CN103716316A - User identity authentication system - Google Patents
User identity authentication system Download PDFInfo
- Publication number
- CN103716316A CN103716316A CN201310727240.7A CN201310727240A CN103716316A CN 103716316 A CN103716316 A CN 103716316A CN 201310727240 A CN201310727240 A CN 201310727240A CN 103716316 A CN103716316 A CN 103716316A
- Authority
- CN
- China
- Prior art keywords
- user
- vector
- authenticating
- information
- identification system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a user identity authentication system. The user identity authentication system is provided with a pre-processing part, a detecting part, an early-warning part and a storing part, wherein the pre-processing part acquires user log-in information and encrypts the user log-in information to form a user information vector; the detecting part forms a reference vector according to the user information acquired by a WEB server, and primary authentication is performed in comparison with the user identity; the early-warning part forms a verification vector according to information of the storing part, and secondary authentication is performed in comparison with the user identity. According to the user identity authentication system, the identity of a user who will log in the system is authenticated through the secondary authentication, not only is authentication performed through basic database information at the WEB server end, but also dynamic authentication is performed through information in the storing part of the user identity authentication system, the safety of the user identity authentication system is improved, and the risk that the log-in user is cheated is reduced.
Description
Technical field
The present invention relates to a kind of Verification System, the identity authorization system of particularly logining for Internet user.
Background technology
Along with the fast development of the Internet, the prosperity of a series of online systems such as ecommerce, E-Government, electronic banking is risen.Online online communication is interconnected, low, convenient with its cost, feature has obtained using widely timely, utilizes the number of users contacting of concluding the business also day by day to increase on the net.But due to the online interconnected virtual property of online communication, safety issue becomes increasingly conspicuous, in the interconnect transactions of internet commerce, government affairs, finance, trade, may occur being pretended to be personation cooperation commerce and trade by lawless person, thus the situation of carrying out online fraudulent trading by the Internet.The loss like this user being caused is immeasurable.Particularly a large amount of enterprises carry out commercial affairs contact by the Internet, due to can not be accurately under virtual environment convenient, understand the other side's actual conditions, cannot understand its prestige, conditions of the enterprise, therefore commercial affairs, government affairs, finance, the online of trade are only flowed in the form exchanging, and can not realize the relieved commerce and trade of safety truly.For this reason, existing customer certification system and authentication method all need to improve and improve forwardly, to adapt to this networked environment complicated and changeable.
For user's authentication, the basic authentication mode conventionally adopting is that authenticating identity is carried out in " user name " stack " password ".This authentication mode has very large leak in fail safe, lawless person can steal by modes such as trojan horses user's log-on message, once obtain after user's username and password, just can freely enter this user account and usurp its account and carry out illegal activity, even arbitrarily the money and goods in user account be transferred accounts and steal etc.In addition, also have number of site to adopt and read safe cookie, or the mode identity verification of digital certificate, but whether these modes can be only the user who filed a request originally for examining this user, whether truly can not examine the information that user reports when filing a request.Cause the efficiency of transaction platform class website low, fail safe is low, and error rate is high.
Summary of the invention
In order to address the above problem, the invention provides a kind of authenticating user identification system, it has improved fail safe and the authenticity of user account by the mode of double probate, has reduced the risk that user is swindled.
This authenticating user identification system has pretreatment portion, test section, early warning portion and storage part, described pretreatment portion obtains user login information and encrypts and forms user profile vector, described test section forms reference vector according to the user profile of WEB collection of server, comparison user identity once authenticates, described early warning portion forms verification vector according to described storage part information, and comparison user identity carries out re-authentication.
When early warning portion, judge that described user profile vector is dangerous rank, forbid login; Judge that described user profile vector is level of suspicion, in system, user is shown to suspicious label.By re-authentication, realized for the authentication of wanting login user, not only utilize the basic data library information of WEB server end to authenticate, also adopted the storage part internal information of this authenticating user identification system to carry out dynamic authentication, improve the fail safe of this authenticating user identification system, reduced the risk that login user is swindled.
The described user login information of this authenticating user identification system comprises user's logging in network environmental data and social network circuit-switched data; Described network environment data comprise one or more of IP address, operating system, browser.
The described verification vector of this authenticating user identification system is to form according to user's authenticating identity information and described storage part Data Dynamic, described storage part comprises verification vector memory cell, history vectors memory cell, described verification vector memory cell is used for storing described user profile vector, and upgrades and adjust described verification vector; Described history vectors memory cell, for storing the described user profile vector of all previous login, and the operation note after all previous login.By the historical user profile vector data of all previous login of user and the operation information after all previous login, dynamically adjust described verification vector, make whether safety of state that authenticating user identification system judges that user logins more comprehensively, in time, exactly.Wherein said authenticating identity information comprises one or more of identity card, the registered permanent residence, educational background, student status.
Accompanying drawing explanation
Fig. 1 Verification System operate outside figure;
Fig. 2 Verification System module map;
Fig. 3 user ID data library module figure;
Fig. 4 Verification System workflow diagram.
Embodiment
This user log-in authentication system and method comprises pretreatment portion 1, test section 2, early warning portion 3 and user ID data storehouse 4.
User, by HTTP, initiate after logging request, processing unit gathers user's UDI information (User Detail Information).This UDI information comprises user's logging in network environmental data (UDIinternet), social activity _ networking data (UDI_social).These network environment data comprise the data messages such as IP address, operating system, browser.Social network data comprises the accounts information of social network sites, such as: microblogging, micro-letter, Facebook, school net, various blog informations etc.
Ciphering unit is encrypted this UDI information, can adopt DEA (Data Encryption Algorithm) is structured vectors SUDI by this UDI information encryption, and this vector SUDI is deposited in the identity vector memory cell 41 in user ID data storehouse 4.
This test section 2 comprises comparing unit and interactive unit, this comparing unit is for the reference vector U of user identity vector SUDI and Verification System is compared, can be by SAA(sequence alignment algorithms sequence alignment method) compare.When SUDI vector and U vector difference are less than or equal to authentication threshold value beta, assert that this user login information is safety, allow its login, and the user identity vector SUDI of this login is deposited in history vectors memory cell 44; When SUDI vector and U vector difference are greater than authentication threshold value beta, test section 2 is judged this user login information and is had risk, and this user be suspicious user, and the interactive unit by test section 2 is to early warning portion 3 transmission early warning information.This reference vector U produces by the user identity relevant information of transferring in the basic database of WEB server end.
This user ID data storehouse 4 comprises that identity vector memory cell 41 is for recording the SUDI vector that is encrypted rear formation by 12 pairs of UDI information of ciphering unit; Early warning vector memory cell 42 is for recording the SUDI vector that is judged as level of suspicion login; Verification vector memory cell 43, for recording the SUDI vector of login user, is adjusted verification vector U ' for upgrading; History vectors memory cell 44 is for storing the SUDI vector of all previous login of user, and the operation note after all previous login.
Claims (7)
1. an authenticating user identification system, comprising pretreatment portion, test section, early warning portion and storage part, it is characterized in that: described pretreatment portion obtains user login information and encrypts and forms user profile vector, described test section forms reference vector according to the user profile of WEB collection of server, comparison user identity once authenticates, described early warning portion forms verification vector according to described storage part information, and comparison user identity carries out re-authentication.
2. authenticating user identification system according to claim 1, is characterized in that: described early warning portion judges that described user profile vector is dangerous rank, forbids login; Judge that described user profile vector is level of suspicion, in system, user is shown to suspicious label.
3. authenticating user identification system according to claim 1, is characterized in that: described user login information comprises user's logging in network environmental data and social network circuit-switched data.
4. authenticating user identification system according to claim 1, is characterized in that: described verification vector forms according to user's authenticating identity information and described storage part Data Dynamic.
5. authenticating user identification system according to claim 3, is characterized in that: described network environment data comprise one or more of IP address, operating system, browser.
6. authenticating user identification system according to claim 4, it is characterized in that: described storage part comprises verification vector memory cell, history vectors memory cell, described verification vector memory cell is used for storing described user profile vector, and upgrades and adjust described verification vector; Described history vectors memory cell, for storing the described user profile vector of all previous login, and the operation note after all previous login.
7. authenticating user identification system according to claim 4, is characterized in that: described authenticating identity information comprises one or more of identity card, the registered permanent residence, educational background, student status.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727240.7A CN103716316B (en) | 2013-12-25 | 2013-12-25 | A kind of authenticating user identification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727240.7A CN103716316B (en) | 2013-12-25 | 2013-12-25 | A kind of authenticating user identification system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103716316A true CN103716316A (en) | 2014-04-09 |
| CN103716316B CN103716316B (en) | 2018-09-25 |
Family
ID=50408899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310727240.7A Active CN103716316B (en) | 2013-12-25 | 2013-12-25 | A kind of authenticating user identification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103716316B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407842A (en) * | 2016-09-29 | 2017-02-15 | 广州鹤互联网科技有限公司 | Approval and issuance initiating user management method and equipment |
| CN108111544A (en) * | 2018-02-27 | 2018-06-01 | 新华三信息安全技术有限公司 | A kind of user log-in authentication method and device |
| WO2018209623A1 (en) * | 2017-05-17 | 2018-11-22 | Tink Labs Limited | Systems, devices, and methods for performing verification of communications received from one or more computing devices |
| TWI690884B (en) * | 2016-12-30 | 2020-04-11 | 大陸商中國銀聯股份有限公司 | Abnormal transfer detection method, device, storage medium, electronic equipment and products |
| CN112231668A (en) * | 2020-09-18 | 2021-01-15 | 同盾控股有限公司 | User identity authentication method based on keystroke behavior, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1285317A1 (en) * | 2000-05-19 | 2003-02-26 | Netscape Communications | Adaptive multi-tier authentication system |
| CN101442747B (en) * | 2009-01-15 | 2012-12-12 | 吴静 | Method and system for automatically judging user identification by terminal |
-
2013
- 2013-12-25 CN CN201310727240.7A patent/CN103716316B/en active Active
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407842A (en) * | 2016-09-29 | 2017-02-15 | 广州鹤互联网科技有限公司 | Approval and issuance initiating user management method and equipment |
| CN106407842B (en) * | 2016-09-29 | 2019-06-14 | 恒大智慧科技有限公司 | A kind of sign-off initiates user management method and equipment |
| TWI690884B (en) * | 2016-12-30 | 2020-04-11 | 大陸商中國銀聯股份有限公司 | Abnormal transfer detection method, device, storage medium, electronic equipment and products |
| WO2018209623A1 (en) * | 2017-05-17 | 2018-11-22 | Tink Labs Limited | Systems, devices, and methods for performing verification of communications received from one or more computing devices |
| CN108111544A (en) * | 2018-02-27 | 2018-06-01 | 新华三信息安全技术有限公司 | A kind of user log-in authentication method and device |
| CN108111544B (en) * | 2018-02-27 | 2020-07-28 | 新华三信息安全技术有限公司 | User login authentication method and device |
| CN112231668A (en) * | 2020-09-18 | 2021-01-15 | 同盾控股有限公司 | User identity authentication method based on keystroke behavior, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103716316B (en) | 2018-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10574643B2 (en) | Systems and methods for distribution of selected authentication information for a network of devices | |
| EP3100171B1 (en) | Client authentication using social relationship data | |
| US20180227130A1 (en) | Electronic identification verification methods and systems | |
| US20190305955A1 (en) | Push notification authentication | |
| US20130297513A1 (en) | Multi factor user authentication | |
| CN105516133B (en) | User identity verification method, server and client | |
| US10523699B1 (en) | Privilege escalation vulnerability detection using message digest differentiation | |
| US11539526B2 (en) | Method and apparatus for managing user authentication in a blockchain network | |
| US10362019B2 (en) | Managing security credentials | |
| US9767262B1 (en) | Managing security credentials | |
| JP2022521786A (en) | Payment transfer processing system | |
| US8799165B2 (en) | Electronic signature security algorithms | |
| US10015171B1 (en) | Authentication using metadata from posts made to social networking websites | |
| CN108462581A (en) | Method, apparatus, terminal device and the storage medium that network token generates | |
| Ulqinaku et al. | Is real-time phishing eliminated with {FIDO}? social engineering downgrade attacks against {FIDO} protocols | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN103795724A (en) | Method for protecting account security based on asynchronous dynamic password technology | |
| CN103716316A (en) | User identity authentication system | |
| US11444936B2 (en) | Managing security credentials | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN105978855A (en) | System and method for protecting personal information security in real-name system | |
| US9807103B2 (en) | Data communication | |
| CN103903140A (en) | O2O safety payment method, system and safety payment background | |
| CN111784347B (en) | Resource transfer method and device | |
| Nabi | Comparative study on identity management methods using blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 201203 Shanghai city Pudong New Area Jing Road No. 498 Building No. 8 Building Applicant after: SHANGHAI PPDAI FINANCE INFORMATION SERVICE CO., LTD. Address before: 201203 Shanghai city Pudong New Area Jing Road No. 498 Building No. 8 Building Applicant before: SHANGHAI PAIPAIHUO FINANCIAL INFORMATION SERVICE CO., LTD. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |