[go: up one dir, main page]

CN112398787B - Mailbox login verification method and device, computer equipment and storage medium - Google Patents

Mailbox login verification method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112398787B
CN112398787B CN201910755465.0A CN201910755465A CN112398787B CN 112398787 B CN112398787 B CN 112398787B CN 201910755465 A CN201910755465 A CN 201910755465A CN 112398787 B CN112398787 B CN 112398787B
Authority
CN
China
Prior art keywords
login
mailbox
behavior
remote
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910755465.0A
Other languages
Chinese (zh)
Other versions
CN112398787A (en
Inventor
李博
付旻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Original Assignee
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Safety Technology Zhuhai Co Ltd, Qax Technology Group Inc filed Critical Qianxin Safety Technology Zhuhai Co Ltd
Priority to CN201910755465.0A priority Critical patent/CN112398787B/en
Publication of CN112398787A publication Critical patent/CN112398787A/en
Application granted granted Critical
Publication of CN112398787B publication Critical patent/CN112398787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请公开了一种邮箱登录验证的方法、装置及计算机设备,涉及信息网络安全领域,能够解决无法准确自动拦截高风险的登录行为,从而不能对邮箱登录攻击进行有效管理控制的问题。其中方法包括:配置安装攻击发现与风险控制系统,以便对邮箱登录行为进行管理控制;利用所述攻击发现与风险控制系统识别记录远程登录信息;在所述攻击发现与风险控制系统中对所述远程登陆信息进行验证;若验证成功,则控制开通邮箱登陆进程。本申请适用于对邮箱登录的验证。

Figure 201910755465

The present application discloses a method, device and computer equipment for mailbox login verification, which relate to the field of information network security and can solve the problem that high-risk login behaviors cannot be accurately and automatically intercepted, so that mailbox login attacks cannot be effectively managed and controlled. The method includes: configuring and installing an attack discovery and risk control system to manage and control mailbox login behavior; using the attack discovery and risk control system to identify and record remote login information; The remote login information is verified; if the verification is successful, the login process of opening the mailbox is controlled. This application applies to verification of email login.

Figure 201910755465

Description

邮箱登录验证的方法、装置、计算机设备及存储介质Method, device, computer equipment and storage medium for email login verification

技术领域technical field

本申请涉及信息网络安全领域,尤其涉及一种邮箱登录验证的方法、装置及计算机设备。The present application relates to the field of information network security, and in particular, to a method, device and computer equipment for email login verification.

背景技术Background technique

至今为止,仍有大量“逍遥法外”的境外黑客通过各种工具或社工方法破解企业内部邮箱密码,通过登录后群发邮件的方式对企业内其他人进行“手动投毒”或进行信息窃取,一旦密码被破,就可以通过对可信IP进行利用进行攻击,严重影响防护能力,危害企业内大量用户环境的系统安全。So far, there are still a large number of "unpunished" overseas hackers who use various tools or social engineering methods to crack the password of the internal mailbox of the enterprise, and "manually poison" or steal information on other people in the enterprise by sending mass emails after logging in. If it is broken, the trusted IP can be used to attack, which seriously affects the protection ability and endangers the system security of a large number of user environments in the enterprise.

现实中邮箱登录最常见的控制,主要是通过对来源IP是否是陌生IP进行验证,通过限制陌生IP来保证系统安全。In reality, the most common control of mailbox login is to verify whether the source IP is an unfamiliar IP, and to ensure system security by restricting unfamiliar IPs.

然而上述这种仅通过来源IP进行安全登陆判定的方式只能排除显性攻击,而对于由于存在用户使用弱口令和存在漏洞,使用正确账号密码登录邮件服务器的攻击方式,是难以识别和发现的。因此,常用的一般防护手段,包括控制从陌生IP登录,以及多次登录口令错误情况,都不能够有效的将其阻止,也无法从根源上对邮箱登录攻击进行控制。However, the above-mentioned method of determining secure login only by the source IP can only exclude explicit attacks, and it is difficult to identify and discover the attack method that uses the correct account password to log in to the mail server due to the existence of weak passwords and loopholes. . Therefore, the commonly used general protection methods, including controlling logins from unfamiliar IPs and multiple login password errors, cannot effectively prevent them, nor can they control email login attacks from the root cause.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本申请提供了一种邮箱登录验证的方法、装置及计算机设备,能够解决无法准确自动拦截高风险的登录行为,从而不能对邮箱登录攻击进行有效管理控制的问题。In view of this, the present application provides a method, device and computer equipment for email login verification, which can solve the problem that high-risk login behaviors cannot be accurately and automatically intercepted, so that email login attacks cannot be effectively managed and controlled.

根据本申请的一个方面,提供了一种邮箱登录验证的方法,该方法包括:According to an aspect of the present application, a method for email login verification is provided, and the method includes:

配置安装攻击发现与风险控制系统,以便对邮箱登录行为进行管理控制;Configure and install the attack discovery and risk control system to manage and control mailbox login behavior;

利用所述攻击发现与风险控制系统识别记录远程登录信息;Utilize the attack discovery and risk control system to identify and record remote login information;

在所述攻击发现与风险控制系统中对所述远程登陆信息进行验证;Verifying the remote login information in the attack discovery and risk control system;

若验证成功,则控制开通邮箱登陆进程。If the verification is successful, control the login process of opening the mailbox.

具体地,所述配置安装攻击发现与风险控制系统,以便对登录行为进行管理控制,具体包括:Specifically, the configuration and installation of an attack discovery and risk control system so as to manage and control the login behavior includes:

安装攻击发现与风险控制系统;Install attack detection and risk control systems;

对所述攻击发现与风险控制系统中的网络管理中心进行管理配置,所述管理配置包括配置邮箱客户端工具列表、浏览器列表。Perform management configuration on the network management center in the attack discovery and risk control system, where the management configuration includes configuring a list of email client tools and a list of browsers.

相应的,所述利用所述攻击发现与风险控制系统识别记录远程登录信息,具体包括:Correspondingly, the use of the attack discovery and risk control system to identify and record remote login information specifically includes:

提取所述邮箱客户端工具列表中的进程创建规则;Extract the process creation rules in the email client tool list;

若确定存在与所述进程创建规则匹配的控制操作,则识别远程控制行为;identifying a remote control action if it is determined that there is a control operation that matches the process creation rule;

若判定所述远程控制行为为主动操作行为,则获取所述控制操作对应的机器唯一标识;If it is determined that the remote control behavior is an active operation behavior, acquiring the unique machine identifier corresponding to the control operation;

将所述机器唯一标识加密存储到所述攻击发现与风险控制系统中的网络管理中心,实现远程登录打点。The unique machine identifier is encrypted and stored in the network management center in the attack discovery and risk control system to realize remote login management.

具体地,所述若确定存在与所述进程创建规则匹配的控制操作,则识别远程控制行为,具体包括:Specifically, if it is determined that there is a control operation matching the process creation rule, the remote control behavior is identified, which specifically includes:

获取远程控制行为对应的浏览器插件和浏览进程;Obtain the browser plug-in and browsing process corresponding to the remote control behavior;

依据所述浏览器插件和所述浏览进程确定出当前浏览器正在访问的统一资源定位符;determining the uniform resource locator currently being accessed by the browser according to the browser plug-in and the browsing process;

将所述统一资源定位符与用于邮箱登录的关键统一资源定位符进行匹配,若确定匹配成功,则判定所述远程控制行为为主动操作行为;Matching the uniform resource locator with the key uniform resource locator used for mailbox login, and if it is determined that the matching is successful, it is determined that the remote control behavior is an active operation behavior;

若匹配不成功,则判定所述远程控制行为异常,终止登陆操作。If the matching is unsuccessful, it is determined that the remote control behavior is abnormal, and the login operation is terminated.

具体地,所述在所述攻击发现与风险控制系统中对所述远程登陆信息进行验证,具体包括:Specifically, the verification of the remote login information in the attack discovery and risk control system specifically includes:

提取所述远程登录信息中的目标机器唯一标识;Extract the unique identifier of the target machine in the remote login information;

将所述目标机器唯一标识与机器唯一标识对应的配置模板进行匹配;Matching the unique identification of the target machine with the configuration template corresponding to the unique identification of the machine;

若确定匹配成功,则判定所述目标机器唯一标识通过验证。If it is determined that the matching is successful, it is determined that the unique identification of the target machine has passed the verification.

相应地,在终止登陆操作时,具体还包括:Correspondingly, when terminating the login operation, it also specifically includes:

输出禁止登陆的提示信息。Output a message indicating that login is prohibited.

根据本申请的另一个方面,提供了一种邮箱登录验证的装置,该装置包括:According to another aspect of the present application, an apparatus for email login verification is provided, and the apparatus includes:

配置模块,用于配置安装攻击发现与风险控制系统,以便对邮箱登录行为进行管理控制;The configuration module is used to configure and install the attack discovery and risk control system, so as to manage and control the mailbox login behavior;

识别模块,用于利用所述攻击发现与风险控制系统识别记录远程登录信息;an identification module for identifying and recording remote login information by using the attack discovery and risk control system;

验证模块,用于在所述攻击发现与风险控制系统中对所述远程登陆信息进行验证;a verification module for verifying the remote login information in the attack discovery and risk control system;

控制模块,用于若验证成功,则控制开通邮箱登陆进程。The control module is used to control the login process of opening the mailbox if the verification is successful.

具体地,配置模块,具体用于安装攻击发现与风险控制系统;Specifically, the configuration module is specifically used to install the attack discovery and risk control system;

对所述攻击发现与风险控制系统中的网络管理中心进行管理配置,所述管理配置包括配置邮箱客户端工具列表、浏览器列表以及授信终端列表。The management configuration is performed on the network management center in the attack discovery and risk control system, and the management configuration includes configuring the mailbox client tool list, the browser list and the trusted terminal list.

具体地,识别模块,具体用于提取所述邮箱客户端工具列表中的进程创建规则;Specifically, an identification module, which is specifically used to extract the process creation rules in the mailbox client tool list;

若确定存在与所述进程创建规则匹配的控制操作,则识别远程控制行为;identifying a remote control action if it is determined that there is a control operation that matches the process creation rule;

若判定所述远程控制行为为主动操作行为,则获取所述控制操作对应的机器唯一标识;If it is determined that the remote control behavior is an active operation behavior, acquiring the unique machine identifier corresponding to the control operation;

将所述机器唯一标识加密存储到所述攻击发现与风险控制系统中的网络管理中心,实现远程登录打点。The unique machine identifier is encrypted and stored in the network management center in the attack discovery and risk control system to realize remote login management.

具体地,识别模块,具体用于获取远程控制行为对应的浏览器插件和浏览进程;Specifically, the identification module is specifically used to obtain the browser plug-in and the browsing process corresponding to the remote control behavior;

依据所述浏览器插件和所述浏览进程确定出当前浏览器正在访问的统一资源定位符;determining the uniform resource locator currently being accessed by the browser according to the browser plug-in and the browsing process;

将所述统一资源定位符与用于邮箱登录的关键统一资源定位符进行匹配,若确定匹配成功,则判定所述远程控制行为为主动操作行为;Matching the uniform resource locator with the key uniform resource locator used for mailbox login, and if it is determined that the matching is successful, it is determined that the remote control behavior is an active operation behavior;

若匹配不成功,则判定所述远程控制行为异常,终止登陆操作。If the matching is unsuccessful, it is determined that the remote control behavior is abnormal, and the login operation is terminated.

具体地,验证模块,具体用于提取所述远程登录信息中的目标机器唯一标识;Specifically, a verification module, which is specifically used to extract the unique identifier of the target machine in the remote login information;

将所述目标机器唯一标识与机器唯一标识对应的配置模板进行匹配;Matching the unique identification of the target machine with the configuration template corresponding to the unique identification of the machine;

若确定匹配成功,则判定所述目标机器唯一标识通过验证。If it is determined that the matching is successful, it is determined that the unique identification of the target machine has passed the verification.

相应的,输出模块,用于输出禁止登陆的提示信息。Correspondingly, the output module is used to output the prompt information that the login is prohibited.

根据本申请的又一个方面,提供了一种非易失性可读存储介质,其上存储有计算机程序,程序被处理器执行时实现上述邮箱登录验证的方法。According to another aspect of the present application, a non-volatile readable storage medium is provided, a computer program is stored thereon, and when the program is executed by a processor, the above-mentioned method for mailbox login verification is implemented.

根据本申请的再一个方面,提供了一种计算机设备,包括非易失性可读存储介质、处理器及存储在非易失性可读存储介质上并可在处理器上运行的计算机程序,处理器执行程序时实现上述邮箱登录验证的方法。According to yet another aspect of the present application, a computer device is provided, comprising a non-volatile readable storage medium, a processor, and a computer program stored on the non-volatile readable storage medium and executable on the processor, The method for realizing the above mailbox login verification when the processor executes the program.

借由上述技术方案,本申请提供的一种邮箱登录验证的方法、装置及计算机设备,与目前主要通过对来源IP是否是陌生IP的验证方式相比,本申请可通过配置安装攻击发现与风险控制系统,来对邮箱登录行为进行管理控制,具体可利用攻击发现与风险控制系统识别记录远程登录信息,并对远程登陆信息进行验证,当验证通过后,才控制开通邮箱登陆操作。可保证只允许执行远程登录打点后的终端才能登录邮箱服务器,而其他的的一切非正当的登录都会被拒绝,从而极大的提高邮箱远程登录防护能力,能够从根源上对邮箱登录攻击进行控制,保证企业用户环境的系统安全。By means of the above-mentioned technical solutions, a method, device and computer equipment for mailbox login verification provided by the present application, compared with the current verification method mainly through whether the source IP is an unfamiliar IP, the present application can discover and risk by configuring installation attacks. The control system is used to manage and control the mailbox login behavior. Specifically, the attack discovery and risk control system can be used to identify and record the remote login information, and verify the remote login information. When the verification is passed, the mailbox login operation is controlled. It can ensure that only the terminal after the remote login management is allowed to log in to the mailbox server, and all other illegal logins will be rejected, thus greatly improving the mailbox remote login protection ability, and can control the mailbox login attack from the root. , to ensure the system security of the enterprise user environment.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本地申请的不当限定。在附图中:The drawings described herein are used to provide further understanding of the application, and constitute a part of the application. The schematic embodiments and descriptions of the application are used to explain the application and do not constitute an improper limitation to the local application. In the attached image:

图1示出了本申请实施例提供的一种邮箱登录验证的方法的流程示意图;1 shows a schematic flowchart of a method for email login verification provided by an embodiment of the present application;

图2示出了本申请实施例提供的另一种邮箱登录验证的方法的流程示意图;FIG. 2 shows a schematic flowchart of another mailbox login verification method provided by an embodiment of the present application;

图3示出了本申请实施例提供的客户端打点流程图;3 shows a flow chart of client management provided by an embodiment of the present application;

图4示出了本申请实施例提供的一种邮箱登录验证的装置的结构示意图;FIG. 4 shows a schematic structural diagram of an apparatus for mailbox login verification provided by an embodiment of the present application;

图5示出了本申请实施例提供的另一种邮箱登录验证的装置的结构示意图。FIG. 5 shows a schematic structural diagram of another mailbox login verification apparatus provided by an embodiment of the present application.

具体实施方式Detailed ways

下文将参考附图并结合实施例来详细说明本申请。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互结合。Hereinafter, the present application will be described in detail with reference to the accompanying drawings and in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features of the embodiments may be combined with each other in the case of no conflict.

针对目前无法准确自动拦截高风险的登录行为,从而不能对邮箱登录攻击进行有效管理控制的问题,本申请提供了一种邮箱登录验证的方法,如图1所示,该方法包括:Aiming at the problem that high-risk login behavior cannot be accurately and automatically intercepted at present, so that the mailbox login attack cannot be effectively managed and controlled, this application provides a method for mailbox login verification, as shown in Figure 1, the method includes:

101、配置安装攻击发现与风险控制系统,以便对邮箱登录行为进行管理控制。101. Configure and install an attack discovery and risk control system to manage and control mailbox login behavior.

对于本实施例的执行主体可为,需要进行邮箱登陆检测防护终端,通过在终端上配置安装攻击发现与风险控制系统,来对邮箱登录行为进行管理控制。The execution subject of this embodiment may be a terminal that needs to perform mailbox login detection and protection, and manage and control the mailbox login behavior by configuring and installing an attack discovery and risk control system on the terminal.

102、利用攻击发现与风险控制系统识别记录远程登录信息。102. Use the attack discovery and risk control system to identify and record remote login information.

其中,远程登录信息可包括远程控制行为以及登录终端对应的机器唯一标识。远程控制行为又可分为用户主动操作行为和程序自动实施行为,用户主动操作行为指的是用户通过键盘、鼠标、触屏等交互设备来主动进行的操作,比如:鼠标双击桌面上的某一程序图标,将程序执行起来,再通过程序菜单打开某一文件。在用户主动操作下的行为,与程序自动实施行为相比,会有不同的行为权限授予,比如:winword.exe(微软的Office办公套件),在用户主动操作下,可以读写任意位置的任意文档类文件,但在非用户主动选择的情况下,它只能操作它自己创建的文件(临时文件)。The remote login information may include the remote control behavior and the unique machine identifier corresponding to the login terminal. Remote control behavior can be divided into user active operation behavior and program automatic implementation behavior. User active operation behavior refers to the user's active operation through keyboard, mouse, touch screen and other interactive devices, such as: double-clicking a mouse on the desktop. Program icon, execute the program, and then open a file through the program menu. The behavior under the user's active operation, compared with the program's automatic implementation behavior, will have different behavior permissions granted, such as: winword.exe (Microsoft's Office office suite), under the user's active operation, can read and write any location in any location. Document class file, but it can only operate on files (temporary files) it creates itself without the user's active selection.

103、在攻击发现与风险控制系统中对远程登陆信息进行验证。103. Verify the remote login information in the attack discovery and risk control system.

对于本实施例,对远程登陆信息的验证主要是对登录终端对应的机器唯一标识的验证,用于判定其是否符合机器唯一标识配置标准。For this embodiment, the verification of the remote login information is mainly the verification of the machine unique identifier corresponding to the login terminal, which is used to determine whether it conforms to the machine unique identifier configuration standard.

104、若验证成功,则控制开通邮箱登陆进程。104. If the verification is successful, control the login process of opening the mailbox.

对于本实施例,在具体的应用场景中,当判定远程登陆信息中的机器唯一标识符合机器唯一标识配置标准时,则可控制开通邮箱登陆进程。For this embodiment, in a specific application scenario, when it is determined that the machine unique identifier in the remote login information complies with the machine unique identifier configuration standard, the login process of opening a mailbox can be controlled.

通过本实施例中的邮箱登录验证的方法,可通过配置安装攻击发现与风险控制系统,来对邮箱登录行为进行管理控制,具体可利用攻击发现与风险控制系统识别记录远程登录信息,并对远程登陆信息进行验证,当验证通过后,才控制开通邮箱登陆动作。可保证只允许执行远程登录打点后的终端才能登录邮箱服务器,而其他的一切非正当的登录都会被拒绝,从而极大的提高邮箱远程登录防护能力,能够从根源上对邮箱登录攻击进行控制,保证企业用户环境的系统安全。With the email login verification method in this embodiment, the email login behavior can be managed and controlled by configuring and installing an attack discovery and risk control system. Specifically, the attack discovery and risk control system can be used to identify and record remote login information, and the remote The login information is verified. When the verification is passed, the login action of opening the mailbox is controlled. It can ensure that only the terminal after the remote login management is allowed to log in to the mailbox server, and all other illegal logins will be rejected, thus greatly improving the mailbox remote login protection ability, and can control the mailbox login attack from the root. Ensure the system security of enterprise user environment.

进一步的,作为上述实施例具体实施方式的细化和扩展,为了完整说明本实施例中的具体实施过程,提供了另一种邮箱登录验证的方法,如图2所示,该方法包括:Further, as a refinement and extension of the specific implementation of the above embodiment, in order to fully describe the specific implementation process in this embodiment, another method for mailbox login verification is provided, as shown in FIG. 2 , the method includes:

201、安装攻击发现与风险控制系统。201. Install an attack discovery and risk control system.

其中,攻击发现与风险控制系统(F&C)可包括攻击发现与风险控制终端、攻击发现与风险控制服务端以及网络管理中心(中控),攻击发现与风险控制终端主要用于检测识别远程控制行为,当检测到有用户主动操作的登录行为后,会把登录终端的机器唯一标识(MID)以加密的形式上传到网络管理中心并保存一定的时间,以便攻击发现与风险控制服务端查询使用;攻击发现与风险控制服务端用于接收网络管理中心下发的策略。然后在检测到有终端要远程登录的行为后,会向网络管理中心请求查询,网络管理中心会把已经打过点的MID列表以加密的形式返回给服务端,服务端对其解密后,判定打过点的MID列表中目标机器唯一标识是否与机器唯一标识对应的配置模板进行匹配,若确定匹配,则允许远程登录,不匹配的话就拒绝远程登录。网络管理中心的作用是用于存储攻击发现与风险控制终端发送的登录终端的MID,即实现对远程登录打点的纪录,当接收到攻击发现与风险控制服务端对MID列表的获取请求后,将本地存储的所有MID以列表的形式发送给攻击发现与风险控制服务端,以便对目标机器唯一标识进行验证。Among them, the attack discovery and risk control system (F&C) can include the attack discovery and risk control terminal, the attack discovery and risk control server, and the network management center (central control). The attack discovery and risk control terminal is mainly used to detect and identify remote control behaviors , when the login behavior of the user's active operation is detected, the machine unique identifier (MID) of the login terminal will be uploaded to the network management center in encrypted form and stored for a certain period of time, so as to be used for attack discovery and risk control server query; The attack discovery and risk control server is used to receive policies issued by the network management center. Then, after detecting that there is a terminal that wants to log in remotely, it will request an inquiry from the network management center. The network management center will return the MID list that has been clicked to the server in encrypted form. After the server decrypts it, it determines Whether the unique identifier of the target machine in the MID list that has been hit matches the configuration template corresponding to the unique identifier of the machine, if it is determined to match, the remote login is allowed; The role of the network management center is to store the MID of the login terminal sent by the attack discovery and risk control terminal, that is, to realize the record of remote login management. All MIDs stored locally are sent to the attack discovery and risk control server in the form of a list, so as to verify the unique identification of the target machine.

202、对攻击发现与风险控制系统中的网络管理中心进行管理配置,管理配置包括配置邮箱客户端工具列表、浏览器列表。202. Manage and configure the network management center in the attack discovery and risk control system, and the management configuration includes configuring a list of email client tools and a list of browsers.

对于本实施例,在具体的应用场景中,在安装完F&C之后,需要登录网络管理中心进行管理配置。因为本申请是通过网络管理中心来管理邮箱登录行为,所以需要事先在网络管理中心中配置好要管理的邮件客户端工具列表或者浏览器列表。For this embodiment, in a specific application scenario, after the F&C is installed, it is necessary to log in to the network management center to perform management configuration. Because this application manages mailbox login behavior through the network management center, it is necessary to configure the list of mail client tools or browsers to be managed in the network management center in advance.

203、提取邮箱客户端工具列表中的进程创建规则。203. Extract the process creation rules in the email client tool list.

其中,进程创建规则对应邮箱登陆操作的触发规则,提取进程创建规则的目的是用于检测当前的操作是否为正常的登陆触发操作,进而剔除由程序自动实施行为触发的登陆操作,只对用户主动操作行为进行登陆验证。Among them, the process creation rule corresponds to the trigger rule of the mailbox login operation, and the purpose of extracting the process creation rule is to detect whether the current operation is a normal login trigger operation, and then eliminate the login operation triggered by the automatic implementation behavior of the program, and only the user actively Operation behavior for login verification.

204、若确定存在与进程创建规则匹配的控制操作,则识别远程控制行为。204. If it is determined that there is a control operation matching the process creation rule, identify the remote control behavior.

在具体的应用场景中,为了识别远程控制行为,实施例步骤204具体可以包括:获取远程控制行为对应的浏览器插件和浏览进程;依据浏览器插件和浏览进程确定出当前浏览器正在访问的统一资源定位符;将统一资源定位符与用于邮箱登录的关键统一资源定位符进行匹配,若确定匹配成功,则判定远程控制行为为主动操作行为;若匹配不成功,则判定远程控制行为异常,终止登陆操作。In a specific application scenario, in order to identify the remote control behavior, step 204 in the embodiment may specifically include: acquiring the browser plug-in and browsing process corresponding to the remote control behavior; Resource Locator: Match the Uniform Resource Locator with the key Uniform Resource Locator used for mailbox login. If it is determined that the match is successful, the remote control behavior is determined to be an active operation behavior; if the match is unsuccessful, it is determined that the remote control behavior is abnormal. Terminate the login operation.

对于本实施例,在具体的应用场景中,如图3所示,攻击发现与风险控制终端可通过浏览器插件(chrome、firefox)和进程hook(IE)的方式识别出当前浏览器正在访问的统一资源定位符(url),在邮箱登录的关键统一资源定位符上进行判断,确认此次登录行为是正常的用户主动操作,如果不是,就不再处理。因为没有打点操作,所以会拒绝登录。如果是用户主动操作,攻击发现与风险控制终端会以远程登录端的MID为数据,加密后发送中控并保存一定的时间。For this embodiment, in a specific application scenario, as shown in FIG. 3 , the attack discovery and risk control terminal can identify the current browser access by means of browser plug-ins (chrome, firefox) and process hooks (IE). Uniform resource locator (url), judge on the key uniform resource locator of mailbox login, confirm that the login behavior is a normal user's active operation, if not, it will not be processed. Because there is no RBI operation, it will refuse to log in. If it is the user's active operation, the attack discovery and risk control terminal will use the MID of the remote login terminal as data, encrypt it and send it to the central control and save it for a certain period of time.

205、若判定远程控制行为为主动操作行为,则获取控制操作对应的机器唯一标识。205. If it is determined that the remote control behavior is an active operation behavior, acquire the unique identifier of the machine corresponding to the control operation.

对于本实施例,在具体的应用场景中,若基于攻击发现与风险控制终端判定当前登录操作中远程控制行为为主动操作行为,则攻击发现与风险控制终端会提取该主动操作行为对应的机器唯一标识。For this embodiment, in a specific application scenario, if the remote control behavior in the current login operation is determined to be an active operation behavior based on the attack discovery and the risk control terminal, the attack discovery and risk control terminal will extract the unique machine corresponding to the active operation behavior. logo.

206、将机器唯一标识加密存储到攻击发现与风险控制系统中的网络管理中心,实现远程登录打点。206. Encrypt and store the machine's unique identifier to the network management center in the attack discovery and risk control system to realize remote login management.

对于本实施例,在具体的应用场景中,当攻击发现与风险控制终端提取出主动操作行为对应的机器唯一标识后,会对该机器唯一标识进行加密处理,在加密完成后存储到网络管理中心中,相应的,为了节省网络管理中心的存储空间,可设置存储时长,存储时长可根据攻击发现与风险控制服务端获取MID列表的周期频率来确定,当攻击发现与风险控制服务端已完成对MID列表的提取后,可清除该MID列表在网络管理中心的存储数据。For this embodiment, in a specific application scenario, when the attack finds the machine unique identifier corresponding to the active operation behavior extracted by the risk control terminal, the unique identifier of the machine will be encrypted and stored in the network management center after the encryption is completed. Correspondingly, in order to save the storage space of the network management center, the storage duration can be set, and the storage duration can be determined according to the periodic frequency of the attack discovery and risk control server to obtain the MID list. After the MID list is extracted, the stored data of the MID list in the network management center can be cleared.

207、提取远程登录信息中的目标机器唯一标识。207. Extract the unique identifier of the target machine in the remote login information.

对于本实施例,在具体的应用场景中,可利用攻击发现与风险控制服务端从网络管理中心中提取MID列表,并将MID列表中的机器唯一标识确定为需要进行授信终端检测的目标机器唯一标识。For this embodiment, in a specific application scenario, the attack discovery and risk control server can be used to extract the MID list from the network management center, and the machine unique identifier in the MID list can be determined as the only target machine that needs to be detected by the trusted terminal. logo.

208、将目标机器唯一标识与机器唯一标识对应的配置模板进行匹配。208. Match the unique identifier of the target machine with the configuration template corresponding to the unique identifier of the machine.

其中,配置模板对应机器唯一标识的构成要素以及排列顺序。The configuration template corresponds to the constituent elements and arrangement order of the machine's unique identification.

对于本实施例,在具体的应用场景中,攻击发现与风险控制服务端在提取出目标机器唯一标识后,会预先对其进行解密处理,在解密完成后,将MID列表中的各个目标机器唯一标识与机器唯一标识对应的配置模板进行匹配。For this embodiment, in a specific application scenario, after extracting the unique identifier of the target machine, the attack discovery and risk control server will decrypt it in advance. The ID matches the configuration template corresponding to the machine's unique ID.

209、若确定匹配成功,则判定目标机器唯一标识通过验证。209. If it is determined that the matching is successful, it is determined that the unique identifier of the target machine has passed the verification.

对于本实施例,如果确定匹配成功,则可控制开通邮箱登陆进程。For this embodiment, if it is determined that the matching is successful, the login process of opening a mailbox can be controlled.

相应的,当匹配失败时,可输出禁止登陆的提示信息。Correspondingly, when the matching fails, a prompt message indicating that login is prohibited can be output.

其中,提示信息可包括文字提示信息、图片提示信息、音频提示信息、视频提示信息、灯光提示信息、震动提示信息等。可通过音频、视频、或文字等多种形式,将禁止登陆的信息输出。The prompt information may include text prompt information, picture prompt information, audio prompt information, video prompt information, lighting prompt information, vibration prompt information, and the like. The information that prohibits logging in can be output in various forms such as audio, video, or text.

通过上述邮箱登录验证的方法,可通过配置安装攻击发现与风险控制系统,来对邮箱登录行为进行管理控制,具体可通过进程创建规则筛选出主动操作行为的控制操作,直接剔除属于程序自动实施行为的控制操作,对属于主动操作行为的控制操作进行机器唯一标识验证,当验证通过时,控制开通邮箱登陆动作。利用上述方法,只允许执行远程登录打点后的终端才能登录邮箱服务器,而其他的的一切非正当的登录都会被拒绝,即使使用正确的账从而极大的提高邮箱远程登录防护能力,能够从根源上对邮箱登录攻击进行控制,避免被黑客远程攻击,保证企业用户环境的系统安全。Through the above mailbox login verification method, the mailbox login behavior can be managed and controlled by configuring and installing the attack discovery and risk control system. Specifically, the control operations of the active operation behavior can be filtered out through the process creation rules, and the behaviors that belong to the automatic implementation of the program can be directly eliminated. For the control operations that belong to the active operation behavior, the machine unique identification verification is performed, and when the verification is passed, the login action of opening the mailbox is controlled. Using the above method, only the terminal after the remote login management is allowed to log in to the mailbox server, and all other illegal logins will be rejected. Even if the correct account is used, the protection ability of mailbox remote login can be greatly improved. It can control email login attacks, avoid remote attacks by hackers, and ensure the system security of the enterprise user environment.

进一步的,作为图1和图2所示方法的具体体现,本申请实施例提供了一种邮箱登录验证的装置,如图4所示,该装置包括:配置模块31、识别模块32、验证模块33、控制模块34。Further, as a specific embodiment of the method shown in FIG. 1 and FIG. 2 , an embodiment of the present application provides an apparatus for mailbox login verification. As shown in FIG. 4 , the apparatus includes: a configuration module 31 , an identification module 32 , and a verification module 33. Control module 34.

配置模块31,用于配置安装攻击发现与风险控制系统,以便对邮箱登录行为进行管理控制;The configuration module 31 is used to configure and install the attack discovery and risk control system, so as to manage and control the mailbox login behavior;

识别模块32,用于利用攻击发现与风险控制系统识别记录远程登录信息;The identification module 32 is used to identify and record the remote login information by using the attack discovery and risk control system;

验证模块33,用于在攻击发现与风险控制系统中对远程登陆信息进行验证;The verification module 33 is used to verify the remote login information in the attack discovery and risk control system;

控制模块34,用于若验证成功,则控制开通邮箱登陆动作。The control module 34 is configured to control the login action of opening the mailbox if the verification is successful.

在具体的应用场景中,为了对登录行为进行管理控制,配置模块31,具体用于安装攻击发现与风险控制系统;对攻击发现与风险控制系统中的网络管理中心进行管理配置,管理配置包括配置邮箱客户端工具列表、浏览器列表。In a specific application scenario, in order to manage and control the login behavior, the configuration module 31 is specifically used to install the attack discovery and risk control system; to manage and configure the network management center in the attack discovery and risk control system, and the management configuration includes configuration Email client tool list, browser list.

相应的,为了利用攻击发现与风险控制系统识别记录远程登录信息,识别模块32,具体用于提取邮箱客户端工具列表中的进程创建规则;若确定存在与进程创建规则匹配的控制操作,则识别远程控制行为;若判定远程控制行为为主动操作行为,则获取控制操作对应的机器唯一标识;将机器唯一标识加密存储到攻击发现与风险控制系统中的网络管理中心,实现远程登录打点。Correspondingly, in order to use the attack discovery and risk control system to identify and record remote login information, the identification module 32 is specifically used to extract the process creation rules in the mailbox client tool list; if it is determined that there is a control operation that matches the process creation rules, then identify Remote control behavior; if it is determined that the remote control behavior is an active operation behavior, the unique machine identifier corresponding to the control operation is obtained; the machine unique identifier is encrypted and stored in the network management center in the attack discovery and risk control system to realize remote login management.

在具体的应场景中,为了在确定存在与进程创建规则匹配的控制操作时,对远程控制行为进行识别,识别模块32,具体用于获取远程控制行为对应的浏览器插件和浏览进程;依据浏览器插件和浏览进程确定出当前浏览器正在访问的统一资源定位符;将统一资源定位符与用于邮箱登录的关键统一资源定位符进行匹配,若确定匹配成功,则判定远程控制行为为主动操作行为;若匹配不成功,则判定远程控制行为异常,终止登陆操作。In a specific application scenario, in order to identify the remote control behavior when it is determined that there is a control operation that matches the process creation rule, the identification module 32 is specifically used to obtain the browser plug-in and the browsing process corresponding to the remote control behavior; The browser plug-in and the browsing process determine the Uniform Resource Locator currently being accessed by the browser; match the Uniform Resource Locator with the key Uniform Resource Locator used for mailbox login, if it is determined that the match is successful, the remote control behavior is determined to be an active operation Behavior; if the match is unsuccessful, it is determined that the remote control behavior is abnormal and the login operation is terminated.

相应的,为了对远程登陆信息进行验证,验证模块33,具体用于提取远程登录信息中的目标机器唯一标识;将所述目标机器唯一标识与机器唯一标识对应的配置模板进行匹配;若确定匹配成功,则判定所述目标机器唯一标识通过验证。Correspondingly, in order to verify the remote login information, the verification module 33 is specifically used to extract the unique identifier of the target machine in the remote login information; the unique identifier of the target machine is matched with the configuration template corresponding to the unique identifier of the machine; if it is determined to match If successful, it is determined that the unique identification of the target machine has passed the verification.

相应的,为了在终止登陆操作时提示登陆终端,如图5所示,本装置还包括:输出模块35。Correspondingly, in order to prompt the login terminal when the login operation is terminated, as shown in FIG. 5 , the device further includes: an output module 35 .

输出模块35,用于输出禁止登陆的提示信息。The output module 35 is used for outputting the prompt information of prohibition of login.

需要说明的是,本实施例提供的一种邮箱登录验证的装置所涉及各功能单元的其它相应描述,可以参考图1至图2中的对应描述,在此不再赘述。It should be noted that, for other corresponding descriptions of the functional units involved in the apparatus for email login verification provided in this embodiment, reference may be made to the corresponding descriptions in FIG. 1 to FIG. 2 , which will not be repeated here.

基于上述如图1和图2所示方法,相应的,本申请实施例还提供了一种存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述如图1和图2所示邮箱登录验证的方法。Based on the above methods shown in FIGS. 1 and 2 , correspondingly, an embodiment of the present application further provides a storage medium on which a computer program is stored. Show the method of email login verification.

基于这样的理解,本申请的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施场景的方法。Based on this understanding, the technical solution of the present application can be embodied in the form of a software product, and the software product can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.), including several The instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of various implementation scenarios of the present application.

基于上述如图1、图2所示的方法,以及图4、图5所示的虚拟装置实施例,为了实现上述目的,本申请实施例还提供了一种计算机设备,具体可以为个人计算机、服务器、网络设备等,该实体设备包括存储介质和处理器;存储介质,用于存储计算机程序;处理器,用于执行计算机程序以实现上述如图1和图2所示的邮箱登录验证的方法。Based on the methods shown in FIG. 1 and FIG. 2 and the virtual device embodiments shown in FIG. 4 and FIG. 5 , in order to achieve the above purpose, the embodiment of the present application also provides a computer device, which may be a personal computer, A server, a network device, etc., the physical device includes a storage medium and a processor; the storage medium is used to store a computer program; the processor is used to execute the computer program to realize the above-mentioned method for mailbox login verification as shown in FIG. 1 and FIG. 2 .

可选地,该计算机设备还可以包括用户接口、网络接口、摄像头、射频(RadioFrequency,RF)电路,传感器、音频电路、WI-FI模块等等。用户接口可以包括显示屏(Display)、输入单元比如键盘(Keyboard)等,可选用户接口还可以包括USB接口、读卡器接口等。网络接口可选的可以包括标准的有线接口、无线接口(如蓝牙接口、WI-FI接口)等。Optionally, the computer device may further include a user interface, a network interface, a camera, a radio frequency (Radio Frequency, RF) circuit, a sensor, an audio circuit, a WI-FI module, and the like. The user interface may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the like, and the optional user interface may also include a USB interface, a card reader interface, and the like. Optional network interfaces may include standard wired interfaces, wireless interfaces (such as Bluetooth interfaces, WI-FI interfaces), and the like.

本领域技术人员可以理解,本实施例提供的计算机设备结构并不构成对该实体设备的限定,可以包括更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art may understand that the computer device structure provided in this embodiment does not constitute a limitation on the physical device, and may include more or less components, or combine some components, or arrange different components.

非易失性可读存储介质中还可以包括操作系统、网络通信模块。操作系统是用于邮箱登录验证的实体设备硬件和软件资源的程序,支持信息处理程序以及其它软件和/或程序的运行。网络通信模块用于实现非易失性可读存储介质内部各组件之间的通信,以及与该实体设备中其它硬件和软件之间通信。The non-volatile readable storage medium may further include an operating system and a network communication module. The operating system is a program for the hardware and software resources of the physical device used for mailbox login verification, and supports the operation of information processing programs and other software and/or programs. The network communication module is used to implement communication between various components in the non-volatile readable storage medium, and communicate with other hardware and software in the physical device.

通过以上实施方式的描述,本领域的技术人员可以清楚地了解到本申请可以借助软件加必要的通用硬件平台的方式来实现,也可以通过硬件实现。通过应用本申请的技术方案,与目前现有技术相比,本申请可通过配置安装攻击发现与风险控制系统,来对邮箱登录行为进行管理控制,具体可通过进程创建规则筛选出主动操作行为的控制操作,直接剔除属于程序自动实施行为的控制操作,对属于主动操作行为的控制操作进行机器唯一标识匹配,确定是否属于授权登陆的登录终端,进而控制开通邮箱登陆动作。利用上述方法,只允许设置的特定授信终端或浏览器才能登录邮箱服务器,而其他的的一切非正当的登录都会被拒绝,即使使用正确的账号密码在常用IP上发起攻击也无法成功,从而极大的提高邮箱远程登录防护能力,能够从根源上对邮箱登录攻击进行控制,避免被黑客远程攻击,保证企业用户环境的系统安全。From the description of the above embodiments, those skilled in the art can clearly understand that the present application can be implemented by means of software plus a necessary general hardware platform, and can also be implemented by hardware. By applying the technical solution of the present application, compared with the current prior art, the present application can manage and control the mailbox login behavior by configuring and installing an attack discovery and risk control system. Specifically, the active operation behavior can be screened out through process creation rules. Control operation, directly eliminate the control operation that belongs to the automatic implementation of the program, match the unique machine identifier of the control operation that belongs to the active operation behavior, determine whether it belongs to the login terminal authorized to log in, and then control the login action of opening the mailbox. Using the above method, only the specified trusted terminal or browser can be used to log in to the mailbox server, and all other unauthorized logins will be rejected. It greatly improves the ability of mailbox remote login protection, can control mailbox login attacks from the root, avoid remote attacks by hackers, and ensure the system security of enterprise user environment.

本领域技术人员可以理解附图只是一个优选实施场景的示意图,附图中的模块或流程并不一定是实施本申请所必须的。本领域技术人员可以理解实施场景中的装置中的模块可以按照实施场景描述进行分布于实施场景的装置中,也可以进行相应变化位于不同于本实施场景的一个或多个装置中。上述实施场景的模块可以合并为一个模块,也可以进一步拆分成多个子模块。Those skilled in the art can understand that the accompanying drawing is only a schematic diagram of a preferred implementation scenario, and the modules or processes in the accompanying drawing are not necessarily necessary to implement the present application. Those skilled in the art can understand that the modules in the device in the implementation scenario may be distributed in the device in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the implementation scenario with corresponding changes. The modules of the above implementation scenarios may be combined into one module, or may be further split into multiple sub-modules.

上述本申请序号仅仅为了描述,不代表实施场景的优劣。以上公开的仅为本申请的几个具体实施场景,但是,本申请并非局限于此,任何本领域的技术人员能思之的变化都应落入本申请的保护范围。The above serial numbers in the present application are only for description, and do not represent the pros and cons of the implementation scenarios. The above disclosures are only a few specific implementation scenarios of the present application, however, the present application is not limited thereto, and any changes that can be conceived by those skilled in the art should fall within the protection scope of the present application.

Claims (8)

1. A method for mailbox login verification, comprising:
configuring an installation attack discovery and risk control system so as to manage and control mailbox login behaviors;
the method for identifying and recording the remote login information by utilizing the attack discovery and risk control system comprises the following steps: extracting a process creation rule in the mailbox client tool list; if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior; if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained; the unique machine identifier is used as remote login information to be encrypted and stored in a network management center in the attack discovery and risk control system, and remote login dotting is achieved;
verifying the telnet information in the attack discovery and risk control system, comprising: decrypting the encrypted remote login information and extracting a target machine unique identifier in the remote login information; matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine; if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification;
if the verification is successful, controlling to open a mailbox login process;
wherein, if it is determined that there is a control operation matching the process creation rule, identifying a remote control behavior, specifically comprising:
acquiring a browser plug-in and a browsing process corresponding to the remote control behavior;
determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process;
matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior;
and if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
2. The method according to claim 1, wherein the configuring of the attack discovery and risk control system for installation to manage and control login behavior comprises:
installing an attack discovery and risk control system;
and managing and configuring a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
3. The method according to claim 1, wherein when terminating the login operation, further comprising:
and outputting prompt information for forbidding login.
4. An apparatus for mailbox login verification, comprising:
the configuration module is used for configuring and installing an attack discovery and risk control system so as to manage and control the mailbox login behavior;
the identification module is used for identifying and recording the remote login information by using the attack discovery and risk control system and comprises: extracting a process creation rule in the mailbox client tool list; if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior; if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained; the unique machine identifier is used as remote login information to be encrypted and stored in a network management center in the attack discovery and risk control system, and remote login dotting is achieved;
the verification module is used for verifying the remote login information in the attack discovery and risk control system and comprises: decrypting the encrypted remote login information and extracting a target machine unique identifier in the remote login information; matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine; if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification;
the control module is used for controlling to open a mailbox login process if the verification is successful;
the identification module is specifically used for acquiring a browser plug-in and a browsing process corresponding to the remote control behavior; determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process; matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior; and if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
5. The apparatus according to claim 4, wherein the configuration module is specifically configured to install an attack discovery and risk control system; and carrying out management configuration on a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
6. The apparatus of claim 4, further comprising: an output module;
and the output module is used for outputting the prompt information of forbidding login.
7. A non-transitory readable storage medium having stored thereon a computer program, wherein the program, when executed by a processor, implements the method of mailbox login verification as claimed in any one of claims 1 to 3.
8. A computer device comprising a non-transitory readable storage medium, a processor, and a computer program stored on the non-transitory readable storage medium and executable on the processor, wherein the processor when executing the program implements the method for mailbox login verification as claimed in any one of claims 1 to 3.
CN201910755465.0A 2019-08-15 2019-08-15 Mailbox login verification method and device, computer equipment and storage medium Active CN112398787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910755465.0A CN112398787B (en) 2019-08-15 2019-08-15 Mailbox login verification method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910755465.0A CN112398787B (en) 2019-08-15 2019-08-15 Mailbox login verification method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112398787A CN112398787A (en) 2021-02-23
CN112398787B true CN112398787B (en) 2022-09-30

Family

ID=74601765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910755465.0A Active CN112398787B (en) 2019-08-15 2019-08-15 Mailbox login verification method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112398787B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114070644B (en) * 2021-11-26 2024-04-02 天翼数字生活科技有限公司 Junk mail interception method and device, electronic equipment and storage medium
CN114666299B (en) * 2022-04-18 2023-03-21 北京航天驭星科技有限公司 Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105593866A (en) * 2013-10-03 2016-05-18 日本电气方案创新株式会社 Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium
CN109829307A (en) * 2018-06-26 2019-05-31 360企业安全技术(珠海)有限公司 Process behavior recognition methods and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8413210B2 (en) * 2008-12-09 2013-04-02 Microsoft Corporation Credential sharing between multiple client applications
CN105262774A (en) * 2015-11-11 2016-01-20 浪潮(北京)电子信息产业有限公司 Remote login method
CN106856448B (en) * 2016-12-01 2018-09-21 深圳市小满科技有限公司 Mailbox configuration method, configuration system based on high in the clouds and cloud server
CN109474510B (en) * 2017-12-25 2021-05-25 北京安天网络安全技术有限公司 Mailbox safety cross audit method, system and storage medium
CN108989182A (en) * 2018-06-22 2018-12-11 广州市风驰商汇信息科技有限公司 A kind of E-mail address is established and memory space management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105593866A (en) * 2013-10-03 2016-05-18 日本电气方案创新株式会社 Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium
CN109829307A (en) * 2018-06-26 2019-05-31 360企业安全技术(珠海)有限公司 Process behavior recognition methods and device

Also Published As

Publication number Publication date
CN112398787A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US12026261B2 (en) Quarantine of software by an evaluation server based on authenticity analysis of user device data
US11223480B2 (en) Detecting compromised cloud-identity access information
CN110463161B (en) Password state machine for accessing protected resources
JP5396051B2 (en) Method and system for creating and updating a database of authorized files and trusted domains
US10708261B2 (en) Secure gateway onboarding via mobile devices for internet of things device management
US20070101440A1 (en) Auditing correlated events using a secure web single sign-on login
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
JP2016503936A (en) System and method for identifying and reporting application and file vulnerabilities
US10103948B1 (en) Computing devices for sending and receiving configuration information
US9059987B1 (en) Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network
CN107483495B (en) Big data cluster host management method, management system and server
US10091225B2 (en) Network monitoring method and network monitoring device
US11075931B1 (en) Systems and methods for detecting malicious network activity
US10579830B1 (en) Just-in-time and secure activation of software
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN108289074B (en) User account login method and device
JP2012008732A (en) Installation control device and program
EP4070521B1 (en) Autopilot re-enrollment of managed devices
CN114491582A (en) Authentication method, device and terminal device
CN112398787B (en) Mailbox login verification method and device, computer equipment and storage medium
CN102156826A (en) Provider management method and provider management system
CN113922975A (en) A security control method, server, terminal, system and storage medium
JP2019125347A (en) Storage device, data sharing system, and data sharing method
US20150381622A1 (en) Authentication system, authentication method, authentication apparatus, and recording medium
KR101975041B1 (en) Security broker system and method for securing file stored in external storage device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant