CN105099998A - Identity information authentication method, device and system - Google Patents

Abstract

The embodiment of the present invention provides an identity information authentication method, device and system, wherein the method comprises the steps of obtaining the identity information submitted from a client side at a server side and the input attribute information, wherein the input attribute information comprises the input duration of each character inputted by users when the users submit the identity information at the client side and the interval duration of the inputted characters; at the server side, determining whether the identity information submitted by the users at the client side at present satisfies a preset condition according to the input duration and the interval duration; if yes, determining that the identity information authentication passes, otherwise, determining that the identity information authentication does not pass. According to the present invention, the identity information authentication can be carried out under the premise of not increasing the user operations, the identity information authentication cost is reduced, and the identity information authentication accuracy, the account security and the user experience are improved.

Description

A kind of authentication method of identity information, device and system

Technical field

The present invention relates to network communication technology field, particularly relate to the authenticate device of a kind of authentication method of identity information, a kind of identity information, and a kind of Verification System of identity information.

Background technology

Along with the development of internet, applications, increasing website and be applied as the service that user provides different, what have also relates to business activity, and therefore, the fail safe of the account of user is more and more important.

Current, most websites and application are all carry out authenticated user by username and password, when user logs in website or application, after the username and password that input is preset, namely also obtain corresponding service by password authentification, but this fixing password authentification mode is once username and password is revealed, the account of user by other people use outside account holder, can be in unsafe state.

In this case, website and application just need by further user authentication mode, to guarantee that account can not by other people access and the login except account holder except.This user authentication except password, is referred to as re-authentication.Traditional re-authentication mode comprises: send a disposable code by SMS to user; By Email, a disposable code is sent to user; By Email, a link is sent to user, require that user clicks; Require that user answers account default safety problem; Require that user provides other identifying datas etc.

But these re-authentication modes all propose extra operation requirements to user, such as, receive note code, answer safety problem etc., the operation beyond these normal logins, extends the process of user authentication, therefore brings offending Consumer's Experience.

On the other hand, there is inevitable leak in the mode of these secondaries checking in fail safe.Such as, if other people outside account holder also obtain the access rights of the Email of account holder while obtaining user and password, so also can be completed by other people outside account holder by the re-authentication mode of Email, therefore, traditional re-authentication mode will without any certification effect, and fail safe is still very low.

In addition, the mode cost of these secondaries checking is high.For mobile phone short message verification, every bar checking note spend in 0.06-0.08 unit, in other words, if a website having 1,000,000 any active ues or application needs carry out secondary checking to all users, the mobile phone short message verification of one day just needs to spend 6-8 ten thousand yuan, and within 1 year, is exactly about about 2,500,000 yuan.Therefore, the mode cost of these secondaries checking is higher.

Therefore, the technical problem needing those skilled in the art urgently to solve at present is exactly: the authentication method and the device that provide a kind of identity information, in order to carry out the certification of identity information under the prerequisite of not adding users operation, reduce the cost of authenticating identity information, improve the accuracy of authenticating identity information and the fail safe of account, promote Consumer's Experience.

Summary of the invention

Embodiment of the present invention technical problem to be solved is to provide a kind of authentication method of identity information, in order to carry out the certification of identity information under the prerequisite of not adding users operation, reduce the cost of authenticating identity information, improve the accuracy of authenticating identity information and the fail safe of account, promote Consumer's Experience.

Accordingly, the embodiment of the present invention additionally provides a kind of authenticate device of identity information and a kind of Verification System of identity information, in order to ensure the implementation and application of said method.

In order to solve the problem, the invention discloses a kind of authentication method of identity information, comprising:

Server side obtains the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

According to described input duration and interval duration, server side judges whether the current identity information submitted at client-side of user meets pre-conditioned;

If so, then judge that described identity information certification is passed through, otherwise, judge that described identity information certification is not passed through.

Preferably, according to described input duration and interval duration, described server side judges whether the current identity information submitted at client-side of user meets pre-conditioned step and comprise:

Server side adopts described input duration and interval duration, judges that whether each adjacent between two character that user inputs is continuous;

By continuous for described each adjacent character between two or discrete judged result, be organized into contrast target data;

Judge described contrast target data with preset by whether more consistent than source data, described is continuous or discrete judged result that user formerly inputs each adjacent character between two than source data;

If consistent, then judge that the current identity information submitted at client-side of user meets pre-conditioned;

If inconsistent, then judge that the current identity information submitted at client-side of user does not meet pre-conditioned.

Preferably, described is continuous or discrete judged result that certain user formerly gathered inputs each adjacent character between two than source data.

Preferably, describedly comprised one or more groups by than source data, carry out training generation by the continuous or discrete judged result inputting each adjacent character between two for the repeatedly user formerly gathered.

Preferably, server side adopts described input duration and interval duration, judges whether continuous print sub-step comprises further for each character adjacent between two that user inputs:

Server side on average inputs duration and equispaced duration according to described input duration and interval duration calculation;

Respectively described average input duration and equispaced duration are weighted, calculate continuously input reference input duration and input continuously with reference to interval duration;

By the input duration of each two adjacent characters and interval duration and described continuous input reference input duration with input reference interval duration continuously and contrast respectively;

If the input duration of described two adjacent characters is less than or equal to described continuous input reference input duration, and described interval duration is less than or equal to input continuously with reference to interval duration, then judge that being input as of described two adjacent characters is continuous, otherwise, judge that being input as of described two adjacent characters is discontinuous.

Preferably, described identity information comprises the username and password information of user by input through keyboard, and described keyboard comprises physical keyboard and dummy keyboard.

In order to solve the problem, the invention also discloses a kind of authentication method of identity information, described method comprises:

Client-side, when user submits identity information to, obtains input attributes information, and described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

Client-side is by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

According to embodiments of the invention, disclose a kind of authenticate device of identity information, described device is positioned at server side, and described device comprises:

The first information obtains module, for obtaining the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First judge module, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

Identity information certification, by module, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

Identity information certification, not by module, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through.

Preferably, described judge module comprises:

Judging continuous submodule, for adopting described input duration and interval duration, judging that whether each adjacent between two character that user inputs is continuous;

Contrast target data organizes submodule, for by continuous for described each adjacent character between two or discrete judged result, is organized into contrast target data;

Consistent judgement submodule, for judging described contrast target data with preset by whether more consistent than source data, described is continuous or discrete judged result that user formerly inputs each adjacent character between two than source data;

Consistent decision sub-module, for described contrast target data with preset by more consistent than source data time, judge that the current identity information submitted at client-side of user meets pre-conditioned;

Inconsistent stator modules, for described contrast target data with preset by more inconsistent than source data time, judge that the current identity information submitted at client-side of user does not meet pre-conditioned.

Preferably, described is continuous or discrete judged result that certain user formerly gathered inputs each adjacent character between two than source data.

Preferably, describedly comprised one or more groups by than source data, carry out training generation by the continuous or discrete judged result inputting each adjacent character between two for the repeatedly user formerly gathered.

Preferably, described second judge module comprises:

Average duration calculating sub module, on average inputting duration and equispaced duration according to described input duration and interval duration calculation;

With reference to duration calculation submodule, for being weighted described average input duration and equispaced duration respectively, calculating continuously input reference input duration and inputting continuously with reference to interval duration;

Contrast submodule, for contrasting the input duration of adjacent two characters and interval duration and described continuous input reference input duration and the continuous reference interval duration that inputs respectively;

Judge continuous submodule, for being less than or equal to described continuous input reference input duration at the input duration of described two adjacent characters, and described interval duration is when being less than or equal to that continuously input is with reference to interval duration, what judge described two adjacent characters is input as continuously;

Judge discontinuous submodule, for being greater than described continuous input reference input duration at the input duration of described two adjacent characters, and/or, when described interval duration is less than or equal to continuously input reference interval duration, judge that being input as of described two adjacent characters is discontinuous.

Preferably, described identity information comprises the username and password information of user by input through keyboard, and described keyboard comprises physical keyboard and dummy keyboard.

According to embodiments of the invention, disclose a kind of authenticate device of identity information, described device is positioned at client-side, and described device comprises:

First information acquisition module, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First sending module, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

According to embodiments of the invention, disclose a kind of Verification System of identity information, comprising:

Be positioned at the data obtaining module of client-side, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

Be positioned at the sending module of client-side, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side,

Be positioned at the information acquisition module of server side, for obtaining the identity information submitted to from client-side, and, input attributes information;

Be positioned at the judge module of server side, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

The identity information certification being positioned at server side, by module, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

The identity information certification being positioned at server side, not by module, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through.

Compared with prior art, the embodiment of the present invention comprises following advantage:

According to the input duration obtained and interval duration, the present invention is by judging that whether the current input of user is consistent with the input habit of this user at server side, if consistent, then identity information certification is passed through, otherwise, identity information certification is not passed through, avoid by user's operation bidirectional with by identity information certification, thus the certification of identity information can be completed under the prerequisite of not adding users operation, and, the present invention does not need to produce extra expense, after disposable simplified deployment, identity information is by server self-certification, thus the cost of authenticating identity information can be reduced, in addition, behavioural habits based on user judge, can not need know or preserve subscriber identity information, because the identity information of user is different for other user's meanings beyond this user, behavioural habits between user and user also just certainly exist difference, and, the behavioural habits of user are not easy to be stolen, continuous or discontinuous whether consistent with the input habit of this user with the input confirming this identity information by judging being input as of subscriber identity information, when judging that user is when secondary input is consistent with the behavioural habits of this user, namely can determine that user is when the secondary operation being input as user, avoid and know or preserve the problem that subscriber identity information causes leakage identity information, thus the accuracy of authenticating identity information and the fail safe of account can be improved, finally, the present invention does not need the certification of user awareness identity information, but meanwhile, the account of user has been got back protection, thus can Consumer's Experience be promoted.

Further, according to input duration and interval duration, the present invention is by judging that being input as of key mapping is continuous or discontinuous, with the input behavior of characterizing consumer, and then compare with the input habit of this user, judge whether identity information certification is passed through, the error avoiding input causes the error of judgement, therefore, can not require the input duration of each character of user and interval duration consistent, thus the accuracy of judgement can be improved, also namely improve the accuracy of authenticating identity information and the fail safe of account.

Further, by sending user, the present invention confirms that the mode of solicited message is set up by than source data, can guarantee set up by more corresponding with this user than source data, and, adopt the behavioural habits of same way characterizing consumer, the accuracy contrasted when can guarantee identity information certification, reduce the generation of error, thus the certification of identity information can be carried out under the prerequisite of not adding users operation, reduce the cost of authenticating identity information, improve the accuracy of authenticating identity information and the fail safe of account, promote Consumer's Experience.

Further, the present invention goes out continuously input reference input duration by weighted calculation and inputs continuously with reference to interval duration, weighting is the empirical statistics result for most of user, there is applicability at large, thus applicability of the present invention can be widened, and improve the error range of user's input operation, thus improve the accuracy judged further, also namely improve the accuracy of authenticating identity information and the fail safe of account.

Further, input duration and interval duration, by client-side record input duration and interval duration, are sent to server side by the present invention, can not need to record identity information, avoid the leakage of identity information, thus can improve the fail safe of account.

Accompanying drawing explanation

Fig. 1 shows the flow chart of steps of the authentication method embodiment 1 of a kind of identity information of the present invention;

Fig. 2 shows the flow chart of steps of the authentication method embodiment 2 of a kind of identity information of the present invention;

Fig. 3 shows the structured flowchart of the authenticate device embodiment 1 of a kind of identity information of the present invention;

Fig. 4 shows the structured flowchart of the authenticate device embodiment 2 of a kind of identity information of the present invention;

Fig. 5 shows the structured flowchart of the Verification System embodiment of a kind of identity information of the present invention.

Embodiment

For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.

For the technical problem that above-mentioned prior art exists, present inventor finds through research all the year round:

1, the password that user creates is mostly by the significant character string of this user, or, numeral, or, symbol composition;

2, for removing with other outdoor users, there is not identical meaning in the various piece of the password that this user creates;

3, when user inputs the password of user oneself establishment, can relatively input as a whole rapidly the significant part of this user;

4, when except with open air other users input same password time, the keyboard mode of other users can be different with this user.

One of core idea of the embodiment of the present invention is, by input duration and interval duration, research judgement is carried out to the custom that user creates password at server side, and research judgement is carried out to the custom of user's touch control keyboard, extract the characteristic representing the behavioural habits of this user accurately, this characteristic and preset characteristic is adopted to carry out the contrast certification of identity information, thus the certification of identity information can be carried out under the prerequisite of not adding users operation, reduce the cost of authenticating identity information, improve the fail safe of authenticating identity information and the fail safe of account, promote Consumer's Experience.

With reference to Fig. 1, show the flow chart of steps of the authentication method embodiment 1 of a kind of identity information of the present invention, specifically can comprise the steps:

Step 101, server side obtains the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

In actual applications, identity information can comprise the username and password of user, and user, when client-side input username and password, can record the input duration of each character of input, and, input the interval duration between each character.

Server side obtains the identity information submitted to from client-side, and, the mode of input attributes information can be at client-side, first one section of scripted code is disposed in the login page of website or application, this section of scripted code can recording user when touch control keyboard input username and password, the input duration of each key mapping and interval duration, inputted user, when clicking transmission, obtained this input duration and interval duration at server side.

Server side obtains the identity information submitted to from client-side, and the mode of input attributes information also can be that server initiatively detects, and obtains input duration and interval duration.

It should be noted that, the character that the present invention can not need recording user to input.

In one preferred embodiment of the invention, described identity information comprises the username and password information of user by input through keyboard, and described keyboard comprises physical keyboard and dummy keyboard.

As a kind of example of embody rule of the present invention, keyboard can comprise physical keyboard, dummy keyboard, is equally applicable to the embodiment of the present invention by the key mapping of dummy keyboard or the input duration of handwriting characters and interval duration.

Step 102, according to described input duration and interval duration, server side judges whether the current identity information submitted at client-side of user meets pre-conditioned; If so, then perform step 103, if not, then perform step 104;

In concrete enforcement, input duration and interval duration can the input habits of characterizing consumer, the pre-conditioned input habit that can comprise this user in first acquistion.

Input duration that two sections of codes beam back scripted code and interval duration can be disposed at server side to carry out analysis and judge.First paragraph code can be set up pre-conditioned for each account; Second segment code can be analyzed input duration and interval duration, judges whether the current identity information submitted at client-side of user meets pre-conditioned.

In one preferred embodiment of the invention, described step 102 specifically can comprise following sub-step:

Sub-step S11, server side adopts described input duration and interval duration, judges that whether each adjacent between two character that user inputs is continuous;

In concrete enforcement, character can by the key-press input of keyboard, and contacting between button and button can have two kinds of forms, and one is continuous, and another kind is discontinuous.Such as, user input username and password time, all can automatic continuous input to oneself significant character string.

By input duration and interval duration, can judge that whether the input of character adjacent is between two continuous.

In one preferred embodiment of the invention, described sub-step S11 specifically can comprise following sub-step:

Sub-step A1, server side on average inputs duration and equispaced duration according to described input duration and interval duration calculation;

As a kind of example of embody rule of the present invention, the input duration of each character in counting user name and password, calculate the average input duration of an average input character, and, input interval duration during each character in counting user name and password, calculate the equispaced duration of adjacent two characters of average input.

Sub-step A2, is weighted described average input duration and equispaced duration respectively, calculates continuously input reference input duration and inputs continuously with reference to interval duration;

In actual applications, certain error is all there is in input duration and interval duration for each input, and, the input of keyboard is easily by the impact of environment, in order to ensure the accuracy judged, can be weighted average input duration and equispaced duration, calculate continuously input reference input duration and input reference interval duration continuously.Such as: time user points very flexibly in the morning input password and midnight sleepy time input password, the key mapping input of twice can be very different.

In embodiments of the present invention, average input duration can be adopted to add, and 0.5 standard deviation is as inputting reference input duration continuously, and equispaced duration adds 0.5 standard deviation as continuous input with reference to interval duration.

It should be noted that, 0.5 standard deviation is the result of the empirical statistics for most of user, and the occurrence of standard deviation depends on the value of overall sample.In practical operation, can also change according to the custom of user.Such as, the input habit of a user is very stable all the time, and 0.1 standard deviation so can be adopted to be weighted.Therefore, those skilled in the art can adopt concrete threshold value to be weighted as the case may be, and threshold range can be the normal distribution using 0.5 standard deviation as mean value.

The present invention goes out continuously input reference input duration by weighted calculation and inputs continuously with reference to interval duration, weighting is the empirical statistics result for most of user, there is applicability at large, thus applicability of the present invention can be widened, and improve the error range of user's input operation, thus improve the accuracy judged further, also namely improve the accuracy of authenticating identity information and the fail safe of account.

Sub-step A3, by the input duration of adjacent two characters and interval duration and described continuous input reference input duration with input reference interval duration continuously and contrast respectively, if the input duration of described two adjacent characters is less than or equal to described continuous input reference input duration, and described interval duration is less than or equal to input continuously with reference to interval duration, then perform sub-step A4, otherwise, perform sub-step A5;

In a particular application, confirm to input whether continuous print standard can comprise:

(1) the key mapping input duration of input is continuously less;

(2) the key mapping interval duration of input is less continuously.

To input reference input duration continuously and to input continuously with reference to interval duration as the standard judging that input duration is less and interval duration is less, when the input duration of adjacent two characters is less than or equal to continuously input reference input duration, judge that key mapping input duration is less; When the interval duration of adjacent two characters is less than or equal to continuously input reference interval duration, decision bond bit interval duration is less.

Sub-step A4, judges that being input as of described two adjacent characters is continuous;

In a particular application, when the input duration of two adjacent characters and interval duration meet above-mentioned two standards simultaneously, namely key mapping input duration is less, and key mapping interval duration is less, can judge being input as continuously of two adjacent characters.

Sub-step A5, judges that being input as of described two adjacent characters is discontinuous.

In a particular application, in the input duration of two adjacent characters and interval duration, when at least not meeting in above-mentioned two standards, namely key mapping input duration is larger, and/or key mapping interval duration is comparatively large, can judge that being input as of two adjacent characters is discontinuous.

Certainly, whether continuous print judgment mode is exemplarily to above-mentioned character adjacent between two, when implementing the embodiment of the present invention, can arrange other characters adjacent between two whether continuous print judgment mode according to actual conditions, the embodiment of the present invention is not limited this.Whether in addition, except above-mentioned character adjacent between two continuous print judgment mode, those skilled in the art can also adopt other characters adjacent between two whether continuous print judgment mode according to actual needs, and the embodiment of the present invention is not also limited this.

According to input duration and interval duration, the present invention is by judging that being input as of key mapping is continuous or discontinuous, with the input behavior of characterizing consumer, and then compare with the input habit of this user, judge whether identity information certification is passed through, the error avoiding input causes the error of judgement, therefore, can not require the input duration of each character of user and interval duration consistent, thus the accuracy of judgement can be improved, also namely improve the accuracy of authenticating identity information and the fail safe of account.

Sub-step S12, by continuous for described each adjacent character between two or discrete judged result, is organized into contrast target data;

In concrete enforcement, continuous or the discrete judged result i.e. input habit of this user of each adjacent character between two, such as, suppose that the password of this user is 6 characters, judged result is that the 1st character and the 2nd character are continuous, the 2nd character and the 3rd character discontinuous, 3rd character and the 4th character continuous, continuously, continuously, then it can be continuous-discontinuous-continuous-continuous-continuous for contrasting target data for the 5th character and the 6th character for 4th character and the 5th character.

Sub-step S13, judges described contrast target data with preset by more consistent than source data, and described is continuous or discrete judged result that user formerly inputs each adjacent character between two than source data; If consistent, then perform sub-step S14; If inconsistent, then perform sub-step S15.

In useful application, preset can be comprised by than source data the custom that user creates password, and/or the custom of user's touch control keyboard, can input the mode of each adjacent character between two by training or the mode acquistion user logged in first.

If contrast target data by more consistent than source data, then can illustrate that the identity information when submit is that user inputs with preset;

If contrast target data with preset by more inconsistent than source data, then can illustrate when submit identity information not necessarily user input, there is risk.

In one preferred embodiment of the invention, described is continuous or discrete judged result that certain user formerly gathered inputs each adjacent character between two than source data.

In a particular application, if when certain identity information once determines that the user of this identity information inputs, this user can be adopted to input continuous or discrete judged result of each adjacent character between two.

For making those skilled in the art understand the present invention better, below by way of a concrete example being described further by than source data the embodiment of the present invention.

The first step, server side obtains the identity information that client-side is submitted to, and input attributes information;

Second step, server side adopts described input duration and interval duration, judges that whether each adjacent between two character that user inputs is continuous;

Judge whether each character adjacent between two that user inputs continuously can with reference to sub-step A1-A5.

3rd step, sends user and confirms solicited message;

As a kind of example of embody rule of the present invention, this user name can be used first user, and/or, by sending SMS to user during password, or mail etc. mode sends user and confirms solicited message, to judge whether the behavior is user's operation.

4th step, receives and confirms for described user user's confirmation response information that solicited message returns;

After user operates accordingly according to prompting, server side can receive and confirm for described user user's confirmation response information that solicited message returns, and now, namely can confirm that the behavior is user's operation.

5th step, is defined as by than source data by continuous for described each adjacent character between two or discrete judged result.

In a particular application, after receiving user's confirmation response information, namely judged result before can be defined as by than source data.

Certainly, above-mentioned is exemplarily by the generating mode than source data, and when implementing the embodiment of the present invention, can arrange other by the generating mode than source data according to actual conditions, the embodiment of the present invention is not limited this.In addition, except above-mentioned by than except the generating mode of source data, those skilled in the art can also adopt other by the generating mode than source data according to actual needs, and the embodiment of the present invention is not also limited this.

In one preferred embodiment of the invention, describedly comprised one or more groups by than source data, carry out training generation by the continuous or discrete judged result inputting each adjacent character between two for the repeatedly user formerly gathered.

In concrete enforcement, user can have one or more to the input habit of same identity information, also namely one or more groups can be comprised by than source data, continuous or discrete judged result of each adjacent character between two can be inputted by gathering repeatedly user, train, generate one or more groups by than source data.

Such as: the identity information of user comprises letter and number character etc., a kind of input habit is after having inputted letter, adopted numeric keypad inputting digital character, because letters case and figure case span are comparatively large, the input of alphabetic character and the input of numerical character may be discontinuous; Another kind of input habit has adopted digital block key mapping inputting digital character in QWERTY keyboard above letters case afterwards having inputted letter, and due to figure case and letters case aligned transfer, the input of alphabetic character and the input of numerical character may be continuous print.These two kinds of input habits can be all same users, therefore, can generate two groups by than source data, user when time continuous and discontinuous input judged result with two groups by group more identical than in source data time, namely this identity information is that user inputs.

Certainly, above-mentioned is exemplarily by the generating mode than source data, and when implementing the embodiment of the present invention, can arrange other by the generating mode than source data according to actual conditions, the embodiment of the present invention is not limited this.In addition, except above-mentioned by than except the generating mode of source data, those skilled in the art can also adopt other by the generating mode than source data according to actual needs, and the embodiment of the present invention is not also limited this.

Sub-step S14, judges that the current identity information submitted at client-side of user meets pre-conditioned; Perform step 103;

When contrast target data with preset by more consistent than source data time, judge that the current identity information submitted at client-side of user meets pre-conditioned.

Sub-step S15, judges that the current identity information submitted at client-side of user does not meet pre-conditioned; Perform step 104.

When contrast target data with preset by more inconsistent than source data time, judge that the current identity information submitted at client-side of user does not meet pre-conditioned.

Step 103, judges that described identity information certification is passed through;

When judging that the current identity information submitted at client-side of user meets pre-conditioned, identity information certification is passed through.

Step 104, judges that described identity information certification is not passed through.

When judging that the current identity information submitted at client-side of user does not meet pre-conditioned, identity information certification is not passed through.

It should be noted that, the present invention can not need the concrete character of identity information knowing that user inputs, and also namely can not need to know concrete key mapping when user inputs identity information.The existing identity information authentication techniques relevant to input through keyboard all need the basis of the concrete key mapping of knocking when knowing that user inputs identity information was analyzed the keyboard time of knocking.This just means, if adopt these identity identifying technologies to need to know clear-text passwords.But, due to the particularity of Password Input and storage, password must after user complete input, with the account password comparison of encryption that stores in database before, cryptographic storage at once.Therefore, need the identity information authentication techniques knowing clear-text passwords to be all impracticable, do not meet the regulation that password stores.The present invention is by judging that whether being input as of subscriber identity information be continuous or discontinuous consistent with the input habit of this user with the input confirming this identity information, thus determine whether the input of user, complete the certification of identity information, do not need to know clear-text passwords, thus avoid the risk of password leakage, improve the fail safe of account.

According to the input duration obtained and interval duration, the present invention is by judging that whether the current input of user is consistent with the input habit of this user at server side, if consistent, then identity information certification is passed through, otherwise, identity information certification is not passed through, avoid by user's operation bidirectional with by identity information certification, thus the certification of identity information can be completed under the prerequisite of not adding users operation, and, the present invention does not need to produce extra expense, after disposable simplified deployment, identity information is by server self-certification, thus the cost of authenticating identity information can be reduced, in addition, behavioural habits based on user judge, because the identity information of user is different for other user's meanings beyond this user, behavioural habits between user and user also just certainly exist difference, and, the behavioural habits of user are not easy to be stolen, therefore, judge that user is when secondary input is consistent with the behavioural habits of this user, namely can determine that user is when the secondary operation being input as user, thus the accuracy of authenticating identity information and the fail safe of account can be improved, finally, the present invention does not need the certification of user awareness identity information, but meanwhile, the account of user has been got back protection, thus can Consumer's Experience be promoted.

With reference to Fig. 2, show the flow chart of steps of the authentication method embodiment 2 of a kind of identity information of the present invention, specifically can comprise the steps:

Step 201, client-side, when user submits identity information to, obtains input attributes information, and described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

In a particular application, client-side can input the input duration of each character when submitting identity information to by recording user, and inputs the interval duration between each character.

Step 202, client-side is by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

In actual applications, the input duration of record and interval duration are sent to server side by client-side, after server side obtains input duration and interval duration, judge whether the current identity information submitted at client-side of user meets pre-conditioned, if meet pre-conditioned, then judge that described identity information certification is passed through, otherwise, judge that described identity information certification is not passed through.

When client-side receives the result that identity information certification passes through, active user can log in and use the account, and when client-side receives the unsanctioned result of identity information certification, active user logs in failure, can not use the account.

Input duration and interval duration, by client-side record input duration and interval duration, are sent to server side by the present invention, can not need to record identity information, avoid the leakage of identity information, thus can improve the fail safe of account.

For making those skilled in the art understand the present invention better, below by way of a concrete example, embodiments of the present invention is further illustrated.

Deployment phase:

Step 1, in client-side deployment module one; Module one comprises scripted code, for obtaining and sending input attributes information;

Step 2, disposes module two and module three at server side; Wherein, the input attributes information that module two sends for receiver module one, and judge continuously or the result of input continuously, for the account sets up by than source data; The input attributes information that module three sends for receiving receiver module one, and judge result that is continuous or input continuously, be set up contrast target data the account, adopt this contrast target data to contrast with by than source data.

By than source data generation phase:

Step a, the input duration of keyboard each key mapping and interval duration during module one recording user input password;

Step b, after user has inputted, clicks transmission, the input duration of record and interval duration have been sent to module two by module one;

Step c, according to input duration and interval duration, module two judges that whether the input of each key mapping is continuous;

Steps d, sends user to user and confirms solicited message;

Step e, receives the user's confirmation response information returned;

Step f, using the judged result of module two as the account by than source data.

The authentication phase of identity information:

Step I, the input duration of keyboard each key mapping and interval duration during module one recording user input password;

Step II, after user has inputted, clicks transmission, the input duration of record and interval duration have been sent to module three by module one;

Step II I, according to input duration and interval duration, module three judges that whether the input of each key mapping is continuous;

Step IV, module three is made comparisons judged result and the account by than source data;

Step V, if judged result and the account by more consistent than source data, then identity information certification is passed through;

Step VI, if judged result and the account by more inconsistent than source data, then identity information certification is not passed through.

It should be noted that, for embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the embodiment of the present invention is not by the restriction of described sequence of movement, because according to the embodiment of the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action might not be that the embodiment of the present invention is necessary.

With reference to Fig. 3, show the structured flowchart of the authenticate device embodiment 1 of a kind of identity information of the present invention, described device is positioned at server side, specifically can comprise as lower module:

The first information obtains module 301, for obtaining the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First judge module 302, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

Identity information certification, by module 303, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

Identity information certification, not by module 304, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through.

In one preferred embodiment of the invention, described judge module 303 specifically can comprise following:

Judging continuous submodule, for adopting described input duration and interval duration, judging that whether each adjacent between two character that user inputs is continuous;

Contrast target data organizes submodule, for by continuous for described each adjacent character between two or discrete judged result, is organized into contrast target data;

Consistent judgement submodule, for judging described contrast target data with preset by whether more consistent than source data, described is continuous or discrete judged result that user formerly inputs each adjacent character between two than source data;

Consistent decision sub-module, for described contrast target data with preset by more consistent than source data time, judge that the current identity information submitted at client-side of user meets pre-conditioned;

Inconsistent stator modules, for described contrast target data with preset by more inconsistent than source data time, judge that the current identity information submitted at client-side of user does not meet pre-conditioned.

In one preferred embodiment of the invention, described is continuous or discrete judged result that certain user formerly gathered inputs each adjacent character between two than source data.

In one preferred embodiment of the invention, describedly comprised one or more groups by than source data, carry out training generation by the continuous or discrete judged result inputting each adjacent character between two for the repeatedly user formerly gathered.

In one preferred embodiment of the invention, described second judge module comprises:

Average duration calculating sub module, on average inputting duration and equispaced duration according to described input duration and interval duration calculation;

With reference to duration calculation submodule, for being weighted described average input duration and equispaced duration respectively, calculating continuously input reference input duration and inputting continuously with reference to interval duration;

Contrast submodule, for contrasting the input duration of adjacent two characters and interval duration and described continuous input reference input duration and the continuous reference interval duration that inputs respectively;

Judge continuous submodule, for being less than or equal to described continuous input reference input duration at the input duration of described two adjacent characters, and described interval duration is when being less than or equal to that continuously input is with reference to interval duration, what judge described two adjacent characters is input as continuously;

Judge discontinuous submodule, for being greater than described continuous input reference input duration at the input duration of described two adjacent characters, and/or, when described interval duration is less than or equal to continuously input reference interval duration, judge that being input as of described two adjacent characters is discontinuous.

In one preferred embodiment of the invention, described identity information comprises the username and password information of user by input through keyboard, and described keyboard comprises physical keyboard and dummy keyboard.

For device embodiment 1, due to itself and embodiment of the method 1 basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method 1.

With reference to Fig. 4, show the structured flowchart of the authenticate device embodiment 2 of a kind of identity information of the present invention, described device is positioned at client-side, specifically can comprise as lower module:

First information acquisition module 401, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First sending module 402, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

For device embodiment 2, due to itself and embodiment of the method 2 basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method 2.

With reference to Fig. 5, show the structured flowchart of the Verification System embodiment of a kind of identity information of the present invention, specifically can comprise as lower module:

Be positioned at the data obtaining module 501 of client-side, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

Be positioned at the sending module 502 of client-side, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side,

Be positioned at the information acquisition module 503 of server side, for obtaining the identity information submitted to from client-side, and, input attributes information;

Be positioned at the judge module 504 of server side, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

The identity information certification being positioned at server side, by module 505, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

The identity information certification being positioned at server side, not by module 506, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through;

For device embodiment 3, due to itself and embodiment of the method 1-2 basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method 1-2.

Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.

Those skilled in the art should understand, the embodiment of the embodiment of the present invention can be provided as method, device or computer program.Therefore, the embodiment of the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the embodiment of the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.

The embodiment of the present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, terminal equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminal equipment to produce a machine, making the instruction performed by the processor of computer or other programmable data processing terminal equipment produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing terminal equipment, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

These computer program instructions also can be loaded on computer or other programmable data processing terminal equipment, make to perform sequence of operations step to produce computer implemented process on computer or other programmable terminal equipment, thus the instruction performed on computer or other programmable terminal equipment is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.

Although described the preferred embodiment of the embodiment of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of embodiment of the present invention scope.

Finally, also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or terminal equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or terminal equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the terminal equipment comprising described key element and also there is other identical element.

Above to the authentication method of a kind of identity information provided by the present invention, device and system, be described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (10)

1. an authentication method for identity information, is characterized in that, comprising:

Server side obtains the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

According to described input duration and interval duration, server side judges whether the current identity information submitted at client-side of user meets pre-conditioned;

If so, then judge that described identity information certification is passed through, otherwise, judge that described identity information certification is not passed through.

2. method according to claim 1, is characterized in that, according to described input duration and interval duration, described server side judges whether the current identity information submitted at client-side of user meets pre-conditioned step and comprise:

Server side adopts described input duration and interval duration, judges that whether each adjacent between two character that user inputs is continuous;

By continuous for described each adjacent character between two or discrete judged result, be organized into contrast target data;

Judge described contrast target data with preset by whether more consistent than source data, described is continuous or discrete judged result that user formerly inputs each adjacent character between two than source data;

If consistent, then judge that the current identity information submitted at client-side of user meets pre-conditioned;

If inconsistent, then judge that the current identity information submitted at client-side of user does not meet pre-conditioned.

3. method according to claim 2, is characterized in that, described is continuous or discrete judged result that certain user formerly gathered inputs each adjacent character between two than source data.

4. method according to claim 2, is characterized in that, is describedly comprised one or more groups by than source data, carries out training generation by the continuous or discrete judged result inputting each adjacent character between two for the repeatedly user formerly gathered.

5. the method according to Claims 2 or 3 or 4, is characterized in that, server side adopts described input duration and interval duration, judges whether continuous print sub-step comprises further for each character adjacent between two that user inputs:

Server side on average inputs duration and equispaced duration according to described input duration and interval duration calculation;

Respectively described average input duration and equispaced duration are weighted, calculate continuously input reference input duration and input continuously with reference to interval duration;

By the input duration of each two adjacent characters and interval duration and described continuous input reference input duration with input reference interval duration continuously and contrast respectively;

If the input duration of described two adjacent characters is less than or equal to described continuous input reference input duration, and described interval duration is less than or equal to input continuously with reference to interval duration, then judge that being input as of described two adjacent characters is continuous, otherwise, judge that being input as of described two adjacent characters is discontinuous.

6. method according to claim 5, is characterized in that, described identity information comprises the username and password information of user by input through keyboard, and described keyboard comprises physical keyboard and dummy keyboard.

7. an authentication method for identity information, is characterized in that, described method comprises:

Client-side, when user submits identity information to, obtains input attributes information, and described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

Client-side is by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

8. an authenticate device for identity information, is characterized in that, described device is positioned at server side, and described device comprises:

The first information obtains module, for obtaining the identity information submitted to from client-side, and, input attributes information; Described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First judge module, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

Identity information certification, by module, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

Identity information certification, not by module, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through.

9. an authenticate device for identity information, is characterized in that, described device is positioned at client-side, and described device comprises:

First information acquisition module, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

First sending module, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side.

10. a Verification System for identity information, is characterized in that, comprising:

Be positioned at the data obtaining module of client-side, for when user submits identity information to, obtain input attributes information, described input attributes information comprises user and submits at client-side the input duration inputting each character during identity information to, and, input the interval duration between each character;

Be positioned at the sending module of client-side, for by described input duration, interval duration and identity information are sent to server side, and the identity information certification that reception server side returns is passed through or the unsanctioned result of identity information certification, wherein, according to described input duration and interval duration, the result that described identity information certification is passed through judges that user generates and sends when the current identity information submitted at client-side meets pre-conditioned by described server side, according to described input duration and interval duration, the unsanctioned result of described identity information certification judges that user generates and sends when the current identity information submitted at client-side does not meet pre-conditioned by described server side,

Be positioned at the information acquisition module of server side, for obtaining the identity information submitted to from client-side, and, input attributes information;

Be positioned at the judge module of server side, for judging according to described input duration and interval duration whether the current identity information submitted at client-side of user meets pre-conditioned;

The identity information certification being positioned at server side, by module, for when the current identity information submitted at client-side of user meets pre-conditioned, judges that described identity information certification is passed through;

The identity information certification being positioned at server side, not by module, for when the current identity information submitted at client-side of user does not meet pre-conditioned, judges that described identity information certification is not passed through.