CN116305071A - Account password security system based on artificial intelligence - Google Patents
Account password security system based on artificial intelligence Download PDFInfo
- Publication number
- CN116305071A CN116305071A CN202310272996.0A CN202310272996A CN116305071A CN 116305071 A CN116305071 A CN 116305071A CN 202310272996 A CN202310272996 A CN 202310272996A CN 116305071 A CN116305071 A CN 116305071A
- Authority
- CN
- China
- Prior art keywords
- account
- information
- rule
- unit
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 140
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000004044 response Effects 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims abstract description 12
- 230000006698 induction Effects 0.000 claims description 33
- 238000012549 training Methods 0.000 claims description 13
- 230000003044 adaptive effect Effects 0.000 claims description 9
- 238000000586 desensitisation Methods 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 6
- 230000002068 genetic effect Effects 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000035772 mutation Effects 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000008439 repair process Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012552 review Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the specification provides an account password security system based on artificial intelligence, a terminal generates account information, records scene information and sends a rule request to a server, the server is provided with an artificial intelligence model unit, supervised learning obtains a rule learning model, a rule response unit calls the model to process the scene information in real time to obtain account processing rules suitable for the scene information, the processing rules are enabled to be changed in random adaptability, the account processing rules are encrypted by the scene information and then returned to the terminal, the security of the encryption rules is ensured, the terminal decrypts the account processing rules by the scene information, desensitizes the account information by the account processing rules and sends the account information to the server for storage, the server is provided with an access judging unit calls the bound account processing rules, the desensitized account information is restored, the account information is compared with the account information in the access request for verification, and the security of the account information is improved by desensitizing through responding the access request.
Description
Technical Field
The application relates to the field of computers, in particular to an account password security system based on artificial intelligence.
Background
With the rise of various user systems, strategies for account management become more and more important, and good management modes can improve account security and prevent data leakage.
At present, for account information management, account passwords generated by registration are encrypted through preset encryption rules, and then transmitted to a server for storage, so that the effect of preventing secret leakage is achieved.
However, this method is relatively fixed, and once the encryption method is stolen, all accounts face the risk of leakage, so it is necessary to provide a method to improve robustness and flexibility.
Disclosure of Invention
The embodiment of the specification provides an account password security system based on artificial intelligence, which is used for improving the security of account information.
The embodiment of the specification provides an account password security system based on artificial intelligence, which comprises:
the first terminal responds to user registration operation to generate account information and records scene information at the same time to send a rule request to the server, wherein the account information comprises an account number and a password:
a server is provided with:
the artificial intelligent model unit is used for collecting training samples and obtaining a rule learning model through supervised learning;
the rule response unit is used for calling the rule learning model to process the scene information after receiving the rule request to obtain an account processing rule which is suitable for the scene information, binding the account processing rule, the account information and the first terminal, encrypting the account processing rule by using the scene information and returning the encrypted account processing rule to the first terminal;
after decrypting the account processing rule by using the scene information, the first terminal desensitizes the account information by using the account processing rule, and sends the desensitized account information to a server for storage;
the server further has: the access judging unit is used for calling the bound account processing rule according to the terminal information in the access request, restoring the desensitized account information, comparing and verifying the desensitized account information with the account information in the access request, and responding to the access request if the verification is passed.
Optionally, the system also comprises a second terminal, when the second terminal requests to log in, the user fills in scene information including login time and the model of the login terminal when logging in the last terminal, records the current scene information and sends a rule request to the server;
and the rule response unit extracts the filled scene information of the last terminal when logging in from the rule request, verifies authenticity of the scene information, calls the rule learning model to process the current scene information if verification is passed, obtains an account processing rule which is suitable for the current scene information, binds the second terminal as a second processing rule, encrypts the second processing rule by using the current scene information, returns the second processing rule to the second terminal, enables the second terminal to desensitize the account information through the second processing rule, and sends the desensitized account information to a server, and the server stores the account information.
Optionally, the server stores account information, including:
restoring the account information subjected to desensitization treatment by using a second processing rule, and carrying out multistage encryption on the password information in the restored account information according to the sequence of a first processing rule and a second processing rule, wherein the first processing rule is a history rule, the processing result of the history rule on the account information is cleared, and the latest multistage encryption result is used for replacing and storing, and the storage mode is as follows: the account number and the multi-stage encrypted password are stored separately, a mapping table of the account number and password addresses is generated, and a rule chain is constructed according to a plurality of rules learned for the account information;
the access determination unit restores desensitized account information, including:
and obtaining a password corresponding to the account number according to the mapping table, and decrypting according to the reverse order of a plurality of rules in the rule chain to serve as a comparison verification basis.
Optionally, the collecting training samples, and the supervised learning to obtain a rule learning model includes:
and monitoring account processing rules planned for different terminals and scene information and leakage events of the account information after the account processing rules are implemented, calculating the adaptability to leakage risks by combining encryption time, space complexity and leakage event statistics results of the account processing rules, taking the account processing rules as adaptive labels of the account processing rules, and performing supervised learning by taking the terminal information and the scene information as training samples and combining the corresponding adaptive labels to obtain a rule learning model for predicting the account processing rules which are adaptive to all the terminals and the scene information.
Optionally, there is also an account management platform having:
the system comprises an account receiving unit, an emergency repair unit, a receiving rechecking unit, an account adding unit, an account registering unit, an account encrypting unit, an account deleting unit, an account logout unit and a fault recovery unit, wherein an administrator performs various management operations through configuration, and the system comprises: application, approval and execution.
Optionally, the artificial intelligence model unit further includes a genetic deriving unit, configured to adjust a selected probability of each element of the account processing rule according to a leakage event statistics result of the account information after the account processing rule is implemented, select each element of the account processing rule according to the adjusted selected probability, and perform crossover, mutation and splicing to derive a new account processing rule, so that the rule learning model learns an account processing rule with a maximum fitness, where each element of the account processing rule includes: encryption time, spatial complexity, key length, and number of layers of encryption.
Optionally, the method further comprises:
the induction unit is deployed on the server, the server port receives the access request and then synchronously sends the access request to the induction unit and the access judgment unit, the induction unit sends induction information carrying a high risk value to the access judgment unit, the induction information is intercepted through an induction abnormal program with the high risk value, the access judgment unit responds to the access request if the induction information is received within the preset time after the access request is received, and the response to the access request is refused if the induction information is not received within the preset time after the access request is received.
Optionally, the scene information includes a login terminal, a login time period and a login location.
Optionally, the induction unit sets a tag for the access request according to whether the induction information is intercepted or not, and sends the access request as a leakage event to a data pool of the training sample.
Optionally, the desensitizing the account information with account processing rules includes:
the dimension in the account processing rule is determined, the password information in the account information is encrypted, the encrypted password information is filled according to the dimension and the filling rule, and the filled password information is hashed into a multidimensional array according to the hash rule in the account processing rule.
According to the technical schemes provided by the embodiment of the specification, account information is generated through the terminal, scene information is recorded and a rule request is sent to the server, the server is provided with an artificial intelligent model unit, a rule learning model is obtained through supervision and learning, a rule response unit calls the model to process the scene information in real time, an account processing rule suitable for the scene information is obtained, the processing rule is enabled to be changed in random adaptability, the account processing rule is encrypted through the scene information and then returned to the terminal, the security of the encryption rule is guaranteed, the terminal decrypts the account processing rule through the scene information, then desensitizes the account information through the account processing rule and sends the account information to the server for storage, the server is provided with an access judging unit to call the bound account processing rule, the desensitized account information is restored, the account information is compared with the account information in the access request for verification, and the security of the account information is improved through desensitization when the access request is responded.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a schematic diagram of an account password security system based on artificial intelligence according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals in the drawings denote the same or similar elements, components or portions, and thus a repetitive description thereof will be omitted.
The features, structures, characteristics or other details described in a particular embodiment do not exclude that may be combined in one or more other embodiments in a suitable manner, without departing from the technical idea of the invention.
In the description of specific embodiments, features, structures, characteristics, or other details described in the present invention are provided to enable one skilled in the art to fully understand the embodiments. However, it is not excluded that one skilled in the art may practice the present invention without one or more of the specific features, structures, characteristics, or other details.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of an account password security system based on artificial intelligence according to an embodiment of the present disclosure, where the system includes:
the first terminal 101 generates account information including an account number and a password in response to a user registration operation while recording scene information and transmitting a rule request to the server;
the server 102 includes:
the artificial intelligent model unit is used for collecting training samples and obtaining a rule learning model through supervised learning;
a rule response unit, configured to, after receiving a rule request, invoke the rule learning model to process the scene information, obtain an account processing rule that is adapted to the scene information, bind the account processing rule, the account information and the first terminal 101, encrypt the account processing rule with the scene information, and return the encrypted account processing rule to the first terminal 101;
after decrypting the account processing rule by using the scene information, the first terminal desensitizes the account information by using the account processing rule, and sends the desensitized account information to a server for storage;
the server 102 further includes: the access judging unit is used for calling the bound account processing rule according to the terminal information in the access request, restoring the desensitized account information, comparing and verifying the desensitized account information with the account information in the access request, and responding to the access request if the verification is passed.
The system generates account information through a terminal, records the scene information and sends a rule request to a server, the server is provided with an artificial intelligent model unit, supervised learning is conducted to obtain a rule learning model, a rule response unit calls the model to conduct instant processing on the scene information to obtain account processing rules suitable for the scene information, the processing rules are enabled to be changed in random adaptability, the account processing rules are encrypted through the scene information and returned to the terminal, the security of the encryption rules is guaranteed, the terminal decrypts the account processing rules through the scene information, then desensitizes the account processing rules, sends the account information to the server for storage, the server is provided with an access judging unit calls the bound account processing rules, the desensitized account information is restored, the account processing rules are compared with the account information in the access request for verification, and the security of the account information is improved through desensitization after responding the access request.
The scene information can represent operation characteristics and environment characteristics during registration or login, the operation characteristics can include login time period and login place, and the environment characteristics can include terminal identification, third party application identification for registration or login, networking mode of the terminal, network topology position of the terminal and current security level of a network to which the terminal belongs.
Thus, along with the change of scene information, different account processing rules can be learned to adapt to the change of scenes, the risk of cracking the processing rules is reduced, and the defect of single fixed encryption rules is avoided.
Wherein the account processing rules may desensitize and restore the account and password, respectively.
The desensitization process may include character stuffing and encryption, and the restoration process may include decryption and character extraction.
The account processing rule, the account information and the first terminal 101 may be bound, where the account processing rule is used as a primary key, an account in the account information is used as a secondary primary key, and the first terminal identifier, the scene information and the encrypted account password are used as key values to generate a record.
The account processing rules are predicted through the scene information filled by the user, so that the account information is obtained by indexing to the corresponding records, and a hacker can hardly find the account information quickly.
The rule request can carry scene information encrypted by the public key of the server, so that the server can decrypt the scene information by the private key and avoid leakage in the transmission process.
When the subsequent user accesses through the first terminal or other terminals, scene information during registration or last login can be filled in, so that the server learns account processing rules at that time, corresponding account information is searched out, desensitized account information is restored by utilizing the account processing rules, and password information in the account processing rules is compared with passwords in an access request.
The account information in the access request can be encrypted by using the second processing rule, so that the server needs to desensitize the stored account information by using the first processing rule and desensitize the account information in the access request by using the second processing rule which is suitable for the current scene information before comparison, if the desensitization result is consistent, the password is correct, the access is allowed, and after the access is allowed, the database of the server is directly bound and updated by using the desensitized account information of the second processing rule, the corresponding scene information and the second processing rule.
Of course, the account information after desensitizing the first processing rule by using the second processing rule may be further desensitized, so as to implement multi-stage encryption and improve security.
To achieve multi-level decryption, a rule chain is generated with the first and second processing rules to record a rule sequence for performing multi-level encryption for subsequent reverse decryption.
In the embodiment of the specification, the terminal also comprises a second terminal, when the second terminal requests to log in, the user fills in scene information when the last terminal logs in, records the current scene information and sends a rule request to the server;
and the rule response unit extracts the filled scene information of the last terminal when logging in from the rule request, verifies authenticity of the scene information, calls the rule learning model to process the current scene information if verification is passed, obtains an account processing rule which is suitable for the current scene information, binds the second terminal as a second processing rule, encrypts the second processing rule by using the current scene information, returns the second processing rule to the second terminal, enables the second terminal to desensitize the account information through the second processing rule, and sends the desensitized account information to a server, and the server stores the account information.
Thus, new account processing rules are used for each login, so that a hacker is hard to break.
Because new account processing rules are used during each login, advanced restoration is needed before multi-stage encryption is performed, and then encryption is performed according to the sequence of the processing rules.
In this embodiment of the present disclosure, the server stores account information, including:
restoring the account information subjected to desensitization treatment by using a second processing rule, and carrying out multistage encryption on the password information in the restored account information according to the sequence of a first processing rule and a second processing rule, wherein the first processing rule is a history rule, the processing result of the history rule on the account information is cleared, and the latest multistage encryption result is used for replacing and storing, and the storage mode is as follows: the account number and the multi-stage encrypted password are stored separately, a mapping table of the account number and password addresses is generated, and a rule chain is constructed according to a plurality of rules learned for the account information;
the access determination unit restores desensitized account information, including:
and obtaining a password corresponding to the account number according to the mapping table, and decrypting according to the reverse order of a plurality of rules in the rule chain to serve as a comparison verification basis.
In an embodiment of the present disclosure, the collecting training samples, and the supervised learning to obtain a rule learning model includes:
and monitoring account processing rules planned for different terminals and scene information and leakage events of the account information after the account processing rules are implemented, calculating the adaptability to leakage risks by combining encryption time, space complexity and leakage event statistics results of the account processing rules, taking the account processing rules as adaptive labels of the account processing rules, and performing supervised learning by taking the terminal information and the scene information as training samples and combining the corresponding adaptive labels to obtain a rule learning model for predicting the account processing rules which are adaptive to all the terminals and the scene information.
In the embodiment of the present specification, there is also an account management platform having:
the system comprises an account receiving unit, an emergency repair unit, a receiving rechecking unit, an account adding unit, an account registering unit, an account encrypting unit, an account deleting unit, an account logout unit and a fault recovery unit, wherein an administrator performs various management operations through configuration, and the system comprises: application, approval and execution.
Each unit in the account management platform is provided with at least one page respectively for displaying the progress information of the work orders and allowing management personnel to perform various operations, for example, the account leading unit refers to a page for leading management account information work orders, the emergency rescue unit is used for allowing management personnel to perform abnormal processing on the system, such as password leakage, leading a review unit user to review the work orders, and the account adding unit, the account registering unit, the account encrypting unit, the account deleting unit and the account canceling unit are management units of all progress nodes and the fault recovering unit is used for performing fault elimination on the system.
In this embodiment of the present disclosure, the artificial intelligence model unit further includes a genetic deriving unit, configured to adjust a selected probability of each element of the account processing rule according to a leakage event statistics result of the account information after implementing the account processing rule, select each element of the account processing rule according to the adjusted selected probability, and perform crossover, mutation and concatenation to derive a new account processing rule, so that the rule learning model learns an account processing rule with a maximum fitness, where each element of the account processing rule includes: encryption time, spatial complexity, key length, and number of layers of encryption.
Through a genetic derivative algorithm, a new account processing rule is generated in an open mode, and the defect that local optimization is caused by a closed mode is avoided.
The encryption time complexity and the space complexity take possible leakage in the encryption process into consideration, and the security of the encryption process is improved to a certain extent by adjusting the encryption time complexity and the space complexity, so that the security management level of account passwords is improved.
Considering that leakage events are difficult to avoid, many schemes are analyzed at the time, and few schemes can be effectively processed at the time because the system sends a risk prompt when predicting leakage risk, and such prompt is likely to be intercepted and fail.
In this regard, the same way can be reversed.
Specifically, in the embodiment of the present specification, the system further includes:
the induction unit is deployed on the server, the server port receives the access request and then synchronously sends the access request to the induction unit and the access judgment unit, the induction unit sends induction information carrying a high risk value to the access judgment unit, the induction information is intercepted through an induction abnormal program with the high risk value, the access judgment unit responds to the access request if the induction information is received within the preset time after the access request is received, and the response to the access request is refused if the induction information is not received within the preset time after the access request is received.
Whether the access request is high risk or not, the induction information carrying the high risk value is sent to the access judging unit, if the system is broken by an abnormal program of a hacker, the high risk value is naturally identified to intercept, then the judging unit can reversely deduce that the access request is initiated by the hacker because the induction information is not received, so as to reject the request, and if the induction information is received, the high risk value is deliberately reserved and cannot be used as a basis for rejecting the access, so that the access judging unit decides to respond to the access request.
In the embodiment of the present specification, the inducement unit sets a tag for the access request according to whether the inducement information is intercepted, and sends the information as a leakage event to a data pool of the training sample.
The data pool can perform extraction, merging, filling and format conversion of data to obtain training data.
The method specifically comprises the following steps: if the induction information with high risk value is intercepted, an abnormal label is set for the access request and the corresponding access behavior information, and if the induction information with high risk value is received, a security label is set for the access request and the corresponding access behavior information.
The access behavior may include: an access request initiating terminal, an access request network transmission link, a domain name of an access address and an access time point.
In order to improve the security of the password, a multidimensional array can be constructed by referring to the principle of a cube, and the encrypted password is stored in the multidimensional array.
In an embodiment of the present disclosure, the desensitizing the account information with account processing rules includes:
the dimension in the account processing rule is determined, the password information in the account information is encrypted, the encrypted password information is filled according to the dimension and the filling rule, and the filled password information is hashed into a multidimensional array according to the hash rule in the account processing rule.
The total number of filling characters can be determined according to the account processing rule, the number of the filling characters is subtracted from the cube of the dimension, the number of characters to be filled between adjacent characters in the password information is determined, a string of characters is used for representing the filling rule, for example, 2,3,5 and 6, and the filling rule indicates that 2 filling characters are filled between the first password character and the second password character, and the like.
By filling, the encrypted password can be recorded by a multidimensional array, and the security is further improved.
In this embodiment of the present disclosure, the principle of the magic cube may be further used to rotate a part of row and column layers of the multidimensional array, record the rotated row and column layers, rotation direction, and rotation angle, and add the rotated row and column layers, rotation direction, and rotation angle as auxiliary information to the account processing rule, so when the recovering is performed, firstly the auxiliary information is read, the row and column layers, rotation direction, and rotation angle in the opposite direction are identified, the reverse order is rotated in the opposite direction, so as to obtain the recovered multidimensional array, then according to a string of character numbers in the filling rule, invalid filling characters are removed, password characters are extracted, and finally decryption is performed, so as to obtain the password information of the account.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (10)
1. An account password security system based on artificial intelligence, comprising:
the first terminal responds to the user registration operation to generate account information and records scene information at the same time to send a rule request to the server, wherein the account information comprises an account number and a password;
a server is provided with:
the artificial intelligent model unit is used for collecting training samples and obtaining a rule learning model through supervised learning;
the rule response unit is used for calling the rule learning model to process the scene information after receiving the rule request to obtain an account processing rule which is suitable for the scene information, binding the account processing rule, the account information and the first terminal, encrypting the account processing rule by using the scene information and returning the encrypted account processing rule to the first terminal;
after decrypting the account processing rule by using the scene information, the first terminal desensitizes the account information by using the account processing rule, and sends the desensitized account information to a server for storage;
the server further has: the access judging unit is used for calling the bound account processing rule according to the terminal information in the access request, restoring the desensitized account information, comparing and verifying the desensitized account information with the account information in the access request, and responding to the access request if the verification is passed.
2. The system of claim 1, further comprising a second terminal, wherein when the second terminal requests login, the user fills in scene information of the last terminal when logging in, including login time and model number of the login terminal, records current scene information and sends a rule request to the server;
and the rule response unit extracts the filled scene information of the last terminal when logging in from the rule request, verifies authenticity of the scene information, calls the rule learning model to process the current scene information if verification is passed, obtains an account processing rule which is suitable for the current scene information, binds the second terminal as a second processing rule, encrypts the second processing rule by using the current scene information, returns the second processing rule to the second terminal, enables the second terminal to desensitize the account information through the second processing rule, and sends the desensitized account information to a server, and the server stores the account information.
3. The system of claim 2, wherein the server stores account information, comprising:
restoring the account information subjected to desensitization treatment by using a second processing rule, and carrying out multistage encryption on the password information in the restored account information according to the sequence of a first processing rule and a second processing rule, wherein the first processing rule is a history rule, the processing result of the history rule on the account information is cleared, and the latest multistage encryption result is used for replacing and storing, and the storage mode is as follows: the account number and the multi-stage encrypted password are stored separately, a mapping table of the account number and password addresses is generated, and a rule chain is constructed according to a plurality of rules learned for the account information;
the access determination unit restores desensitized account information, including:
and obtaining a password corresponding to the account number according to the mapping table, and decrypting according to the reverse order of a plurality of rules in the rule chain to serve as a comparison verification basis.
4. The system of claim 1, the collecting training samples, the supervised learning resulting in a rule learning model, comprising:
and monitoring account processing rules planned for different terminals and scene information and leakage events of the account information after the account processing rules are implemented, calculating the adaptability to leakage risks by combining encryption time, space complexity and leakage event statistics results of the account processing rules, taking the account processing rules as adaptive labels of the account processing rules, and performing supervised learning by taking the terminal information and the scene information as training samples and combining the corresponding adaptive labels to obtain a rule learning model for predicting the account processing rules which are adaptive to all the terminals and the scene information.
5. The system of claim 1, further having an account management platform having:
the system comprises an account receiving unit, an emergency repair unit, a receiving rechecking unit, an account adding unit, an account registering unit, an account encrypting unit, an account deleting unit, an account logout unit and a fault recovery unit, wherein an administrator performs various management operations through configuration, and the system comprises: application, approval and execution.
6. The system according to claim 1, wherein the artificial intelligence model unit further comprises a genetic deriving unit, and the genetic deriving unit is configured to adjust a selected probability of each element of the account processing rule according to a leakage event statistics result of the account information after implementing the account processing rule, select each element of the account processing rule according to the adjusted selected probability, and perform crossover, mutation and splicing to derive a new account processing rule, so that the rule learning model learns an account processing rule with a maximum fitness, where each element of the account processing rule includes: encryption time, spatial complexity, key length, and number of layers of encryption.
7. The system of claim 1, further comprising:
the induction unit is deployed on the server, the server port receives the access request and then synchronously sends the access request to the induction unit and the access judgment unit, the induction unit sends induction information carrying a high risk value to the access judgment unit, the induction information is intercepted through an induction abnormal program with the high risk value, the access judgment unit responds to the access request if the induction information is received within the preset time after the access request is received, and the response to the access request is refused if the induction information is not received within the preset time after the access request is received.
8. The system of claim 1, wherein the context information includes a login terminal, a login period, and a login location.
9. The system of claim 7, the induction unit tags the access request according to whether the induction information is intercepted, and sends the access request as a leakage event to the data pool of the training samples.
10. The system of claim 1, the desensitizing the account information with account processing rules comprising:
the dimension in the account processing rule is determined, the password information in the account information is encrypted, the encrypted password information is filled according to the dimension and the filling rule, and the filled password information is hashed into a multidimensional array according to the hash rule in the account processing rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310272996.0A CN116305071B (en) | 2023-03-18 | 2023-03-18 | Account password security system based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310272996.0A CN116305071B (en) | 2023-03-18 | 2023-03-18 | Account password security system based on artificial intelligence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116305071A true CN116305071A (en) | 2023-06-23 |
| CN116305071B CN116305071B (en) | 2023-09-26 |
Family
ID=86781229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310272996.0A Active CN116305071B (en) | 2023-03-18 | 2023-03-18 | Account password security system based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116305071B (en) |
Citations (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678118A (en) * | 2013-10-18 | 2014-03-26 | 北京奇虎测腾科技有限公司 | Method and device for compliance detection of Java source code |
| US20160036806A1 (en) * | 2014-08-01 | 2016-02-04 | Okta, Inc. | Automated Password Generation and Change |
| CN106384280A (en) * | 2016-10-27 | 2017-02-08 | 四川衡驰信息技术有限公司 | Artificial intelligent accounting system and computing method thereof |
| US9680938B1 (en) * | 2014-10-06 | 2017-06-13 | Exabeam, Inc. | System, method, and computer program product for tracking user activity during a logon session |
| CN110460565A (en) * | 2018-05-08 | 2019-11-15 | 国际商业机器公司 | For learning the firewall based on context of artificial intelligence entity |
| CN110602248A (en) * | 2019-09-27 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Abnormal behavior information identification method, system, device, equipment and medium |
| US10523682B1 (en) * | 2019-02-26 | 2019-12-31 | Sailpoint Technologies, Inc. | System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems |
| CN111046374A (en) * | 2019-11-26 | 2020-04-21 | 山东浪潮人工智能研究院有限公司 | Method and system for improving user password security based on machine learning |
| US20200134169A1 (en) * | 2018-10-31 | 2020-04-30 | EMC IP Holding Company LLC | Managing passwords |
| KR20200050701A (en) * | 2018-11-02 | 2020-05-12 | 주식회사 피노텍 | User authentication system and method based on context data |
| CN112202708A (en) * | 2020-08-24 | 2021-01-08 | 国网山东省电力公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN112308236A (en) * | 2020-10-30 | 2021-02-02 | 北京百度网讯科技有限公司 | Method, device, electronic equipment and storage medium for processing user request |
| CN112613027A (en) * | 2020-12-16 | 2021-04-06 | 广州岸边网络科技有限公司 | Multi-password management method, equipment and storage medium based on machine learning |
| US10972475B1 (en) * | 2020-01-29 | 2021-04-06 | Capital One Services, Llc | Account access security using a distributed ledger and/or a distributed file system |
| US20210125297A1 (en) * | 2019-10-23 | 2021-04-29 | Lumas | Systems and methods for intelligent contract analysis and data organization |
| US20210133607A1 (en) * | 2019-10-31 | 2021-05-06 | Shoreline Iot, Inc. | Systems and methods for self-learning artificial intelligence of things (aiot) devices and services |
| WO2021155678A1 (en) * | 2020-02-03 | 2021-08-12 | 腾讯科技(深圳)有限公司 | Label marking method and apparatus, and device and readable storage medium |
| WO2021169159A1 (en) * | 2020-02-26 | 2021-09-02 | 深圳壹账通智能科技有限公司 | Photograph information processing method and apparatus, device, and medium |
| US20210287107A1 (en) * | 2020-03-10 | 2021-09-16 | Sailpoint Technologies, Inc. | Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems |
| US11140167B1 (en) * | 2016-03-01 | 2021-10-05 | Exabeam, Inc. | System, method, and computer program for automatically classifying user accounts in a computer network using keys from an identity management system |
| US20220070193A1 (en) * | 2020-08-28 | 2022-03-03 | Mcafee, Llc | Methods and apparatus to analyze telemetry data of a network device for malicious activity |
| CN114139142A (en) * | 2021-12-13 | 2022-03-04 | 杭州安恒信息技术股份有限公司 | Server password modification method and device, electronic equipment and storage medium |
| CN114418743A (en) * | 2022-01-18 | 2022-04-29 | 中国工商银行股份有限公司 | Account information detection method, device, equipment, storage medium and program product |
| CN114430346A (en) * | 2022-01-27 | 2022-05-03 | 亿咖通(湖北)技术有限公司 | Login method and device and electronic equipment |
| CN114595481A (en) * | 2022-03-09 | 2022-06-07 | 江苏保旺达软件技术有限公司 | Method, device, equipment and storage medium for processing response data |
| KR20220105509A (en) * | 2021-01-20 | 2022-07-27 | 삼성전자주식회사 | Electronic device and operating method for inferring by using an artificial intelligence model based on encrypted information |
| CN114978934A (en) * | 2022-05-09 | 2022-08-30 | 瑞数信息技术(上海)有限公司 | Information desensitization method and apparatus, electronic device, and computer-readable storage medium |
| WO2022190777A1 (en) * | 2021-03-11 | 2022-09-15 | 株式会社日立製作所 | Data linkage system, data linkage method, trust system, and data disclosure method |
| US20220300497A1 (en) * | 2021-03-18 | 2022-09-22 | International Business Machines Corporation | Ai-based data virtualization |
| CN115168830A (en) * | 2022-06-17 | 2022-10-11 | 安徽省烟草公司合肥市公司 | Login method and login device for detecting user login environment |
| US20220358193A1 (en) * | 2021-05-07 | 2022-11-10 | Capital One Services, Llc | Generation of Authentication Questions Based on User-Created Transaction Limitations |
-
2023
- 2023-03-18 CN CN202310272996.0A patent/CN116305071B/en active Active
Patent Citations (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678118A (en) * | 2013-10-18 | 2014-03-26 | 北京奇虎测腾科技有限公司 | Method and device for compliance detection of Java source code |
| US20160036806A1 (en) * | 2014-08-01 | 2016-02-04 | Okta, Inc. | Automated Password Generation and Change |
| US9680938B1 (en) * | 2014-10-06 | 2017-06-13 | Exabeam, Inc. | System, method, and computer program product for tracking user activity during a logon session |
| US11140167B1 (en) * | 2016-03-01 | 2021-10-05 | Exabeam, Inc. | System, method, and computer program for automatically classifying user accounts in a computer network using keys from an identity management system |
| CN106384280A (en) * | 2016-10-27 | 2017-02-08 | 四川衡驰信息技术有限公司 | Artificial intelligent accounting system and computing method thereof |
| CN110460565A (en) * | 2018-05-08 | 2019-11-15 | 国际商业机器公司 | For learning the firewall based on context of artificial intelligence entity |
| US20200134169A1 (en) * | 2018-10-31 | 2020-04-30 | EMC IP Holding Company LLC | Managing passwords |
| KR20200050701A (en) * | 2018-11-02 | 2020-05-12 | 주식회사 피노텍 | User authentication system and method based on context data |
| US10523682B1 (en) * | 2019-02-26 | 2019-12-31 | Sailpoint Technologies, Inc. | System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems |
| CN110602248A (en) * | 2019-09-27 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Abnormal behavior information identification method, system, device, equipment and medium |
| US20210125297A1 (en) * | 2019-10-23 | 2021-04-29 | Lumas | Systems and methods for intelligent contract analysis and data organization |
| US20210133607A1 (en) * | 2019-10-31 | 2021-05-06 | Shoreline Iot, Inc. | Systems and methods for self-learning artificial intelligence of things (aiot) devices and services |
| CN111046374A (en) * | 2019-11-26 | 2020-04-21 | 山东浪潮人工智能研究院有限公司 | Method and system for improving user password security based on machine learning |
| US10972475B1 (en) * | 2020-01-29 | 2021-04-06 | Capital One Services, Llc | Account access security using a distributed ledger and/or a distributed file system |
| WO2021155678A1 (en) * | 2020-02-03 | 2021-08-12 | 腾讯科技(深圳)有限公司 | Label marking method and apparatus, and device and readable storage medium |
| WO2021169159A1 (en) * | 2020-02-26 | 2021-09-02 | 深圳壹账通智能科技有限公司 | Photograph information processing method and apparatus, device, and medium |
| US20210287107A1 (en) * | 2020-03-10 | 2021-09-16 | Sailpoint Technologies, Inc. | Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems |
| CN112202708A (en) * | 2020-08-24 | 2021-01-08 | 国网山东省电力公司 | Identity authentication method and device, electronic equipment and storage medium |
| US20220070193A1 (en) * | 2020-08-28 | 2022-03-03 | Mcafee, Llc | Methods and apparatus to analyze telemetry data of a network device for malicious activity |
| CN112308236A (en) * | 2020-10-30 | 2021-02-02 | 北京百度网讯科技有限公司 | Method, device, electronic equipment and storage medium for processing user request |
| CN112613027A (en) * | 2020-12-16 | 2021-04-06 | 广州岸边网络科技有限公司 | Multi-password management method, equipment and storage medium based on machine learning |
| KR20220105509A (en) * | 2021-01-20 | 2022-07-27 | 삼성전자주식회사 | Electronic device and operating method for inferring by using an artificial intelligence model based on encrypted information |
| WO2022190777A1 (en) * | 2021-03-11 | 2022-09-15 | 株式会社日立製作所 | Data linkage system, data linkage method, trust system, and data disclosure method |
| US20220300497A1 (en) * | 2021-03-18 | 2022-09-22 | International Business Machines Corporation | Ai-based data virtualization |
| US20220358193A1 (en) * | 2021-05-07 | 2022-11-10 | Capital One Services, Llc | Generation of Authentication Questions Based on User-Created Transaction Limitations |
| CN114139142A (en) * | 2021-12-13 | 2022-03-04 | 杭州安恒信息技术股份有限公司 | Server password modification method and device, electronic equipment and storage medium |
| CN114418743A (en) * | 2022-01-18 | 2022-04-29 | 中国工商银行股份有限公司 | Account information detection method, device, equipment, storage medium and program product |
| CN114430346A (en) * | 2022-01-27 | 2022-05-03 | 亿咖通(湖北)技术有限公司 | Login method and device and electronic equipment |
| CN114595481A (en) * | 2022-03-09 | 2022-06-07 | 江苏保旺达软件技术有限公司 | Method, device, equipment and storage medium for processing response data |
| CN114978934A (en) * | 2022-05-09 | 2022-08-30 | 瑞数信息技术(上海)有限公司 | Information desensitization method and apparatus, electronic device, and computer-readable storage medium |
| CN115168830A (en) * | 2022-06-17 | 2022-10-11 | 安徽省烟草公司合肥市公司 | Login method and login device for detecting user login environment |
Non-Patent Citations (4)
| Title |
|---|
| 姚慧;马思研;: "人工智能在电信实名认证中的关键技术及应用", 电信科学, no. 05, pages 51 - 58 * |
| 李文姝;刘道前;: "人工智能视域下的信息规制――基于隐私场景理论的激励与规范", 人民论坛・学术前沿, no. 06, pages 70 - 77 * |
| 班瑞;屠礼彪;刘惠明;周庆岭;: "基于云计算的大数据平台安全策略研究", 邮电设计技术, no. 10, pages 74 - 78 * |
| 陈锐浩;邱卫东;: "基于神经网络的口令属性分析方法", 微型电脑应用, no. 04, pages 45 - 47 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116305071B (en) | 2023-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10873458B2 (en) | System and method for securely storing and utilizing password validation data | |
| AU2017269736B2 (en) | Multiple-link cryptologic blockchain | |
| CN108921696B (en) | Intelligent contract calling and contract transaction verification method based on block chain | |
| CN104995632A (en) | A privacy-preserving database system | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| CN107368737A (en) | A kind of processing method for preventing copy-attack, server and client | |
| CN111475828A (en) | Encryption method and device, decryption method and device of block chain account book data | |
| CN109635593B (en) | Data integrity storage protection method based on electric power payment terminal in electric power system | |
| Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
| CN110188545B (en) | Data encryption method and device based on chained database | |
| CN111371588A (en) | SDN edge computing network system based on block chain encryption, encryption method and medium | |
| CN108259606B (en) | Cloud computing public cloud file storage and retrieval method | |
| CN116305071B (en) | Account password security system based on artificial intelligence | |
| Do et al. | Privacy-preserving approach for sharing and processing intrusion alert data | |
| US20210035018A1 (en) | Apparatus for verifying integrity of AI learning data and method therefor | |
| CN116467388A (en) | System and method for maintaining consistency of shared files based on blockchain | |
| Huang et al. | Achieving data privacy on hybrid cloud | |
| CN113726515B (en) | UKEY-based key processing method, storage medium and electronic device | |
| CN113326528A (en) | Block chain application method based on big data high-security personal information protection | |
| CN112968904B (en) | Block chain data protection method and system | |
| CN117439823B (en) | Cloud data intelligent authority authentication safety protection method and system | |
| TW201917621A (en) | Detection method and system for preventing password file leakage building an index database to store the correct account/password pairing code | |
| KR20210015613A (en) | Apparatus for verifying integrity of AI learning data and method therefor | |
| US20230205896A1 (en) | Methods for securing data | |
| Motghare | IMPLEMENTATION OF PRIVACY PRESERVING AND DYNAMIC SEARCHING MECHANISM WITH BIOMETRIC AUTHENTICATION IN CLOUD STORAGE |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |