and system | |
US8935802B1 (en) | Verifiable tokenization | |
EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
US10567366B2 (en) | Systems and methods of user authentication for data services | |
CN105262779B (en) | Identity authentication method, device and system | |
CN106605246A (en) | Systems and methods for authenticating a user based on a computing device | |
KR101202295B1 (en) | Method of paying with unique key value and apparatus thereof | |
CN110399561B (en) | Information recommendation method, information recommendation device and electronic equipment | |
TWI751590B (en) | Violation presumption system, violation presumption method and program products | |
US9384330B2 (en) | Providing user attributes to complete an online transaction | |
US20210166226A1 (en) | Deep link authentication | |
KR20170101905A (en) | Phishing page detection method and device | |
US12052236B2 (en) | Method and system for detecting two-factor authentication | |
US20190034547A1 (en) | Internet portal system and method of use therefor | |
US11195169B1 (en) | Systems and methods for digital wallet | |
CN105337946B (en) | The method and apparatus of webpage fake certification | |
CN104009955B (en) | A kind of processing method of associated person information, device and system | |
US20230206246A1 (en) | Systems for Securing Transactions Based on Merchant Trust Score | |
CN106709733A (en) | Verification strategy selection method and device | |
KR101827480B1 (en) | Apparatus and system for recommending products using user's mobile access log and method thereof | |
KR20150102292A (en) | System and method for providing location authentication service using message | |
CN108234415A (en) | For verifying the method and apparatus of user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |