With the development of Internet technology, the lives of people have been mingled with networks. An increasing number of people choose to use networks as tools of communication, entertainment and shopping, such as communicating with others using accounts of QQ (which is an instant messaging tool), MSN, etc., and conducting online shopping through registration on online shops, e.g., Taobao. However, account hacking is very common nowadays. Many QQ and MSN user accounts are hacked and illegitimately logged into by other users using illegal methods such as hacking software, thus affecting normal operations of users, and worse still, causing economic losses to the users. Also, network servers cannot distinguish whether an account of a user is normally logged in or illegitimately logged in, thus greatly reducing the security of networks.
Recently, in order for servers to accurately verify a login of a user and solve the problem of illegitimate logins, a number of service providers have adopted approaches such as digital certificates or binding accounts to hardware. A digital certificate is a series of data which is used to indicate identification information of a communication party in Internet communications, provide a method of verifying an identity of a user in a server through the network, and give an access authority of network resources according to his/her identity. After a user applies for a digital certificate, the user cannot conduct any operation except querying an account if a copy of the digital certificate is not introduced when he/she logs in from another computer. As such, the security of the user's account is enhanced. However, if the user changes his/her computer, he/she needs to re-apply for a digital certificate in order to allow accurate verification by the server.
On the other hand, binding an account to hardware includes a U-shield or a mobile digital certificate. The U-shield is a USB key or drive that includes a built-in microprocessor and employs a specific algorithm for encryption/decryption of online data and digital signing to provide confidentiality, authenticity, integrity and non-repudiation of online transactions. A user first needs to purchase a U-shield and establish an association between an account and the U-shield. When conducting an online transaction, a bank sends the user a string A, which is obtained after encrypting a combination of a time string, an address string, a transaction information string and an anti-reply attack string. The U-shield of the user performs a non-reversible computation on the string A based on the user's individual certificate to get a new string B, and sends the string B to the bank. The bank also conducts the non-reversible computation. If computation results of the bank and the user are identical, the user's login is recognized as legitimate and the transaction can be completed. If the results are not identical, the user's login is recognized as illegitimate and the transaction fails. As such, the network security is guaranteed.
However, as can be seen from the above, both the process of applying a digital certificate and the process of establishing an association between a U-shield and a user account are relatively tedious when verifying a login of a user, thus failing to achieve a highly efficient and accurate verification of whether the login of the user is reliable in a server.