CN116566670A - Information intelligent management system and method based on multidimensional fusion model - Google Patents

Information intelligent management system and method based on multidimensional fusion model Download PDF

Info

Publication number
CN116566670A
CN116566670A CN202310521419.0A CN202310521419A CN116566670A CN 116566670 A CN116566670 A CN 116566670A CN 202310521419 A CN202310521419 A CN 202310521419A CN 116566670 A CN116566670 A CN 116566670A
Authority
CN
China
Prior art keywords
information
user
token
key
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310521419.0A
Other languages
Chinese (zh)
Inventor
姚元领
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Linfu Technology Co ltd
Original Assignee
Harbin Linfu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Linfu Technology Co ltd filed Critical Harbin Linfu Technology Co ltd
Priority to CN202310521419.0A priority Critical patent/CN116566670A/en
Publication of CN116566670A publication Critical patent/CN116566670A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Software Systems (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an information intelligent management system and method based on a multidimensional fusion model, wherein in computer Internet and computer Internet application, a user uses computer Internet application service to apply an account number as an identification of a user identity, the user sets a password corresponding to the account number for the safety of the account number, and inputs the account number password as an important link of identity verification on the computer Internet.

Description

Information intelligent management system and method based on multidimensional fusion model
Technical Field
The invention relates to the technical field of information intelligent management, in particular to an information intelligent management system and method based on a multidimensional fusion model.
Background
With the vigorous development of computer internet technology, various computer internet application services are increasing, a user needs to apply for an account number as an identification of a user identity by using the computer internet application service, the user sets a password corresponding to the account number for account number security, and inputting the account number password becomes an important link of identity verification on the computer internet.
With the increase of the number of computer internet applications, the number of accounts and passwords for network service login for users is increasing. If the user sets the same account password for different network services, security is not favored. If the user sets different account passwords for different network services, on one hand, the operation is complicated when logging in. In addition, users have a problem of forgetting to use account passwords for network services that are not used for a long time.
Disclosure of Invention
The invention aims to provide an information intelligent management system and method based on a multidimensional fusion model, which are used for solving the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: an information intelligent management method based on a multidimensional fusion model, the method comprises the following steps:
step S100: capturing an application initiated by a user for applying network service login, setting the application as a target application, acquiring network service to be applied for login by the target application, and setting the network service as a target service;
step S200: setting an authentication token and a token intensity value, evaluating the current login token intensity value, verifying whether the token intensity value required by the login target service is smaller than or equal to the current token intensity value, entering step S400 if the token intensity value required by the login target service is smaller than or equal to the current token intensity value, and entering step S300 if the token intensity value required by the login target service is larger than the current token intensity value;
step S300: generating a token intensity value of a user login token by evaluating user personal information, biological information and equipment information currently used by a user, and setting an attenuation factor to enable the token intensity value to be increased and attenuated along with the time;
step S400: generating a first key and a second key for extracting account information and password information required by the target network service login;
step S500: and verifying the first key and the second key, extracting account information and password information required by the login of the target network service, combining the account information and the password information into login information of the target network service, and completing the login of the user.
Further, step S200 includes:
step S201: setting an authentication token, wherein the authentication token is provided with a token intensity value, and the token intensity value represents the authentication intensity which can be provided by the current authentication token when a user initiates a target application;
step S202: setting a token intensity value required by each target service in login, and judging whether the token intensity can be used for logging in the target service;
step S203: verifying whether the token intensity value required for logging in the target service is smaller than or equal to the current token intensity value, if yes, executing step S400, otherwise, executing step S300;
the authentication token is used for keeping an authentication record of the authentication information submitted by the user, and under the permission of the token intensity value of the authentication token, the user can finish logging in the target service without repeatedly inputting an account number and a password.
Further, step S300 includes:
step S301: setting a user person information storage node for storing sample information of user information, wherein the user information comprises a user biological information sample and user personal information, and the user biological information sample comprises: user fingerprint, user voiceprint, user face, user iris and user palmprint information, user personal information including user: the electronic mailbox, the telephone number, the identity card number, the address, the driving license information, the social security card account number and the bank card number, wherein the use of the user information is required to be authorized by the user;
step S302: the user submits user information, and the user information submitted by the user is compared with the information in the user personal information storage node, and the user information submitted by the user is one or more combinations of the same kind of information in the user personal information storage node;
step S303: authenticating a user's carryingSetting a user biological information verification similarity a of biological information of the user information, wherein a=α 123 +…+α i Wherein alpha is 1 ,α 2 ,α 3 ,……,α i Respectively representing biological information and alpha in user information submitted by the ith user as similarity values of biological information samples of corresponding items stored in the storage nodes of the biological information and the user information of each item, wherein the biological information and alpha are respectively represented by 1 st, 2 nd, 3 rd and … … th;
in the prior art, multiple types of biological information of a user can be collected, one or more combination verification modes of the biological information are provided for the user, and the more types of submitted biological information verification pass, the higher token intensity value can be obtained;
step S304: verifying personal information in user information submitted by a user, extracting correct items of the personal information in the user information submitted by the user, setting a user personal information set B, and respectively using B for the 1 st, 2 nd, 3 rd, … … th and j th submitted information submitted by the user 1 ,B 2 ,B 3 ,……,B j Representation, wherein B 1 ,B 2 ,B 3 ,……,B j Respectively correspond to n 1 ,n 2 ,n 3 ……,n j Piece of personal information, b=b 1 ∪B 2 ∪……∪B j Wherein B contains k personal information items, and k is larger than or equal to max { n } 1 ,n 2 ,n 3 ……,n j };
For example, when the user submitted identity card number is used for personal information verification, the user submitted identity card number comprises 3 items of information including the user, the name, the age and the address, the user submitted name, the user submitted multiple pieces of personal information can comprise repeated item information, the repeated items are removed, non-repeated items in the multiple pieces of personal information submitted by the user are obtained, and all the personal information items submitted at the time are obtained.
Step S305: setting a device authentication information storage node for storing a device usage record of a user usage target service, the device usage record comprising: the method comprises the steps of establishing a device network relation chain of a device IP address, an IP address attribution, a network operator name and a network system, wherein the sequence arrangement of various element items in the device network relation chain is consistent, and collecting the device network relation chain in all device use records and recording the device network relation chain into a device network relation set W;
extracting the equipment name, the equipment use times under the same equipment name, the equipment MAC address, the equipment use times under the same MAC address, the equipment IP address, the IP address attribution, the network operator name and the network system, establishing the equipment IP address, the IP address attribution, the network operator name and the network system as parameters for verifying whether the user uses the common equipment, if the target application is sent out from the common equipment of the user, the common equipment of the user is in the network environment common to the user to indicate that the user equipment is in the network environment which can be trusted by the user, and judging whether the user equipment is in a safe state by verifying whether the user equipment is in the common network environment;
step S306: calculating the proportion of the number of times of using the target service under each equipment name to the total number of times of using the target service by all equipment, extracting the equipment information of a user initiated target application, comparing the equipment information with corresponding information in an equipment authentication information storage node, and obtaining the proportion of the total number of times of using the target service by the equipment of the target application;
step S307: extracting a device network relation chain of a target application initiated by a user, comparing the device network relation chain with a history record in a device network relation set W, and calculating a network device similarity index C according to a longest anastomotic chain, wherein the longest anastomotic chain is the chain with the same number of identical elements as the longest element in the device network relation set W of the target application initiated by the user, and the calculation method of the network device similarity index comprises the following steps:wherein M is 1 Representing the number of items of the same element as the longest anastomotic chain of the device network relation chain of the user initiated target application, M 2 Representing elements in a device network relationship chainTotal number of terms of the element;
step S308: the method for calculating the token intensity generation value D comprises the following steps: d=d 1 A+d 2 k+d 3 C,d 1 ,d 2 And d 3 Respectively representing the weight values of A, k and C, and respectively normalizing A, k and C into dimensionless number A * ,k * And C * Carrying out calculation in the expression of the D;
step S309: setting a token intensity value E and a damping control coefficient lambda, wherein the calculation mode of E is as follows: e=d×λμ (t), where μ (t) is a token intensity decay factor that is a decreasing function of the increase in decay time t;
step S310: the generated token intensity value is returned to step S200 for judgment.
Further, in step S309, the method for calculating the attenuation control coefficient λ includes:
the attenuation control coefficient λ is generated by λ=ix 1 +kx 2 Where i represents the number of items of biometric information submitted by the user, k represents the number of items of personal information in the user's personal information set B, and x 1 ,x 2 Weights of i and k are represented, respectively;
by influencing the effect of the attenuation factors on D through the sizes of i and k, when D and mu (t) are unchanged, a large token intensity value E can be obtained by submitting more personal information items by a user, and under the effect of the same attenuation factor mu (t), the numbers of i and k are larger, and after the same time, the remaining value of the token intensity is larger, so that more target services can be authorized to log in;
the token intensity value attenuation factor is set to enable the token intensity to be reduced along with the change of time, the token intensity value is attenuated along with the increase of time, when the token intensity value is smaller than the verification intensity required by the target service, the user is required to submit information for verification again, and the security of user verification login is improved through the token intensity attenuation factor, for example, under the condition that user equipment is stolen by other people, due to the automatic attenuation of the token intensity value, a thief cannot log in a computer internet service account of the user by utilizing the token intensity generated before the user is stolen, and the account of the user is protected.
Further, step S400 includes:
generating a first key and a second key for extracting account information and password information required by a target network service login, wherein the first key comprises: account information and first verification key information required by the target application, wherein the second key comprises: the method for negotiating the first check key and the second check key comprises the following steps of: the key generation system comprises a Diffie-Hellman key exchange protocol, an identity-based key distribution protocol, an NS key distribution protocol, a key negotiation protocol based on password authentication and a quantum key distribution protocol, wherein one or a combination of a plurality of protocols negotiate the generated key.
Further, step S500 includes:
step S501: setting a network service login account storage node and a network service login password storage node, which are respectively used for storing the account numbers and corresponding passwords of users for logging in the network service and the corresponding relations of the account numbers and the passwords of the users for logging in the network service;
step S502: according to the key negotiation method in step S400, verifying the first key and the second key, and respectively extracting corresponding account number and password information of the target application from the network service login account number storage node and the network service login password storage node after verification is passed;
the network service login account and the network service login password of the user are stored separately, a dynamic key is generated in the form of a negotiation key, and the network service login account and the network service login password of the user are respectively extracted, so that the complete login information of the user is not easy to obtain by an attacker;
step S503: and synthesizing the corresponding account number and the password information of the user target application into verification information required by target login to be used for the target login application of the user, and completing the login of the target service by the user.
In order to better realize the method, the intelligent information management system based on the multidimensional fusion model is also provided, which comprises the following steps: the system comprises a user personal information storage module, a network service login account storage module, a network service login password storage module, a target application capture module, a token strength value judgment module, a token strength generation value calculation module, a decay factor calculation module and a key generation module, wherein the key verification module is used for extracting information of the first key package and the second key, the information extraction module is used for extracting corresponding information and password information of the target application from the network service account storage node and the network service login password storage node, the network service login password storage module is used for serving as the network service login password storage node, the target application capture module is used for capturing the target application, the token strength value judgment module is used for judging whether the current token strength value meets the login requirement of the target application, the token strength generation value calculation module is used for calculating the token strength generation value, the decay factor calculation module is used for calculating the decay factor, the key generation module is used for generating the first key and the second key, the key verification module is used for verifying the first key package and the second key, the information extraction module is used for extracting corresponding information and password information of the target application from the network service account storage node and the network service login password storage node, and the data transmission module is used for data transmission between the modules.
Further, the token strength generation value calculation module includes: the system comprises a user information acquisition unit, a user information comparison item extraction unit and a token intensity generation value calculation unit, wherein the user information acquisition unit is used for acquiring personal information and biological information of a user, the user information comparison unit is used for comparing submitted information of the user with sample information, the user information comparison item extraction unit is used for extracting a comparison result of the user information and the sample information comparison item, and the token intensity generation value calculation unit is used for calculating a token intensity generation value.
Further, the token intensity value calculation module includes: the device comprises an attenuation factor calculating unit and a token intensity value calculating unit, wherein the attenuation factor calculating unit is used for calculating an attenuation factor function, and the token intensity value calculating unit is used for calculating a token intensity value.
Compared with the prior art, the invention has the following beneficial effects: the invention reserves submitted authentication login information through the login token, automatically extracts the account password corresponding to the network service to which the user applies to login within the allowable range of the token intensity value of the current login token of the user, reduces the condition that the user repeatedly inputs the account password, introduces the attenuation factor in the calculation process of the token intensity value to improve the security of the login token.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of a multi-dimensional fusion model-based information intelligent management system;
fig. 2 is a schematic flow chart of an information intelligent management method based on a multidimensional fusion model.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1 and 2, the present invention provides the following technical solutions:
step S100: capturing an application initiated by a user for applying network service login, setting the application as a target application, acquiring network service to be applied for login by the target application, and setting the network service as a target service;
step S200: setting an authentication token and a token intensity value, evaluating the current login token intensity value, verifying whether the token intensity value required by the login target service is smaller than or equal to the current token intensity value, entering step S400 if the token intensity value required by the login target service is smaller than or equal to the current token intensity value, and entering step S300 if the token intensity value required by the login target service is larger than the current token intensity value;
wherein, step S200 includes:
step S201: setting an authentication token, wherein the authentication token is provided with a token intensity value, and the token intensity value represents the authentication intensity which can be provided by the current authentication token when a user initiates a target application;
step S202: setting a token intensity value required by each target service in login, and judging whether the token intensity can be used for logging in the target service;
step S203: and verifying whether the token intensity value required for logging in the target service is smaller than or equal to the current token intensity value, if yes, executing step S400, otherwise, executing step S300.
Step S300: generating a token intensity value of a user login token by evaluating user personal information, biological information and equipment information currently used by a user, and setting an attenuation factor to enable the token intensity value to be increased and attenuated along with the time;
wherein, step S300 includes:
step S301: setting a user person information storage node for storing sample information of user information, wherein the user information comprises a user biological information sample and user personal information, and the user biological information sample comprises: user fingerprint, user voiceprint, user face, user iris and user palmprint information, user personal information including user: the electronic mailbox, the telephone number, the identity card number, the address, the driving license information, the social security card account number and the bank card number, wherein the use of the user information is required to be authorized by the user;
step S302: the user submits user information, and the user information submitted by the user is compared with the information in the user personal information storage node, and the user information submitted by the user is one or more combinations of the same kind of information in the user personal information storage node;
step S303: verifying biological information in user information submitted by a user, and setting user biological information verification similarity A, wherein A=alpha 123 +…+α i Wherein alpha is 1 ,α 2 ,α 3 ,……,α i Respectively represent 1 stThe biological information and alpha in the user information submitted by the ith user are the similarity values of the biological information samples of the corresponding items stored in the storage nodes of the biological information and the user information;
the biological information submitted by the user is different under different environments, for example, fingerprint information of the user is not easy to collect when the user holds the article on hand, at the moment, the user can select to submit face information and iris information of the user, the user is not easy to collect face information of the user when wearing the mask, at the moment, the user can select to submit voiceprint or palmprint information of the user, and one or more combination verification modes for providing the biological information for the user are more in line with actual use conditions of the user;
step S304: verifying personal information in user information submitted by a user, extracting correct items of the personal information in the user information submitted by the user, setting a user personal information set B, and respectively using B for the 1 st, 2 nd, 3 rd, … … th and j th submitted information submitted by the user 1 ,B 2 ,B 3 ,……,B j Representation, wherein B 1 ,B 2 ,B 3 ,……,B j Respectively correspond to n 1 ,n 2 ,n 3 ……,n j Piece of personal information, b=b 1 ∪B 2 ∪……∪B j Wherein B contains k personal information items, and k is larger than or equal to max { n } 1 ,n 2 ,n 3 ……,n j };
Step S305: setting a device authentication information storage node for storing a device usage record of a user usage target service, the device usage record comprising: the method comprises the steps of establishing a device network relation chain of a device IP address, an IP address attribution, a network operator name and a network system, wherein the sequence arrangement of various element items in the device network relation chain is consistent, and collecting the device network relation chain in all device use records and recording the device network relation chain into a device network relation set W;
step S306: calculating the proportion of the number of times of using the target service under each equipment name to the total number of times of using the target service by all equipment, extracting the equipment information of a user initiated target application, comparing the equipment information with corresponding information in an equipment authentication information storage node, and obtaining the proportion of the total number of times of using the target service by the equipment of the target application;
step S307: extracting a device network relation chain of a target application initiated by a user, comparing the device network relation chain with a history record in a device network relation set W, and calculating a network device similarity index C according to a longest anastomotic chain, wherein the longest anastomotic chain is the chain with the same number of identical elements as the longest element in the device network relation set W of the target application initiated by the user, and the calculation method of the network device similarity index comprises the following steps:wherein M is 1 Representing the number of items of the same element as the longest anastomotic chain of the device network relation chain of the user initiated target application, M 2 Representing the total number of items of the element in the device network relation chain;
step S308: the method for calculating the token intensity generation value D comprises the following steps: d=d 1 A+d 2 k+d 3 C,d 1 ,d 2 And d 3 Respectively representing the weight values of A, k and C, and respectively normalizing A, k and C into dimensionless number A * ,k * And C * Carrying out calculation in the expression of the D;
step S309: setting a token intensity value E and a damping control coefficient lambda, wherein the calculation mode of E is as follows: e=d×λμ (t), where μ (t) is a token intensity decay factor that is a decreasing function of the increase in decay time t;
step S310: the generated token intensity value is returned to step S200 for judgment.
Wherein, step S309 includes:
the attenuation control coefficient λ is generated by λ=ix 1 +kx 2 Where i represents the number of items of biometric information submitted by the user, k represents the number of items of personal information in the user's personal information set B, and x 1 ,x 2 The weights of i and k are represented, respectively.
Step S400: generating a first key and a second key for extracting account information and password information required by the target network service login;
wherein, step S400 includes:
generating a first key and a second key for extracting account information and password information required by a target network service login, wherein the first key comprises: account information and first verification key information required by the target application, wherein the second key comprises: the method for negotiating the first check key and the second check key comprises the following steps of: the key generation system comprises a Diffie-Hellman key exchange protocol, an identity-based key distribution protocol, an NS key distribution protocol, a key negotiation protocol based on password authentication and a quantum key distribution protocol, wherein one or a combination of a plurality of protocols negotiate the generated key.
Step S500: verifying the first key and the second key, extracting account information and password information required by the login of the target network service, combining the account information and the password information into login information of the target network service, and completing the login of the user;
wherein, step S500 includes:
step S501: setting a network service login account storage node and a network service login password storage node, which are respectively used for storing the account numbers and corresponding passwords of users for logging in the network service and the corresponding relations of the account numbers and the passwords of the users for logging in the network service;
step S502: according to the key negotiation method in step S400, verifying the first key and the second key, and respectively extracting corresponding account number and password information of the target application from the network service login account number storage node and the network service login password storage node after verification is passed;
step S503: and synthesizing the corresponding account number and the password information of the user target application into verification information required by target login to be used for the target login application of the user, and completing the login of the target service by the user.
Wherein, the system includes: the system comprises a user personal information storage module, a network service login account storage module, a network service login password storage module, a target application capture module, a token strength value judgment module, a token strength generation value calculation module, an attenuation factor calculation module and a key generation module, wherein the key verification module is used for extracting information of the first key and the second key, the user personal information storage module is used as an information storage node, the network service login account storage module is used as a network service login account storage node, the network service login password storage module is used as a network service login password storage node, the target application capture module is used for capturing a target application, the token strength value judgment module is used for judging whether the current token strength value meets the login requirement of the target application, the token strength generation value calculation module is used for calculating the token strength generation value, the attenuation factor calculation module is used for calculating the attenuation factor, the key generation module is used for generating the first key and the second key, the key verification module is used for verifying the first key and the second key, the information extraction module is used for extracting corresponding account and password information of the target application from the network service account storage node and the network service login password storage node, and the data transmission module is used for data transmission among the modules.
Wherein the token intensity generation value calculation module comprises: the system comprises a user information acquisition unit, a user information comparison item extraction unit and a token intensity generation value calculation unit, wherein the user information acquisition unit is used for acquiring personal information and biological information of a user, the user information comparison unit is used for comparing submitted information of the user with sample information, the user information comparison item extraction unit is used for extracting a comparison result of the user information and the sample information comparison item, and the token intensity generation value calculation unit is used for calculating a token intensity generation value.
Wherein the token intensity value calculation module comprises: the device comprises an attenuation factor calculating unit and a token intensity value calculating unit, wherein the attenuation factor calculating unit is used for calculating an attenuation factor function, and the token intensity value calculating unit is used for calculating a token intensity value.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. The intelligent information management method based on the multidimensional fusion model is characterized by comprising the following steps of:
step S100: capturing an application initiated by a user for applying network service login, setting the application as a target application, acquiring network service to be applied for login by the target application, and setting the network service as a target service;
step S200: setting an authentication token and a token intensity value, evaluating the current login token intensity value, verifying whether the token intensity value required by the login target service is smaller than or equal to the current token intensity value, entering step S400 if the token intensity value required by the login target service is smaller than or equal to the current token intensity value, and entering step S300 if the token intensity value required by the login target service is larger than the current token intensity value;
step S300: generating a token intensity value of a user login token by evaluating user personal information, biological information and equipment information currently used by a user, and setting an attenuation factor to enable the token intensity value to be increased and attenuated along with the time;
step S400: generating a first key and a second key for extracting account information and password information required by the target network service login;
step S500: and verifying the first key and the second key, extracting account information and password information required by the login of the target network service, combining the account information and the password information into login information of the target network service, and completing the login of the user.
2. The intelligent information management method based on the multidimensional fusion model according to claim 1, wherein the intelligent information management method is characterized by comprising the following steps: step S200 includes:
step S201: setting an authentication token, wherein the authentication token is provided with a token intensity value, and the token intensity value represents the authentication intensity which can be provided by the current authentication token when a user initiates a target application;
step S202: setting a token intensity value required by each target service in login, and judging whether the token intensity can be used for logging in the target service;
step S203: and verifying whether the token intensity value required for logging in the target service is smaller than or equal to the current token intensity value, if yes, executing step S400, otherwise, executing step S300.
3. The intelligent information management method based on the multidimensional fusion model according to claim 2, wherein the intelligent information management method is characterized by comprising the following steps: step S300 includes:
step S301: setting a user person information storage node for storing sample information of user information, wherein the user information comprises a user biological information sample and user personal information, and the user biological information sample comprises: user fingerprint, user voiceprint, user face, user iris and user palmprint information, user personal information including user: the electronic mailbox, the telephone number, the identity card number, the address, the driving license information, the social security card account number and the bank card number, wherein the use of the user information is required to be authorized by the user;
step S302: the user submits user information, and the user information submitted by the user is compared with the information in the user personal information storage node, and the user information submitted by the user is one or more combinations of the same kind of information in the user information storage node;
step S303: verifying biological information in user information submitted by a user, and setting user biological information verification similarity A, wherein A=alpha 123 +…+α i Wherein alpha is 1 ,α 2 ,α 3 ,……,α i Respectively representing biological information and alpha in user information submitted by the ith user as similarity values of biological information samples of corresponding items stored in the storage nodes of the biological information and the user information of each item, wherein the biological information and alpha are respectively represented by 1 st, 2 nd, 3 rd and … … th;
step S304: verifying personal information in user information submitted by a user, extracting correct items of the personal information in the user information submitted by the user, setting a user personal information set B, and 1 st, 2 nd and 3 rd of the user submitted
Stripe, … …, stripe j commit information with B respectively 1 ,B 2 ,B 3 ,……,B j Representation, wherein B 1 ,B 2 ,B 3 ,……,B j Respectively correspond to n 1 ,n 2 ,n 3 ……,n j Piece of personal information, b=b 1 ∪B 2 ∪……∪B j Wherein B contains k personal information items, and k is larger than or equal to max { n } 1 ,n 2 ,n 3 ……,n j };
Step S305: setting a device authentication information storage node for storing a device usage record of a user usage target service, the device usage record comprising: the method comprises the steps of establishing a device network relation chain of a device IP address, an IP address attribution, a network operator name and a network system, wherein the sequence arrangement of various element items in the device network relation chain is consistent, and collecting the device network relation chain in all device use records and recording the device network relation chain into a device network relation set W;
step S306: calculating the proportion of the number of times of using the target service under each equipment name to the total number of times of using the target service by all equipment, extracting the equipment information of a user initiated target application, comparing the equipment information with corresponding information in an equipment authentication information storage node, and obtaining the proportion of the total number of times of using the target service by the equipment of the target application;
step S307: extracting a device network relation chain of a target application initiated by a user, comparing the device network relation chain with a history record in a device network relation set W, and calculating a network device similarity index C according to a longest anastomotic chain, wherein the longest anastomotic chain is the chain with the same number of identical elements as the longest element in the device network relation set W of the target application initiated by the user, and the calculation method of the network device similarity index comprises the following steps:wherein M is 1 Representing the number of items of the same element as the longest anastomotic chain of the device network relation chain of the user initiated target application, M 2 Representing the total number of items of the element in the device network relation chain;
step S308: the method for calculating the token intensity generation value D comprises the following steps: d=d 1 A+d 2 k+d 3 C,d 1 ,d 2 And d 3 Respectively representing the weight values of A, k and C, and respectively normalizing A, k and C into dimensionless number A * ,k * And C * Carrying out calculation in the expression of the D;
step S309: setting a token intensity value E and a damping control coefficient lambda, wherein the calculation mode of E is as follows: e=d×λμ (t), where μ (t) is a token intensity decay factor that is a decreasing function of the increase in decay time t;
step S310: the generated token intensity value is returned to step S200 for judgment.
4. The intelligent information management method based on the multidimensional fusion model according to claim 3, wherein the intelligent information management method is characterized by comprising the following steps: the attenuation control coefficient lambda is generated by a method of lambda=ix 1 +kx 2 Where i represents the number of items of biometric information submitted by the user and k represents the personal information in the user's personal information set BNumber of items, x 1 ,x 2 The weights of i and k are represented, respectively.
5. The intelligent information management method based on the multidimensional fusion model according to claim 1, wherein the intelligent information management method is characterized by comprising the following steps: step S400 includes:
generating a first key and a second key for extracting account information and password information required by a target network service login, wherein the first key comprises: account information and first verification key information required by the target application, wherein the second key comprises: the method for negotiating the first check key and the second check key comprises the following steps of: the key generation system comprises a Diffie-Hellman key exchange protocol, an identity-based key distribution protocol, an NS key distribution protocol, a key negotiation protocol based on password authentication and a quantum key distribution protocol, wherein one or a combination of a plurality of protocols negotiate the generated key.
6. The intelligent information management method based on the multidimensional fusion model according to claim 5, wherein the intelligent information management method is characterized by comprising the following steps: step S500 includes:
step S501: setting a network service login account storage node and a network service login password storage node, which are respectively used for storing the account numbers and corresponding passwords of users for logging in the network service and the corresponding relations of the account numbers and the passwords of the users for logging in the network service;
step S502: according to the key negotiation method in step S400, verifying the first key and the second key, and respectively extracting corresponding account number and password information of the target application from the network service login account number storage node and the network service login password storage node after verification is passed;
step S503: and synthesizing the corresponding account number and the password information of the user target application into verification information required by target login to be used for the target login application of the user, and completing the login of the target service by the user.
7. An information intelligent management system for an information intelligent management method based on a multidimensional fusion model as recited in any one of claims 1-6, wherein the system comprises the following modules: the system comprises a user personal information storage module, a network service login account storage module, a network service login password storage module, a target application capture module, a token strength value judgment module, a token strength generation value calculation module, a decay factor calculation module and a key generation module, wherein the key verification module is used for extracting information of the first key package and the second key, the information extraction module is used for extracting corresponding information and password information of the target application from the network service account storage node and the network service login password storage node, the network service login password storage module is used for serving as the network service login password storage node, the target application capture module is used for capturing the target application, the token strength value judgment module is used for judging whether the current token strength value meets the login requirement of the target application, the token strength generation value calculation module is used for calculating the token strength generation value, the decay factor calculation module is used for calculating the decay factor, the key generation module is used for generating the first key and the second key, the key verification module is used for verifying the first key package and the second key, the information extraction module is used for extracting corresponding information and password information of the target application from the network service account storage node and the network service login password storage node, and the data transmission module is used for data transmission between the modules.
8. The intelligent information management system according to claim 7, wherein: the token intensity generation value calculation module includes: the system comprises a user information acquisition unit, a user information comparison item extraction unit and a token intensity generation value calculation unit, wherein the user information acquisition unit is used for acquiring personal information and biological information of a user, the user information comparison unit is used for comparing submitted information of the user with sample information, the user information comparison item extraction unit is used for extracting a comparison result of the user information and the sample information comparison item, and the token intensity generation value calculation unit is used for calculating a token intensity generation value.
9. The intelligent information management system according to claim 7, wherein: the token intensity value calculation module comprises: the device comprises an attenuation factor calculating unit and a token intensity value calculating unit, wherein the attenuation factor calculating unit is used for calculating an attenuation factor function, and the token intensity value calculating unit is used for calculating a token intensity value.
CN202310521419.0A 2023-05-10 2023-05-10 Information intelligent management system and method based on multidimensional fusion model Pending CN116566670A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310521419.0A CN116566670A (en) 2023-05-10 2023-05-10 Information intelligent management system and method based on multidimensional fusion model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310521419.0A CN116566670A (en) 2023-05-10 2023-05-10 Information intelligent management system and method based on multidimensional fusion model

Publications (1)

Publication Number Publication Date
CN116566670A true CN116566670A (en) 2023-08-08

Family

ID=87497642

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310521419.0A Pending CN116566670A (en) 2023-05-10 2023-05-10 Information intelligent management system and method based on multidimensional fusion model

Country Status (1)

Country Link
CN (1) CN116566670A (en)

Similar Documents

Publication Publication Date Title
US7690032B1 (en) Method and system for confirming the identity of a user
CN100485702C (en) Method and apparatus for sequential authentication of user
Campisi Security and privacy in biometrics: towards a holistic approach
RU2320009C2 (en) Systems and methods for protected biometric authentication
O'Gorman Comparing passwords, tokens, and biometrics for user authentication
Matyas et al. Toward reliable user authentication through biometrics
US6202151B1 (en) System and method for authenticating electronic transactions using biometric certificates
CN100380271C (en) Methods and apparatus for dynamic user authentication
KR100486062B1 (en) Biometric certificates
CN109450959A (en) A kind of multiple-factor identity identifying method based on threat level
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20040193893A1 (en) Application-specific biometric templates
US20100174914A1 (en) System and method for traceless biometric identification with user selection
CA2778192A1 (en) Method for producing an electro-biometric signature allowing legal interaction between and identification of persons
Zorkadis et al. On biometrics‐based authentication and identification from a privacy‐protection perspective: Deriving privacy‐enhancing requirements
US20030217276A1 (en) Match template protection within biometric security systems
Henniger et al. On security evaluation of fingerprint recognition systems
Habibu et al. Assessment of vulnerabilities of the biometric template protection mechanism
EP2254093B1 (en) Method and system for confirming the identity of a user
CN116566670A (en) Information intelligent management system and method based on multidimensional fusion model
Ueshige et al. A Proposal of One-Time Biometric Authentication.
Drakshayani et al. Online Voting System Using Blockchain
JP2002366527A (en) Personal identification method
Zibran Biometric authentication: The security issues
Anoh et al. Multi-factor authentication system for securing mobile money transactions using mobile money services in Ivory Coast

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination