Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, completeSite preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hairEmbodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative effortsExample, shall fall within the protection scope of the present invention.
The permission locking means of user account provided by the invention, can be applicable in the application environment such as Fig. 1, wherein visitorFamily end (computer equipment) is communicated by network with server.Wherein, client (computer equipment) includes but is not limited toFor various personal computers, laptop, smart phone, tablet computer, camera and portable wearable device.ServerIt can be realized with the server cluster of the either multiple server compositions of independent server.
In one embodiment, it as shown in Fig. 2, providing a kind of permission locking means of user account, applies in this wayIt is illustrated for server in Fig. 1, includes the following steps S10-S40:
S10, receives the open instructions with the associated protective switch of user account, and confirmation sends the user of the open instructionsWhether be the user account account main body;The open instructions is that the user triggers in first terminal or second terminalIt is sent after preset opening event.
Wherein, the first terminal and the second terminal can be different types of to log in two of the user accountClient.The user account refers to that account main body in the registered account of financial platform, is stepped in user by the user accountWhen record, can just it be logined successfully after needing typing correctly to log in key;The protective switch refers to and the user accountAn associated protective switch, when the protective switch is not opened, user can normally log in finance by the user accountPlatform, and all operating rights of the normal use user account, the operating right includes logon rights and non-logon rights(namely the every other permission in addition to logon rights, for example check data of financial transaction, carry out financial transaction operation, to goldThe use function of melting platform carries out the behaviors such as personal settings).And after protective switch unlatching, user is only capable of passing through instituteIt states user account and logs in the financial platform and (namely the logon rights of the user account are enjoyed, in order to open in protective switchIn the case where can also log in, and abnormal notice can be sent to the account main body of the user account after the login, with warningUser), but any non-logon rights of the user account cannot be used, to ensure the safety of the user account.
Understandably, the open instructions of the protective switch is that preset opening is triggered in first terminal or second terminalSend after event, trigger preset opening event can occur in the case where the user account has logged on (such as:When time when place and preset location when logging in the user account are not inconsistent, log in the user account exceeds default log inBetween range, the errors number of login key when logging in the user account in third preset period of time be more than third preset timesThreshold value, the preset protection key of triggering etc.), it can also be in user account and be not logged in the case where occurs that (for example user triggersPreset protection key).That is, account main body can open or close its user account regardless of whether user account logs inProtective switch.
Preferably, first terminal and second terminal are two different types of clients, first terminal and described secondTerminal is including but not limited to one of clients such as mobile phone terminal or computer terminal or other intelligent wearable devices or a variety of;That is, can log in the user account of financial platform in the first terminal or the second terminal, and in first terminal andIn second terminal, can it open or close and the associated protective switch of the user account.
S20 opens the guarantor when the user that confirmation sends the open instructions is the account main body of the user accountShield switch, and pass through protective switch locking and the associated all non-logon rights of the user account.
That is, when the user that confirmation sends the open instructions is the account main body of the user account, described in openingProtective switch, after protective switch unlatching, user is only capable of logging in the financial platform by the user account, stillBut any non-logon rights of the user account cannot be used, to ensure the safety of the user account.
S30 receives the log-in instruction comprising log-on message;The log-in instruction is in the first terminal or described secondTyping and confirming is sent after the log-on message in terminal, and the log-on message includes the user account and logs in closeKey.
That is, in this embodiment, after the protective switch of the user account is opened, if desired passing through the userAccount is logged in;At this point, it is whether accurate firstly the need of the log-on message for verifying the user account, therefore, when logging in, instituteBefore stating step S30, what is got first is the log-on message of user's typing in the first terminal or the second terminal,And the user account in log-on message is obtained, and detect whether the financial platform has the registered user account, if so, thenInto in the step S30, and obtain simultaneously stored in the database of server with the associated correct login of the user accountKey;Otherwise, prompt user's user account is not present.
S40 is sending the log-in instruction if confirmation is described to log in the correct login key that key is the user accountThe first terminal or the second terminal display interface in show account exception information, and by the account exception informationIt notifies to the account main body of the user account.
In this step, since user account and the correct key that logs in have been acquired, at this time, it is only necessary to verify userThe login key of typing logs in whether key matches with correct, if matching, illustrates in the case where protective switch is opened stillThe correct user account of someone and the correct key that logs in log in the user account, which may be stolen, can alsoIt can be that account main body oneself is forgotten to be logged in the case where closing the protective switch, at this point, sending the log-in instructionThe first terminal or the second terminal display interface in show account exception information (such as prompt " your account goes outIt is now abnormal, logged in again after PLSCONFM ") user is prompted, while only showing the exception information, do not allow user to carry out otherNon- register;And notify (notifying by forms such as short message or mails) to the user account exception informationThe account main body of account, in order to which the account main body is after receiving the notice, close the protective switch orPerson is stolen situation to account and handles.
The present invention can be referred to by triggering preset opening event and sending with the opening of the associated protective switch of user accountIt enables, and after the identity of the user of verifying triggering opening event is the account main body of the user account, opens protective switch, withLocking and the associated all non-logon rights of the user account.The present invention can greatly promote the user account of financial platformSafety, and the protective switch can not be inconsistent according to the time, place is not inconsistent, log in wrong cipher key number frequently etc. abnormal conditionsVoluntarily open;Meanwhile the user account of financial platform can be logged in first terminal and second terminal, but protection is openedPass only needs that unlatching or the pass of the protective switch of two terminals can be synchronized simultaneously after a terminal opens or closes whereinClosed state, namely realize that remote lock or open user account, operating process are convenient and efficient.
In one embodiment, before the step S10, comprising:
When detecting that user triggers preset protection key, confirmation triggers the preset opening event.
That is, in this embodiment, triggering preset opening event and referring to that user triggers preset protection key, and the mistakeJourney can log in or and in the case where be not logged in user account.The preset protection key is passed through sliding, clickEtc. after modes trigger, that is, think that the server of financial platform has received the open instructions of protective switch, at this point, will be intoEnter in step S10 confirmation send the open instructions user whether be the user account account main body.
As shown in figure 3, the confirmation sends whether the user of the open instructions is the user in the step S10The account main body of account, comprising:
S101 obtains the biological characteristic or/and authentication secret for sending user's typing of the open instructions;The biology is specialSign refers to one of fingerprint, facial characteristics, vocal print or a variety of;
S102, confirmation send the user of the open instructions and the biological characteristic of the account main body prestored or/and testWhether card key matches;
S103, if matching, the user of the confirmation triggering default protection key is the accountee of the user accountBody;
S104, if mismatching, confirmation triggers the account that the default user for protecting key is not the user accountHouseholder's body.
In the one side of the embodiment, the user of the open instructions and the account main body prestored are sent by matchingBiological characteristic come verify trigger it is described it is default protection key the user whether be the user account account main body,The two biometric matches (that is, send one of the fingerprint of the user of the open instructions, facial characteristics, vocal print orIt is a variety of, with the corresponding life such as fingerprint, facial characteristics, the vocal print of account main body in the database for being stored in advance in serverObject feature is mutually matched) when, illustrate that the user for triggering the default protection key is the account main body of the user account,Otherwise, illustrate to trigger the account main body that the default user for protecting key is not the user account.
In the another aspect of the embodiment, the user of the open instructions and the accountee prestored are sent by matchingThe authentication secret of body come verify trigger it is described it is default protection key the user whether be the user account account main body,It matches in the verifying of the two (that is, sending the authentication secret of user's typing of the open instructions and being stored in advance in serverDatabase in the authentication secret of the user account be mutually matched) when, illustrate the use for triggering the default protection keyFamily is otherwise the account main body of the user account illustrates that triggering the default user for protecting key is not the useThe account main body of family account.
Understandably, two of above-described embodiment aspects, which can individually be proved to be successful one aspect and both can achieve, testsThe user of the card triggering default protection key is the account main body of the user account, can also good authentication two simultaneouslyAfter a aspect, just the user of the triggering of the confirmation verifying default protection key is the accountee of the user accountBody.
In one embodiment, before the step S10, comprising:
When the case where detecting when logging in the user account to preset any one or more in protection situation, reallyRecognize the triggering preset opening event;The default protection situation includes: place when logging in the user account and defaultTime when place is not inconsistent, logs in the user account exceeds default login time range, logs in institute in third preset period of timeThe errors number of login key when stating user account is more than third preset times threshold value.
That is, in this embodiment, it is pre- for triggering the case where preset opening event refers to when logging in the user accountIf protecting any one or more in situation, and the process is only capable of in the case where user account logs in.When presetProtection situation thinks that the server of financial platform has received the open instructions of protective switch when occurring, at this point, will be intoEnter in step S10 confirmation send the open instructions user whether be the user account account main body.
In the present embodiment, login time is not that (user can be set as according to demand common to default login time rangeLogin time, protected in time to avoid when being trespassed by criminal the nontransaction periods such as abnormal weekend, nightShield), logging in place is not that (preset location with being set as common geographical location or equipment according to user demand for preset locationLocation, when to avoid being trespassed in the terminal for being not in strange land or not oneself by criminal, so that user account obtains in timeProtection), the errors number of login key when logging in the user account in third preset period of time is more than third preset times(the third preset period of time and the third preset times threshold value can be set threshold value according to demand, non-to avoid illegal personMethod obtains user's commonly used equipment when common site logs in, and Brute Force logs in key and logged in).
As shown in figure 4, the confirmation sends whether the user of the open instructions is the user in the step S10The account main body of account, comprising:
Whether S105, the unique encodings that confirmation logs in the equipment of the user account belong to default device coding list;
It is stored in the device coding list relevant to user account and by acknowledged all of the account main bodyCommon equipment unique encodings.That is, having passed through the case where correctly logging in key normal login user account in userUnder, if having set out preset opening event, protective switch also can't be directly opened, but needs to verify again and be beaten described in transmissionThe user for opening instruction whether be the user account account main body, to ensure preciseness that the protective switch is opened.
S106 will when the unique encodings that confirmation logs in the equipment of the user account belong to default device coding listThis logs in the corresponding default protection situation and notifies to the account main body of the user account;
In the present embodiment, can be confirmed according to the feedback content of the account main body described in the default protection keyUser whether be the user account account main body;In this way, the unlatching of protective switch needs to obtain account main body first reallyRecognize, it will not be because of being caused protective switch unlatching that the inconvenient for use of user account is caused (also to need to close by other people maloperationsNon- logon rights just can be used normally in protective switch).
Understandably, notify that the mode to the account main body of the user account can be to pass through short message or mailEtc. forms notified.
S107, when the unique encodings that confirmation logs in the equipment of the user account are not belonging to default device coding list,Confirm that the default user for protecting key is not the account main body of the user account.
In this step, the unique encodings that the equipment of the user account is logged in confirmation are not belonging to default device coding columnWhen table, it is believed that the open command of the protective switch is not that the account main body of the user account issues, at this point it is possible to by thisThe relevant information of open command is sent to the account main body of the user account;Or it enters step in S60 and carries out at correlationReason.
In one embodiment, after the step S30 further include:
If confirming, the login key is not the correct login key of the user account, is sending the log-in instructionThe login wrong cipher key is prompted in the first terminal or the display interface of the second terminal, and in the first preset period of timeWhen the errors number for logging in key is more than the first preset times threshold value, the errors number for logging in key is notified to instituteState the account main body of user account.
Understandably, since user account and the correct key that logs in have been acquired, if the login of verifying user's typingKey logs in key and mismatches with correct, prompts not log in wrong cipher key first;But situation explanation is opened in protective switchIn the case where still have tried to login user account, which may be by Brute Force;It is also possible to being the goldMelt the account main body of the other users account of platform to have input the user account of mistake when logging in (user account of the mistake isThis logon attempt and also have the account of storage in database just) either user oneself hand accidentally inputed login key by mistake;If the first situation, since the process of Brute Force usually will do it multiple erroneous logons, one first is set at this time and is presetFrequency threshold value (setting according to demand) and first preset period of time, the login that mistake is frequently entered in the first preset period of time are closeKey regards as Brute Force situation, although at this point, there is the protection of protective switch, but need to notify the described of the accountAccount main body, in order to which account main body handles Brute Force situation in time;If rear the two, then usually not more than first is defaultFrequency threshold value, then misregistration number, without carrying out specially treated.
In one embodiment, after the step S10 further include:
When the user that confirmation sends the open instructions is not the account main body of the user account, described beat is being sentIt opens and prompts user right insufficient in the first terminal of instruction or the display interface of the second terminal, and the opening is referred toThe receiving time point of order and switch corresponding with the open instructions open abnormality associated storage;
Abnormality, which is opened, according to the receiving time point and the switch determines that the switch in the second preset period of time is openedWhether the frequency of abnormity of abnormality incites somebody to action more than the second preset times threshold value, and when being more than the second preset times threshold valueThe switch opens abnormality and the frequency of abnormity is notified to the account main body of the user account.
That is, keeping institute when the user that confirmation sends the open instructions is not the account main body of the user accountProtective switch closing is stated, at this point, user can normally log in financial platform by the user account, and the normal use userThe logon rights of account and non-logon rights.But since the user for sending the open instructions is not the user accountAccount main body illustrates that possible someone's malice opens the protective switch (as switch of this record opens abnormality), isThe safety of the user account of financial platform, need to record the open instructions receiving time point and with the open instructionsCorresponding switch opens the frequency of abnormity of abnormality;Second preset times threshold value and the second preset period of time can be according to demandSetting, frequently occurred in the second preset period of time switch open abnormality when (frequency of abnormity is more than the second preset times thresholdValue), it regards as someone and is maliciously opening the protective switch, it is therefore desirable to which the switch in the second preset period of time opens abnormal shapeWhen the frequency of abnormity of state is more than the second preset times threshold value, the account main body of the user account is notified, in order to account main bodyProcessing someone malice opens the protective switch situation in time;Otherwise, recording exceptional number, without carrying out specially treated.
In one embodiment, after the step S20 further include:
Receive with the out code of the associated protective switch of the user account, to associated with the user accountSecurity token sends identifying code;
If detecting the identifying code described in typing within the default time limit, the protective switch is closed, and pass through the protectionSwitch releases and the associated all non-logon rights of the user account;
If detecting the identifying code described in non-typing within the default time limit, the protective switch is kept to close.
That is, in this embodiment, after the protective switch is turned on, if desired closing, need to pass through security tokenIdentifying code carry out good authentication after, can just be turned off, and release the lock to the non-logon rights of the user accountIt is fixed.Understandably, in the identifying code authentication failed of security token, the closing of protective switch is not only kept, it is also necessary to notify instituteAccount main body is stated, in order to avoid the out code is issued in the case where criminal's Brute Force, account main body can be promptedThis kind of situation is handled in time.
Understandably, in other embodiments, the verification process of the closing protective switch removes the verifying by security tokenExcept code verifying, can be combined with that one of (or following means are used alone or in combination or a variety of) mobile phone generates at random is testedDemonstrate,prove code, the verifying of biological characteristic (such as fingerprint, vocal print, facial characteristics identification etc.) other modes, to promote the peace of user accountFull performance.
Understandably, user can also set the protective switch in fixed opening time point voluntarily time opening, andFixed shut-in time point is voluntarily periodically closed, for example being set as 6 points of every night of the day of trade is opening time point, the day of trade9 points of every morning be shut-in time point;After being set as time opening and closing, is sent without verifying every time and open and closeWhether the user identity closed is account main body, and only needs to be tested when being arranged or cancelling time opening and/or timing is closedCard.
In one embodiment, as shown in figure 5, providing a kind of permission locking device of user account, the power of the user accountThe permission locking means for limiting user account in locking device and above-described embodiment correspond.The permission of the user account locksDevice includes:
Confirmation module 11 sends described beat with the open instructions of the associated protective switch of user account, confirmation for receivingThe user for opening instruction whether be the user account account main body;The open instructions is the user in first terminal orTrigger what preset opening event was sent later in two terminals;
Locking module 12, the user for sending the open instructions in confirmation are the account main body of the user accountWhen, the protective switch is opened, and pass through protective switch locking and the associated all non-logon rights of the user account;
Receiving module 13, for receiving the log-in instruction comprising log-on message;The log-in instruction is whole described firstTyping and confirming is sent after the log-on message in end or the second terminal, and the log-on message includes user's accountFamily and login key;
Abnormal show module 14, if for confirming that the login key is the correct login key of the user account,It sends and shows account exception information in the first terminal of the log-in instruction or the display interface of the second terminal, and willThe account exception information is notified to the account main body of the user account.
The specific of permission locking device about user account limits the permission that may refer to above for user accountThe restriction of locking means, details are not described herein.Modules in the permission locking device of above-mentioned user account can whole or portionDivide and is realized by software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independently of computer equipmentIn processor in, can also be stored in a software form in the memory in computer equipment, in order to processor calling holdThe corresponding operation of the above modules of row.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junctionComposition can be as shown in Figure 6.The computer equipment include by system bus connect processor, memory, network interface andDatabase.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipmentInclude non-volatile memory medium, built-in storage.The non-volatile memory medium be stored with operating system, computer-readable instruction andDatabase.The built-in storage provides ring for the operation of operating system and computer-readable instruction in non-volatile memory mediumBorder.A kind of permission locking means of user account are realized when the computer-readable instruction is executed by processor.
In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memoryAnd the computer-readable instruction that can be run on a processor, processor perform the steps of when executing computer-readable instruction
The open instructions with the associated protective switch of user account is received, whether is the user of the confirmation transmission open instructionsFor the account main body of the user account;It is default that the open instructions is that the user triggers in first terminal or second terminalOpening event after send;
When the user that confirmation sends the open instructions is the account main body of the user account, opens the protection and openIt closes, and passes through protective switch locking and the associated all non-logon rights of the user account;
Receive the log-in instruction comprising log-on message;The log-in instruction is in the first terminal or the second terminalMiddle typing simultaneously confirms what the log-on message was sent later, and the log-on message includes the user account and login key;
If confirming the key that logs in for the correct login key of the user account, in the institute for sending the log-in instructionIt states and shows account exception information in first terminal or the display interface of the second terminal, and the account exception information is notifiedTo the account main body of the user account.
In one embodiment, a kind of computer readable storage medium is provided, computer-readable instruction is stored thereon with,It is performed the steps of when computer-readable instruction is executed by processor
The open instructions with the associated protective switch of user account is received, whether is the user of the confirmation transmission open instructionsFor the account main body of the user account;It is default that the open instructions is that the user triggers in first terminal or second terminalOpening event after send;
When the user that confirmation sends the open instructions is the account main body of the user account, opens the protection and openIt closes, and passes through protective switch locking and the associated all non-logon rights of the user account;
Receive the log-in instruction comprising log-on message;The log-in instruction is in the first terminal or the second terminalMiddle typing simultaneously confirms what the log-on message was sent later, and the log-on message includes the user account and login key;
If confirming the key that logs in for the correct login key of the user account, in the institute for sending the log-in instructionIt states and shows account exception information in first terminal or the display interface of the second terminal, and the account exception information is notifiedTo the account main body of the user account.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be withRelevant hardware is instructed to complete by computer-readable instruction, it is non-volatile that the computer-readable instruction can be stored in oneProperty computer-readable storage medium in, the computer-readable instruction is when being executed, it may include as above-mentioned each method embodimentProcess.Wherein, to memory, storage, database or other media used in each embodiment provided by the present inventionAny reference may each comprise non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory(ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.It is volatileProperty memory may include random access memory (RAM) or external cache.By way of illustration and not limitation, RAMIt is available in many forms, such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram(DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization link DRAM (SLDRAM), the direct RAM of memory bus (RDRAM),Direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each functionCan unit or module division progress for example, in practical application, can according to need and by above-mentioned function distribution by differenceFunctional unit or module complete, i.e., the internal structure of described device is divided into different functional unit or module, with completeAll or part of function described above.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned realityApplying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned eachTechnical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modifiedOr replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should allIt is included within protection scope of the present invention.