[go: up one dir, main page]

CN107196970A - A kind of safety certifying method, server - Google Patents

A kind of safety certifying method, server Download PDF

Info

Publication number
CN107196970A
CN107196970A CN201710577635.1A CN201710577635A CN107196970A CN 107196970 A CN107196970 A CN 107196970A CN 201710577635 A CN201710577635 A CN 201710577635A CN 107196970 A CN107196970 A CN 107196970A
Authority
CN
China
Prior art keywords
user
account
server
positional information
logging
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710577635.1A
Other languages
Chinese (zh)
Inventor
邓欢欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen City Hua Hu Technology Co Ltd
Original Assignee
Shenzhen City Hua Hu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen City Hua Hu Technology Co Ltd filed Critical Shenzhen City Hua Hu Technology Co Ltd
Priority to CN201710577635.1A priority Critical patent/CN107196970A/en
Publication of CN107196970A publication Critical patent/CN107196970A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/69Types of network addresses using geographic information, e.g. room number

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention discloses a kind of safety certifying method, server and security certification system, it can avoid freezing the influence that processing accesses to your account to normal users.Present invention method includes:Server receives the identification information of the account logged in the Account Logon request that user sends, the logging request comprising request;The server judges whether the identification information is contained in freezing data storehouse, and the identification information of account on hold is included in the freezing data storehouse;If the identification information is contained in the freezing data storehouse, the server reads the network address of the user from Account Logon request;According to the corresponding relation between the network address and positional information, the positional information of the corresponding user in the network address of the user is inquired about;Judge whether the positional information meets preset registration conditions, if meeting, allow account described in the User logs in.

Description

A kind of safety certifying method, server
Technical field
The present invention relates to the communications field, more particularly to a kind of safety certifying method, server and security certification system.
Background technology
With continuing to develop for Internet technology, the degree of opening more and more higher of internet, accordingly, trojan horse etc. The account safety for starting user in row, internet environment hardly results in guarantee.The phenomenon that account is stolen by other people can not be from root Prevent on source, stolen account is generally used to the fallacious messages such as color development feelings, swindle advertisement.
Account protection method of the prior art is generally:When the account for detecting some user constantly sends pornographic, swindleness When deceiving the fallacious messages such as advertisement, then to that can carry out the account freezing processing so that the account is within a period of time, even permanent nothing Method is logged in.
But, used if the account is stolen by other people, then directly freezing processing to account progress then can shadow Ring use of the normal users to the account.
The content of the invention
The embodiments of the invention provide a kind of safety certifying method, server and security certification system, it can avoid freezing The influence that knot processing accesses to your account to normal users.
Safety certifying method provided in an embodiment of the present invention, it is characterised in that including:
Server receives the mark of the account logged in the Account Logon request that user sends, the logging request comprising request Know information;
The server judges whether the identification information is contained in freezing data storehouse, is included in the freezing data storehouse The identification information of account on hold;
If the identification information is contained in the freezing data storehouse, the server is from Account Logon request Read the network address of the user;
According to the corresponding relation between the network address and positional information, the network address for inquiring about the user is corresponding described The positional information of user;
Judge whether the positional information meets preset registration conditions, if meeting, allow described in the User logs in Account.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
In the embodiment of the present invention, server can receive the logging request of user, be logged in the logging request comprising request Account identification information, when server according to the identification information determine the account be in frozen state when, can be according to login The positional information of acquisition request user, and judge whether positional information meets preset registration conditions, if meeting, allow user Logon account, so when some account is in frozen state, server can't refuse login of all users to the account, But processing is distinguished according to positional information during User logs in, positional information when users log on meets preset login bar During part, then allow the User logs in account, because account owner (i.e. normal users) typically can be in more fixed area Domain is logged in, can be effectively so making a distinction processing to the logging request of user according to positional information during User logs in Avoid freezing the influence that processing accesses to your account to normal users.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those skilled in the art, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached Figure.
A kind of step flow chart of the one embodiment for safety certifying method that Fig. 1 is provided by the embodiment of the present invention.
A kind of step flow chart of another embodiment of safety certifying method that Fig. 2 is provided by the embodiment of the present invention.
The step flow of one embodiment of the conventional logging zone for the determination user that Fig. 3 is provided by the embodiment of the present invention Figure.
The step of another embodiment of the conventional logging zone for the determination user that Fig. 4 is provided by the embodiment of the present invention, flows Cheng Tu.
The step of another embodiment of the conventional logging zone for the determination user that Fig. 5 is provided by the embodiment of the present invention, flows Cheng Tu.
A kind of structural representation of the one embodiment for server that Fig. 6 is provided by the embodiment of the present invention.
A kind of structural representation of another embodiment of server that Fig. 7 is provided by the embodiment of the present invention.
A kind of structural representation of another embodiment of server that Fig. 8 is provided by the embodiment of the present invention.
A kind of structural representation of another embodiment of server that Fig. 9 is provided by the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
Illustrate the embodiment of the present invention is how effectively to avoid freezing to handle using account to normal users below in conjunction with accompanying drawing 1 The influence at family elaborates.
101st, the Account Logon request of user is received;
When the user that has the right logs in Internet service by mobile phone to apply, user needs please to mobile phone transmission Account Logon Ask, the Account Logon request that mobile phone is received is sent to server;
Certain user can also send Account Logon by mobile terminals such as tablet personal computer or PAD and ask;
Wherein, the identification information of request logon account is included in the logging request, and be can interpolate that by the identification information Go out whether the account is in frozen state.
102nd, if it is determined that account is in frozen state, then the positional information of user is obtained according to logging request;
It is in when the identification information judgment in the request of Account Logon that server is received according to it goes out the account and freezes shape During state, then the positional information of user is obtained according to the logging request.
If the 103rd, the positional information meets preset registration conditions, allow User logs in account;
When server judges that its positional information got meets the registration conditions that server is pre-set, then service Device releases the restriction to the user account, so as to allow the user normally to log in the account.
In the present embodiment, server can receive the logging request of user, the account logged in the logging request comprising request The identification information at family, can be according to logging request when server determines that the account is in frozen state according to the identification information The positional information of user is obtained, and judges whether positional information meets preset registration conditions, if meeting, allows User logs in Account, so when some account is in frozen state, server can't refuse login of all users to the account, but Processing is distinguished according to positional information during User logs in, positional information when users log on meets preset registration conditions When, then allow the User logs in account, because account owner (i.e. normal users) typically can be in more fixed region Logged in, so processing is made a distinction to the logging request of user according to positional information during User logs in effectively to keep away Exempt to freeze the influence that processing accesses to your account to normal users.
It is that the method for how realizing safety certification is described in further detail to the present invention below in conjunction with Fig. 2, its is specific Including step:
201st, the Account Logon request of user is received;
The process of the step 201 of the present embodiment is identical with step 101 process described in the embodiment shown in earlier figures 1, It will not be repeated here.
202nd, judge whether account is in frozen state;
Because including in account logging request for indicating whether the account is in the identification information of frozen state;
Whether the identification information judgment current account that server is received according to it is in frozen state;If it is not, then entering Step 203;If so, then entering step 204.
203rd, the User logs in account is allowed;
The identification information judgment that server is received according to it goes out user's current account and is not on frozen state, i.e. the account Family is not transmitted the abnormal behaviours such as pornographic, waste advertisements, then server is without limiting the account, so user can Normally to log in the account.
204th, judge whether user forwards network element to access Internet service application by message, if it is not, 205 are then carried out, if It is then to carry out 207;
Abnormal row has been carried out because server goes out account in frozen state, the i.e. account according to identification information judgment For server is limited the account to ensure safety, and now server needs further to obtain the user's Positional information, to cause server judges whether user can log in this and be according to the positional information of the user to freeze to handle shape The account of state;
Again because that when user, which accesses Internet service, to apply, can be to access internet by the real network address of user to take Business forwards network element to be that proxy server accesses Internet service application using or by message;
I.e. when judging that user forwards network element access Internet service to apply not over message by 204, illustrate to use When family accesses the Internet, applications, its own real network address is used, then into step 205;
When judging that user forwards network element access Internet service to apply by message by 204, illustrate that user accesses When Internet service is applied, what it was used is not the real network address of user, in order to get the real positional information of user, Then enter 207.
205th, the entry address information that the log on request includes is obtained;
The log on request that server parsing user sends, and obtain the entry address information that the logging request includes.
206th, the network address of user is parsed from the entry address information;
Server parses the network address of user from entry address information;
Wherein, the network address is internet protocol address, or is LBS (location Based service, Location Based Service) address.
207th, from the network address for the message forwarding network element acquisition user for forwarding the logging request;
In order to get the real network address of user, then server from forward the logging request message forwarding network element obtain Take the network address at family;
And the network address is internet protocol address, or it is location Based service LBS addresses.
Enable the server to get the real network address of user by 206 or 207, when server is got truly The network address after, then carry out 208.
208th, according to the corresponding relation between the network address and positional information, the corresponding user in the network address of user is inquired about Positional information;
A place information inquiry list is pre-established in server end, the list establishes the network address and positional information Corresponding relation, after server gets the network address of user, pass through the network address inquiry place information inquiry and arrange Table, and then the positional information of user corresponding with the network address can be got.
209th, judge whether positional information meets preset registration conditions;
If so, then returning to 203;I.e. positional information meets the preset condition that logs in, then server allows the User logs in account Family;
If it is not, then carrying out 210;
Wherein, the prerequisite that server is pre-set is:Whether the positional information accessed by server belongs to user Conventional login area;
Server logs in the conventional login area that behavior determines the user previously according to the history of user;Wherein, how root Behavior is logged according to history and determines that the concrete methods of realizing of the conventional login area of user is described in detail in subsequent embodiment, herein Repeat no more.
210th, user is forbidden to log in;
When server, to judge that positional information is unsatisfactory for preset when logging in condition, i.e., server judges the positional information When being not belonging to the login area that user commonly uses, then it can determine whether out currently to require that the user logged in belongs to unsafe and haves no right to use Family, then forbid the user to be logged in, so as to effectively ensure the safety of the account.
In the present embodiment, server can determine whether whether its account log on request received is in frozen state, and when it During in frozen state, determine whether whether user forwards network element to access Internet service application by message, and according to sentencing Disconnected result causes server to parse the network address of user or the message from the forwarding log on request from address information is logged in Network element is forwarded to obtain the network address of user, so that server can get the real network address of user, and according to The network address of user gets the positional information of user, when it is determined that the positional information of user meet server it is preset log in bar During part, then user can login account, when it is determined that the positional information of user be unsatisfactory for server it is preset when logging in condition, then user It is unable to login account.Using the present embodiment so that server can get the real positional information of user, and can interpolate that this Real positional information whether meet it is preset log in condition, allow user to log in if meeting, forbid user if being unsatisfactory for Log in, positional information when it can be logged according to user makes a distinction out to the log on request of user, so as to effectively avoid Freeze the influence that processing accesses to your account to normal users.
When carrying out 209 shown in Fig. 2, server needs to judge whether positional information belongs to the conventional of user and log in area Domain, is that a kind of method for how determining the conventional logging zone of user elaborates to the present embodiment below in conjunction with Fig. 3;
301st, each logging zone of user is determined according to historical log behavior;
The history of server analysis user logs in behavior;
Wherein, the history logs in behavior and referred to, each login area of user when the past, internet login was applied, and point The login times of each login area are not obtained;
And server sets up login area inquiry list, it is each that login area inquiry list stores that user logged in Individual region, also stored for login times corresponding with the region that each was logged in.
302nd, inquiry login times reach the target logging zone of default value, and regard target logging zone as user's Conventional logging zone;
Server sets a default value, and the default value is used for the conventional login area for judging user;
And the default value can be that the unified setting of server end or user pass through service according to own situation What device was set;Such as user is frequently necessary to go on business, and its conventional login area typically just has multiple, then the default value of setting Can be suitably it is smaller;For another example user is substantially on a ground, and its conventional login area typically has one, then setting it is preset Numerical value can be suitably it is bigger;
List is inquired about in the server lookup login area, and obtains login times and reach that the target of default value logs in area Domain, and the login area got is set to conventional login area;
Wherein, conventional login area can be one or multiple.
In the present embodiment, server can determine the conventional login area of user according to the login times of each login area, If, so, can be more accurately and user can determine that multiple conventional login areas because of many places stops of a variety of causes needs Often judge whether user is the safe login user having the right with login area according to user.
This implementation can be in a particular application:
Server gets first and logged in Beijing 305 times, is logged in Guangzhou 300 times, is logged in Shanghai 100 times, in Shenzhen Log in 50 times;
Server sets up Beijing and 305, Guangzhou and 300, Shanghai and 100, Shenzhen and 50 corresponding relation respectively;
The default value that server is set is 200;
Server obtains the login area that login times are more than 200, that is, has got Beijing and Guangzhou;
Then server determines that Beijing and Guangzhou are exactly the conventional login area of user.
Embodiment with reference to shown in Fig. 2 and Fig. 3 so that the positional information pair for the user that server can be got according to it The conventional login area of user is judged, the number of times that user logs in is reached into the login area of default value is set to conventional step on Land region, server judges whether the user that request is logged in is the safe user that has the right according to the conventional login area, if so, then Allow user to log in, if it is not, then forbid user to log in, and then cause positional information when server can be logged according to user to The log on request at family makes a distinction, and then effective avoid freezes the influence that processing accesses to your account to normal users.
When carrying out 209 shown in Fig. 2, server needs to judge whether positional information belongs to the conventional of user and log in area Domain, is that another method for how determining the conventional logging zone of user elaborates to the present embodiment below in conjunction with Fig. 4.
401st, each logging zone of user is determined according to historical log behavior;
I.e. server sets up login area inquiry list, and login area inquiry list stores each that user logged in Region, also stored for login times corresponding with the region that each was logged in;
And login area inquiry list also records the time that user logs in each logging zone respectively, wherein, this is stepped on The login times that the record time logs in each logging zone with user respectively are corresponding.
402nd, login times in nearest preset time period are inquired about and reach the target logging zone of default value, and target is logged in Region as user conventional logging zone;
Server sets a preset time period, and the preset time period can be that server is set or user passes through clothes It is engaged in what device was set;
Because the life of user or the mode of work are frequently not unalterable, such as user is from the mode of operation often gone on business It is changed to without the need for the mode of operation gone on business, so server is used according in user's a period of time recently in preset time period Family logs in the conventional login area of the number of times acquisition user of each login area, can more reflect changing for user's life pattern Become, and then make it that the conventional login area got also can be more accurate;
Wherein, the set-up mode shown in the present embodiment 302 in the set-up mode and Fig. 3 of default value is identical, This is repeated no more;
Specifically, server is according to the concrete mode of the conventional login area of preset time period acquisition:
1st, the landing time for each login area that list is recorded is inquired about in server lookup login area, and acquisition is logged in Time the login area in the preset time period;
2nd, server obtains the corresponding login times in login area with landing time in preset time period, and acquisition is logged in Number of times reaches the target login area of default value;
3rd, the target login area got is set to conventional login area;
Wherein, conventional login area can be one or multiple.
In the present embodiment, server can obtain the number of times that user logs in each login area in nearest preset time period, and Times of acquisition reach the target login area of default value, and using the target login area as the conventional login area of user, Even if so that very big change occurs for the work of user or life style, also can accurately obtain the conventional of user and log in area Domain.
The present embodiment can be in a particular application:
Server gets first and logged in Beijing 300 times, is logged in Guangzhou 100 times, is logged in Shanghai 100 times, in Shenzhen Log in 200 times;
Server establishes Beijing and 300, Guangzhou and 100, Shanghai and 100, Shenzhen and 200 corresponding relation respectively;
Server records user every time in the landing time in Beijing, Guangzhou, Shanghai and Shenzhen respectively;
The preset time period that server is set is 30 days, then server is according to the landing time of its each login area recorded The number of times that user logs in above-mentioned various regions respectively in nearly 30 days by starting point of today is obtained respectively;
Get in nearly 30 days, first is logged in 0 time in Beijing, respectively log in 5 times, logged in Shenzhen in Guangzhou and Shanghai 200 times;
The default value that server is set is 50;
Then login times reach only Shenzhen of the default value 50;
Then Shenzhen is the conventional login area of user.
Embodiment with reference to Fig. 2 and shown in Fig. 4 so that server can according to the positional information of the user got to The conventional login area at family is judged that server, which gets conventional login area, to be needed while meeting two conditions, one is User logs in the time of each login area in preset time period;Another is the login area got in preset time period Login times reached default value;Server judges whether the user that request is logged in is safety according to the conventional login area The user that has the right, and then positional information of server when can be logged according to user is made a distinction to the log on request of user, Effective avoid freezes the influence that processing accesses to your account to normal users.Even if the work or habits and customs of user occur Larger change, can also get accurately conventional login area, and server is more accurate, rapidly judges login user Whether it is the safe user that has the right.
When carrying out 209 shown in Fig. 2, server needs to judge whether positional information belongs to the conventional of user and log in area Domain, is that another method for how determining the conventional logging zone of user elaborates to the present embodiment below in conjunction with Fig. 5.
501st, each logging zone of user is determined according to historical log behavior;
Wherein, the process shown in the present embodiment 501 is identical with the process 401 shown in Fig. 4 embodiments, will not be repeated here.
502nd, the first reference value of each logging zone is determined according to the first weights and in the login times of each logging zone;
Server is provided with the first weights, and it also obtains login times of the user in each login area;
Server obtains the login times of each login area and the product of first weights respectively, and using the product as First reference value.
503rd, the second reference value of each logging zone is determined according to the second weights and in the login time of each logging zone;
Server is provided with the second weights, and it also obtains the login times of each login area in preset time period;
And the setting side of the preset time period in the present embodiment shown in the set-up mode of 503 preset time period and Fig. 4 processes 402 Formula is identical, will not be repeated here;
Server obtains login times and the product of second weights, and regard the product as the second reference value;
Wherein, first weights and the second weights can be the unified setting of server or user according to oneself Actual conditions be configured;
If for example, user be in the state often gone on business, i.e. its frequent login area typically have it is multiple in the case of, user Can by server by the first weights set it is bigger, by the second weights set it is smaller, it is more accurate so as to get Conventional login area;
And for example, the work of user or life pattern are changed, and are changed to what need not be gone on business from being frequently necessary to go on business Situation, then user just can by server by the second weights set it is bigger, by the first weights set it is smaller.
504th, using the first reference value and the second reference value sum as the logging zone comprehensive reference value;
Server obtains the first reference value and the second reference value of each login area respectively, and obtains the first reference respectively Value and the second reference value and, and using this and be used as the comprehensive reference value of login area;
Wherein, server obtains the mode of comprehensive reference value and is not limited solely to ask for each login area first respectively to join Examine value and the second reference value and, it can also obtain the other modes such as the product of the first reference value and the second reference value, herein It is not construed as limiting;
And server also sets up the corresponding relation of each login area and its comprehensive reference value respectively.
505th, comprehensive reference value is reached the logging zone of default value as the conventional logging zone of user;
Server is previously provided with a default value, and obtains the login area that comprehensive reference value reaches the default value, And the login area is set to conventional login area.
The present embodiment judged the conventional login area of user account by the comprehensive reference value, and its advantage is, energy Enough more accurate conventional login areas for obtaining user, reduce the appearance of error in judgement and mistake;Link up and hand over because of modern society That flows is frequent, and the work of user or life pattern are not unalterable, and it is various more to meet people using the present embodiment The life style of change, even if the life style of user occurs largely to change, also can still obtain accurately conventional step on Land region, so that be that server accurately judges whether the login user is that the safe user that has the right lays the first stone, and user The first weights and the second weights can be set according to the habits and customs of oneself, so as to more individualize so that server being capable of pin Property is judged conventional login area, more accurate conventional login area is got.
The present embodiment can be in a particular application:
Server gets first and logged in Beijing 300 times, is logged in Guangzhou 100 times, logs in 50 times, is stepped in Shenzhen in Shanghai Land 200 times;
Server the first weights set in advance are 1;
Then the reference value of Pekinese first is 300*1=300, and first reference value in Guangzhou is 100*1=100, the of Shanghai One reference value is 50*1=50, and first reference value in Shenzhen is 200*1=200;
Server the second weights set in advance are 0.2;
The preset time period that server is set is 30 days, then obtains out of, user sends Account Logon request 30 days from today The login times of each login area;
Server was got in 30 days, and user logs in 50 times in Beijing, and Guangzhou is logged in 20 times, and Shanghai logs in 0 time, Shenzhen Log in 150 times;
Then the reference value of Pekinese second is 50*0.2=10, and second reference value in Guangzhou is 20*0.2=4, the second of Shanghai Reference value is 0*0.2=0, and second reference value in Shenzhen is 150*0.2=30;
Then server is got:
Pekinese's comprehensive reference value is 300+10=310;
The comprehensive reference value in Guangzhou is 100+4=104;
The comprehensive reference value in Shanghai is 50+0=50;
The comprehensive reference value in Shenzhen is 200+30=230;
The default value that server is set is 200;
Then in the application example, the comprehensive reference value in Beijing and Shenzhen is more than default value 200, server determine Beijing and Shenzhen is the conventional logging zone of user.
Embodiment with reference to Fig. 2 and shown in Fig. 5 so that server can according to the positional information of the user got to The conventional login area at family is judged, and server calculates and obtained the comprehensive reference value that user logs in each login area, According to the comprehensive reference value obtain user it is conventional log in ground so that server get it is conventional log in it is more accurate, this Sample, server can judge that whether the user that request is logged in is the safe user that has the right, and then make according to the conventional login area The positional information that server is obtained when can be logged according to user makes a distinction to the log on request of user, so as to effectively avoid freezing Handle the influence accessed to your account to normal users.
Safety certifying method in the embodiment of the present invention is described above, below to server in the embodiment of the present invention Structure be described, referring to Fig. 6, the server in the embodiment of the present invention is specifically included:
The mark of the account logged in receiving unit 601, the logging request for receiving user, logging request comprising request Information;
Acquiring unit 602, for when determining that account is in frozen state according to identification information, being obtained according to logging request The positional information of user;
Authentication unit 603, for judging whether positional information meets preset registration conditions, if meeting, allows user Log in the account.
In the present embodiment, receiving unit 601 can receive the logging request of user, be logged in the logging request comprising request Account identification information, when receiving unit 601 according to the identification information determine the account be in frozen state when, acquiring unit 602 can obtain the positional information of user according to logging request, and authentication unit 603 judges whether positional information meets preset step on Record condition, if meeting, allows User logs in account, so when some account is in frozen state, authentication unit 603 is not Login of all users to the account can be refused, but processing is distinguished according to positional information during User logs in, when user steps on When positional information during record meets preset registration conditions, then allow the User logs in account, due to account owner (i.e. just Conventional family) typically it can all be logged in more fixed region, so according to positional information during User logs in user's Logging request makes a distinction processing and can effectively avoid freezing the influence that processing accesses to your account to normal users.
Further referring to Fig. 7, acquiring unit 602 includes:
First acquisition module 701, the network address for parsing user from entry address information;
The network address is internet protocol address, or is location Based service LBS addresses;
Wherein, entry address information is included in advance in logging request, so the first acquisition module 701 can be asked from logging in Seek middle acquisition entry address information;
First enquiry module 702, for according to the corresponding relation between the network address and positional information, inquiring about the net of user The positional information of the corresponding user in network address;
That is the position for the network address inquiry user that first enquiry module 702 is got according to the first acquisition module 701 Information;
Second acquisition module 703, the network address for obtaining user from the message forwarding network element of forwarding logging request, net Network address is internet protocol address, or is location Based service LBS addresses;
Second enquiry module 704, for according to the corresponding relation between the network address and positional information, inquiring about the net of user The positional information of the corresponding user in network address;
That is the position for the network address inquiry user that second enquiry module 704 is got according to the second acquisition module 703 Information.
For ease of understanding, the present embodiment server is described in detail with a practical application scene below:
Receiving unit 601 receives the Account Logon request that user sends, and account logging request includes identification information; When receiving unit 601 determines whether account is in frozen state according to the identification information, the receiving unit 601 judges that user is It is no to forward network element to access Internet service application by message;
If user accesses Internet service application not over message forwarding network element, receiving unit 601 make it that first obtains Modulus block 701 parses the network address of user from entry address information;
Wherein, the network address is internet protocol address, or is location Based service LBS addresses;And login please Include entry address information in advance in asking, so the first acquisition module 701 can obtain entry address letter from logging request Breath;
After the first acquisition module 701 gets the network address, the first enquiry module 702 is believed according to the network address and position Corresponding relation between breath, inquires about positional information corresponding with the network address of user;
If user forwards network element to access Internet service application by message, the second acquisition module 703 is logged in from forwarding The message forwarding network element of request obtains the network address of user, and the network address is internet protocol address, or for based on position The service LBS addresses put;After the second acquisition module 703 gets the network address, the second enquiry module 704 is according to the network address Corresponding relation between positional information, inquires about the positional information of the corresponding user in the network address of user;
Authentication unit 603 obtains the position letter for the user that the first enquiry module 702 or the inquiry of two enquiry modules 704 are obtained Breath, judges whether the positional information meets preset registration conditions, if meeting, allows account described in User logs in;If discontented Foot, then forbid user to log in.
In the present embodiment, receiving unit 601 can determine whether whether its account log on request received is in frozen state, and When it is in frozen state, determine whether whether user forwards network element to access Internet service application by message, and then So that the first acquisition module 701 parses the network address of user from entry address information or causes the second acquisition module 703 The network address of user is obtained from the message forwarding network element of forwarding logging request, so that the first enquiry module 702 or the second inquiry Module 704 can get the real network address of user, and get according to the network address of user the positional information of user; When authentication unit 603 determine user positional information meet server it is preset when logging in condition, then user can login account, when Determine user positional information be unsatisfactory for server it is preset when logging in condition, then user is unable to login account.Using this implementation Example so that server can get the real positional information of user, and can interpolate that whether the real positional information meets Preset logs in condition, allows user to log in if meeting, forbids user to log in if being unsatisfactory for, when it can be logged according to user Positional information the log on request of user is made a distinction out so that effectively avoid freeze processing normal users are used The influence of account.
Further, with reference to shown in Fig. 8, server also includes:
Determining unit 801, the conventional logging zone for determining user according to historical log behavior;
Authentication unit 603 is specifically for judging whether positional information belongs to conventional logging zone, if belonging to, it is determined that meet Preset registration conditions, if being not belonging to, it is determined that be unsatisfactory for preset registration conditions.
Wherein, with reference to shown in Fig. 9, the determining unit 801 is specifically included:
First determining module 8011, each logging zone for determining user according to historical log behavior;
3rd enquiry module 8012, reaches the target logging zone of default value for inquiring about login times, and by target Logging zone as user conventional logging zone;
Second determining module 8013, each logging zone for determining user according to historical log behavior;
4th enquiry module 8014, inquires about the target logon area that login times in nearest preset time period reach default value Domain, and using target logging zone as user conventional logging zone;
3rd determining module 8015, each logging zone of the user is determined according to historical log behavior;
Computing module 8016, for determining each logging zone according to the first weights and in the login times of each logging zone The first reference value, according to the second weights and each logging zone login time determine each logging zone second reference Value, and using the first reference value and the second reference value sum as the logging zone comprehensive reference value;
4th determining module 8017, for comprehensive reference value to be reached to, the logging zone of default value is used as the user's Conventional logging zone.
It is below how to determine that the conventional of user is logged in the present embodiment server with practical application scene for ease of understanding Region is described in detail:
I.e. receiving unit 601 receives the account logged in the Account Logon request that user sends, the logging request comprising request The identification information at family, when receiving unit 601 determines that the account is in frozen state according to the identification information, acquiring unit 602 The positional information of user can be obtained according to logging request;
Determining unit 801 determines the conventional logging zone of user according to historical log behavior;
Specifically, it is determined that the first determining module 8011 of unit 801 determines each login of user according to historical log behavior Region, and the login times of each login area are obtained respectively;
Wherein, the history logs in behavior and referred to, each login area of user when the past, internet login was applied, service Device sets up login area inquiry list, and login area inquiry list stores the regional that user logged in, also stored Corresponding with the region that each was logged in login times;
The login times for each login area that 3rd enquiry module 8012 is obtained according to the first determining module 8011, inquiry Login times reach the target logging zone of default value, and using target logging zone as user conventional logging zone;Its In the 3rd enquiry module 8012 default value is set, the default value is used to judge the conventional login area of user;
Or,
Second determining module 8013 of determining unit 801 determines each logging zone of user according to historical log behavior;
That is the second determining module 8013 sets up login area inquiry list, and login area inquiry list stores user and stepped on The regional that land is crossed, also stored for login times corresponding with the region that each was logged in;And login area inquiry list Also record has the time for logging in each login area corresponding with each login times respectively;
4th enquiry module 8014 inquires about the target logging zone that login times in nearest preset time period reach default value, And using the target logging zone as user conventional logging zone;
Or,
3rd determining module 8015 of determining unit 801 determines each logging zone of user according to historical log behavior;
Computing module 8016 is provided with the first weights, and it also obtains login times of the user in each login area, calculates Module 8016 obtains the login times of each login area and the product of first weights respectively, and regard the product as the first ginseng Examine value;
Computing module 8016 is provided with the second weights, and it also obtains landing time of the user in each login area, and divides The landing time of each login area and the product of second weights are not obtained, and regard the product as the second reference value, difference Obtain the first reference value and the second reference value of each login area;
Computing module 8016 obtain respectively the first reference value and the second reference value and, and using this and be used as login area Comprehensive reference value;And computing module 8016 also sets up the corresponding relation of each login area and its comprehensive reference value respectively;
Wherein, the mode of the acquisition of computing module 8016 comprehensive reference value is not limited solely to ask for each login area respectively First reference value and the second reference value and, it can also obtain its other party such as the product of the first reference value and the second reference value Formula, is not limited thereto;
4th determining module 8017 reaches comprehensive reference value the logging zone of default value as the conventional login of user Region;
Whether its positional information got at acquiring unit 602 of the interpretation of authentication unit 603 belongs to the institute of determining unit 801 The user of determination often uses logging zone;If belonging to, it is determined that meet preset registration conditions, it is allowed to which user normally logs in;If no Belong to, it is determined that be unsatisfactory for preset registration conditions, then forbid user to log in.
Enable the server to obtain user often with login area according to different modes by the present embodiment, actually make In, server can provide a user a selective listing, and user is selected according to the actual conditions of itself by the selective listing It is adapted to the acquisition modes of oneself, even if so that user job or the larger change server of habits and customs generation also can be accurate The conventional login area really got.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in above method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And above-mentioned storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to upper Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to upper State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (10)

1. a kind of safety certifying method, it is characterised in that including:
Server receives the mark letter of the account logged in the Account Logon request that user sends, the logging request comprising request Breath;
The server judges whether the identification information is contained in freezing data storehouse, in the freezing data storehouse comprising by The identification information for the account freezed;
If the identification information is contained in the freezing data storehouse, the server is read from Account Logon request The network address of the user;
According to the corresponding relation between the network address and positional information, the corresponding user in the network address of the user is inquired about Positional information;
Judge whether the positional information meets preset registration conditions, if meeting, allow account described in the User logs in.
2. according to the method described in claim 1, it is characterised in that described according to corresponding between the network address and positional information After relation, the positional information for the corresponding user in the network address for inquiring about the user, methods described also includes:
The server judges whether the account belongs to excessive risk account;
If belonging to, the server is with obtaining the network of the user from the message forwarding network element of the forwarding logging request Location;
The server judges to forward the network address that network element is got with reading from Account Logon request from the message Whether the network address got matches, if mismatching, and uses the network address for forwarding network element to get from the message to carry out Subsequent operation.
3. method according to claim 2, it is characterised in that the server judges whether the account belongs to excessive risk Account includes:
The server judges whether the account occurred address fraudulent act in history preset time, if, it is determined that The account belongs to excessive risk account.
4. according to the method in any one of claims 1 to 3, it is characterised in that methods described also includes:
The conventional logging zone of the user is determined according to historical log behavior;
It is described to judge whether the positional information meets preset registration conditions and be specially:
Judge whether the positional information belongs to the conventional logging zone, if belonging to, it is determined that meet the preset login Condition, if being not belonging to, it is determined that be unsatisfactory for the preset registration conditions.
5. method according to claim 4, it is characterised in that described to determine that the user's is normal according to historical log behavior Included with logging zone:
Each logging zone of the user is determined according to historical log behavior;
Inquiry login times reach the target logging zone of default value, and regard the target logging zone as the user's Conventional logging zone.
6. method according to claim 4, it is characterised in that described to determine that the user's is normal according to historical log behavior Included with logging zone:
Each logging zone of the user is determined according to historical log behavior;
Inquire about the target logging zone that login times in nearest preset time period reach default value, and by the target logging zone It is used as the conventional logging zone of the user.
7. method according to claim 4, it is characterised in that described to determine that the user's is normal according to historical log behavior Included with logging zone:
Each logging zone of the user is determined according to historical log behavior;
The first reference value of each logging zone is determined according to the first weights and in the login times of each logging zone, according to second Weights and determine the second reference value of each logging zone in the login time of each logging zone, and by the first reference value and second Reference value sum as the logging zone comprehensive reference value;
Comprehensive reference value is reached the logging zone of default value as the conventional logging zone of the user.
8. a kind of server, it is characterised in that including:
The mark letter of the account logged in receiving unit, the logging request for receiving user, the logging request comprising request Breath;
Acquiring unit, for when determining that the account is in frozen state according to the identification information, being asked according to the login Seek the positional information for obtaining the user;
Authentication unit, for judging whether the positional information meets preset registration conditions, if meeting, allows the user Log in the account.
9. server according to claim 8, it is characterised in that also include entry address information in the logging request;
The acquiring unit includes:
First acquisition module, the network address for parsing the user from the entry address information, the network Location is internet protocol address, or is location Based service LBS addresses;
First enquiry module, for according to the corresponding relation between the network address and positional information, inquiring about the network of the user The positional information of the corresponding user in address.
10. server according to claim 8, it is characterised in that the acquiring unit includes:
Second acquisition module, the network address for obtaining the user from the message forwarding network element of the forwarding logging request, The network address is internet protocol address, or is location Based service LBS addresses;
Second enquiry module, for according to the corresponding relation between the network address and positional information, inquiring about the network of the user The positional information of the corresponding user in address.
CN201710577635.1A 2017-07-15 2017-07-15 A kind of safety certifying method, server Pending CN107196970A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710577635.1A CN107196970A (en) 2017-07-15 2017-07-15 A kind of safety certifying method, server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710577635.1A CN107196970A (en) 2017-07-15 2017-07-15 A kind of safety certifying method, server

Publications (1)

Publication Number Publication Date
CN107196970A true CN107196970A (en) 2017-09-22

Family

ID=59883658

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710577635.1A Pending CN107196970A (en) 2017-07-15 2017-07-15 A kind of safety certifying method, server

Country Status (1)

Country Link
CN (1) CN107196970A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756530A (en) * 2017-11-02 2019-05-14 北京金山安全软件有限公司 Target application server and method and device for determining geographic position information
CN113806716A (en) * 2021-08-20 2021-12-17 济南浪潮数据技术有限公司 A kind of intelligent security authentication and authentication method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626295A (en) * 2008-07-08 2010-01-13 中国移动通信集团公司 Method, device and system for guaranteeing security of network logon
EP2293604A1 (en) * 2009-09-07 2011-03-09 Lg Electronics Inc. Mobile terminal and method for controlling operation of the same
CN104426844A (en) * 2013-08-21 2015-03-18 深圳市腾讯计算机系统有限公司 Safety authentication method, server and safety authentication system
CN104902033A (en) * 2014-03-05 2015-09-09 腾讯科技(深圳)有限公司 Method and device for recording login address
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626295A (en) * 2008-07-08 2010-01-13 中国移动通信集团公司 Method, device and system for guaranteeing security of network logon
EP2293604A1 (en) * 2009-09-07 2011-03-09 Lg Electronics Inc. Mobile terminal and method for controlling operation of the same
CN104426844A (en) * 2013-08-21 2015-03-18 深圳市腾讯计算机系统有限公司 Safety authentication method, server and safety authentication system
CN104902033A (en) * 2014-03-05 2015-09-09 腾讯科技(深圳)有限公司 Method and device for recording login address
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756530A (en) * 2017-11-02 2019-05-14 北京金山安全软件有限公司 Target application server and method and device for determining geographic position information
CN113806716A (en) * 2021-08-20 2021-12-17 济南浪潮数据技术有限公司 A kind of intelligent security authentication and authentication method, device and storage medium

Similar Documents

Publication Publication Date Title
CN102027714B (en) Networking tasks are performed based on destination network
CN103825895B (en) A kind of information processing method and electronic equipment
CN103107974B (en) A kind of user's registration and login method and mobile terminal
US20150312265A1 (en) Method for Verifying Sensitive Operations, Terminal Device, Server, and Verification System
CN105933888B (en) A kind of eSIM card method for burn-recording and device based on NFC
CN107169025B (en) Sharing intelligent tracking method, device and system
CN112672357B (en) Method and device for processing user account in service system and computer equipment
CN104113842B (en) Method, device, server and mobile terminal for identifying pseudo wireless network access point
CN106453216A (en) Malicious website interception method, malicious website interception device and client
CN105162768A (en) Method and device for detecting phishing Wi-Fi hotspots
CN105046562B (en) Air control system and air control data capture method
CN106101080A (en) Page access control method and device
CN107896235A (en) Information-pushing method, device, network access equipment, terminal and social interaction server device
CN107484152A (en) The management method and device of terminal applies
CN106656455A (en) Website access method and device
CN107094088A (en) A kind of loiter network device identification method, device and system
CN107528712A (en) The determination of access rights, the access method of the page and device
CN102752756A (en) Method and device for preventing surfing the Internet by privately connecting wireless access point (AP)
CN107196970A (en) A kind of safety certifying method, server
CN109088884A (en) Network address access method, device, server and the storage medium of identity-based verifying
CN110167027A (en) A kind of method, equipment and storage medium obtaining wireless access point access pin
CN105246125B (en) A kind of access control method and terminal
CN106209750A (en) A kind of network allocation method, server, network access equipment and system
US11108588B2 (en) Configuration information to an internet of things multiplexer
CN104219737B (en) A kind of system and method for realizing networking switched service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170922

WD01 Invention patent application deemed withdrawn after publication