[go: up one dir, main page]

HK1224450A1 - Method and device for verifying credible terminal - Google Patents

Method and device for verifying credible terminal Download PDF

Info

Publication number
HK1224450A1
HK1224450A1 HK16112350.1A HK16112350A HK1224450A1 HK 1224450 A1 HK1224450 A1 HK 1224450A1 HK 16112350 A HK16112350 A HK 16112350A HK 1224450 A1 HK1224450 A1 HK 1224450A1
Authority
HK
Hong Kong
Prior art keywords
terminal
login
user
trusted
login account
Prior art date
Application number
HK16112350.1A
Other languages
Chinese (zh)
Other versions
HK1224450B (en
Inventor
梁建國
梁建国
蔣佩伶
蒋佩伶
Original Assignee
创新先进技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 创新先进技术有限公司 filed Critical 创新先进技术有限公司
Priority to HK16112350.1A priority Critical patent/HK1224450B/en
Priority claimed from HK16112350.1A external-priority patent/HK1224450B/en
Publication of HK1224450A1 publication Critical patent/HK1224450A1/en
Publication of HK1224450B publication Critical patent/HK1224450B/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

Trusted terminal verification method and device
Technical Field
The present application relates to the field of terminal technologies, and in particular, to a trusted terminal verification method and apparatus.
Background
For payment applications with high security requirements like a payment treasure, when a user needs to perform sensitive operations such as resetting a password, modifying a contact mobile phone reserved by the user, modifying a login name and the like, since most of modification information related to the sensitive operations is user private information, a user identity authentication process is stricter when the user performs the sensitive operations.
For example, when a user performs a sensitive operation, the user may upload credential information and answer the generated reservation question on a page, and then customer service personnel manually check the credential information uploaded by the user and make a call return visit, and the user is allowed to perform the sensitive operation only after the authentication is passed.
However, in the above solution, if all users need to perform the above strict identity authentication process when performing sensitive operations, then significant labor cost is required for auditing and call return of the certificates uploaded by the users. Moreover, if the user needs to perform a stricter authentication again each time the user performs a sensitive operation, the user experience may be affected.
In order to solve the above problems, the login terminal used by the user may be authenticated, the login terminal that passes the authentication is a trusted terminal for the user, and when the user logs in using the trusted terminal and performs a sensitive operation, the user may not be authenticated repeatedly or only be authenticated relatively simply.
Currently, authentication is performed on a login terminal of a user mostly through transaction information, an IP address and a login time period of the user, however, in some special application scenarios, such as an application scenario in which the login terminal is used alternately among users, the method cannot meet the user requirements.
Disclosure of Invention
In order to overcome the problems in the background art, the application provides a method and a device for verifying a trusted terminal.
According to a first aspect of an embodiment of the present application, the present application provides a trusted terminal verification method, where the method includes:
judging whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the login terminal is judged to be not matched with the locally recorded trusted terminal of the user, judging whether the login account of the user is associated with the common login account of the login terminal;
and if so, judging that the login terminal is locally recorded as the trusted terminal of the user.
Optionally, before determining whether the login terminal of the user matches the locally recorded trusted terminal of the user, the method further includes:
identifying the terminal type of the trusted terminal according to the hardware information of the trusted terminal;
when the trusted terminal is identified to be a handheld terminal, locally classifying the trusted terminal as a handheld trusted terminal;
when the credible terminal is identified to be a PC terminal, judging whether the common time period of the credible terminal is an office time period or a household time period;
when the common time period of the trusted terminal is an office time period, locally classifying the trusted terminal as an office trusted terminal;
and when the common time period of the trusted terminal is the household time period, locally classifying the trusted terminal as a household trusted terminal.
Optionally, before determining whether the login account of the user is associated with the common login account of the login terminal, the method further includes:
judging whether the login times of the login account of the user on the login terminal reach a threshold value or not;
if so, continuously judging whether the login account of the user is associated with the common login account of the login terminal;
if not, the login terminal is judged to be the non-credible terminal of the user.
Optionally, the determining whether the login account of the user is associated with the common login account of the login terminal includes:
inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value;
if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
Optionally, the same trusted terminal is the same home trusted terminal.
According to a second aspect of an embodiment of the present application, the present application provides a trusted terminal verification apparatus, including:
the first judgment module is used for judging whether the login terminal of the user is matched with the trusted terminal of the local record;
the second judgment module is used for judging whether the login account of the user is associated with the common login account of the login terminal when the login terminal is judged not to be matched with the trusted terminal of the local record; and if so, judging that the login terminal is the credible terminal of the user.
Optionally, the apparatus further comprises:
the classification module is used for identifying the terminal type of the trusted terminal according to the hardware information of the trusted terminal before the first judgment module judges whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the trusted terminal is identified to be a handheld terminal, locally classifying the trusted terminal as a handheld trusted terminal;
when the credible terminal is identified to be a PC terminal, judging whether the common time period of the credible terminal is an office time period or a household time period;
when the common time period of the trusted terminal is an office time period, locally classifying the trusted terminal as an office trusted terminal;
and when the common time period of the trusted terminal is the household time period, locally classifying the trusted terminal as a household trusted terminal.
Optionally, the second determining module is specifically configured to:
before judging whether a login account of a user is associated with a common login account of the login terminal, judging whether the login times of the login account of the user on the login terminal reach a threshold value;
if so, continuously judging whether the login account of the user is associated with the common login account of the login terminal;
if not, the login terminal is judged to be the non-credible terminal of the user.
Optionally, the second determining module is specifically configured to:
inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value;
if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
Optionally, the same trusted terminal is the same home trusted terminal.
According to a third aspect of an embodiment of the present application, the present application provides a trusted terminal verification apparatus, including:
a processor; a memory for storing the processor-executable instructions;
wherein the processor is configured to:
judging whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the login terminal is judged to be not matched with the locally recorded trusted terminal of the user, judging whether the login account of the user is associated with the common login account of the login terminal;
and if so, judging that the login terminal is the credible terminal of the user.
The method is based on the authentication scheme of the login terminal in the existing implementation, when the login terminal of the user is judged to be the credible terminal of the user, the relevance judgment between the login account and the common login account of the login terminal is introduced, and when the login account of the user is judged to be relevant to the common login account of the login terminal, the login terminal is judged to be the credible terminal of the user. By the scheme, the login terminal can be prevented from being subjected to complex repeated authentication in an application scene in which users use the login terminal in a crossed manner.
Drawings
Fig. 1 is a flowchart of a method for authenticating a trusted terminal according to an embodiment of the present application;
fig. 2 is a flowchart of another trusted terminal authentication method according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a server authenticating a login terminal of a user according to an embodiment of the present application;
fig. 4 is a processing flow diagram of a terminal analysis system according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating a process of a user authentication system according to an embodiment of the present application;
fig. 6 is a schematic logical structure diagram of a trusted terminal authentication apparatus according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In an application scenario in which users use login terminals to login payment accounts in a crossed manner, the current implementation manner still authenticates login terminals of all users by a server in combination with hardware information of the login terminals, after authentication is successful, the server records the login terminal as a trusted terminal of the user locally, and when the user uses the trusted terminal to perform sensitive operation, the login terminal of the user is not repeatedly authenticated or only simply authenticated.
However, the above scheme has the following problems:
for example, in an application scenario in which family members log in a payment account using a common login terminal, when the login terminal is authenticated according to the above method, authentication is usually performed based on login information of a user, such as transaction information, an IP address, and a login time period of the user, so that when different family members log in their payment accounts using the same login terminal, the server performs authentication of the login terminal for different family members one by one.
However, since the trust level between family members is usually high, when family members log in their payment accounts by using the same login terminal, it is not necessary for the server to authenticate the login terminal for different family members one by one.
In view of this, according to the technical scheme of authenticating the login terminal in the prior art, in the process of authenticating the login terminal, judgment of association between the login account and a common login account of the login terminal is introduced, and when the login account of the user is judged to be associated with the common login account of the login terminal, the login terminal is judged to be a trusted terminal of the user.
By the scheme, in an application scene that the login terminal is used among users in a crossed mode, whether the login terminal is the credible terminal of the user can be judged through the relevance between the login account of the user and the common login account of the login terminal, and therefore complex repeated authentication of the login terminal is avoided.
The present application is described below with reference to specific embodiments and with reference to different application examples.
Referring to fig. 1, fig. 1 is a block diagram illustrating a trusted terminal authentication method according to an embodiment of the present application, where an execution subject of the method may be a server; the method comprises the following steps:
step 101, judging whether a login terminal of a user is matched with a locally recorded trusted terminal of the user;
in this step, when judging whether the login terminal of the user is the trusted terminal of the user, the server may obtain the hardware information of the login terminal, and then sequentially match the hardware information of the terminal with the hardware information of the trusted terminal of the user recorded in the database, and if the hardware information of the terminal is matched with the hardware information of the trusted terminal of the user, it indicates that the current login terminal is the trusted terminal for the user; on the contrary, if the matching is not found, the login terminal is an untrusted terminal for the user, and the server side can record only the hardware information of the terminal and the login times of the user using the terminal for the untrusted terminal.
When the server authenticates the login terminal for the user, the server can still authenticate the user according to the login information of the user, such as the transaction information, the IP address, the login time period and the like of the user, and after the authentication is passed, the login terminal can be locally recorded as a trusted terminal of the user. In addition, the server can classify the trusted terminals which are recorded locally according to the terminal types.
For example, the server may divide the trusted terminal recorded locally into a handheld trusted terminal, a home trusted terminal and an office available terminal according to the terminal type and the common time period of the trusted terminal. If the trusted terminal is a handheld terminal, the server side can directly classify the type of trusted terminal as the handheld trusted terminal locally; when the credible terminal is identified to be a PC terminal, the server can further judge whether the common time period of the credible terminal is an office time period or a household time period; if the time period is the household time period, the server side can directly classify the type of trusted terminal into a household trusted terminal locally; if the office time period is the time period, the server can directly classify the type of trusted terminal locally as an office trusted terminal.
The hardware information of the login terminal can contain different information according to different terminal types of the login terminal; for example, if the login terminal is a PC terminal, the hardware information may include information such as a motherboard MAC, a network card MAC, and an operating system of the PC; if the login terminal is a mobile phone terminal, the hardware information may include hardware information of a mobile phone accessory, a mobile phone system, and the like.
102, when the login terminal is judged not to be matched with a locally recorded trusted terminal of the user, judging whether a login account of the user is associated with a common login account of the login terminal;
and 103, if so, judging that the login terminal is the credible terminal of the user.
In the above steps, when the login terminal of the user is the trusted terminal of the user, which is locally recorded by the server, the login terminal may not be subjected to complicated repeated authentication or only to simple authentication; on the contrary, when the login terminal of the user is not the trusted terminal of the user, which is locally recorded by the server, the server may further obtain the login account of the user and the historical login account of the login terminal, and determine whether the login account of the user is associated with the historical login account of the login terminal, so as to further determine whether the login terminal is the trusted terminal of the user.
Specifically, the server side can determine a common login account number from the obtained historical login account numbers; for example, a login account with a login number reaching a threshold in the historical login accounts may be used as a common login account. When the common login account is confirmed, the server side can judge whether the common login account and the login account used by the user for logging in at the time are logged in on the same trusted terminal or not by inquiring a local database, and the login times reach a threshold value; if the login account number used by the user for the current login and the common login account number of the login terminal have high relevance, the server side can directly judge that the login terminal is the trusted terminal of the user.
In a preferred embodiment, when determining whether the common login account and the login account used by the user for the current login are logged in on the same trusted terminal, the same trusted terminal may be the same trusted terminal for home use. When the common login account and the login account used by the user for the current login are logged in the same household trusted terminal and the login times reach a threshold value, the relationship between the user and the user corresponding to the common login account is likely to be a family relationship, so that for the situation, the login terminal can be directly judged to be the trusted terminal of the user.
When the login user is authenticated, the established family relationship data can be directly inquired to confirm whether the current login user is in family relationship with the user who often uses the login terminal.
Of course, in a specific application, when it is determined that the common login account and the login account used by the user for the current login are logged in on the same trusted terminal, the same trusted terminal may also be the same handheld trusted terminal or the same office trusted terminal.
In addition, before the server side performs the relevance judgment between the login accounts, the server side can further screen the users to determine the frequently-used users of the login terminal, and the relevance judgment between the login accounts is performed only for the frequently-used users.
For example, the server may further determine whether the login times of the login account of the user on the login terminal reach a threshold; if the user is the frequently-used user, whether the login account of the user is associated with the frequently-used login account of the login terminal or not can be continuously judged; if not, the user is indicated to be an emergency user, and the login terminal can be directly judged to be the non-trusted terminal of the user. For example, taking the same trusted terminal as the same home trusted terminal as an example, if the login times of a certain user using the home trusted login terminal is less than a threshold, for example, only once, the user is likely to be only a visiting visitor, and for such users, it is meaningless for the server to perform the association determination between the login accounts, so that it may be directly determined that the login terminal is an untrusted terminal of the user.
In this embodiment, the server introduces a judgment on the association between the login account and the common login account of the login terminal in the process of authenticating the login terminal, and when the login account of the user is judged to be associated with the common login account of the login terminal, the login terminal is judged to be the trusted terminal of the user.
By the scheme, in an application scene that the login terminal is used among users in a crossed mode, whether the login terminal is the credible terminal of the user can be judged through the relevance between the login account of the user and the common login account of the login terminal, and therefore complex repeated authentication of the login terminal is avoided.
Referring to fig. 2, fig. 2 is a block diagram illustrating a trusted terminal authentication method according to an embodiment of the present application, where an execution subject of the method may be a server; the method comprises the following steps:
step 201, judging whether a login terminal of a user is matched with a locally recorded trusted terminal of the user;
step 202, when the login terminal is judged not to be matched with the locally recorded trusted terminal of the user, inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
step 203, judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value; if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
And 204, when the login account of the user is determined to be associated with the common login account, determining that the login terminal is a trusted terminal of the user.
In this embodiment, when determining whether the login terminal of the user is the trusted terminal of the user, the server may obtain the hardware information of the login terminal, and then sequentially match the hardware information of the terminal with the hardware information of the trusted terminal of the user recorded in the database, and if the hardware information of the terminal is matched with the hardware information of the trusted terminal of the user, it indicates that the current login terminal is the trusted terminal for the user; conversely, if there is no match, it indicates that the logged-in terminal is an untrusted terminal for the user. For an untrusted terminal, the server may record only the hardware information of the terminal and the number of times the user logs in using the terminal.
When the server authenticates the login terminal for the user, the authentication scheme for the login terminal for the user in the existing implementation can still be used. For example, the server may still authenticate the login terminal of the user according to the login information of the user, such as the transaction information, the IP address, and the login time period of the user, and after the authentication is passed, the login terminal may be recorded locally as the trusted terminal of the user.
When the authentication is implemented, the server can complete the authentication process of the login terminal of the user by dividing the local authentication system into different subsystems which are matched with each other.
For example, referring to fig. 3, the sub-systems after the authentication system division of the server is completed may include a user operating system, a user authentication system, and a terminal analysis system. It should be noted that the above division of the authentication system of the server into subsystems is only exemplary and is not intended to limit the present invention.
1) User operating system
The user operation system is used for recording user operations, such as login, logout, account transfer, user information modification, login times and other operations of a user logging in the payment system, and storing the recorded user operations in a database; the user operating system is further configured to acquire an operating environment of the user, for example, hardware information of the login terminal of the user, and transmit the acquired hardware information of the login terminal of the user to the terminal analysis system for analysis.
For example, the user operating system may analyze an operating environment of the user when the user operates, acquire hardware information of a login terminal of the user, perform modeling according to the acquired hardware information, and transmit a hardware information model after the modeling to the terminal analysis system for analysis. The hardware information of the login terminal can contain different information according to different terminal types of the login terminal; for example, if the login terminal is a PC terminal, the hardware information may include information such as a motherboard MAC, a network card MAC, and an operating system of the PC; if the login terminal is a mobile phone terminal, the hardware information may include hardware information of a mobile phone accessory, a mobile phone system, and the like.
2) Terminal analysis system
And the terminal analysis system is used for analyzing the login terminal of the user according to the hardware information model transmitted by the user operating system, authenticating the login terminal of the user according to the analysis result, and storing the authenticated credible terminal of the user in the database. Meanwhile, the terminal analysis system can also classify the credible terminals recorded in the database according to the terminal types.
For example, referring to fig. 3 and fig. 4, the terminal analysis system may still analyze the login terminal according to the login information of the user, such as the transaction information, the IP address, and the login time period of the user, authenticate the login terminal of the user according to the analysis result, and after the authentication is passed, may locally record the login terminal in a local database as the trusted terminal of the user. For the trusted terminals recorded in the database, the terminal analysis system can also be divided into handheld trusted terminals, household trusted terminals and office available terminals according to the terminal types.
Specifically, if the trusted terminal is identified as a handheld terminal according to the hardware information, the terminal analysis system can directly classify the type of trusted terminal as a handheld trusted terminal locally; if the trusted terminal is identified as the PC terminal according to the hardware information, the terminal analysis system can further judge whether the common time period of the trusted terminal is an office time period or a household time period; if the time period is the household time period, the terminal analysis system can directly classify the type of trusted terminal into the household trusted terminal locally; if the office time period is the time period, the terminal analysis system can directly classify the type of trusted terminal locally as an office trusted terminal.
The login terminal which is not affiliated to any one of the household trusted terminal, the office trusted terminal and the handheld trusted terminal can be classified as other terminals locally. Since the other terminal is not a trusted terminal at this time, it may not be stored in the database.
3) User authentication system
And the user authentication system is used for calling the database and authenticating the login terminal of the user.
Specifically, the user authentication system may call the database, match hardware information of the login terminal of the user with hardware information of the trusted terminal of the user recorded in the database, and if the matching information is obtained, it may be determined that the login terminal is the trusted terminal of the user, and then the user may not perform repeated authentication or only perform simple authentication on the login terminal during login.
Referring to fig. 5, if there is no match to any information, it may be further determined whether the logged-in terminal matches the other terminal recorded by the terminal analysis system. If the login terminal is known to be the other terminal recorded by the terminal analysis system through inquiry, the user authentication system can further call a database to obtain the login account of the user and the historical login account of the login terminal, and whether the login terminal is the credible terminal of the user is judged by judging whether the login account of the user is associated with the historical login account of the login terminal.
Specifically, the user authentication system may use a login account, of which the login frequency reaches a threshold value, in the historical login accounts as a common login account, and then query the database to determine whether the common login account and the login account used by the user for the current login are logged in on the same trusted terminal, and the login frequency reaches the threshold value; if the login account number used by the user for logging in at the time is extremely high in relevance with the common login account number of the login terminal, the server side can directly judge that the login terminal is the user trusted terminal, and when the user logs in through the terminal and performs sensitive operation, the user can not be subjected to repeated authentication or only to be subjected to simple authentication.
In a preferred embodiment, when determining whether the common login account and the login account used by the user for the current login are logged in on the same trusted terminal, the same trusted terminal may be the same trusted terminal for home use.
When the common login account and the login account used by the user for the current login are logged in the same household trusted terminal and the login times reach a threshold value, the relationship between the user and the user corresponding to the common login account is likely to be a family relationship, so that for the situation, the user authentication system can directly judge that the login terminal is the trusted terminal of the user.
When the login user is authenticated, the established family relation data can be directly inquired to confirm whether the current logged-in user and the user who frequently uses the login terminal are in family relation.
In addition, when judging whether the common login account and the login account of the user log in on the same trusted terminal, the same trusted terminal may also be the same handheld trusted terminal or office trusted terminal. When it is determined that the common login account and the login account of the user have logged in the same handheld trusted terminal or the office trusted terminal, the user authentication system may notify the terminal analysis system, record the login terminal as the trusted terminal of the user in the database, and classify the terminal as the handheld trusted terminal or the office trusted terminal in the database, which is not described in detail.
According to the embodiment, the server introduces the judgment of the relevance between the login account and the common login account of the login terminal in the process of authenticating the login terminal, and when the login account of the user is judged to be relevant to the common login account of the login terminal, the login terminal is judged to be the credible terminal of the user.
By the scheme, in an application scene that the login terminal is used among users in a crossed mode, whether the login terminal is the credible terminal of the user can be judged through the relevance between the login account of the user and the common login account of the login terminal, and therefore complex repeated authentication of the login terminal is avoided.
In another optional embodiment, on the basis of the foregoing embodiment, before the server performs the association judgment between the login accounts, the server may further filter the users to determine common users of the login terminal, and perform the association judgment between the login accounts only for the common users.
For example, the user authentication system may further determine whether the login number of the login account of the user on the login terminal reaches a threshold; if the user is the frequently-used user, whether the login account of the user is associated with the frequently-used login account of the login terminal or not can be continuously judged; if not, the user is indicated to be an emergency user, and the user authentication system can directly judge that the login terminal is an untrusted terminal of the user.
For example, taking the same trusted terminal as the same home trusted terminal as an example, if the login times of a certain user using the home trusted login terminal is less than a threshold value, for example, only once, the user is likely to be only a visiting visitor, and for such users, it is meaningless that the user authentication system performs the association determination between the login accounts, so that the user authentication system can directly determine that the login terminal is an untrusted terminal of the user.
Corresponding to the embodiment of the method, the application also provides an embodiment of the trusted terminal verification device. In software implementation, the apparatus may run on a server as an operation carrier of the apparatus of this application, where the server usually includes at least a CPU, a memory, and a nonvolatile memory, and may further include hardware such as an I/O interface. Referring to fig. 6, fig. 6 is a schematic diagram of a logical structure of a trusted terminal authentication apparatus provided in an exemplary embodiment of the present application, where the apparatus 60 includes:
a first judging module 601, configured to judge whether a login terminal of a user matches a trusted terminal of a local record;
a second determining module 602, configured to determine whether a login account of a user is associated with a commonly used login account of the login terminal when it is determined that the login terminal does not match a locally recorded trusted terminal; and if so, judging that the login terminal is the credible terminal of the user.
In this embodiment, the apparatus 60 further includes:
the classification module 603 is configured to identify a terminal type of the trusted terminal according to hardware information of the trusted terminal before the first determination module determines whether the login terminal of the user matches a locally recorded trusted terminal of the user;
when the trusted terminal is identified to be a handheld terminal, locally classifying the trusted terminal as a handheld trusted terminal;
when the credible terminal is identified to be a PC terminal, judging whether the common time period of the credible terminal is an office time period or a household time period;
when the common time period of the trusted terminal is an office time period, locally classifying the trusted terminal as an office trusted terminal;
and when the common time period of the trusted terminal is the household time period, locally classifying the trusted terminal as a household trusted terminal.
In this embodiment, the second determining module 602 is specifically configured to:
before judging whether a login account of a user is associated with a common login account of the login terminal, judging whether the login times of the login account of the user on the login terminal reach a threshold value;
if so, continuously judging whether the login account of the user is associated with the common login account of the login terminal;
if not, the login terminal is judged to be the non-credible terminal of the user.
In this embodiment, the second determining module 602 is specifically configured to:
inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value;
if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
In this embodiment, the same trusted terminal may be the same home trusted terminal.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
The application also provides an embodiment of a server.
The server includes: a processor and a memory for storing the processor-executable instructions;
further, the server may also include input/output interfaces, network interfaces, various hardware, and the like.
The server may be configured to:
judging whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the login terminal is judged to be not matched with the locally recorded trusted terminal of the user, judging whether the login account of the user is associated with the common login account of the login terminal;
and if so, judging that the login terminal is the credible terminal of the user.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (11)

1. A trusted terminal verification method is applied to a server side, and is characterized in that the method comprises the following steps:
judging whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the login terminal is judged to be not matched with the locally recorded trusted terminal of the user, judging whether the login account of the user is associated with the common login account of the login terminal;
and if so, judging that the login terminal is the credible terminal of the user.
2. The method of claim 1, wherein before determining whether the logged-in terminal of the user matches the trusted terminal of the user recorded locally, the method further comprises:
identifying the terminal type of the trusted terminal according to the hardware information of the trusted terminal;
when the trusted terminal is identified to be a handheld terminal, locally classifying the trusted terminal as a handheld trusted terminal;
when the credible terminal is identified to be a PC terminal, judging whether the common time period of the credible terminal is an office time period or a household time period;
when the common time period of the trusted terminal is an office time period, locally classifying the trusted terminal as an office trusted terminal;
and when the common time period of the trusted terminal is the household time period, locally classifying the trusted terminal as a household trusted terminal.
3. The method of claim 1, wherein before determining whether the login account of the user is associated with a common login account of the login terminal, the method further comprises:
judging whether the login times of the login account of the user on the login terminal reach a threshold value or not;
if so, continuously judging whether the login account of the user is associated with the common login account of the login terminal;
if not, the login terminal is judged to be the non-credible terminal of the user.
4. The method of claim 1, wherein the determining whether the login account of the user is associated with the common login account of the login terminal comprises:
inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value;
if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
5. The method according to claim 4, wherein the same trusted terminal is the same home trusted terminal.
6. A terminal verification apparatus applied to a server, the apparatus comprising:
the first judgment module is used for judging whether the login terminal of the user is matched with the trusted terminal of the local record;
the second judgment module is used for judging whether the login account of the user is associated with the common login account of the login terminal when the login terminal is judged not to be matched with the trusted terminal of the local record; and if so, judging that the login terminal is the credible terminal of the user.
7. The apparatus of claim 6, further comprising:
the classification module is used for identifying the terminal type of the trusted terminal according to the hardware information of the trusted terminal before the first judgment module judges whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the trusted terminal is identified to be a handheld terminal, locally classifying the trusted terminal as a handheld trusted terminal;
when the credible terminal is identified to be a PC terminal, judging whether the common time period of the credible terminal is an office time period or a household time period;
when the common time period of the trusted terminal is an office time period, locally classifying the trusted terminal as an office trusted terminal;
and when the common time period of the trusted terminal is the household time period, locally classifying the trusted terminal as a household trusted terminal.
8. The apparatus of claim 6, wherein the second determining module is specifically configured to:
before judging whether a login account of a user is associated with a common login account of the login terminal, judging whether the login times of the login account of the user on the login terminal reach a threshold value;
if so, continuously judging whether the login account of the user is associated with the common login account of the login terminal;
if not, the login terminal is judged to be the non-credible terminal of the user.
9. The apparatus of claim 6, wherein the second determining module is specifically configured to:
inquiring a common login account of the login terminal; the common login account is a login account of which the login times reach a threshold value in the historical login accounts of the login terminal;
judging whether the login account of the user and the common login account are logged in on the same trusted terminal or not, wherein the login times reach a threshold value;
if yes, determining that the login account of the user is associated with the common login account, and locally storing the association relationship between the login account of the user and the historical login account.
10. The apparatus according to claim 9, wherein the same trusted terminal is the same home trusted terminal.
11. An apparatus for authenticating a trusted terminal, comprising:
a processor; a memory for storing the processor-executable instructions;
wherein the processor is configured to:
judging whether the login terminal of the user is matched with the locally recorded trusted terminal of the user;
when the login terminal is judged to be not matched with the locally recorded trusted terminal of the user, judging whether the login account of the user is associated with the common login account of the login terminal;
and if so, judging that the login terminal is the credible terminal of the user.
HK16112350.1A 2016-10-27 Method and device for verifying credible terminal HK1224450B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
HK16112350.1A HK1224450B (en) 2016-10-27 Method and device for verifying credible terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
HK16112350.1A HK1224450B (en) 2016-10-27 Method and device for verifying credible terminal

Publications (2)

Publication Number Publication Date
HK1224450A1 true HK1224450A1 (en) 2017-08-18
HK1224450B HK1224450B (en) 2019-11-01

Family

ID=

Similar Documents

Publication Publication Date Title
CN109951436B (en) A trusted terminal verification method and device
US11190527B2 (en) Identity verification and login methods, apparatuses, and computer devices
EP3256976B1 (en) Toggling biometric authentication
US20200304491A1 (en) Systems and methods for using imaging to authenticate online users
CN107210916B (en) Conditional Login Promotion
US9319419B2 (en) Device identification scoring
US9055029B2 (en) Token based multifactor authentication
US10963167B2 (en) Method, first device, second device and system for managing access to data
US20190347425A1 (en) Method and apparatus for identity authentication
EP3937040B1 (en) Systems and methods for securing login access
EP2751733B1 (en) Method and system for authorizing an action at a site
US20170279798A1 (en) Multi-factor authentication system and method
EP2320622A1 (en) Report form normalization processing method, apparatus and system
CN108009406B (en) Account freezing method, account unfreezing method and server
US20140237567A1 (en) Authentication method
KR20200004666A (en) Biometric information authentication system using machine learning and block chain and its method
CN118433710A (en) A verification login method, device, electronic device and computer program product
HK1224450A1 (en) Method and device for verifying credible terminal
TWI709097B (en) Online banking login system and method thereof
HK1224450B (en) Method and device for verifying credible terminal
CN118586017A (en) A method and device for verifying data processing authority
CN119299231A (en) Dynamic authorization method and device

Legal Events

Date Code Title Description
PC Patent ceased (i.e. patent has lapsed due to the failure to pay the renewal fee)

Effective date: 20241024